last executing test programs: 2m40.329535649s ago: executing program 0 (id=205): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1fb, 0x7, 0xeeeea000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_open_procfs(0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r3) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x164, r6, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x148, 0x33, @probe_request={{{}, {}, @device_b, @device_b}, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x7, [{0x24}, {0x1b, 0x1}, {0x9, 0x1}, {0x36, 0x1}, {0xb, 0x1}, {0x36, 0x1}, {0x60}]}, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}, [{0xdd, 0x76, "2bda80d6e0282b9ec5fadeba3ad2adbfbef6866ff53a9e7e2cf61772e12f5d04dbd66f66aad057007c9cb6ee4c57b690e42226aea9e5440963d8de50d64060079c821ab6badbeaf5739f128dc7b8840e394c92e2962425e546f963e8452a5a8e0b7c15c3737560bef47e0d1eba46b39c64dd6f5fdfda"}, {0xdd, 0xa, "b0444f75c26632eaa702"}, {0xdd, 0x71, "dd2114032795a417432050b9616e42191bff5643a2f985ffe003ffabdcc39f65693826b281607b52371778c604526c61e96859520b7d18cd6eb35ebd79d046d0e0cea4752ba24aa367052231aa5435e57f6d142d293f375cf761c7dec8c533bf1eab2967d4a602d71a268068b0ce14b68b"}]}}]}, 0x164}}, 0x14) 2m40.227937897s ago: executing program 0 (id=206): ioprio_set$pid(0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x8000000, 0x0, 0x3631564e, 0x9, 0x0, [{}, {0x0, 0xffffffff}, {0x8000, 0xffffffff}, {}, {}, {0x1, 0x6}, {0x6}], 0x0, 0x8, 0x16, 0x1, 0x7}}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioprio_get$pid(0x3, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) rseq(&(0x7f0000000080), 0x20, 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x70, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x200000001300, 0x200000001330], 0x0, 0x0, &(0x7f0000001300)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff000000000000000000000000000000000000000000000000000000f0ffffff00000000000000000000000000ffffffff0000000000000000000000002000000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x108) bind$bt_sco(r1, &(0x7f0000000000), 0x8) listen(r1, 0x1) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x13, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x80a80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x13, r3, 0x45809000) r4 = socket(0x40000000015, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x8, 0x0, &(0x7f0000000180)=0x17) 2m38.758432994s ago: executing program 0 (id=210): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0) unshare(0x22020600) ioctl$sock_ifreq(r2, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'}) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000005c0)={0x1, 0x0, @ioapic={0xdddd1000, 0x9, 0x420, 0x1, 0x0, [{0xa5, 0x6, 0xfe, '\x00', 0x5}, {0x7, 0x4, 0x2, '\x00', 0x9}, {0xe, 0x7, 0x7, '\x00', 0x6}, {0xcc, 0x0, 0x2, '\x00', 0x3}, {0xec, 0x7, 0x0, '\x00', 0xfb}, {0x77, 0x0, 0x7, '\x00', 0xff}, {0x34, 0xe0, 0x7, '\x00', 0x48}, {0xb2, 0x2, 0xff, '\x00', 0x6}, {0xff, 0x2, 0x1, '\x00', 0x2}, {0x9, 