last executing test programs: 12.544078166s ago: executing program 4 (id=716): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) sendto$inet(r3, &(0x7f0000000280)="60957a3587eaeb49508ead901d58e4ddca88371b3b36e61b", 0x18, 0x44810, &(0x7f0000000340)={0x2, 0x4e20, @local}, 0x10) sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c4) r4 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r4, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f00000002c0)={0x9, 0x8201, 0x7, 0x2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_io_uring_setup(0x8d2, &(0x7f0000000580)={0x0, 0x68f1, 0x0, 0x3, 0x2b0}, &(0x7f0000000140)=0x0, &(0x7f0000000080)=0x0) r8 = fsopen(&(0x7f0000000200)='exfat\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000ac0)='gid', &(0x7f00000005c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_FALLOCATE={0x11, 0x41, 0x0, @fd_index=0x1, 0x8, 0x0, 0x10000, 0x0, 0x1}) io_uring_enter(r5, 0x47ba, 0x3e80, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000040)={0x80000000, 0x7, 0x8, 0x100, 0x1, 0xed}) lremovexattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=@known='trusted.overlay.nlink\x00') sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[], 0x50}, 0x1, 0xba01}, 0x0) r9 = socket(0x10, 0x3, 0x0) r10 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000380)) ioctl$SNDCTL_DSP_RESET(r10, 0x5000, 0x0) write(r9, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001", 0x21) 10.802467688s ago: executing program 4 (id=722): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000061c0)={0x9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r2 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') fcntl$getownex(r2, 0x40f, &(0x7f0000000100)) mmap$qrtrtun(&(0x7f00004ee000/0x3000)=nil, 0x3000, 0x300000d, 0x12, r2, 0x2) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r3, &(0x7f00000002c0)={'#! ', './file0'}, 0xb) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff7a0af0fff8ffffff61a4f0ff000000003e040000000000005d000000000000000704000012da0aff2500000017ffffffae040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6b8306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac79"], &(0x7f00000001c0)='GPL\x00'}, 0x94) write$FUSE_NOTIFY_STORE(r3, 0x0, 0x28) close(r3) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200)=0x1, 0x12) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) 6.799192523s ago: executing program 2 (id=747): socket$nl_route(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"}) socket$kcm(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r2, 0xc008551a, &(0x7f0000005480)=ANY=[]) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, 0x0, 0x44041) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, &(0x7f0000000380)}) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_CLEAR_HALT(r4, 0x80045515, &(0x7f00000000c0)={0x1, 0x1}) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0) recvfrom$packet(0xffffffffffffffff, &(0x7f0000000180)=""/122, 0x7a, 0x121, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x1, 0x9, 0x6, @remote}, 0x14) ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0xc0086202, &(0x7f0000000540)=0x1) 6.757168425s ago: executing program 4 (id=748): syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xff) r0 = syz_open_dev$ndb(&(0x7f0000003b80), 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x24008000}, 0x8000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x13f, 0x1}}, 0x20) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000000040)={'veth0_to_team\x00', {0x2, 0x4e20, @rand_addr=0x64010101}}) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)={0x14, r4, 0x1, 0x0, 0x0, {0x3d}}, 0x14}}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) sendmsg$L2TP_CMD_NOOP(r5, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfb, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20008041) r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000001080)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) unshare(0xa000200) semget$private(0x0, 0x4000, 0x0) semtimedop(0x0, &(0x7f0000000040)=[{0x4, 0x6, 0x1000}], 0x1, 0x0) unshare(0x20060400) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70300000000000085"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000980)="475a251bdb1e4c438649cdf2494dde32cd76aeabc8ca949257819f25159c532504978ed33d145658cce40a3dd867df925cbedfbd01f157cae933c958c5dfdc1e0132e03f60e3418410fe17f95bdb8090c4adb3636ea342fb8589cf4944e42579da1d2aa919fa78d9e27565fc30", 0x6d, 0xfffffffffffffffb) keyctl$revoke(0x3, r7) ioctl$BLKTRACESETUP(r0, 0xc0481273, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24040040) 4.973206999s ago: executing program 1 (id=752): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a90000000060a0b0400000000000000000200000064000480240001800b000100736f636b657400001400028008"], 0xb8}}, 0x40880) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x4008af25, &(0x7f00000000c0)) 4.865273165s ago: executing program 1 (id=753): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000003c0)={0x53, 0xffffffffffffffff, 0x6, 0x6, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000480)="41d599ca01a5", 0x0, 0x400, 0x20004, 0x1, 0x0}) 4.694452696s ago: executing program 1 (id=754): r0 = syz_open_dev$loop(&(0x7f0000000b40), 0xfffffffffffffff9, 0x400) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000b80)) 4.510178916s ago: executing program 2 (id=755): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@mon_options=[@NL80211_ATTR_MU_MIMO_GROUP_DATA={0x1c, 0xe7, "a105e0446774137d142a72da03af4dbe383eecebd1b5966c"}]]}, 0x38}, 0x1, 0x0, 0x0, 0x8c1}, 0x0) 4.472025008s ago: executing program 1 (id=756): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34e}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x31712}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, 0x0, 0x0, 0x2, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x63682, 0x0) fdatasync(r5) r6 = syz_io_uring_setup(0x50e9, &(0x7f0000000280)={0x0, 0x5e68, 0x8000, 0x0, 0x259}, &(0x7f0000000080), &(0x7f0000000100)) socket$nl_route(0x10, 0x3, 0x0) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r6, 0x1e, 0x0, 0x1) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) r8 = syz_usb_connect$uac1(0x2, 0xa6, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d01010000000003010902940003010040000904000000010100000a2401000000020102132406000006000000281ab0ab2c90619b34000000000000000000000924030000000000000924050000f8211cfd0924030500000004000724050401"], 0x0) syz_usb_control_io$uac1(r8, &(0x7f00000000c0)={0xfffffffffffffd54, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x6, @string={0x6}}}, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000140)={r7, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "280991800000598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f000000155cc30cf11d0bc000", [0x4, 0x7]}}) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r10 = syz_open_dev$vbi(&(0x7f0000000080), 0x2, 0x2) ioctl$VIDIOC_S_PARM(r10, 0xc0cc5616, &(0x7f00000000c0)={0x3, @capture={0x1000, 0x1, {0x6, 0x80}, 0x9, 0xd9ec}}) 4.408052172s ago: executing program 2 (id=757): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x101, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = memfd_create(0x0, 0x3) write$binfmt_script(r3, &(0x7f0000000040)={'#! ', '', [{0x20, '\t\xbb\x9b\x81\xa61\xdd\xd6\xe6\xb3R\xb9\xdb?\xbe\xd3&n\xe2\xb6\xf5%\xb2\xdf\xf5\x83\xba\xeb\x93~\x88\xdc\xec[6=\x01p\xcd\x8ay\x0ez\\U\xae\x9fj@5q\xb2\x89\x00\x17\xe3\x82\x81\xbeS\xd8\x00\x1c\x10\xf8\xf3\xd4\xddI<%\xbb\xa6\xab\x9a\xe5\xec\x19\xfa\xcb\x94\x90u\x9b\x13W\xbd\x9f\xfa\x032-{\x96{\x12\xddy\xb8\x0e%\xabx/\x9cb\xfe\xccO\x00\xf0\xf2\x9dZ\x19_\xc7\xf2\vI'}]}, 0x7d) r4 = socket(0x2, 0x5, 0x0) r5 = socket$inet6(0xa, 0x0, 0x3c) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000019100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYRESHEX=r5], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) writev(r5, 0x0, 0x0) r7 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r7, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) sendmmsg$inet6(r7, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x176}}], 0x400000000000172, 0x4000000) sendmmsg$inet_sctp(r4, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) fcntl$lock(r2, 0x6, &(0x7f0000019080)={0x1, 0x1, 0x1}) syz_open_procfs(0x0, &(0x7f0000019340)='net/dev\x00') 3.165862045s ago: executing program 2 (id=763): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r1, &(0x7f00000012c0)="a5", 0x1) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz1\x00', {0x4, 0x4, 0x5, 0xfff8}, 0xb, [0x8, 0x76, 0x3, 0x5, 0x5, 0x0, 0x7, 0x5, 0x5, 0x5, 0x40, 0x5, 0x7, 0xfffffffd, 0x9, 0x7fffffff, 0x2, 0x8000, 0xee, 0x8, 0x7f, 0x0, 0x0, 0x2, 0x4b1, 0x80008, 0x4, 0x5, 0xb, 0x4, 0x4, 0x5, 0xfffffffd, 0x1, 0xc6a, 0xc, 0x7, 0xe, 0x4, 0xffffff81, 0x62, 0x5, 0x0, 0x4, 0x3, 0x8, 0x3, 0x4, 0x3669, 0x1, 0x401, 0x0, 0x3, 0x6, 0x4, 0x10000, 0x7, 0x8, 0x60000000, 0x4, 0x6, 0x2, 0x0, 0x77a], [0x10000, 0xf2e, 0x2, 0x9, 0x1, 0x1000, 0x3, 0xc44, 0x7, 0x8905, 0x7fffffff, 0x10, 0xffff, 0x8, 0xe, 0xad, 0x48, 0xf8, 0x7fff, 0x31, 0x8, 0x0, 0x8, 0xbb6, 0x0, 0xfffeffff, 0x101, 0x401, 0x1, 0x3, 0x6, 0x7, 0x5, 0xfffffffd, 0x400, 0x7, 0x1fe9, 0x3eb2028c, 0x4, 0x1, 0x7, 0x4352be89, 0x3ff, 0x7fff, 0x5, 0x6, 0x8, 0xcac, 0x90f, 0x5, 0x7ff, 0x6, 0x11a, 0x4, 0xbf6, 0x6, 0xb, 0x8, 0x3, 0x0, 0x7fffffff, 0x7efa182a, 0x3, 0x401], [0x4394, 0x6, 0x5, 0x9, 0x3, 0x2, 0x1, 0x7, 0xfffffff9, 0x7fffffff, 0x8, 0x7, 0xc, 0x100, 0x6, 0x6, 0x10001, 0x9ed, 0x1f, 0x9, 0xc20, 0x1, 0x9, 0xc0, 0x7, 0x5, 0x2, 0x2, 0x1, 0x0, 0x6, 0x0, 0x100, 0x8067, 0x3e46, 0x2, 0x1, 0x2, 0x9, 0x7, 0x1ff, 0xfa9, 0x8, 0x6, 0x4, 0x7, 0x6df, 0x100, 0x3ff, 0x0, 0x1, 0x68c2, 0x0, 0x1, 0x2, 0x7fff, 0x1, 0x3, 0x7fff, 0x1e0b, 0x101, 0xea18, 0x2, 0x1ff], [0x7, 0x2b500, 0x44a9, 0x3, 0x1, 0x1, 0x4, 0x6, 0x2cfe, 0x10000, 0x6, 0x5, 0x16a, 0x6, 0x0, 0x9c5, 0x3, 0x7fffffff, 0xf49, 0x1, 0x40, 0x0, 0x8, 0x7, 0x6, 0x3, 0x0, 0x1000, 0x7, 0xe32, 0x7ff, 0xe, 0x9, 0x7, 0xdd63, 0xfffffff5, 0x6196bb21, 0x1, 0x2, 0x1, 0x2, 0x900000, 0x81, 0xb58, 0x7, 0x7, 0x4, 0x6, 0x9, 0x7, 0x8, 0xa2, 0x0, 0x8, 0xa, 0x8, 0x1, 0x0, 0xd6, 0x98, 0x9, 0x3, 0x80, 0xa]}, 0x45c) poll(&(0x7f0000000000), 0x20000000000000b5, 0x9) 2.964543696s ago: executing program 4 (id=765): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@bridge_getvlan={0x18, 0x72, 0x7e3bfe4fa73db39f, 0x0, 0x0, {}, [@BRIDGE_VLANDB_DUMP_FLAGS={0x8, 0x1, 0x1}]}, 0x20}}, 0x0) 2.866088442s ago: executing program 4 (id=766): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000900)=ANY=[@ANYBLOB="0015b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x3, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x1a, 0xee, 0xbf, 0x10, 0x3fd, 0xebbe, 0xede2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x2, [{{0x9, 0x4, 0x35, 0x0, 0x0, 0xc2, 0xba, 0xa4}}]}}]}}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/175, 0xb3) 2.461336786s ago: executing program 2 (id=769): r0 = socket$alg(0x26, 0x5, 0x0) unshare(0x20060400) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}], 0x1}, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) 1.571718838s ago: executing program 2 (id=770): socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f0000002040)=[{{&(0x7f00000002c0)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x0, &(0x7f00000007c0)=[{&(0x7f00000003c0)=""/231}, {&(0x7f00000004c0)=""/184}, {&(0x7f0000000580)=""/85}, {&(0x7f0000000600)=""/183}, {&(0x7f00000006c0)=""/233}], 0x0, &(0x7f0000000840)=""/194}, 0x6}, {{&(0x7f0000000940)=@nl=@proc, 0x0, &(0x7f0000000140)=[{&(0x7f00000009c0)=""/126}, {&(0x7f0000000a40)=""/133}], 0x0, &(0x7f0000000240)=""/23}, 0x101}, {{0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000b00)=""/121}, 0x4}, {{0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000000340)=""/30, 0x51}, {&(0x7f0000000b80)=""/73}, {&(0x7f0000000c00)=""/92}, {&(0x7f0000000c80)=""/219}, {&(0x7f0000000d80)=""/4096}, {&(0x7f0000001d80)=""/96}, {&(0x7f0000001e00)=""/132}], 0x0, &(0x7f0000001f40)=""/195}, 0xff}], 0x946c, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) munmap(&(0x7f00006bb000/0x1000)=nil, 0x1000) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f01e, 0x1}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xa, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) pipe(&(0x7f0000000040)={0xffffffffffffffff}) splice(r6, 0x0, r5, 0x0, 0x6, 0xb) close_range(r5, 0xffffffffffffffff, 0x0) read$FUSE(r4, &(0x7f0000005180)={0x2020}, 0x2020) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@nbd={'/dev/nbd', 0x0}, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) unlink(&(0x7f0000000180)='./bus\x00') 1.570764988s ago: executing program 0 (id=780): r0 = syz_open_dev$admmidi(0x0, 0x1, 0x101) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f00000014c0)=0x2) r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x60240, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000005400010026bdf0010000000007", @ANYRES32=r3, @ANYBLOB], 0x38}}, 0x40) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20004084) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000140)=0xfffffdfb) ioctl$TCXONC(r2, 0x540a, 0x3) 1.509396962s ago: executing program 0 (id=771): r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg(r0, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x8000) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000a2ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="e0000002000000000000000000000000000004d233000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000400000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000029bd7000000000000a"], 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) r6 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000007fc0)={0x2020}, 0x2020) 1.430798776s ago: executing program 0 (id=772): r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg(r0, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x8000) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000a2ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="e0000002000000000000000000000000000004d233000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000400000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000029bd7000000000000a"], 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.313655903s ago: executing program 1 (id=773): connect$unix(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r0 = syz_open_procfs(0x0, 0x0) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000180)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18573f5383c3cbaf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x48}], 0x1, 0x6f, 0x0, 0x0) recvmsg$can_bcm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000003c0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.295328114s ago: executing program 0 (id=774): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000340)={0x1d, r2, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) connect$can_j1939(r1, &(0x7f0000000240)={0x1d, r2, 0x1, {0x2, 0xf0, 0x2}, 0x2}, 0x18) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0x3, 0x8}, {0xfff1, 0x9}, {0x2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x20000050) 839.184071ms ago: executing program 3 (id=778): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7ffff, &(0x7f0000006680)) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r0, &(0x7f0000003980)={0x2020}, 0x2020) 626.264403ms ago: executing program 3 (id=779): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) sendmmsg$inet(r0, &(0x7f0000000b40)=[{{&(0x7f0000000680)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}], 0x1, 0xc044) write$binfmt_misc(r0, 0x0, 0x0) 618.776784ms ago: executing program 3 (id=781): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0x6) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x12, r0, 0x0) r1 = socket(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0xc08, 0x3, 0x200, 0x310, 0x5002004a, 0xb, 0x0, 0xea13, 0x3c0, 0x3c8, 0x3c8, 0x3c0, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0xffffffff, 'pptp\x00', {0x100000}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x7, 0x99}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260) 