0x0, 0x4, '\x00', 0x81}, {0xfa, 0x1, 0x0, '\x00', 0x2}, {0x4, 0x6f, 0x80, '\x00', 0x73}, {0x5, 0x9, 0xe, '\x00', 0x4}, {0x7, 0xf9, 0x2, '\x00', 0x8}, {0x3, 0x0, 0xfc, '\x00', 0xfc}, {0x7f, 0x3, 0x0, '\x00', 0x2}, {0x1, 0x7, 0x4, '\x00', 0xa}, {0x9, 0x0, 0x7f}, {0x0, 0x27, 0x1, '\x00', 0xc}, {0x1, 0xfd, 0x3, '\x00', 0x1}, {0xb, 0x6, 0x3, '\x00', 0x2}, {0x7, 0x8, 0x3c, '\x00', 0x1}, {0xa, 0x7, 0x6, '\x00', 0x1}, {0xc, 0x5, 0x7f, '\x00', 0x6}]}}) ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x5, 0x4, '\x00', 0xb3}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x3, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0x10}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xe3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c9130001", 0x1f}], 0x1}, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc) splice(r5, 0x0, r7, 0x0, 0x4ffe6, 0x0) r8 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4) sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b7512ebbc10f869ebceabf313de1", @ANYRES16=r8, @ANYBLOB="010000000000feffffff010000000800020003000000340004800500030002000000050003000600000005000300050000000500030000000000050003000000000005000300060000000800010000000000"], 0x58}}, 0x0) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x80) ioctl$SNDRV_TIMER_IOCTL_TRIGGER(r9, 0x54a6) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3800000001020300000000000055a803936001184508fe6971ff2500000002000008240001800c00028005000100300000001400018008000100ac1e00010800020064010100"], 0x38}, 0x1, 0x0, 0x0, 0x64d2d04f19ffa6c7}, 0x4000) r10 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) personality(0x5400004) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r11 = socket$kcm(0x2d, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r11, 0x89e2, &(0x7f0000000340)={r11}) syz_usb_connect(0x2, 0x2f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010109021d0001000000000904000001437b6a00090500000000000000020500"/47], 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r10, 0x7dfff000) accept4$tipc(r6, &(0x7f0000000140), &(0x7f0000000240)=0x10, 0x800) 2m35.074947052s ago: executing program 0 (id=240): ioprio_set$pid(0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = syz_clone(0x20042400, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x140, 0x1}, 0x18, 0x0) landlock_restrict_self(r1, 0x6) ptrace(0x4206, r0) ptrace(0x4207, r0) ptrace$pokeuser(0x6, r0, 0x1, 0x5) sched_getaffinity(r0, 0x8, &(0x7f0000000280)) r2 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x0, 0x9, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0) sendfile(r2, r2, &(0x7f0000000080), 0x7f03) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='vxfs\x00', 0x20080c4, 0x0) 2m34.870360219s ago: executing program 0 (id=242): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x54c, 0x5c4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) read$watch_queue(r1, &(0x7f00000019c0)=""/101, 