489.223521ms ago: executing program 3 (id=782): unshare(0x2c020400) r0 = socket(0xa, 0x3, 0xfc) connect$rds(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10) 314.209022ms ago: executing program 3 (id=783): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000200)={'vxcan0\x00', 0x0}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x0, 0x1}, 0xfd}, 0x18) writev(r0, &(0x7f0000000280)=[{&(0x7f0000000140)='H', 0x206c}], 0x1) sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x0, 0x902, 0x70bd25, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4080}, 0x800) 313.852182ms ago: executing program 4 (id=784): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="05000000"], 0x48) r1 = syz_open_dev$video(0x0, 0x7, 0xc0c03) ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r1, 0x942e, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mprotect(&(0x7f000029e000/0x1000)=nil, 0x1000, 0xd) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x6, 0x3) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x28) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x20, &(0x7f00000000c0)=[@cstype0={0x4, 0xc}, @cstype0], 0x2) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a0904000000000000f3770200000048000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180fffffffb0800014000000000140001800d00010073796e70726f7879000000000900010073797a30000000000900020073797a3200000000140000"], 0x9c}}, 0x0) fcntl$dupfd(r2, 0x0, r0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000580)=ANY=[@ANYBLOB], 0x124}}, 0x0) userfaultfd(0x180801) 250.737755ms ago: executing program 0 (id=785): r0 = socket$rxrpc(0x21, 0x2, 0xa) sendmsg(r0, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x8000) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d80)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe8000000000000000000000000000a2ff02000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="e0000002000000000000000000000000000004d233000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000400000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000029bd7000000000000a"], 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 188.027709ms ago: executing program 1 (id=786): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000140)={&(0x7f0000000180)=[{0x6, 0x6000, 0x1, &(0x7f0000000900)='\n'}], 0x1}) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0xa, 0x3, 0x87) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) socket$kcm(0x29, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) select(0x57, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x10, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x0, 0xb, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00)) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000722000/0x4000)=nil, 0x4000, 0x80000000e) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x4, 0x0, 0x1, 'syz0\x00', 0xfffd}, 0x10000a, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) socket$nl_generic(0x10, 0x3, 0x10) 146.951351ms ago: executing program 0 (id=787): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x7fffe, {0x0, 0x0, 0x0, r7, {}, {0xb, 0xb}, {0x2, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x808, 0x205, 0x1, 0xc}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x2, 0x9, 0xd, 0x6, 0x1, {0xffff1c72, 0x23, 0x8000007, 0x8, 0xfffffffb, 0x7583}}}}]}, 0x78}}, 0x8000) sendto$packet(r4, &(0x7f0000000440)="bad330752181510000316f3a277f953286ddd1dc9119f98ce83de525e4a40e81692d09dc", 0x24, 0x2000041, &(0x7f0000000080)={0x11, 0x88a8, r3, 0x1, 0xd8, 0x6, @remote}, 0x14) 0s ago: executing program 3 (id=788): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0xffffffff) openat$cuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x1, 0x103000) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000480)={{0x3, 0x3, 0x24000000, 0x3ff, '\x00', 0x6}, 0x1, [0x9, 0x11, 0xfffffffffffffff9, 0x5, 0x12, 0x1, 0x0, 0xff, 0xffffffffffffffff, 0x9, 0x1, 0x8, 0xfffffffffffffff7, 0x4, 0x3ff, 0x1, 0x36, 0x482, 0xc0010, 0x9, 0x1, 0x3ff, 0x5, 0x5, 0x80, 0x0, 0x4, 0x6, 0xffffffff, 0x9, 0x1, 0x71, 0xa, 0x2, 0x1ff, 0x7fffffff, 0x9, 0x4, 0x5, 0x10, 0xfffffffffffffff7, 0x16, 0x9db6, 0x7f, 0xfffffffffffffff2, 0x2, 0x5, 0x7, 0x0, 0x8, 0x3, 0x303, 0xa2, 0x8000, 0x3, 0x400, 0x9, 0x1fd, 0x80000001, 0x2, 0xc9a8, 0xffffffff, 0x3, 0x8, 0xffff, 0x0, 0x10000, 0xffffffffffffffff, 0x5, 0x3, 0x5, 0x9, 0xec, 0x7f, 0xffffffffffffffff, 0x100000000, 0x9f1a, 0xffffffffffffffff, 0xffffffff, 0x8, 0x0, 0x9, 0x3, 0x9, 0x1, 0x4, 0x3, 0xa, 0x8, 0x8, 0x1, 0x2, 0x4, 0x8, 0xe70, 0xfffffffffffffff7, 0xb, 0x8000000000000000, 0x6, 0x9, 0x5, 0x639, 0x8000000000000000, 0x4, 0x400, 0x9a06, 0x9, 0xffffffff00000000, 0x3, 0xb3, 0x200080000001, 0x5, 0xd30, 0x7, 0x4, 0x256, 0x6ff, 0x3, 0x7, 0x1ff, 0x6, 0x9, 0x0, 0x1b485fe1, 0x7, 0x7, 0x7, 0x9]}) mount$fuse(0x0, 0x0, 0x0, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) syz_usb_connect$uac1(0x0, 0xa5, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0) close_range(r3, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 800 because its location on disk could not be determined even after retrying (error code -5). [ 70.388528][ T4468] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to map page. [ 70.423932][ T4426] capability: warning: `syz.3.24' uses 32-bit capabilities (legacy support in use) [ 70.439323][ T4468] ntfs: (device loop1): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5). [ 70.453444][ T4446] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 70.905476][ T4486] loop2: detected capacity change from 0 to 40427 [ 70.938231][ T4482] loop_set_status: loop3 () has still dirty pages (nrpages=176) [ 71.015993][ T4486] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 71.024298][ T4486] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 71.047997][ T4486] F2FS-fs (loop2): invalid crc value [ 71.094492][ T4486] F2FS-fs (loop2): Found nat_bits in checkpoint [ 71.154829][ T4486] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 71.162331][ T4486] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 72.084525][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.091283][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.557476][ C0] sched: RT throttling activated [ 72.868654][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #39a!!! [ 72.967532][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 73.063906][ T4189] ocfs2: Unmounting device (7,0) on (node local) [ 73.074123][ T4498] netlink: 56 bytes leftover after parsing attributes in process `syz.4.28'. [ 74.636288][ T4502] loop1: detected capacity change from 0 to 64 [ 75.068737][ T4499] syz.4.28 (4499): drop_caches: 2 [ 75.075356][ T4499] syz.4.28 (4499): drop_caches: 2 [ 75.647186][ T4502] tmpfs: Bad value for 'uid' [ 76.968990][ T4509] loop4: detected capacity change from 0 to 8192 [ 77.013459][ T4515] loop0: detected capacity change from 0 to 4096 [ 77.050839][ T4509] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 77.064032][ T4520] loop1: detected capacity change from 0 to 1024 [ 77.101052][ T4509] REISERFS (device loop4): using ordered data mode [ 77.108309][ T4509] reiserfs: using flush barriers [ 77.118800][ T4520] hfsplus: unable to parse mount options [ 77.125085][ T4509] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 77.143460][ T4509] REISERFS (device loop4): checking transaction log (loop4) [ 77.356042][ T4515] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,,errors=continue. Quota mode: writeback. [ 78.235188][ T4509] REISERFS (device loop4): Using r5 hash to sort names [ 78.245562][ T4509] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 78.274985][ T26] audit: type=1800 audit(1769991616.671:2): pid=4528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.36" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 78.602731][ T4531] loop2: detected capacity change from 0 to 4096 [ 78.669273][ T4531] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 78.801432][ T4531] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 78.884030][ T4531] ntfs3: loop2: Failed to load $Extend. [ 78.970794][ T4520] loop1: detected capacity change from 0 to 32768 [ 79.012074][ T4520] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.37 (4520) [ 79.094761][ T4520] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 79.116306][ T4518] loop3: detected capacity change from 0 to 32768 [ 79.153314][ T4520] BTRFS info (device loop1): setting nodatacow, compression disabled [ 79.192032][ T4520] BTRFS info (device loop1): turning on flush-on-commit [ 79.222078][ T4520] BTRFS info (device loop1): using free space tree [ 79.257207][ T4518] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.38 (4518) [ 79.279092][ T4520] BTRFS info (device loop1): has skinny extents [ 79.386739][ T4518] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 79.428067][ T4518] BTRFS info (device loop3): setting nodatacow, compression disabled [ 79.449390][ T4518] BTRFS info (device loop3): force clearing of disk cache [ 79.456620][ T4518] BTRFS info (device loop3): enabling ssd optimizations [ 79.495830][ T4518] BTRFS info (device loop3): using spread ssd allocation scheme [ 79.503878][ T4518] BTRFS info (device loop3): turning off barriers [ 79.547824][ T4533] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 3542, free_space(entry_count) 2 [ 79.575515][ T4518] BTRFS info (device loop3): disabling free space tree [ 79.596069][ T4518] BTRFS info (device loop3): not using ssd optimizations [ 79.607525][ T4467] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 79.643044][ T4533] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 532. Fsck? [ 79.646481][ T4518] BTRFS info (device loop3): not using spread ssd allocation scheme [ 79.677713][ T4533] REISERFS (device loop4): Remounting filesystem read-only [ 79.677720][ T4518] BTRFS info (device loop3): has skinny extents [ 79.691490][ T4533] REISERFS error (device loop4): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 4 0x0 SD] stat data [ 79.707415][ T4520] BTRFS info (device loop1): enabling ssd optimizations [ 79.869699][ T4467] usb 3-1: Using ep0 maxpacket: 16 [ 79.919551][ T4518] BTRFS info (device loop3): clearing free space tree [ 79.945051][ T4518] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 80.030091][ T4518] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 80.031008][ T4467] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.138289][ T4467] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.184246][ T4467] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 80.210240][ T4467] usb 3-1: New USB device found, idVendor=045e, idProduct=f9cf, bcdDevice=b1.a9 [ 80.227680][ T4467] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.255673][ T4467] usb 3-1: config 0 descriptor?? [ 80.340032][ T4310] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop3 scanned by udevd (4310) [ 80.642222][ T4320] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 81.641300][ T13] cfg80211: failed to load regulatory.db [ 81.716535][ T4576] loop4: detected capacity change from 0 to 32768 [ 81.770330][ T4576] (syz.4.42,4576,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 81.799766][ T4576] (syz.4.42,4576,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 81.896251][ T4576] JBD2: Ignoring recovery information on journal [ 81.958110][ T4320] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 81.977763][ T4320] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.226058][ T4576] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 82.607653][ T4467] usbhid 3-1:0.0: can't add hid device: -71 [ 83.633976][ T4467] usbhid: probe of 3-1:0.0 failed with error -71 [ 83.968316][ T4320] usb 1-1: Product: syz [ 83.972600][ T4320] usb 1-1: Manufacturer: syz [ 83.979661][ T4467] usb 3-1: USB disconnect, device number 3 [ 83.987422][ T4320] usb 1-1: SerialNumber: syz [ 84.038483][ T4320] usb 1-1: can't set config #1, error -71 [ 84.049330][ T4320] usb 1-1: USB disconnect, device number 2 [ 84.081219][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 84.304036][ T4608] loop0: detected capacity change from 0 to 4096 [ 84.411461][ T4593] loop1: detected capacity change from 0 to 32768 [ 84.493911][ T4609] loop2: detected capacity change from 0 to 8192 [ 84.505050][ T4593] (syz.1.45,4593,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 84.548161][ T4609] loop2: p2 < > p3 [ 84.558923][ T4593] (syz.1.45,4593,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 84.559580][ T4609] loop2: p3 start 150995456 is beyond EOD, truncated [ 84.609326][ T4608] ntfs: (device loop0): parse_options(): NLS character set cpS not found. Using previous one iso8859-2. [ 84.719489][ T4608] ntfs: volume version 3.1. [ 84.811306][ T4593] (syz.1.45,4593,0):ocfs2_initialize_super:2313 ERROR: status = -12 [ 84.862517][ T4593] (syz.1.45,4593,0):ocfs2_fill_super:1177 ERROR: status = -12 [ 84.896409][ T4618] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 84.973965][ T4618] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 85.057711][ T4618] ntfs: (device loop0): ntfs_cluster_alloc(): Failed to map page. [ 85.069743][ T4604] loop3: detected capacity change from 0 to 32768 [ 85.122419][ T4310] udevd[4310]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 85.162097][ T4604] (syz.3.51,4604,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 85.186117][ T4618] ntfs: (device loop0): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5). [ 85.219222][ T4604] (syz.3.51,4604,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 85.266718][ T4310] udevd[4310]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 85.342965][ T4604] JBD2: Ignoring recovery information on journal [ 85.462875][ T4620] loop1: detected capacity change from 0 to 4096 [ 85.502976][ T4604] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 85.529227][ T4620] ntfs: (device loop1): parse_options(): Unrecognized mount option case_sefsitive. [ 85.548250][ T4620] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 85.607564][ T4620] ntfs: (device loop1): parse_options(): Unrecognized mount option show_sys_fil_files. [ 85.637706][ T4620] ntfs: (device loop1): parse_options(): The gid option requires an argument. [ 86.519593][ T4198] ocfs2: Unmounting device (7,3) on (node local) [ 86.745524][ T4636] dlm: dev_write: no op 0 0 [ 86.787780][ T4467] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 86.838316][ T4622] loop2: detected capacity change from 0 to 32768 [ 87.193810][ T4467] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 87.208326][ T4467] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.232236][ T4642] loop1: detected capacity change from 0 to 8192 [ 87.266188][ T4467] usb 1-1: config 0 descriptor?? [ 87.329900][ T4467] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 87.362454][ T4642] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 87.411419][ T4642] REISERFS (device loop1): using journaled data mode [ 87.428655][ T4628] loop4: detected capacity change from 0 to 32768 [ 87.441119][ T4642] reiserfs: using flush barriers [ 87.539070][ T4642] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 87.555970][ T4642] REISERFS (device loop1): checking transaction log (loop1) [ 87.565089][ T4642] REISERFS (device loop1): Using r5 hash to sort names [ 87.574961][ T4628] (syz.4.56,4628,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.607859][ T4628] (syz.4.56,4628,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 87.638301][ T4642] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 87.667241][ T4642] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 87.701563][ T4628] JBD2: Ignoring recovery information on journal [ 87.787671][ T4467] gp8psk: usb in 128 operation failed. [ 87.817794][ T4467] gp8psk: usb in 137 operation failed. [ 87.823317][ T4467] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 87.835009][ T4467] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 87.852732][ T4467] usb 1-1: USB disconnect, device number 3 [ 87.872697][ T4628] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 88.068675][ T4662] 9pnet_virtio: no channels available for device syz [ 89.034494][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 89.523795][ T4673] loop3: detected capacity change from 0 to 40427 [ 89.579876][ T4673] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 89.587844][ T4673] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 89.625727][ T4673] F2FS-fs (loop3): invalid crc value [ 89.673979][ T4668] loop0: detected capacity change from 0 to 32768 [ 89.699846][ T4673] F2FS-fs (loop3): Found nat_bits in checkpoint [ 89.747147][ T4673] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 89.754554][ T4673] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 90.012149][ T4668] (syz.0.67,4668,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 90.936174][ T4668] (syz.0.67,4668,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 91.034427][ T4685] loop4: detected capacity change from 0 to 16 [ 91.057718][ T4685] erofs: (device loop4): mounted with root inode @ nid 36. [ 91.074904][ T4668] JBD2: Ignoring recovery information on journal [ 91.268655][ T4668] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 91.347558][ T4589] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 91.585510][ T4675] loop2: detected capacity change from 0 to 32768 [ 91.907350][ T4589] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 91.944854][ T4589] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 92.003810][ T4589] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 92.061136][ T4589] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 92.092571][ T4694] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 92.157582][ T4589] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 92.198310][ T4589] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.252860][ T4589] usb 5-1: config 0 descriptor?? [ 92.373573][ T4189] ocfs2: Unmounting device (7,0) on (node local) [ 92.484286][ T4700] loop1: detected capacity change from 0 to 1764 [ 92.558146][ T4589] hdpvr 5-1:0.0: firmware version 0x12 dated [ 92.657136][ T4705] netlink: 'syz.2.79': attribute type 8 has an invalid length. [ 92.766700][ T4685] erofs: (device loop4): find_target_block_classic: corrupted dir block 0 @ nid 36 [ 92.814878][ T4685] netlink: 'syz.4.73': attribute type 11 has an invalid length. [ 92.843381][ T4685] udc-core: couldn't find an available UDC or it's busy [ 92.859006][ T4710] FAULT_INJECTION: forcing a failure. [ 92.859006][ T4710] name failslab, interval 1, probability 0, space 0, times 1 [ 92.893519][ T4685] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 92.917843][ T4589] hdpvr 5-1:0.0: device init failed [ 92.923169][ T4589] hdpvr: probe of 5-1:0.0 failed with error -12 [ 92.935896][ T4710] CPU: 1 PID: 4710 Comm: syz.0.76 Not tainted syzkaller #0 [ 92.943150][ T4710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 92.953240][ T4710] Call Trace: [ 92.956679][ T4710] [ 92.959725][ T4710] dump_stack_lvl+0x188/0x250 [ 92.964650][ T4710] ? show_regs_print_info+0x20/0x20 [ 92.969882][ T4710] ? load_image+0x400/0x400 [ 92.974432][ T4710] ? __might_sleep+0xf0/0xf0 [ 92.979050][ T4710] ? __lock_acquire+0x7d10/0x7d10 [ 92.984114][ T4710] should_fail+0x38c/0x4c0 [ 92.988584][ T4710] should_failslab+0x5/0x20 [ 92.993125][ T4710] slab_pre_alloc_hook+0x51/0xc0 [ 92.998284][ T4710] ? vm_area_alloc+0x20/0xe0 [ 93.003000][ T4710] kmem_cache_alloc+0x3d/0x290 [ 93.007807][ T4710] vm_area_alloc+0x20/0xe0 [ 93.012453][ T4710] mmap_region+0xac0/0x1650 [ 93.017229][ T4710] do_mmap+0x819/0xe90 [ 93.021426][ T4710] vm_mmap_pgoff+0x1c1/0x2d0 [ 93.026153][ T4710] ? account_locked_vm+0xe0/0xe0 [ 93.031122][ T4710] ? __lock_acquire+0x7d10/0x7d10 [ 93.036430][ T4710] ksys_mmap_pgoff+0x140/0x790 [ 93.041427][ T4710] ? mmap_region+0x1650/0x1650 [ 93.046235][ T4710] ? lockdep_hardirqs_on+0x94/0x140 [ 93.051470][ T4710] do_syscall_64+0x4c/0xa0 [ 93.055931][ T4710] ? clear_bhb_loop+0x30/0x80 [ 93.060635][ T4710] ? clear_bhb_loop+0x30/0x80 [ 93.065448][ T4710] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 93.071380][ T4710] RIP: 0033:0x7fc0e2dc8c22 [ 93.075810][ T4710] Code: 4f 01 00 0f 1f 44 00 00 41 f7 c1 ff 0f 00 00 75 27 55 89 cd 53 48 89 fb 48 85 ff 74 3b 41 89 ea 48 89 df b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 6e 5b 5d c3 0f 1f 00 48 c7 c0 e8 ff ff ff 64 [ 93.095811][ T4710] RSP: 002b:00007fc0e1023df8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 93.104258][ T4710] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc0e2dc8c22 [ 93.112515][ T4710] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 93.120593][ T4710] RBP: 0000000000000022 R08: 00000000ffffffff R09: 0000000000000000 [ 93.128577][ T4710] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 93.136550][ T4710] R13: 00007fc0e1023ee0 R14: 00007fc0e1023ea0 R15: 0000200000000080 [ 93.144803][ T4710] [ 93.176654][ T4589] usb 5-1: USB disconnect, device number 3 [ 93.316550][ T4698] loop3: detected capacity change from 0 to 32768 [ 93.341749][ T4698] XFS: attr2 mount option is deprecated. [ 93.382880][ T4698] xfs: Unknown parameter 'smackfsroot' [ 93.692833][ T4718] netlink: 24 bytes leftover after parsing attributes in process `syz.1.83'. [ 93.706457][ T4727] loop2: detected capacity change from 0 to 4096 [ 93.728514][ T4727] ntfs: (device loop2): parse_options(): Unrecognized mount option case_sefsitive. [ 93.740670][ T4727] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 93.773511][ T4727] ntfs: (device loop2): parse_options(): Unrecognized mount option show_sys_fil_files. [ 93.785416][ T4727] ntfs: (device loop2): parse_options(): The gid option requires an argument. [ 94.852358][ T4739] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 95.019975][ T4746] netlink: 12 bytes leftover after parsing attributes in process `syz.1.91'. [ 95.157730][ T13] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 95.319131][ T4747] loop1: detected capacity change from 0 to 8192 [ 95.437960][ T13] usb 5-1: Using ep0 maxpacket: 16 [ 95.569567][ T13] usb 5-1: config 0 has an invalid interface number: 105 but max is 0 [ 95.583003][ T4764] loop2: detected capacity change from 0 to 128 [ 95.591552][ T26] audit: type=1326 audit(1769991633.991:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4758 comm="syz.1.95" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x0 [ 95.625627][ T13] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 95.685538][ T26] audit: type=1326 audit(1769991634.021:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4758 comm="syz.1.95" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x0 [ 95.732056][ T13] usb 5-1: config 0 has no interface number 0 [ 95.770097][ T4764] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 95.821687][ T4764] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 96.677253][ T13] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 96.687357][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.695561][ T13] usb 5-1: Product: syz [ 96.699878][ T13] usb 5-1: Manufacturer: syz [ 96.704666][ T13] usb 5-1: SerialNumber: syz [ 96.713636][ T13] usb 5-1: config 0 descriptor?? [ 96.743712][ T4773] ubi: mtd0 is already attached to ubi0 [ 97.261949][ T4778] loop3: detected capacity change from 0 to 40427 [ 97.307813][ T4778] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 97.315605][ T4778] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 97.326673][ T4778] F2FS-fs (loop3): invalid crc value [ 97.359208][ T4778] F2FS-fs (loop3): Found nat_bits in checkpoint [ 97.418376][ T4778] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 97.425563][ T4778] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 97.467609][ T4589] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 97.721839][ T4589] usb 3-1: Using ep0 maxpacket: 16 [ 98.566633][ T4467] usb 5-1: USB disconnect, device number 4 [ 98.675839][ T4793] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 98.758657][ T4589] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.779351][ T4589] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.789980][ T4588] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 98.802514][ T4589] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 98.815723][ T4589] usb 3-1: New USB device found, idVendor=045e, idProduct=f9cf, bcdDevice=b1.a9 [ 98.827128][ T4589] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.847421][ T4589] usb 3-1: config 0 descriptor?? [ 99.157833][ T4588] usb 1-1: config 0 has an invalid interface number: 112 but max is 0 [ 99.166083][ T4588] usb 1-1: config 0 has no interface number 0 [ 99.247216][ T4807] netlink: 'syz.2.100': attribute type 1 has an invalid length. [ 99.269714][ T4588] usb 1-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6 [ 99.300301][ T4588] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.591281][ T4588] usb 1-1: config 0 descriptor?? [ 99.799521][ T4588] usb-storage 1-1:0.112: USB Mass Storage device detected [ 100.066444][ T4812] ubi: mtd0 is already attached to ubi0 [ 100.161153][ T4818] loop1: detected capacity change from 0 to 764 [ 100.183649][ T4588] usb 1-1: USB disconnect, device number 4 [ 100.235572][ T4820] loop4: detected capacity change from 0 to 1024 [ 100.433783][ T4348] hfsplus: b-tree write err: -5, ino 4 [ 100.734741][ T4827] loop3: detected capacity change from 0 to 40427 [ 100.925352][ T4827] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 100.933676][ T4827] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 100.946926][ T4827] F2FS-fs (loop3): invalid crc value [ 101.105894][ T4827] F2FS-fs (loop3): Found nat_bits in checkpoint [ 101.147711][ T13] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 101.227205][ T4827] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 101.234778][ T4827] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 101.267754][ T4589] usbhid 3-1:0.0: can't add hid device: -71 [ 101.279321][ T4589] usbhid: probe of 3-1:0.0 failed with error -71 [ 101.325598][ T4589] usb 3-1: USB disconnect, device number 4 [ 101.380930][ T4844] loop2: detected capacity change from 0 to 256 [ 101.516821][ T4844] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 102.176608][ T13] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.397772][ T13] usb 2-1: config 0 interface 0 has no altsetting 0 [ 102.405442][ T13] usb 2-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00 [ 102.416728][ T13] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.438360][ T13] usb 2-1: config 0 descriptor?? [ 102.523359][ T4849] ubi: mtd0 is already attached to ubi0 [ 102.747732][ T4589] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 103.001289][ T13] lenovo 0003:17EF:60A3.0001: hidraw0: USB HID v0.00 Device [HID 17ef:60a3] on usb-dummy_hcd.1-1/input0 [ 103.082587][ T4842] loop4: detected capacity change from 0 to 32768 [ 103.134067][ T4831] ip6t_srh: unknown srh invflags 7F00 [ 103.142505][ T4589] usb 3-1: Using ep0 maxpacket: 8 [ 103.164518][ T13] usb 2-1: USB disconnect, device number 3 [ 103.193711][ T4842] (syz.4.113,4842,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.267074][ T4842] (syz.4.113,4842,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 103.300607][ T4856] fido_id[4856]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 103.318117][ T4589] usb 3-1: config 0 has too many interfaces: 235, using maximum allowed: 32 [ 103.326886][ T4589] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 235 [ 103.375329][ T4589] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 3499, setting to 64 [ 103.388981][ T4859] 9pnet: Insufficient options for proto=fd [ 103.403545][ T4842] JBD2: Ignoring recovery information on journal [ 103.544607][ T4862] ubi: mtd0 is already attached to ubi0 [ 103.604276][ T4842] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 103.627950][ T4589] usb 3-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 103.667595][ T4589] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.675788][ T4589] usb 3-1: Product: syz [ 103.705223][ T4589] usb 3-1: Manufacturer: syz [ 103.743577][ T4589] usb 3-1: SerialNumber: syz [ 103.752272][ T4589] usb 3-1: config 0 descriptor?? [ 103.915874][ T4589] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 103.937920][ T26] audit: type=1326 audit(1769991642.341:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 103.960257][ C1] vkms_vblank_simulate: vblank timer overrun [ 103.986881][ T4296] udevd[4296]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.005719][ T26] audit: type=1326 audit(1769991642.341:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.027959][ C1] vkms_vblank_simulate: vblank timer overrun [ 104.040048][ T4589] usb 3-1: USB disconnect, device number 5 [ 104.067601][ T26] audit: type=1326 audit(1769991642.341:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.117519][ T26] audit: type=1326 audit(1769991642.341:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.160082][ T26] audit: type=1326 audit(1769991642.341:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.177795][ T4867] loop3: detected capacity change from 0 to 32768 [ 104.209002][ T26] audit: type=1326 audit(1769991642.341:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.237418][ T26] audit: type=1326 audit(1769991642.341:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.259833][ C1] vkms_vblank_simulate: vblank timer overrun [ 104.268700][ T26] audit: type=1326 audit(1769991642.341:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.327994][ T4867] XFS (loop3): Mounting V5 Filesystem [ 104.333994][ T26] audit: type=1326 audit(1769991642.341:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.417875][ T26] audit: type=1326 audit(1769991642.341:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4868 comm="syz.1.124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0b9c46eb9 code=0x7fc00000 [ 104.462419][ T4867] XFS (loop3): Ending clean mount [ 104.574914][ T4882] loop1: detected capacity change from 0 to 1024 [ 104.622372][ T4867] attempt to access beyond end of device [ 104.622372][ T4867] loop3: rw=4096, want=5772848362684416, limit=32768 [ 104.705310][ T1243] hfsplus: b-tree write err: -5, ino 4 [ 104.792510][ T4198] XFS (loop3): Unmounting Filesystem [ 104.820084][ T4884] loop2: detected capacity change from 0 to 4096 [ 104.994150][ T4887] loop1: detected capacity change from 0 to 4096 [ 105.029052][ T4296] udevd[4296]: incorrect nilfs2 checksum on /dev/loop2 [ 105.299509][ T4887] ntfs: volume version 3.1. [ 105.400742][ T4889] loop2: detected capacity change from 0 to 40427 [ 105.442375][ T4889] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 105.450467][ T4889] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 105.460856][ T4889] F2FS-fs (loop2): invalid crc value [ 105.531606][ T4889] F2FS-fs (loop2): Found nat_bits in checkpoint [ 105.582094][ T4889] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 105.589518][ T4889] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 105.771747][ T4899] udc-core: couldn't find an available UDC or it's busy [ 105.817772][ T4899] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 105.837253][ T4899] syz.3.128 uses obsolete (PF_INET,SOCK_PACKET) [ 105.874870][ T4903] device syzkaller1 entered promiscuous mode [ 106.140333][ T4902] loop1: detected capacity change from 0 to 4096 [ 106.838343][ T4588] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 107.525450][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 109.027635][ T4932] netlink: 4 bytes leftover after parsing attributes in process `syz.1.137'. [ 109.405156][ T4933] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 110.012007][ T4946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.135'. [ 110.027235][ T4946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.135'. [ 110.044822][ T4946] device bond0 entered promiscuous mode [ 110.054179][ T4946] device bond_slave_0 entered promiscuous mode [ 110.062062][ T4946] device bond_slave_1 entered promiscuous mode [ 110.071713][ T4946] device batadv0 entered promiscuous mode [ 110.092547][ T4946] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 110.101520][ T4946] device bond0 left promiscuous mode [ 110.106881][ T4946] device bond_slave_0 left promiscuous