0x65) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "7738e21f"}]}}, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000100)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x0}) r2 = syz_open_dev$vcsa(&(0x7f00000000c0), 0xbe, 0x840) sendmmsg$inet6(r2, &(0x7f0000001940)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xc55, @remote, 0xc}, 0x1c, &(0x7f0000001640)=[{&(0x7f0000000240)="9707239e7c2116ca18a5a8effefd99aaf244dcc297e9185342e0b52457f88f53edc1a9e94ddf81c73d1096e52889b5c8c347210767464b1b7af3a7860d43b4a12fbbc9f89194c6670d5ccb47ac340f811889a509bbf46718c8e470fa4d054119d6323ba693a46e598c933830e39381ba309623acd8ed8f072fcc6bae84da60e0cc0238d2b1b56e337c1690cfe5637397dd7eb3a61a6a6ebfbe24a3699048", 0x9e}, {&(0x7f0000000300)="1f222cc73bdf83eb2a2ef61c486c699f0b96c3f7966ae64024ec72a52cd41a19eeeb6c12717cd5b9974da15b220c63e3dcc4a0c538f0c009ffb7efbd024be6cb3bb7a9e9b4f7146c70b71642803250db4e01d48f516066303c2d1daa305645b4c0b775a483a6c5f46527f7b8ca04265a26091df6268b28301b12cacf4e12d7f0f06610131e98852bbacd36eaed71d0850c520a84c83f69372770611368ed499a2d70e65d6860398df80470240d6446513e71855df540ae2067b2e2964734dd9af0cf79fc367def7454d3e00e81b9be94fbd0ae615467b782929c40504d8e702d70e92d96ffdf412d52a8f4805fa4074794ceb741e2d56980b1f6e51bda7664109bd6c28f135764b83c077bbf943349da7d317487912d212a0a99445ff81d399b37d9697827ac739f1648156955be2507583ce5d607dd6a903c2ab0df3b3443f9c44f54d1735faeb40933bdaa5f7c0a807c7896adeba3d82c659d9ec6fade1740ff2f1134dcdc5b91d8170de5fd6e9e3917343976ad1d0e0a9b2bfe676cec66e8e8c052b04146a410170eebccaaa9c1af3f4930583963dcd378a75474d984ebf044b9a39d014e86006bc0a0eb017a3c4e2a6fa12aeef604d0ea5c60de97acfc4e75ddeda673bf5953c957b1df2ff1272277b36763148ac0d02a782ad89dd5a67f3de51d8ee31ba4c71977c5ca061651b74e785173e11b5a35d4d9b5383500d4c3118c5f4c0749e2c64bf9a2192b5c8eeeb5a492b7f72b1f482836558001ad097c1524c518f5eab9b5623b7dd8e1b34dd0bfe4b156082edc3f0ac5ccefca358b273f2bed9b453a5980210b0f1353d212c1ad6a6abf40321ed25772c4061c0af32aa3a940d28c6f8e035b5bb9e733637d23d6c327a89ec31c807d4bbc3ab917878c248347aaf283d7a5573d862173cfcf42ad88858aa0014fa3c807cced189074fd66e832e54f4ecf4c8b8eead5a72a5f39f11849f4fe677fc32e886bd042472efd059f1425d0b4ea69f8e2152be2bd06235793d314319cef7465932600f106e2188887c685fb9ab57b9e6063184a6d5ab3d24769e5ce4c52cc387b8b2db74fb17e2834d5b9d31ba8523a45fec39d7b52133496ea548cb66a4a782e8fe94e08f67fbe2fa1c834e7a0741b0944d639bf41054cc3851980ad6c4c51a38bcb6652e0bdb9ec7ab136495c2ee8ff462b93d27d1ff5f66dcf70afbb0b760627ea8ab7e3ad986ff97d16a4eb5ad9d232583965e4715c1730d100ad99999da0bbb2046cffb5fc403b4f54116233c892b511f8df1ee0c80a5a4e885c1313d0071cc156b7c993910159f9ea4eb559d685b22b692311f176fc951e88277a35ea2955e5b4bf6a5f68034d26d159f958da3b6d683fe18046323e15c142dfbe8694f749821748a6efe4aa43155bd5ad07835160d0a9b3b62261b9e000e8d86e2e22f2d53c9c355e9e6c75e56b34554dbe8dd8668da8f49ddbedca5ec3afd8eb93af9b2395709acac8f0223c5e14e60933a1290ebfdb762a6e322592b652f5b7cbec46e1e2abe03f7fea6a526835257586c3176d91e2b70a2e360a605ccd917f30079e387b2c68968eac55437519537507041920524719a599522a27f1a936ed13912e53340543e2fa95213026