mode [ 110.113301][ T4946] device bond_slave_1 left promiscuous mode [ 110.123639][ T4946] device batadv0 left promiscuous mode [ 110.297389][ T4956] loop0: detected capacity change from 0 to 4096 [ 110.334368][ T4956] __ntfs_error: 74 callbacks suppressed [ 110.334387][ T4956] ntfs: (device loop0): parse_options(): Unrecognized mount option case_sefsitive. [ 110.382631][ T4956] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 110.416978][ T4956] ntfs: (device loop0): parse_options(): Unrecognized mount option show_sys_fil_files. [ 110.427611][ T4956] ntfs: (device loop0): parse_options(): The gid option requires an argument. [ 110.535565][ T4962] netlink: 124 bytes leftover after parsing attributes in process `syz.3.144'. [ 110.545026][ T4962] netlink: 'syz.3.144': attribute type 3 has an invalid length. [ 111.357678][ T4972] loop0: detected capacity change from 0 to 128 [ 111.385899][ T4974] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 111.455393][ T4972] FAT-fs (loop0): bogus number of FAT structure [ 111.485847][ T4972] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 111.516487][ T4972] FAT-fs (loop0): Can't find a valid FAT filesystem [ 111.524191][ T13] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 111.783188][ T4979] loop3: detected capacity change from 0 to 128 [ 111.802176][ T4966] loop4: detected capacity change from 0 to 32768 [ 111.809066][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 111.835395][ T4966] (syz.4.145,4966,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.872538][ T4966] (syz.4.145,4966,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 111.930462][ T4965] loop1: detected capacity change from 0 to 32768 [ 111.932589][ T4979] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 111.957709][ T4467] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 111.977670][ T13] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.994566][ T4966] JBD2: Ignoring recovery information on journal [ 112.001680][ T4979] hpfs: filesystem error: improperly stopped [ 112.007396][ T13] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 112.020644][ T4979] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 112.031616][ T4979] hpfs: filesystem error: dir band size mismatch: dir_band_start==7b318cc2, dir_band_end==7b318cc3, n_dir_band==00000001 [ 112.051242][ T4966] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 112.054912][ T4965] XFS (loop1): Mounting V5 Filesystem [ 112.190762][ T4965] XFS (loop1): Ending clean mount [ 112.198247][ T13] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 112.217558][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.225816][ T13] usb 3-1: Product: syz [ 112.241091][ T13] usb 3-1: Manufacturer: syz [ 112.245866][ T13] usb 3-1: SerialNumber: syz [ 112.424171][ T4467] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 112.437431][ T4188] XFS (loop1): Unmounting Filesystem [ 112.444207][ T4467] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.465245][ T4467] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 112.485554][ T4467] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.512243][ T4467] usb 1-1: config 0 descriptor?? [ 112.523339][ T4969] netlink: 20 bytes leftover after parsing attributes in process `syz.2.147'. [ 112.537031][ T4969] netlink: 20 bytes leftover after parsing attributes in process `syz.2.147'. [ 112.558950][ T4467] hub 1-1:0.0: USB hub found [ 112.632699][ T4969] loop2: detected capacity change from 0 to 2048 [ 112.748995][ T4969] UDF-fs: bad mount option "00000000000000000013X!MNlX -90 [ 113.719504][ T5006] loop3: detected capacity change from 0 to 8192 [ 113.725605][ T4187] ocfs2: Unmounting device (7,4) on (node local) [ 113.764241][ T5006] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 113.774322][ T5006] REISERFS (device loop3): using ordered data mode [ 113.781520][ T5006] reiserfs: using flush barriers [ 113.790260][ T5006] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 113.823740][ T5006] REISERFS (device loop3): checking transaction log (loop3) [ 113.915500][ T4972] udc-core: couldn't find an available UDC or it's busy [ 113.941622][ T4972] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 113.998104][ T5006] REISERFS (device loop3): Using tea hash to sort names [ 114.005572][ T5006] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 114.032569][ T5006] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 114.077676][ T26] audit: type=1400 audit(1769991652.471:80): apparmor="DENIED" operation="change_profile" info="label not found" error=-22 profile="unconfined" name="&" pid=5005 comm="syz.3.157" [ 114.223076][ T4231] usb 1-1: USB disconnect, device number 5 [ 114.238345][ T5016] loop4: detected capacity change from 0 to 4096 [ 114.254671][ T4467] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 114.262992][ T13] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 114.290733][ T5016] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 114.340617][ T5016] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 114.347907][ T5016] ntfs3: loop4: Failed to load root. [ 114.354650][ T5016] ntfs3: loop4: ntfs_evict_inode r=1a failed, -22. [ 114.567850][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 114.752225][ T5026] loop3: detected capacity change from 0 to 8 [ 114.818820][ T5029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.165'. [ 114.841574][ T5026] SQUASHFS error: zlib decompression failed, data probably corrupt [ 114.854143][ T5029] netlink: 76 bytes leftover after parsing attributes in process `syz.0.165'. [ 114.867834][ T5026] SQUASHFS error: Failed to read block 0x9b: -5 [ 114.875066][ T5026] SQUASHFS error: Unable to read metadata cache entry [99] [ 114.882929][ T5026] SQUASHFS error: Unable to read inode 0x127 [ 114.889733][ T13] usb 3-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=26.2f [ 114.908684][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.915694][ T5018] XFS (loop1): Mounting V5 Filesystem [ 114.926559][ T13] usb 3-1: Product: syz [ 114.940344][ T13] usb 3-1: Manufacturer: syz [ 114.949340][ T13] usb 3-1: SerialNumber: syz [ 114.962202][ T13] usb 3-1: config 0 descriptor?? [ 114.994968][ T5018] XFS (loop1): Ending clean mount [ 115.068751][ T13] ums-onetouch 3-1:0.0: USB Mass Storage device detected [ 115.121000][ T5018] XFS (loop1): Quotacheck needed: Please wait. [ 115.201113][ T13] usb 3-1: Found UVC 0.00 device syz (0d49:7000) [ 115.225723][ T13] usb 3-1: No valid video chain found. [ 117.531668][ T4296] udevd[4296]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 117.556094][ T5029] set_capacity_and_notify: 1 callbacks suppressed [ 117.556111][ T5029] loop0: detected capacity change from 0 to 32768 [ 117.668911][ T4231] usb 3-1: USB disconnect, device number 7 [ 117.692003][ T5029] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.165 (5029) [ 117.695465][ T5018] XFS (loop1): Quotacheck: Done. [ 117.769244][ T5029] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 117.804207][ T4188] XFS (loop1): Unmounting Filesystem [ 117.859541][ T5029] BTRFS info (device loop0): using free space tree [ 117.898578][ T5029] BTRFS info (device loop0): has skinny extents [ 118.241851][ T5029] BTRFS error (device loop0): open_ctree failed: -12 [ 118.643922][ T5051] loop2: detected capacity change from 0 to 32768 [ 118.734751][ T5051] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.168 (5051) [ 118.759757][ T5055] loop3: detected capacity change from 0 to 32768 [ 118.844142][ T5051] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 118.851842][ T5055] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.171 (5055) [ 118.897779][ T5051] BTRFS info (device loop2): using free space tree [ 118.907980][ T5051] BTRFS info (device loop2): has skinny extents [ 118.950867][ T5069] loop4: detected capacity change from 0 to 32768 [ 118.970817][ T5069] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.173 (5069) [ 119.005502][ T5074] mmap: syz.0.174 (5074): VmData 25837568 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data. [ 119.107595][ T4589] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 119.194078][ T4293] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (4293) [ 119.357116][ T5069] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 119.367942][ T4589] usb 2-1: Using ep0 maxpacket: 32 [ 119.400942][ T5069] BTRFS info (device loop4): setting nodatacow, compression disabled [ 119.444794][ T5069] BTRFS info (device loop4): force clearing of disk cache [ 119.452070][ T5069] BTRFS info (device loop4): enabling ssd optimizations [ 119.459793][ T5069] BTRFS info (device loop4): using spread ssd allocation scheme [ 119.467696][ T5069] BTRFS info (device loop4): turning off barriers [ 119.474761][ T5069] BTRFS info (device loop4): disabling free space tree [ 119.481875][ T5069] BTRFS info (device loop4): not using ssd optimizations [ 119.563054][ T4589] usb 2-1: unable to get BOS descriptor or descriptor too short [ 119.643857][ T5069] BTRFS info (device loop4): not using spread ssd allocation scheme [ 119.696541][ T4587] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 119.717795][ T4589] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 119.738732][ T5069] BTRFS info (device loop4): has skinny extents [ 119.977887][ T5051] BTRFS info (device loop2): enabling ssd optimizations [ 120.591213][ T26] audit: type=1804 audit(1769991658.991:81): pid=5051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.168" name="/newroot/35/file0/file1" dev="loop2" ino=260 res=1 errno=0 [ 120.612083][ T4589] usb 2-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 120.777834][ T4589] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 120.806535][ T5123] loop3: detected capacity change from 0 to 47 [ 120.813029][ T4587] usb 1-1: Using ep0 maxpacket: 8 [ 120.818465][ T4589] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.826487][ T4589] usb 2-1: Product: syz [ 120.888641][ T5069] BTRFS info (device loop4): clearing free space tree [ 120.895518][ T5069] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 120.935125][ T4589] usb 2-1: Manufacturer: syz [ 120.959688][ T5069] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 120.975725][ T4589] usb 2-1: SerialNumber: syz [ 120.981031][ T4587] usb 1-1: unable to get BOS descriptor or descriptor too short [ 121.084453][ T4587] usb 1-1: config 17 has an invalid interface number: 8 but max is 1 [ 121.103770][ T4587] usb 1-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 121.115177][ T4587] usb 1-1: config 17 has no interface number 0 [ 121.128449][ T4587] usb 1-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 144, changing to 7 [ 121.144704][ T4587] usb 1-1: config 17 interface 8 altsetting 6 endpoint 0x3 has invalid maxpacket 57893, setting to 1024 [ 121.162027][ T4587] usb 1-1: config 17 interface 8 has no altsetting 0 [ 121.330548][ T4587] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 121.341406][ T4587] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.352274][ T4587] usb 1-1: Product: syz [ 121.356980][ T4587] usb 1-1: Manufacturer: syz [ 121.368049][ T4587] usb 1-1: SerialNumber: syz [ 121.403437][ T4231] usb 4-1: new full-speed USB device number 5 using dummy_hcd [ 121.497146][ T4589] usb 2-1: USB disconnect, device number 4 [ 121.845989][ T5137] loop4: detected capacity change from 0 to 40427 [ 121.897759][ T5137] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 121.905564][ T5137] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 121.938869][ T5137] F2FS-fs (loop4): invalid crc value [ 122.037699][ T4296] udevd[4296]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 122.298538][ T5137] F2FS-fs (loop4): Found nat_bits in checkpoint [ 122.484602][ T5137] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 122.492011][ T5137] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 122.888603][ T4231] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 123.163653][ T4231] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x61, skipping [ 123.800189][ T4587] usb 1-1: selecting invalid altsetting 0 [ 123.806070][ T4587] usb 1-1: 8:6 : no UAC_FORMAT_TYPE desc [ 123.819652][ T4587] usb 1-1: selecting invalid altsetting 0 [ 123.847701][ T4231] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 123.898644][ T4587] usb 1-1: USB disconnect, device number 6 [ 123.958063][ T4231] usb 4-1: string descriptor 0 read error: -71 [ 123.964350][ T4231] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 124.004614][ T5164] loop2: detected capacity change from 0 to 4096 [ 124.053663][ T4231] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 124.083805][ T5164] ntfs: (device loop2): parse_options(): Unrecognized mount option case_sefsitive. [ 124.109556][ T4231] usb 4-1: config 0 descriptor?? [ 124.125553][ T5164] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 124.154512][ T4310] udevd[4310]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.171779][ T4231] usb 4-1: can't set config #0, error -71 [ 124.212698][ T5164] ntfs: (device loop2): parse_options(): Unrecognized mount option show_sys_fil_files. [ 124.218268][ T4231] usb 4-1: USB disconnect, device number 5 [ 124.283425][ T5164] ntfs: (device loop2): parse_options(): The gid option requires an argument. [ 124.481622][ T26] audit: type=1326 audit(1769991662.881:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.3.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 124.587780][ T1111] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 124.619245][ T26] audit: type=1326 audit(1769991662.971:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.3.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 124.678022][ T26] audit: type=1326 audit(1769991662.971:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.3.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 124.733293][ T26] audit: type=1326 audit(1769991662.971:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.3.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 124.758993][ T26] audit: type=1326 audit(1769991662.971:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5180 comm="syz.3.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 124.784814][ T5198] FAULT_INJECTION: forcing a failure. [ 124.784814][ T5198] name failslab, interval 1, probability 0, space 0, times 0 [ 124.799537][ T5198] CPU: 0 PID: 5198 Comm: syz.4.186 Not tainted syzkaller #0 [ 124.806958][ T5198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 124.817037][ T5198] Call Trace: [ 124.820338][ T5198] [ 124.823302][ T5198] dump_stack_lvl+0x188/0x250 [ 124.828014][ T5198] ? show_regs_print_info+0x20/0x20 [ 124.833237][ T5198] ? load_image+0x400/0x400 [ 124.837747][ T5198] should_fail+0x38c/0x4c0 [ 124.842252][ T5198] should_failslab+0x5/0x20 [ 124.846749][ T5198] slab_pre_alloc_hook+0x51/0xc0 [ 124.851695][ T5198] ? skb_clone+0x1bd/0x350 [ 124.856236][ T5198] kmem_cache_alloc+0x3d/0x290 [ 124.861283][ T5198] skb_clone+0x1bd/0x350 [ 124.865617][ T5198] __netlink_deliver_tap+0x3cd/0x7c0 [ 124.870926][ T5198] netlink_deliver_tap+0x16c/0x180 [ 124.876035][ T5198] netlink_unicast+0x74f/0x920 [ 124.880885][ T5198] netlink_sendmsg+0x8ba/0xbe0 [ 124.885742][ T5198] ? netlink_getsockopt+0x570/0x570 [ 124.890942][ T5198] ? aa_sock_msg_perm+0x94/0x150 [ 124.895971][ T5198] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 124.901371][ T5198] ? security_socket_sendmsg+0x7c/0xa0 [ 124.906825][ T5198] ? netlink_getsockopt+0x570/0x570 [ 124.912013][ T5198] ____sys_sendmsg+0x5b7/0x8f0 [ 124.916802][ T5198] ? __sys_sendmsg_sock+0x30/0x30 [ 124.921842][ T5198] ? import_iovec+0x6f/0xa0 [ 124.926529][ T5198] ___sys_sendmsg+0x236/0x2e0 [ 124.931311][ T5198] ? __sys_sendmsg+0x2a0/0x2a0 [ 124.936076][ T5198] ? vfs_write+0x8b2/0xd60 [ 124.940604][ T5198] __se_sys_sendmsg+0x1af/0x290 [ 124.945449][ T5198] ? __x64_sys_sendmsg+0x80/0x80 [ 124.950375][ T5198] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 124.956357][ T5198] ? lockdep_hardirqs_on+0x94/0x140 [ 124.961593][ T5198] do_syscall_64+0x4c/0xa0 [ 124.966004][ T5198] ? clear_bhb_loop+0x30/0x80 [ 124.970941][ T5198] ? clear_bhb_loop+0x30/0x80 [ 124.975761][ T5198] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 124.981655][ T5198] RIP: 0033:0x7f58f8c07eb9 [ 124.986069][ T5198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 125.005671][ T5198] RSP: 002b:00007f58f6e63028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 125.014103][ T5198] RAX: ffffffffffffffda RBX: 00007f58f8e82fa0 RCX: 00007f58f8c07eb9 [ 125.022073][ T5198] RDX: 000000002400c000 RSI: 00002000000003c0 RDI: 0000000000000005 [ 125.030047][ T5198] RBP: 00007f58f6e63090 R08: 0000000000000000 R09: 0000000000000000 [ 125.038194][ T5198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 125.046301][ T5198] R13: 00007f58f8e83038 R14: 00007f58f8e82fa0 R15: 00007ffda3377308 [ 125.054288][ T5198] [ 125.087753][ T1111] usb 1-1: Using ep0 maxpacket: 8 [ 125.208017][ T1111] usb 1-1: unable to get BOS descriptor or descriptor too short [ 125.297726][ T1111] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 125.305912][ T1111] usb 1-1: can't read configurations, error -71 [ 125.770478][ T5222] netlink: 'syz.4.205': attribute type 1 has an invalid length. [ 126.089429][ T5229] binder_alloc: 5228: pid 5228 spamming oneway? 