bbb962fbd41a789d65513cbe99ae96437e30516df89482804784065d0bb6a5a089e2dd341ee01b6f94687876fdfbc19a2c08200dcb9b8bce365d4eb49bb6cf218d172bd691a310884831e241228fabebe9edd976a397762780c66ea4ca79e90845198516c31a18bd52e78b53776a34e416ab78750f503e79611db01c0a949e2f4eb825f9bc0dc87c67fc6e50b7b66ae3d2b3187b46f8a9a9d5d6f2a37b01ef2f779a41e375c5c6065377be225cc4366efa045a6fc7c829ffc6be8eb3f6f9aa8e500870552b4f5e2c50059311c7545020b588f1ae014f4525e1933632630bc4347776e4b9750562d5f77f7bca2497aad02b839ded3593036f5b3d9863c8f3f25cd84aaa091cd6058df347482ebe1a3ab0d42805b49e60e6dff0460ff5ab1460cd8dda5f3a6d3fc01653c4a4fc547986164f45ee533b45cba627781511e6f778d73e1763fae0fef3c5341bceaacbcb87cfcf26b1c8764d5615f548e7df815ede00fd4c20a20959a96e069ea737af24c87264592d551ee0dc6e741b7a1c55d1631e32cc044ffac17ba89c730f2719a0b22757c9ed0f2212f27d3cd15bd65304dc3b3dcc0cf3b7b361e88a551d24e290c3320e3621d5dbbf47de4ef966a2cc9fd99243a80cdec02798d3b37ce0f06cd6f99366be369248018cfa61aea40087adbf847502467f8667dded1a7f6e23fcc1cf740c62099354999bd270c2476bed61f5bfb635b73f174452dee586accb885ba945519015974ffeb8b16d33c63398108370d549aec9cc0cf2c897fa7545000b702d5f0d0a66d8a5baec7ee952505298eea069c54cf26d5b9812bfcd11673c0ee8220d2c2bf5293332f908161663cbfcf24389322286e3efeabb663107818d18a25c304fba19368cd9f0f30dfcb3ee54c55154418e4c353a5071d6ed927818166b902753d9d0eb868fb205eb27aadde8c13f3f82a07eb3339b3bae1e137e66fff0c6291742af8a2ddae1aff9fae79dcc99084c934de5f0f37c99c5d94ddd0c0184ef3dbc1d1b2effa1faf06398ea850b05484c8cb8f39f117df3f6d0fe5cb6f29092388d7e8c773011b2c40c23ea25ecf1470e4d467f591b9fee492ee4a32f23cff0c310a47f074143189d7439a2c433eaf94dc1e541e6ad2a09b600458e87e83138f8c7f7af191131d35ccd2dd851c43fe7a343c6806c3b7bb26bf9b377e8fc68192406b3828670caf34f5830d95a2f6ac06cb73548cb2ec026405045d47e06acc66b8fe7c1e6c9ceda027627b295eee6303690892758f7a22cb5970a512c746a15964295c99200e078e9ecfe796f91edaaa78a4db9cfdf4bc4cdd395f37665b89166f04b17cb0948908396fe94dd45ffed1349b94c08339ce1805630a90c663efe6279e96cc6cd62f0b440f6a2af7020b6bc420c18dcaaa73d6d008bb18a37335c12399bdb05928eb9c552a65261922dce5e44803640d9199c08e130057be91eff7e3023213ea0faede8b0d0b14309b61398cfef65a6a014f6957d64a678bec751b883542e4273a88cb85b00cc3b476da63b3e467e17f6fe4b53cbf12a9a20384c49acd71b19070deb74b365a0d8ddbb1e4edb46cac6d94fb079fb23b9350474bc50814e844784df2e590784dee5017682101a58b3cdd99265d577bc27be051b453d41f662cc13e4211507e85ce91a15d4dae33503252a12a045fa533a8757b3fbd6d37f77ec01d854dbe33761f069a941c488772e06b6c5afc18a178cad7fa1303dcd63efd9e2248fee7d091efed1b7933ff0c51fa6163f38dd47b80eb91a00470a9512f79e6c5cad2895ab689a4c7772dfb2b84e0ea1cd3dd8d8d10d51515856e5a1f40b631abbc89502c9ced114f26a93cb151415ba39c0c7358eddb3c7f9f3d0b5ea1e64489a055a2d68e9b27d0613dd7076f440c0669f5cb6b8b7beccd9a634bacbbeaf28a9c35876b517168b684799902c3037b8f65719595795c4a8ce7f2ff35a4d0b0af2ec24b39ee8ed1ffec17e36c33532728d962e9f960bc7163a6f4908c972c5ffacee33024f0eecfeecbe8803c2639d47c5501bc97ed058513339db8d66bc74f01d62f876d4ae6af2181fb20b1b4ba6ad2819a520b8b5679c2f14d0ac495df8d591c726e93dac7a93afd8c0c6f5bbe77b0ed927f8cf359369e64ed6d5b9571f878f2824dcc0289fa7c5a8d2584fe1d6ea302a81be8921ce52dede622ac98458573151d4d66dae52513f6ba09eeefd3f00fc3b1ec6acd534101254e47c38dbe177abee00bed73d4dd37eb535dccdc7c80c850805e5dff221e5da194d784b7c86ce7a2bf203091a49ec9a38eab4f00b97c8c4b1a5887b3000358be677bdb26ad031a6de08e90b9b9e7abb664e1e5801ed20018769885916a6b470b645d26505a8dbfe45f22f6cd15234bc76ad9086e069c44a00b9242cea2e254a366b5f1fdb6bab333903806a57ad136f821521572c95c3a0965e1c3009b2deae68a1019062cf85db822129ff9db7de1e3f2f296016378a3b673ee311fcb295d8ec1ab729c2cecb9d24e10f54b84fa83dc1320bd9df813227d4237817477f52a29b7b51cf3ce3af3e0c0eb81f798a7794a366d958d03b1d07f3dbeb621a2ef4817c39038ec7df6390eab927e5aba7eca45244aa9bdff220af8835b9cc91584d1a884a48d36c3325b9ae9eb14e7a3f9957b9cb06c75a1d540c5204c3105b6ba2437fdadfc0542652905ab46e564d44f3a01eb28dd1c7240af16e1496c6be62976e8b1c393cbd4988255bb5d1720b94adc74d27bbc7a5c50f7a5afcabe72a9d2cdaf030794e35091287a3766f3b4376976de4c6978f569461024c935b162fff7b939e756f6f633788b0c44afc041d28b0a02c9e6437c3d45d1c0a21b734c6b4f24d6847f89b2515e3796e698ef1fdfa9e5460f0dc1ac609941bb8ee5fdfad0a83e2184e98c84dcf9f95204bf8278139977255a7969d75e90bc8e42dc76e8716ba8c644fb03751a5cde42ddc1998ddaddecd42432ebf7543ee3db7e3885d79148e3a7a27fe02bb668149d465f5e16c381df6ece0992aaa5764503a6d27d21dcc1e77bae4958a20b24fa5e029717263acab0ee31dc8dcff54228eae2061438a5e5647849bea68b23ed0f8f22cebd31491e14ca467ea0005c9cf902b4194c493f06ec614c673374e743f3b6d5e05c530173765c5a52084e6fdcec42c2bf29f3c78017ee5a1780260883b400a369ef6b4aabae2e1bdcd715c83380f1a4ca313aad19967e5ff0469e09ed2a20f3a8d8887fa7168fbf8ced904e960e432939678202345d5c0bf10b886713dce1f3858b68dc17a05f73aa6c55d106f36f43d7b01d960e700135638f96cfbc58eea0d2c65266634fabb8dafc76edbe1342310ed164a7285cbe7f96cf08e41e0121ec63741ac22524f6d8600dd83ee8e566d4d7c3d61bfdab9713eafd50d5996705ef38da15d9560c1de943d65c63db94281cc8c8ba1582e2847e7ac8fbb63e40d47d6060ceb7602a88c2f36c95bd3ee582eabf97d2c62ab6997ec3b56342b827e2edc900f042d4828911a8ece55a280923f316f6031d35ab73fa46575ab398e28789a823fe32f182030727240276a79aa54a1fd5c594c1846fe1bfa8bbbe5a994c5ecbfafa75799e68fa0c6a92fef192d9fba21b826b4d56199744604e31771035aa2ced9eeb790299b584f674ce87489617a4f88b60954197b66a909fde6c03380f141982a8a00149f788dfbcdca18d0afa142f21918b49d42b429d5dd52544f9db101eb10e9c7e6bcc31433fa225d98007ea6e44b30046b9d064e4eac2384afa16574fe77f9312f6108db25bf19217a9d266115b71821c5118ecb8e0b9322e61f9b6469398025706b76a622d3a9a09cf0d0337f2179b17dd08a31f130dd1cc3be248d66b54958974a3116e5ae987bbdeb56afaddb22a4020d26a5ae80a44760bbb0a4d20ddce23ed5078165c9cec73c49d9de0c9e3a779dbb1bdb257ef7636cd7407411ee3a99bdaee81cff548b76d4d559b052a0151eadad03d8141d6e2a868ca58052d05e199b07baf92d02b1db9e2f4c410b52f03575ca145aafef88287fc00071033270eb35d649d8068d35f5da802404ec6ac4f2e513a3e26d99a06d270a3d2acaed8a81af95118e2ebf3e3687e2342a210e55be88a6cd7b9aa537f07cd1593533a5", 