2 buffers allocated for a total size of 5120 [ 126.187803][ T5235] binder_alloc: 5228: pid 5228 spamming oneway? 3 buffers allocated for a total size of 5128 [ 126.437865][ T5143] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 126.687786][ T5143] usb 3-1: Using ep0 maxpacket: 16 [ 126.817877][ T5143] usb 3-1: config 0 has no interfaces? [ 126.908292][ T5143] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 126.937667][ T5143] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 126.969127][ T5143] usb 3-1: Manufacturer: syz [ 127.017846][ T5143] usb 3-1: config 0 descriptor?? [ 127.200850][ T5262] netlink: 20 bytes leftover after parsing attributes in process `syz.0.220'. [ 127.223996][ T5262] device geneve2 entered promiscuous mode [ 127.238127][ T5143] Bluetooth: hci5: command 0x1003 tx timeout [ 127.245327][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 128.134905][ T4472] usb 3-1: USB disconnect, device number 8 [ 129.187638][ T4589] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 129.260218][ T5309] netlink: 16 bytes leftover after parsing attributes in process `syz.1.233'. [ 129.287662][ T5309] netlink: 16 bytes leftover after parsing attributes in process `syz.1.233'. [ 129.318004][ T5143] Bluetooth: hci5: command 0x1001 tx timeout [ 129.324178][ T4199] Bluetooth: hci5: sending frame failed (-49) [ 129.338876][ T5309] netlink: 7 bytes leftover after parsing attributes in process `syz.1.233'. [ 129.457559][ T4589] usb 1-1: Using ep0 maxpacket: 16 [ 129.497865][ T4589] usb 1-1: too many configurations: 123, using maximum allowed: 8 [ 129.607705][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.737819][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.857628][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.977673][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.077639][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.187954][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.308395][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.397789][ T4589] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.493849][ T4587] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 130.522076][ T4589] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 130.544799][ T4589] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 130.572254][ T4589] usb 1-1: SerialNumber: syz [ 130.602494][ T4589] usb 1-1: config 0 descriptor?? [ 130.649407][ T4589] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input6 [ 130.737874][ T4587] usb 3-1: Using ep0 maxpacket: 8 [ 130.750352][ T5326] tipc: Started in network mode [ 130.755574][ T5326] tipc: Node identity ba9b8dc70f23, cluster identity 4711 [ 130.787925][ T5326] tipc: Enabled bearer , priority 0 [ 130.795639][ T5326] device syzkaller0 entered promiscuous mode [ 130.820365][ T5326] tipc: Resetting bearer [ 130.847211][ T5325] tipc: Resetting bearer [ 130.857803][ T4587] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 130.878433][ T5325] tipc: Disabling bearer [ 130.881010][ T4587] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 130.915182][ T4587] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 130.922243][ T5303] input: syz0 as /devices/virtual/input/input7 [ 130.947653][ T4587] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 130.976218][ T4587] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 131.007702][ T3549] bcm5974 1-1:0.0: could not read from device [ 131.022401][ T4587] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 131.042095][ T4587] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.073652][ T4589] usb 1-1: USB disconnect, device number 9 [ 131.090665][ T3549] bcm5974 1-1:0.0: could not read from device [ 131.119099][ T3549] bcm5974 1-1:0.0: could not read from device [ 131.337814][ T4587] usb 3-1: GET_CAPABILITIES returned 0 [ 131.346422][ T4587] usbtmc 3-1:16.0: can't read capabilities [ 131.397979][ T4589] Bluetooth: hci5: command 0x1009 tx timeout [ 131.615549][ T5353] netlink: 8 bytes leftover after parsing attributes in process `syz.0.252'. [ 131.665026][ T5353] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 132.084670][ T4587] usb 3-1: USB disconnect, device number 9 [ 132.839981][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.846317][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.793587][ T5389] xt_TCPMSS: Only works on TCP SYN packets [ 135.630946][ T5422] netlink: 56 bytes leftover after parsing attributes in process `syz.1.275'. [ 135.993812][ T5437] device hsr0 entered promiscuous mode [ 136.044879][ T5437] device macsec1 entered promiscuous mode [ 136.617806][ T4292] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 137.008083][ T4292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 137.090533][ T4292] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.162519][ T4292] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 137.221255][ T4292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.278814][ T4292] usb 3-1: config 0 descriptor?? [ 137.601107][ T5455] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 137.953873][ T4589] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 138.402310][ T4589] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 138.410645][ T4589] usb 1-1: config 0 has no interface number 0 [ 138.598009][ T4589] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 138.607338][ T4589] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.615850][ T4589] usb 1-1: Product: syz [ 138.628729][ T4589] usb 1-1: Manufacturer: syz [ 138.637160][ T4589] usb 1-1: SerialNumber: syz [ 138.662518][ T4589] usb 1-1: config 0 descriptor?? [ 138.949009][ T4589] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 138.976019][ T4589] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 138.998439][ T4589] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 139.026771][ T4589] usb 1-1: media controller created [ 139.077331][ T4589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 139.086245][ T5474] netlink: 12 bytes leftover after parsing attributes in process `syz.3.295'. [ 139.161505][ T5474] 8021q: adding VLAN 0 to HW filter on device bond1 [ 139.209000][ T5476] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 139.235830][ T4599] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 139.462213][ T5478] netlink: 40 bytes leftover after parsing attributes in process `syz.3.296'. [ 139.472968][ T4292] usbhid 3-1:0.0: can't add hid device: -71 [ 139.487665][ T4292] usbhid: probe of 3-1:0.0 failed with error -71 [ 139.517870][ T4292] usb 3-1: USB disconnect, device number 10 [ 139.976776][ T5495] tipc: Started in network mode [ 140.005564][ T5495] tipc: Node identity 327bf85aadfa, cluster identity 4711 [ 140.035019][ T5495] tipc: Enabled bearer , priority 0 [ 140.097044][ T5495] tipc: Resetting bearer [ 140.156159][ T5494] tipc: Disabling bearer [ 140.209308][ T4589] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 140.215856][ T5457] usb 1-1: dvb_usb_ec168: I2C read not implemented [ 140.376913][ T4589] usb 1-1: USB disconnect, device number 10 [ 141.213199][ T5517] netlink: 24 bytes leftover after parsing attributes in process `syz.0.308'. [ 141.243347][ T5519] netlink: 4 bytes leftover after parsing attributes in process `syz.2.310'. [ 141.352891][ T5523] tipc: Started in network mode [ 141.364227][ T5523] tipc: Node identity 0682ad2307ad, cluster identity 4711 [ 141.373717][ T5523] tipc: Enabled bearer , priority 0 [ 141.385520][ T5523] device syzkaller0 entered promiscuous mode [ 141.405300][ T5523] tipc: Resetting bearer [ 141.435606][ T5522] tipc: Resetting bearer [ 141.448460][ T5517] libceph: resolve '0..' (ret=-3): failed [ 141.526543][ T5522] tipc: Disabling bearer [ 141.919692][ T5546] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 142.835813][ T5562] netlink: 4 bytes leftover after parsing attributes in process `syz.4.326'. [ 144.313136][ T5598] syz.3.337 sent an empty control message without MSG_MORE. [ 145.131247][ T5609] netlink: 28 bytes leftover after parsing attributes in process `syz.4.342'. [ 145.187144][ T5609] netlink: 28 bytes leftover after parsing attributes in process `syz.4.342'. [ 145.217304][ T5609] device erspan0 entered promiscuous mode [ 145.228597][ T5609] device bridge0 entered promiscuous mode [ 145.241545][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 146.013796][ T5621] tipc: Started in network mode [ 146.026388][ T5621] tipc: Node identity 52190697ab27, cluster identity 4711 [ 146.067775][ T5621] tipc: Enabled bearer , priority 0 [ 146.109581][ T5622] device syzkaller0 entered promiscuous mode [ 146.177974][ T5621] tipc: Resetting bearer [ 146.227713][ T5620] tipc: Resetting bearer [ 146.275445][ T5620] tipc: Disabling bearer [ 146.665700][ T5628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.348'. [ 147.216265][ T5664] tipc: Enabled bearer , priority 0 [ 147.259522][ T5664] device syzkaller0 entered promiscuous mode [ 147.313878][ T5664] tipc: Resetting bearer [ 147.339760][ T5663] tipc: Resetting bearer [ 147.366903][ T5663] tipc: Disabling bearer [ 149.324415][ T26] kauditd_printk_skb: 35 callbacks suppressed [ 149.324432][ T26] audit: type=1326 audit(1769991687.721:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5684 comm="syz.3.366" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x0 [ 149.419128][ T5707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.366'. [ 149.507704][ T1111] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 149.757638][ T1111] usb 3-1: Using ep0 maxpacket: 8 [ 149.878152][ T1111] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 149.987844][ T1111] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 150.015923][ T1111] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 150.028505][ T1111] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.058165][ T1111] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 150.095904][ T1111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.420466][ T1111] usb 3-1: GET_CAPABILITIES returned 0 [ 150.426190][ T1111] usbtmc 3-1:16.0: can't read capabilities [ 150.447543][ T4231] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 150.667002][ T1111] usb 3-1: USB disconnect, device number 11 [ 150.707541][ T4231] usb 4-1: Using ep0 maxpacket: 8 [ 150.838343][ T4231] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 150.868615][ T4231] usb 4-1: config 179 has no interface number 0 [ 150.877942][ T4231] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 150.916070][ T4231] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 150.956017][ T4231] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 150.984517][ T4231] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 151.006845][ T4231] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 151.024079][ T4231] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 151.035684][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.047705][ T26] audit: type=1804 audit(1769991689.441:123): pid=5726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.380" name="/newroot/74/file1" dev="fuse" ino=1 res=1 errno=0 [ 151.127858][ T26] audit: type=1800 audit(1769991689.471:124): pid=5726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.380" name="/" dev="fuse" ino=1 res=0 errno=0 [ 151.128019][ T5720] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 151.170536][ T26] audit: type=1804 audit(1769991689.481:125): pid=5723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.380" name="/newroot/74/file1" dev="fuse" ino=1 res=1 errno=0 [ 151.229868][ T26] audit: type=1800 audit(1769991689.481:126): pid=5723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.380" name="/" dev="fuse" ino=1 res=0 errno=0 [ 151.277114][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 151.371610][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 151.474614][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 151.544264][ T1111] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 151.567273][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 151.641451][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 151.691551][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 151.703068][ T26] audit: type=1326 audit(1769991690.111:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5743 comm="syz.2.386" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe9aab31eb9 code=0x0 [ 151.731262][ T5731] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 151.784956][ T4589] usb 4-1: USB disconnect, device number 6 [ 151.793792][ T5736] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 151.801208][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 151.801380][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 151.806202][ T4589] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 152.128054][ T5751] xt_hashlimit: size too large, truncated to 1048576 [ 153.865298][ T5778] device syzkaller0 entered promiscuous mode [ 154.608892][ T4589] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 154.927721][ T4589] usb 3-1: Using ep0 maxpacket: 16 [ 154.982775][ T5791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.403'. [ 155.011029][ T5791] netlink: 20 bytes leftover after parsing attributes in process `syz.1.403'. [ 155.047818][ T4589] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 155.229378][ T4589] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 155.263673][ T4589] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.283732][ T4589] usb 3-1: Product: syz [ 155.288781][ T4589] usb 3-1: Manufacturer: syz [ 155.293671][ T4589] usb 3-1: SerialNumber: syz [ 155.310964][ T4589] usb 3-1: config 0 descriptor?? [ 155.368611][ T4589] hub 3-1:0.0: bad descriptor, ignoring hub [ 155.374572][ T4589] hub: probe of 3-1:0.0 failed with error -5 [ 155.481970][ T5143] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 155.497036][ T5756] syz.0.389 (5756): drop_caches: 1 [ 155.501239][ T5755] syz.0.389 (5755): drop_caches: 1 [ 155.744120][ T26] audit: type=1326 audit(1769991694.141:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 155.774568][ T26] audit: type=1326 audit(1769991694.171:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 155.813099][ T5783] udc-core: couldn't find an available UDC or it's busy [ 155.830035][ T26] audit: type=1326 audit(1769991694.211:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe9aaaf278e code=0x7ffc0000 [ 155.858063][ T5783] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 155.888040][ T5143] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.914676][ T26] audit: type=1326 audit(1769991694.211:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe9aab31b4b code=0x7ffc0000 [ 155.946509][ T5143] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 155.976102][ T5143] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 155.988863][ T5783] udc-core: couldn't find an available UDC or it's busy [ 155.995070][ T5143] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.004370][ T26] audit: type=1326 audit(1769991694.211:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe9aab31b4b code=0x7ffc0000 [ 156.012319][ T5783] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 156.034764][ T5143] usb 2-1: config 0 descriptor?? [ 156.063674][ T26] audit: type=1326 audit(1769991694.261:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 156.155280][ T26] audit: type=1326 audit(1769991694.311:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 156.207839][ T26] audit: type=1326 audit(1769991694.311:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 156.382269][ T26] audit: type=1326 audit(1769991694.311:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 156.383898][ T5143] usb 2-1: USB disconnect, device number 5 [ 156.467552][ T26] audit: type=1326 audit(1769991694.311:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5782 comm="syz.2.400" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 156.866598][ T5826] netlink: 'syz.4.417': attribute type 3 has an invalid length. [ 157.107583][ T5143] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 157.330607][ T4472] usb 3-1: USB disconnect, device number 12 [ 157.367588][ T5143] usb 1-1: Using ep0 maxpacket: 16 [ 157.497798][ T5143] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 157.717920][ T5143] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 157.739722][ T5844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.422'. [ 157.760440][ T5844] device bond_slave_0 entered promiscuous mode [ 157.767177][ T5844] device bond_slave_1 entered promiscuous mode [ 157.791534][ T5143] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.799711][ T5143] usb 1-1: Product: syz [ 157.805457][ T5143] usb 1-1: Manufacturer: syz [ 157.819985][ T5143] usb 1-1: SerialNumber: syz [ 157.837528][ T5844] device macvtap1 entered promiscuous mode [ 157.843403][ T5844] device bond0 entered promiscuous mode [ 157.855416][ T5844] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 157.884037][ T5143] usb 1-1: config 0 descriptor?? [ 157.954110][ T5844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.422'. [ 158.060487][ T5844] device bond0 left promiscuous mode [ 158.116578][ T5844] device bond_slave_0 left promiscuous mode [ 158.123640][ T5844] device bond_slave_1 left promiscuous mode [ 158.343796][ T5863] udc-core: couldn't find an available UDC or it's busy [ 158.391378][ T5865] tipc: Enabled bearer , priority 0 [ 158.402127][ T5863] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 158.408050][ T5869] device syzkaller0 entered promiscuous mode [ 158.433041][ T5868] netlink: 'syz.4.430': attribute type 10 has an invalid length. [ 158.611826][ T5868] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 158.743462][ T5880] tipc: Resetting bearer [ 158.814026][ T5880] tipc: Disabling bearer [ 159.950224][ T4472] usb 1-1: USB disconnect, device number 11 [ 160.917661][ T5144] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 161.117505][ T4231] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 161.340235][ T5144] usb 2-1: config 0 has no interfaces? [ 161.346442][ T5144] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 161.377671][ T4231] usb 1-1: Using ep0 maxpacket: 32 [ 161.383260][ T5144] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.413872][ T5144] usb 2-1: config 0 descriptor?? [ 161.538099][ T4231] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 161.556634][ T4231] usb 1-1: config 0 has no interface number 0 [ 161.594904][ T4231] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 161.637726][ T1111] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 161.679190][ T5918] kvm [5916]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x9d00 [ 161.719795][ T5918] kvm [5916]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x9d00 [ 161.775950][ T5918] APIC base relocation is unsupported by KVM [ 161.803833][ T4231] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 161.831397][ T4231] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.845624][ T4231] usb 1-1: Product: syz [ 161.862543][ T4231] usb 1-1: Manufacturer: syz [ 161.876128][ T4231] usb 1-1: SerialNumber: syz [ 161.895171][ T4231] usb 1-1: config 0 descriptor?? [ 161.902954][ T1111] usb 4-1: Using ep0 maxpacket: 32 [ 161.923653][ T4472] usb 2-1: USB disconnect, device number 6 [ 161.969397][ T4231] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 162.000191][ T4231] em28xx 1-1:0.132: Video interface 132 found: [ 162.187674][ T1111] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 162.197365][ T1111] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.207643][ T1111] usb 4-1: Product: syz [ 162.211984][ T1111] usb 4-1: Manufacturer: syz [ 162.216717][ T1111] usb 4-1: SerialNumber: syz [ 162.236223][ T1111] usb 4-1: config 0 descriptor?? [ 162.400855][ T4231] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 162.499445][ T1111] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 007 [ 162.551153][ T5942] netlink: 68 bytes leftover after parsing attributes in process `syz.1.452'. [ 163.232153][ T5947] mmap: syz.3.447 (5947) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 163.247629][ T5927] i2c i2c-1: failure reading status [ 163.329908][ T1111] usb 4-1: USB disconnect, device number 7 [ 163.678303][ T4231] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 163.702982][ T4231] em28xx 1-1:0.132: board has no eeprom [ 163.817521][ T4231] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 163.830093][ T4231] em28xx 1-1:0.132: analog set to bulk mode. [ 163.882045][ T4472] em28xx 1-1:0.132: Registering V4L2 extension [ 164.088077][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 164.121658][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 164.158168][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 164.198286][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 164.401094][ T5971] device bond_slave_0 entered promiscuous mode [ 164.407480][ T5971] device bond_slave_1 entered promiscuous mode [ 164.413681][ T5971] device wlan1 entered promiscuous mode [ 164.477824][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x84 (error=-5) [ 164.513597][ T5962] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 164.522495][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x86 (error=-5) [ 164.537900][ T5962] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 164.599058][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x94 (error=-5) [ 164.631290][ T5971] device vlan2 entered promiscuous mode [ 164.637952][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0x96 (error=-5) [ 164.713822][ T5971] device bond0 entered promiscuous mode [ 164.867747][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5) [ 164.917649][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5) [ 164.957726][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5) [ 164.987616][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5) [ 165.057848][ T4472] em28xx 1-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5) [ 165.086685][ T5143] usb 1-1: USB disconnect, device number 12 [ 165.086965][ T4472] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 165.140549][ T5143] em28xx 1-1:0.132: Disconnecting em28xx [ 165.214858][ T4472] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 165.266298][ T4472] em28xx 1-1:0.132: No AC97 audio processor [ 165.362015][ T4472] usb 1-1: Decoder not found [ 165.405300][ T4472] em28xx 1-1:0.132: failed to create media graph [ 165.461620][ T4472] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 165.640989][ T4472] em28xx 1-1:0.132: Remote control support is not available for this card. [ 165.692028][ T5143] em28xx 1-1:0.132: Closing input extension [ 165.766774][ T5999] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 165.821431][ T5143] em28xx 1-1:0.132: Freeing device [ 165.917608][ T5144] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 166.297741][ T5144] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 166.336547][ T5144] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 166.377162][ T5144] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 166.395746][ T6004] device syzkaller0 entered promiscuous mode [ 166.657751][ T5144] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 166.696447][ T5144] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 166.726772][ T5144] usb 2-1: Product: syz [ 166.766209][ T5144] usb 2-1: Manufacturer: syz [ 166.811329][ T5144] usb 2-1: SerialNumber: syz [ 167.135321][ T5144] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 167.308270][ T5144] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 167.429963][ T5145] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 167.677582][ T5144] usb 4-1: unable to get BOS descriptor or descriptor too short [ 167.687727][ T5145] usb 5-1: Using ep0 maxpacket: 8 [ 167.801844][ T5144] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 167.818028][ T5145] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 167.834751][ T5144] usb 4-1: can't read configurations, error -71 [ 167.845875][ T5145] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 167.889176][ T5145] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 167.941048][ T5145] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 167.974969][ T5145] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 168.024974][ T5145] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 168.055410][ T5145] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.268423][ T6027] sg_write: data in/out 65500/154 bytes for SCSI command 0x4-- guessing data in; [ 168.268423][ T6027] program syz.3.478 not setting count and/or reply_len properly [ 168.357811][ T5145] usb 5-1: GET_CAPABILITIES returned 0 [ 168.363936][ T5145] usbtmc 5-1:16.0: can't read capabilities [ 168.529192][ T6033] device syzkaller0 entered promiscuous mode [ 170.155369][ T5144] usb 2-1: USB disconnect, device number 7 [ 170.195935][ T4589] usblp0: removed [ 170.279093][ T4231] usb 5-1: USB disconnect, device number 5 [ 170.800267][ T6057] tipc: Enabled bearer , priority 0 [ 170.843507][ T6057] device syzkaller0 entered promiscuous mode [ 170.888959][ T6057] tipc: Resetting bearer [ 170.927817][ T6056] tipc: Resetting bearer [ 170.966237][ T6056] tipc: Disabling bearer [ 171.885657][ T6069] device syzkaller0 entered promiscuous mode [ 171.997763][ T6060] program syz.1.487 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 172.196431][ T6081] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 173.694109][ T4231] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 173.752932][ T4231] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 173.967678][ T5143] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 174.517647][ T5143] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 174.540270][ T5143] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.583212][ T5143] usb 2-1: Product: syz [ 174.597962][ T5143] usb 2-1: Manufacturer: syz [ 174.602615][ T5143] usb 2-1: SerialNumber: syz [ 174.640728][ T5143] usb 2-1: config 0 descriptor?? [ 174.685429][ T5143] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 174.712428][ T5143] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 174.761699][ T5143] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 174.780684][ T5143] usb 2-1: media controller created [ 174.807087][ T6143] netlink: 'syz.3.502': attribute type 2 has an invalid length. [ 174.837057][ T5143] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 174.892782][ T6145] netlink: 'syz.2.503': attribute type 10 has an invalid length. [ 174.943222][ T6145] device ipvlan1 entered promiscuous mode [ 174.955413][ T6128] digitv: more than 2 i2c messages at a time is not handled yet. TODO. [ 175.002470][ T6145] team0: Device ipvlan1 failed to register rx_handler [ 175.028249][ T6128] dvb-usb: bulk message failed: -22 (7/0) [ 175.074012][ T5143] DVB: Unable to find symbol mt352_attach() [ 175.216625][ T5143] DVB: Unable to find symbol nxt6000_attach() [ 175.251657][ T5143] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 175.338378][ T5143] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 175.404544][ T5143] dvb-usb: schedule remote query interval to 1000 msecs. [ 175.423462][ T5143] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 175.499339][ T5143] dvb-usb: bulk message failed: -22 (7/0) [ 175.538368][ T4231] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 175.561838][ T5143] dvb-usb: bulk message failed: -22 (7/0) [ 175.877665][ T5143] Bluetooth: hci0: command 0x0406 tx timeout [ 175.887663][ T5143] Bluetooth: hci1: command 0x0406 tx timeout [ 175.905941][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 175.931333][ T5143] Bluetooth: hci2: command 0x0406 tx timeout [ 175.969066][ T4231] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 175.995316][ T4231] usb 5-1: config 0 has no interface number 0 [ 176.227616][ T4231] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 176.250630][ T4231] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.289306][ T4231] usb 5-1: Product: syz [ 176.329475][ T4231] usb 5-1: Manufacturer: syz [ 176.366513][ T4231] usb 5-1: SerialNumber: syz [ 176.413667][ T4231] usb 5-1: config 0 descriptor?? [ 176.440683][ T5143] dvb-usb: bulk message failed: -22 (7/0) [ 176.448370][ T5143] dvb-usb: error while querying for an remote control event. [ 176.616849][ T1111] usb 2-1: USB disconnect, device number 8 [ 176.787277][ T6159] syz.3.506 (6159): drop_caches: 1 [ 176.802011][ T6157] syz.3.506 (6157): drop_caches: 1 [ 176.810452][ T1111] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 177.007667][ T5143] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 177.266398][ T6189] fuse: Bad value for 'fd' [ 177.341352][ T6191] loop7: detected capacity change from 0 to 7 [ 177.364154][ T6191] Dev loop7: unable to read RDB block 7 [ 177.383065][ T6191] loop7: unable to read partition table [ 177.389374][ T5143] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 177.410057][ T5143] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.441108][ T6191] loop7: partition table beyond EOD, truncated [ 177.450948][ T5143] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 177.471676][ T6191] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 177.506738][ T5143] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.543698][ T3564] Dev loop7: unable to read RDB block 7 [ 177.552379][ T3564] loop7: unable to read partition table [ 177.565487][ T3564] loop7: partition table beyond EOD, truncated [ 177.677965][ T5143] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 177.732968][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 177.795141][ T5143] usb 3-1: Product: syz [ 177.812367][ T5143] usb 3-1: Manufacturer: syz [ 177.889048][ T5143] cdc_wdm 3-1:1.0: skipping garbage [ 177.898938][ T5143] cdc_wdm 3-1:1.0: skipping garbage [ 177.966115][ T5143] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 177.982330][ T5143] cdc_wdm 3-1:1.0: Unknown control protocol [ 178.093074][ T5143] usb 3-1: USB disconnect, device number 13 [ 178.667529][ T5143] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 178.888955][ T4231] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 178.926114][ T4231] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 178.957992][ T4231] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 178.980237][ T4231] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 179.008013][ T4231] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 179.057597][ T5143] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 179.072947][ T4231] usb 5-1: USB disconnect, device number 6 [ 179.111660][ T4231] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 179.125989][ T5143] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.151567][ T4231] keyspan 5-1:0.133: device disconnected [ 179.265972][ T5143] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 179.346330][ T5143] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.543694][ T5143] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 179.565842][ T5143] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 179.586789][ T5143] usb 3-1: Product: syz [ 179.594662][ T5143] usb 3-1: Manufacturer: syz [ 179.658803][ T5143] cdc_wdm 3-1:1.0: skipping garbage [ 179.667161][ T5143] cdc_wdm 3-1:1.0: skipping garbage [ 179.704326][ T5143] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 179.728154][ T5143] cdc_wdm 3-1:1.0: Unknown control protocol [ 179.794965][ T5143] usb 3-1: USB disconnect, device number 14 [ 179.990659][ T6234] device batadv0 entered promiscuous mode [ 180.026939][ T6234] device vlan2 entered promiscuous mode [ 181.074032][ T6255] netlink: 'syz.2.539': attribute type 4 has an invalid length. [ 181.177563][ T5143] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 181.357842][ T1111] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 181.446932][ T6262] netlink: 8 bytes leftover after parsing attributes in process `syz.1.541'. [ 181.547683][ T5143] usb 1-1: config 0 has an invalid interface number: 50 but max is 0 [ 181.569985][ T5143] usb 1-1: config 0 has no interface number 0 [ 181.607985][ T1111] usb 5-1: Using ep0 maxpacket: 8 [ 181.757774][ T1111] usb 5-1: config 0 has an invalid interface number: 186 but max is 0 [ 181.767641][ T5143] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 181.777078][ T1111] usb 5-1: config 0 has no interface number 0 [ 181.790749][ T5143] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.791187][ T1111] usb 5-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 181.820050][ T1111] usb 5-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x9A, skipping [ 181.841450][ T1111] usb 5-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 181.861753][ T5143] usb 1-1: Product: syz [ 181.869722][ T6271] device syzkaller0 entered promiscuous mode [ 181.882061][ T5143] usb 1-1: Manufacturer: syz [ 181.897667][ T5143] usb 1-1: SerialNumber: syz [ 181.920366][ T5143] usb 1-1: config 0 descriptor?? [ 181.983933][ T5143] yurex 1-1:0.50: Could not find endpoints [ 182.155728][ T6275] device syzkaller0 entered promiscuous mode [ 182.189841][ T5143] usb 1-1: USB disconnect, device number 13 [ 182.218511][ T1111] usb 5-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 182.255443][ T1111] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.286008][ T1111] usb 5-1: Product: syz [ 182.316185][ T1111] usb 5-1: Manufacturer: syz [ 182.342572][ T1111] usb 5-1: SerialNumber: syz [ 182.376724][ T1111] usb 5-1: config 0 descriptor?? [ 182.428693][ T1111] iowarrior 5-1:0.186: no interrupt-in endpoint found [ 183.177701][ T4292] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 183.557807][ T4292] usb 3-1: config 0 has an invalid interface number: 37 but max is 0 [ 183.568346][ T4292] usb 3-1: config 0 has no interface number 0 [ 183.738627][ T4292] usb 3-1: New USB device found, idVendor=2639, idProduct=0003, bcdDevice=fd.62 [ 183.765417][ T4292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.775555][ T4292] usb 3-1: Product: syz [ 183.784542][ T4292] usb 3-1: Manufacturer: syz [ 183.793758][ T4292] usb 3-1: SerialNumber: syz [ 183.804913][ T4292] usb 3-1: config 0 descriptor?? [ 184.152169][ T5143] usb 5-1: USB disconnect, device number 7 [ 184.282968][ T6312] device syzkaller0 entered promiscuous mode [ 185.536588][ T4470] usb 3-1: USB disconnect, device number 15 [ 185.996053][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 186.030356][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 186.045855][ T6332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.237766][ T5143] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 186.284482][ T6340] tipc: Enabled bearer , priority 0 [ 186.354082][ T6342] device syzkaller0 entered promiscuous mode [ 186.456900][ T6340] tipc: Resetting bearer [ 186.727764][ T5143] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.741942][ T5143] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 186.766686][ T5143] usb 4-1: config 1 has no interface number 0 [ 186.789456][ T5143] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.822872][ T5143] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 186.839848][ T6339] tipc: Resetting bearer [ 186.848578][ T5143] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 247, using maximum allowed: 30 [ 186.867574][ T5143] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 247 [ 186.886394][ T6339] tipc: Disabling bearer [ 186.907212][ T6347] device syzkaller0 entered promiscuous mode [ 187.067721][ T5143] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 187.102041][ T5143] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.153532][ T5143] usb 4-1: Product: syz [ 187.184593][ T5143] usb 4-1: Manufacturer: syz [ 187.199277][ T5143] usb 4-1: SerialNumber: syz [ 188.617491][ T1111] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 188.935518][ T6383] device syzkaller0 entered promiscuous mode [ 189.057575][ T1111] usb 1-1: unable to get BOS descriptor or descriptor too short [ 189.117985][ T1111] usb 1-1: not running at top speed; connect to a high speed hub [ 189.224060][ T1111] usb 1-1: config 14 has an invalid interface number: 21 but max is 0 [ 189.236483][ T1111] usb 1-1: config 14 has no interface number 0 [ 189.260229][ T1111] usb 1-1: config 14 interface 21 has no altsetting 0 [ 189.550838][ T1111] usb 1-1: string descriptor 0 read error: -22 [ 189.558323][ T1111] usb 1-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc [ 189.581943][ T1111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.657737][ T5143] cdc_ncm 4-1:1.1: bind() failure [ 189.670009][ T1111] usb 1-1: MIDIStreaming interface descriptor not found [ 189.707574][ T5143] usb 4-1: USB disconnect, device number 10 [ 189.870137][ T1111] usb 1-1: USB disconnect, device number 14 [ 190.336365][ T6397] crypto_alloc_aead failed rc=-2 [ 191.405055][ T6418] device syzkaller0 entered promiscuous mode [ 194.280672][ T1425] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.287004][ T1425] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.592388][ T6446] tipc: Enabled bearer , priority 0 [ 204.655665][ T6453] device syzkaller0 entered promiscuous mode [ 204.673022][ T6452] netlink: 40 bytes leftover after parsing attributes in process `syz.1.605'. [ 204.728220][ T6446] tipc: Resetting bearer [ 204.757931][ T6443] tipc: Resetting bearer [ 204.778785][ T6443] tipc: Disabling bearer [ 204.897641][ T6456] netlink: 4 bytes leftover after parsing attributes in process `syz.1.606'. [ 204.934260][ T6456] device team_slave_0 entered promiscuous mode [ 204.941307][ T6456] device team_slave_1 entered promiscuous mode [ 204.986106][ T6456] device macvtap1 entered promiscuous mode [ 205.016426][ T6456] device team0 entered promiscuous mode [ 205.042526][ T6456] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 205.185257][ T6457] device team0 left promiscuous mode [ 205.224952][ T6457] device team_slave_0 left promiscuous mode [ 205.231172][ T6457] device team_slave_1 left promiscuous mode [ 205.396916][ T6465] netlink: 'syz.0.609': attribute type 6 has an invalid length. [ 205.417763][ T6465] netlink: 'syz.0.609': attribute type 7 has an invalid length. [ 205.638228][ T6465] netlink: 'syz.0.609': attribute type 8 has an invalid length. [ 206.120903][ T6485] netlink: 24 bytes leftover after parsing attributes in process `syz.2.615'. [ 206.343692][ T6492] tipc: Started in network mode [ 206.360023][ T6492] tipc: Node identity c2bd662d677e, cluster identity 4711 [ 206.387703][ T6492] tipc: Enabled bearer , priority 0 [ 206.419162][ T6493] device syzkaller0 entered promiscuous mode [ 206.483258][ T6489] tipc: Resetting bearer [ 206.539515][ T6489] tipc: Disabling bearer [ 206.597544][ T4589] Bluetooth: hci4: command 0x0406 tx timeout [ 206.878991][ T26] kauditd_printk_skb: 25 callbacks suppressed [ 206.879009][ T26] audit: type=1326 audit(1769991745.281:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 206.971821][ T26] audit: type=1326 audit(1769991745.311:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.059438][ T26] audit: type=1326 audit(1769991745.311:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.147508][ T4231] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 207.216103][ T26] audit: type=1326 audit(1769991745.311:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.275401][ T26] audit: type=1326 audit(1769991745.311:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.362245][ T26] audit: type=1326 audit(1769991745.311:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.427637][ T4231] usb 5-1: Using ep0 maxpacket: 16 [ 207.496823][ T26] audit: type=1326 audit(1769991745.311:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.558246][ T4231] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.605037][ T4231] usb 5-1: config 0 has no interfaces? [ 207.642261][ T4231] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 207.653294][ T26] audit: type=1326 audit(1769991745.321:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.689955][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.699875][ T6515] netlink: 40 bytes leftover after parsing attributes in process `syz.1.627'. [ 207.759394][ T4231] usb 5-1: config 0 descriptor?? [ 207.765943][ T26] audit: type=1326 audit(1769991745.321:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 207.809234][ T26] audit: type=1326 audit(1769991745.321:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6504 comm="syz.3.624" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f913de60eb9 code=0x7ffc0000 [ 208.462577][ T4231] usb 5-1: USB disconnect, device number 8 [ 208.937713][ T6540] netlink: 56 bytes leftover after parsing attributes in process `syz.1.635'. [ 208.965692][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'. [ 209.044014][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.635'. [ 209.495667][ T6547] binder_alloc: 6546: pid 6546 spamming oneway? 2 buffers allocated for a total size of 5120 [ 209.549874][ T6548] binder_alloc: 6546: pid 6546 spamming oneway? 3 buffers allocated for a total size of 5128 [ 209.761592][ T6551] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 209.906497][ T6554] [U]  [ 209.937124][ T6554] [U] K{ [ 209.955829][ T6554] [U] T 1ŠFFˊ`GJǘGO/MC [ 210.038734][ T6554] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 210.085636][ T6554] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 210.177323][ T6554] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 210.217200][ T6560] batman_adv: batadv0: Adding interface: vxlan0 [ 210.231735][ T6560] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.294448][ T6560] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 210.318445][ T6554] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 210.369151][ T6554] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 210.418603][ T6554] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 210.460712][ T6554] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 210.688246][ T6554] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 210.740829][ T6554] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 210.803314][ T6554] [U] 22Ʃ۩X?0;3U [ 210.827523][ T4589] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 210.836563][ T6554] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 210.930745][ T6554] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 210.947688][ T6554] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 210.961872][ T6554] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 210.971285][ T6554] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 210.995180][ T6554] [U] EC [ 211.000196][ T6554] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 211.120841][ T4589] usb 4-1: Using ep0 maxpacket: 8 [ 211.229045][ T6554] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 211.245228][ T4589] usb 4-1: config 0 has an invalid interface number: 246 but max is 0 [ 211.265474][ T4589] usb 4-1: config 0 has no interface number 0 [ 211.284362][ T4589] usb 4-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 211.477695][ T4589] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 211.497237][ T4589] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.525200][ T4589] usb 4-1: Product: syz [ 211.540933][ T4589] usb 4-1: Manufacturer: syz [ 211.558930][ T6584] netlink: 232 bytes leftover after parsing attributes in process `syz.4.652'. [ 211.568570][ T6585] binder: BINDER_SET_CONTEXT_MGR already set [ 211.576592][ T4589] usb 4-1: SerialNumber: syz [ 211.594679][ T4589] usb 4-1: config 0 descriptor?? [ 211.611087][ T6585] binder: 6581:6585 ioctl 4018620d 200000000040 returned -16 [ 211.663541][ T6588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.652'. [ 211.706337][ T4589] msi2500 4-1:0.246: Registered as swradio24 [ 211.730671][ T4589] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 211.799087][ T6588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.652'. [ 211.818468][ T6588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.652'. [ 211.863476][ T4587] usb 4-1: USB disconnect, device number 11 [ 212.110660][ T6604] netlink: 12 bytes leftover after parsing attributes in process `syz.2.656'. [ 212.467696][ T4589] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 212.858634][ T4589] usb 5-1: config 0 has no interfaces? [ 212.937690][ T4589] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 212.980490][ T4589] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 213.015846][ T4589] usb 5-1: Manufacturer: syz [ 213.064638][ T4589] usb 5-1: config 0 descriptor?? [ 213.339934][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060391000: rx timeout, send abort [ 213.568783][ T6633] binder_alloc: 6632: pid 6632 spamming oneway? 2 buffers allocated for a total size of 5120 [ 213.584431][ T6633] binder_alloc: 6632: pid 6632 spamming oneway? 3 buffers allocated for a total size of 5128 [ 213.725380][ T6637] device syzkaller0 entered promiscuous mode [ 213.839975][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060392c00: rx timeout, send abort [ 213.849921][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060391000: abort rx timeout. Force session deactivation [ 214.293116][ T6648] xt_hashlimit: size too large, truncated to 1048576 [ 214.301275][ T6648] xt_hashlimit: max too large, truncated to 1048576 [ 214.348279][ C0] vcan0: j1939_tp_rxtimer: 0xffff888060392c00: abort rx timeout. Force session deactivation [ 214.406702][ T6651] xt_CT: No such helper "pptp" [ 215.242930][ T6670] device syzkaller0 entered promiscuous mode [ 215.271418][ T4589] usb 5-1: USB disconnect, device number 9 [ 215.509672][ T6674] binder_alloc: 6673: pid 6673 spamming oneway? 2 buffers allocated for a total size of 5120 [ 215.638044][ T6674] binder_alloc: 6673: pid 6673 spamming oneway? 3 buffers allocated for a total size of 5128 [ 216.108915][ T6685] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 216.109673][ T6686] QAT: failed to copy from user cfg_data. [ 216.641214][ T6700] device syzkaller0 entered promiscuous mode [ 217.287732][ T4292] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 217.347776][ T1111] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 217.511493][ T6719] IPVS: set_ctl: invalid protocol: 135 172.20.20.26:0 [ 217.537772][ T4292] usb 4-1: Using ep0 maxpacket: 32 [ 217.657872][ T4292] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 217.674309][ T4292] usb 4-1: config 0 has no interface number 0 [ 217.703562][ T4292] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 217.754327][ T4292] usb 4-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 217.765430][ T1111] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.793908][ T1111] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 217.859333][ T1111] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 217.905552][ T1111] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 217.962566][ T1111] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 218.003071][ T1111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.019914][ T4292] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 218.083964][ T1111] usb 3-1: config 0 descriptor?? [ 218.093997][ T4292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.133334][ T4292] usb 4-1: Product: syz [ 218.145047][ T4292] usb 4-1: Manufacturer: syz [ 218.193918][ T4292] usb 4-1: SerialNumber: syz [ 218.262433][ T4292] usb 4-1: config 0 descriptor?? [ 218.338661][ T4292] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 218.361695][ T5144] usb 3-1: USB disconnect, device number 16 [ 218.487529][ T4589] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 218.587605][ T4292] usb 4-1: qt2_setup_urbs - submit read urb failed -90 [ 218.647681][ T4292] quatech2: probe of 4-1:0.51 failed with error -90 [ 218.867741][ T4589] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.949478][ T4589] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.980038][ T4589] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 219.027616][ T4589] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 219.057471][ T4589] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.092685][ T4589] usb 1-1: config 0 descriptor?? [ 219.154536][ T4587] usb 4-1: USB disconnect, device number 12 [ 219.274605][ T6743] device syzkaller0 entered promiscuous mode [ 219.387602][ T5144] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 219.498683][ T6745] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 219.581481][ T4589] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 219.645216][ T4589] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 219.658271][ T5144] usb 5-1: Using ep0 maxpacket: 16 [ 219.937720][ T5144] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 219.971740][ T5144] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.025105][ T5144] usb 5-1: Product: syz [ 220.045378][ T5144] usb 5-1: Manufacturer: syz [ 220.058189][ T5144] usb 5-1: SerialNumber: syz [ 220.161021][ T5144] usb 5-1: config 0 descriptor?? [ 220.208635][ T5144] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 220.231361][ T5144] usb 5-1: Detected FT232H [ 220.427640][ T5144] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 220.457674][ T5144] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 220.487651][ T5144] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 220.510208][ T5144] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 220.556876][ T5144] usb 5-1: USB disconnect, device number 10 [ 220.631355][ T5144] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 220.661516][ T5144] ftdi_sio 5-1:0.0: device disconnected [ 220.687814][ T4292] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 220.937526][ T4292] usb 3-1: Using ep0 maxpacket: 16 [ 220.977738][ T4292] usb 3-1: too many configurations: 123, using maximum allowed: 8 [ 221.067701][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.107719][ T4589] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 221.169576][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.184349][ T6772] team0: Device ipip0 is of different type [ 221.267720][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.367695][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.387643][ T4589] usb 4-1: Using ep0 maxpacket: 8 [ 221.468069][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.557706][ T4589] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 221.574844][ T4589] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 221.588025][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.621423][ T4589] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 221.687016][ T4589] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 221.692986][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.718094][ T4589] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 221.760566][ T4589] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 221.788238][ T4589] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.797902][ T4292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 221.834564][ T4587] usb 1-1: USB disconnect, device number 15 [ 221.917884][ T4292] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 221.972881][ T4292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 222.012452][ T4292] usb 3-1: SerialNumber: syz [ 222.032215][ T4292] usb 3-1: config 0 descriptor?? [ 222.112897][ T4292] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11 [ 222.117661][ T4589] usb 4-1: GET_CAPABILITIES returned 0 [ 222.147589][ T4589] usbtmc 4-1:16.0: can't read capabilities [ 222.200343][ T6784] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 222.257742][ T6784] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 222.467984][ T6763] input: syz0 as /devices/virtual/input/input12 [ 222.617333][ T4292] usb 3-1: USB disconnect, device number 17 [ 222.628935][ T3549] bcm5974 3-1:0.0: could not read from device [ 222.637594][ T6599] bcm5974 3-1:0.0: could not read from device [ 222.717606][ T5144] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 222.931380][ T4589] usb 4-1: USB disconnect, device number 13 [ 223.107685][ T5144] usb 1-1: New USB device found, idVendor=041e, idProduct=4011, bcdDevice=af.98 [ 223.126897][ T5144] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.259495][ T5144] usb 1-1: config 0 descriptor?? [ 223.313526][ T5144] pwc: Creative Labs Webcam Pro Ex detected. [ 223.518828][ T5144] pwc: Failed to set LED on/off time (-71) [ 223.538047][ T5144] pwc: send_video_command error -71 [ 223.543269][ T5144] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 223.567491][ T4292] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 223.591496][ T5144] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 223.641724][ T5144] usb 1-1: USB disconnect, device number 16 [ 223.988822][ T4292] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 224.013207][ T4292] usb 5-1: config 0 has no interface number 0 [ 224.268154][ T4292] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 224.310644][ T4292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.353062][ T4292] usb 5-1: Product: syz [ 224.383492][ T4292] usb 5-1: Manufacturer: syz [ 224.418343][ T4292] usb 5-1: SerialNumber: syz [ 224.430639][ T6833] binder: BINDER_SET_CONTEXT_MGR already set [ 224.450216][ T4292] usb 5-1: config 0 descriptor?? [ 224.455336][ T6833] binder: 6832:6833 ioctl 4018620d 200000000040 returned -16 [ 224.631840][ T6836] device syzkaller0 entered promiscuous mode [ 226.747702][ T6867] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'. [ 226.958798][ T4292] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 226.979132][ T4292] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 226.996502][ T4292] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 227.006827][ T4292] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 227.016822][ T4292] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 227.043860][ T4292] usb 5-1: USB disconnect, device number 11 [ 227.065587][ T4292] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 227.092914][ T4292] keyspan 5-1:0.133: device disconnected [ 227.135315][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 227.135327][ T26] audit: type=1326 audit(1769991765.531:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.225112][ T26] audit: type=1326 audit(1769991765.571:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.284209][ T26] audit: type=1326 audit(1769991765.571:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.372558][ T26] audit: type=1326 audit(1769991765.571:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.489958][ T26] audit: type=1326 audit(1769991765.571:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.593277][ T26] audit: type=1326 audit(1769991765.571:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.600098][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fb18000: rx timeout, send abort [ 227.716174][ T26] audit: type=1326 audit(1769991765.571:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.815365][ T26] audit: type=1326 audit(1769991765.581:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.904653][ T26] audit: type=1326 audit(1769991765.581:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 227.955992][ T26] audit: type=1326 audit(1769991765.921:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6872 comm="syz.2.747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe9aab31eb9 code=0x7ffc0000 [ 228.124193][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805fb18000: abort rx timeout. Force session deactivation [ 229.418572][ T6911] binder_alloc: 6910: pid 6910 spamming oneway? 2 buffers allocated for a total size of 5120 [ 229.667590][ T1111] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 229.707539][ T4292] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 230.081049][ T1111] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 230.100687][ T4292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 230.114735][ T1111] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 230.131433][ T4292] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 230.146971][ T4292] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 230.163261][ T4292] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.179503][ T4292] usb 4-1: config 0 descriptor?? [ 230.217805][ T1111] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 230.246801][ T1111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 230.268498][ T1111] usb 2-1: SerialNumber: syz [ 230.332221][ T1111] usb 2-1: 0:2 : does not exist [ 230.500331][ T6926] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 230.811020][ T6930] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 230.820146][ T6930] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 231.067818][ T1111] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 231.447922][ T1111] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 231.457370][ T1111] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 231.471718][ T1111] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 231.482489][ T1111] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 231.494826][ T1111] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 231.628441][ T1111] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 231.643623][ T1111] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 231.652343][ T1111] usb 5-1: Product: syz [ 231.657018][ T1111] usb 5-1: Manufacturer: syz [ 231.709759][ T1111] cdc_wdm 5-1:1.0: skipping garbage [ 231.716118][ T1111] cdc_wdm 5-1:1.0: skipping garbage [ 231.732138][ T1111] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 231.738757][ T1111] cdc_wdm 5-1:1.0: Unknown control protocol [ 232.202020][ T6952] binder_alloc: 6951: pid 6951 spamming oneway? 2 buffers allocated for a total size of 5120 [ 232.270612][ T6957] udc-core: couldn't find an available UDC or it's busy [ 232.291576][ T4589] usb 2-1: USB disconnect, device number 9 [ 232.300959][ T6957] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 232.483696][ T6963] netlink: 4 bytes leftover after parsing attributes in process `syz.0.774'. [ 232.530211][ T6965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.775'. [ 232.547726][ T4292] usbhid 4-1:0.0: can't add hid device: -71 [ 232.558625][ T4292] usbhid: probe of 4-1:0.0 failed with error -71 [ 232.578168][ T4292] usb 4-1: USB disconnect, device number 14 [ 232.798780][ T4589] usb 5-1: USB disconnect, device number 12 [ 233.606945][ T6990] device syzkaller0 entered promiscuous mode [ 233.684068][ T6990] [ 233.687093][ T6990] ============================= [ 233.691996][ T6990] WARNING: suspicious RCU usage [ 233.697010][ T6990] syzkaller #0 Not tainted [ 233.701464][ T6990] ----------------------------- [ 233.706318][ T6990] net/sched/sch_api.c:304 suspicious rcu_dereference_protected() usage! [ 233.714661][ T6990] [ 233.714661][ T6990] other info that might help us debug this: [ 233.714661][ T6990] [ 233.724911][ T6990] [ 233.724911][ T6990] rcu_scheduler_active = 2, debug_locks = 1 [ 233.732992][ T6990] 4 locks held by syz.0.787/6990: [ 233.738087][ T6990] #0: ffffffff8c31eb00 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x9/0x30 [ 233.747752][ T6990] #1: ffff88805f101108 (&sch->q.lock){+.-.}-{2:2}, at: __dev_queue_xmit+0xa2a/0x2fd0 [ 233.757428][ T6990] #2: ffff88805f101148 (dev->qdisc_running_key ?: &qdisc_running_key){+...}-{0:0}, at: packet_sendmsg+0x3dba/0x5060 [ 233.770005][ T6990] #3: ffffffff8c31eaa0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 233.779494][ T6990] [ 233.779494][ T6990] stack backtrace: [ 233.785393][ T6990] CPU: 1 PID: 6990 Comm: syz.0.787 Not tainted syzkaller #0 [ 233.792677][ T6990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 233.802852][ T6990] Call Trace: [ 233.806146][ T6990] [ 233.809100][ T6990] dump_stack_lvl+0x188/0x250 [ 233.813818][ T6990] ? show_regs_print_info+0x20/0x20 [ 233.819024][ T6990] ? lockdep_rcu_suspicious+0x110/0x180 [ 233.824835][ T6990] qdisc_lookup+0xa6/0x650 [ 233.829256][ T6990] qdisc_tree_reduce_backlog+0x190/0x430 [ 233.834891][ T6990] sfq_enqueue+0x14ad/0x2280 [ 233.839490][ T6990] ? ktime_get+0x7b/0x270 [ 233.843829][ T6990] ? decrement_one_qlen+0x550/0x550 [ 233.849044][ T6990] netem_dequeue+0xd4c/0x1410 [ 233.853804][ T6990] ? verify_lock_unused+0x140/0x140 [ 233.859015][ T6990] ? netem_enqueue+0x3800/0x3800 [ 233.863956][ T6990] __qdisc_run+0x236/0x1490 [ 233.868477][ T6990] __dev_queue_xmit+0xe3d/0x2fd0 [ 233.873517][ T6990] ? dev_queue_xmit+0x20/0x20 [ 233.878287][ T6990] ? packet_parse_headers+0x833/0xa90 [ 233.883760][ T6990] ? skb_setup_tx_timestamp+0x1f0/0x1f0 [ 233.889405][ T6990] ? skb_copy_datagram_from_iter+0x5ab/0x6a0 [ 233.895498][ T6990] ? skb_put+0x117/0x210 [ 233.899914][ T6990] packet_sendmsg+0x3dba/0x5060 [ 233.904960][ T6990] ? __might_sleep+0xf0/0xf0 [ 233.909882][ T6990] ? aa_sk_perm+0x7dc/0x910 [ 233.914406][ T6990] ? packet_getsockopt+0x9a0/0x9a0 [ 233.919609][ T6990] ? aa_sock_msg_perm+0x94/0x150 [ 233.924759][ T6990] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 233.930059][ T6990] ? security_socket_sendmsg+0x7c/0xa0 [ 233.935790][ T6990] __sys_sendto+0x46d/0x620 [ 233.940855][ T6990] ? __ia32_sys_getpeername+0x80/0x80 [ 233.946247][ T6990] ? __lock_acquire+0x7d10/0x7d10 [ 233.951297][ T6990] ? lock_chain_count+0x20/0x20 [ 233.956146][ T6990] ? vtime_user_exit+0x2c8/0x3e0 [ 233.961090][ T6990] __x64_sys_sendto+0xda/0xf0 [ 233.965767][ T6990] do_syscall_64+0x4c/0xa0 [ 233.970306][ T6990] ? clear_bhb_loop+0x30/0x80 [ 233.974982][ T6990] ? clear_bhb_loop+0x30/0x80 [ 233.979759][ T6990] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 233.985669][ T6990] RIP: 0033:0x7fc0e2dc8eb9 [ 233.990281][ T6990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.009995][ T6990] RSP: 002b:00007fc0e1024028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 234.018414][ T6990] RAX: ffffffffffffffda RBX: 00007fc0e3043fa0 RCX: 00007fc0e2dc8eb9 [ 234.026475][ T6990] RDX: 0000000000000024 RSI: 0000200000000440 RDI: 0000000000000006 [ 234.034525][ T6990] RBP: 00007fc0e2e36c1f R08: 0000200000000080 R09: 0000000000000014 [ 234.042490][ T6990] R10: 0000000002000041 R11: 0000000000000246 R12: 0000000000000000 [ 234.050458][ T6990] R13: 00007fc0e3044038 R14: 00007fc0e3043fa0 R15: 00007ffcdfce05c8 [ 234.058437][ T6990] [ 234.137514][ T4589] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 234.507821][ T4589] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 234.516106][ T4589] usb 2-1: config 0 has no interface number 0 [ 234.687581][ T4589] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 234.696773][ T4589] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.721252][ T4589] usb 2-1: Product: syz [ 234.725469][ T4589] usb 2-1: Manufacturer: syz [ 234.740402][ T4589] usb 2-1: SerialNumber: syz [ 234.754385][ T4589] usb 2-1: config 0 descriptor?? [ 235.007664][ T4589] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 235.018758][ T4589] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 235.029399][ T4589] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 235.037618][ T4589] usb 2-1: media controller created [ 235.050627][ T4589] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 236.127593][ T4589] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 237.325998][ T4589] usb 2-1: USB disconnect, device number 10