0x1000}, {&(0x7f0000001300)="a544cbac5e1b5978ec1d674d5e5ff945869901482184a70b87c98b887bec12dd53c0553a6aecc846f70db1afdcbf4b0c6ad8663463b3bcbf622811e0a173c91e03d167b5e0bf338a103b62ee258f03cad5fa07243e4409dab079f70d423ce482964a8c6cec39e6c82d473c452a3b052a2681973cc8aedb0f134fe6ca83a0e303ccf1e536f96d509117d0bda07399a430a9e93f502bd709a5b16568b57fe83eafc83bd12eb79e006ab7fb06b1252a1559406c2fa56690da5438b18c253b6b1066e83d54821a69327c20bd5dca504bb7ea51d0d493eb36c9bac63fd3ab4403ab8186da4c115db3ce0ce22cf6507ec3ec1b24dc15714530419129b10d", 0xfb}, {&(0x7f0000001400)="7e5ae0f534c8831ac151f720e2eb3df9dfb1614e4dc8921f4eda6a2eb692d85e7399be1494cf12395557adcabca4a12f8955927c96328dbf3c66f8f9f8c198a4a508cf7f0c6157c04cbc3e090c5c11a5de6725521f13d8646ed5ef8439d9e757bf64d2b11fc63d60bea600128eaf256402f51062d997000f20066391b175c54fac71a0cca36ae6694acbdf47cf0743351eb48dfde3161416300eb6a43772ea", 0x9f}, {&(0x7f00000014c0)="62c0cfede9a695f5fb601344d824eb4bd66eea51d2ffffbc1b5bce138e0869ea61c1d2f9732ecd232d17be2a60b208cc82c362d3797dd509bd95cf4b04e90865d36dd0291e610b9f14779274c162b158855fef6a8088395ab1627ec6ae985ef3d51e09172320ce71dd6bbd60090e14496f3ba52450ab9981516824145c292fb5fb3a54dbfe88facffe6e1a2056cb44873ca0822e6f7f615f94d794a92e23df1e6620aa5570c4461f9a221a0717572c4bd54b1ab199473d1e16733cb22247a084abf0ff7e2f32dd5bf257d29838e19d45fdd4f9414be46c46708b9b0a9b384155b6669d4384c855171315408d3411", 0xee}, {&(0x7f00000015c0)="0701071ea229adf3f127717b0d542186f5b2c4d547a0414918935c02ed9607e969e40d31f281466ef36d5681bca6829662dad68bb9c72c0358a1f94f93328f6cf9fd9aa74e3ee07314e2", 0x4a}], 0x6, &(0x7f00000016c0)=[@hopopts_2292={{0xf0, 0x29, 0x36, {0x3a, 0x1a, '\x00', [@padn={0x1, 0x1, [0x0]}, @calipso={0x7, 0x48, {0x3, 0x10, 0x80, 0x7d, [0x66e, 0x8000, 0x7, 0x4, 0x4, 0x5, 0x3, 0xcb]}}, @calipso={0x7, 0x40, {0x0, 0xe, 0x5, 0x4, [0x5, 0x7, 0x7fe00, 0x7, 0xe, 0x1, 0x0]}}, @calipso={0x7, 0x20, {0x1, 0x6, 0x2, 0x0, [0x3, 0xc9b, 0x6]}}, @pad1, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @enc_lim={0x4, 0x1, 0x5}, @jumbo={0xc2, 0x4, 0x4}, @pad1, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}}}, @rthdr={{0x58, 0x29, 0x39, {0x87, 0x8, 0x1, 0x1, 0x0, [@mcast2, @private1, @remote, @loopback]}}}], 0x148}}, {{&(0x7f00000001c0)={0xa, 0x4e20, 0x8001, @private1={0xfc, 0x1, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000001900)=[{&(0x7f0000001840)="b2b7e46ff9dbe6abbf2bbdb5ce6748fb04d25c1064e304f11a1d28431b2677e9f843d3a17e0e7271d8c59211ed200f16987c731e00a7a2951e021d19c20536484be8e87ea860a5073d0e4d23cba2ac5aae535f32fe369e7521a21fe194f0aad4e6f7c0e996373d648ce5500ffa375e6979e7ee57f8eda11e675739a045dcc1d45ad22a", 0x83}], 0x1}}], 0x2, 0x10) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 2m34.561572741s ago: executing program 0 (id=245): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000000001200", [0x0, 0x2000000000001]}}) 2m34.314381455s ago: executing program 32 (id=245): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000000000001200", [0x0, 0x2000000000001]}}) 4.136589007s ago: executing program 3 (id=1235): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1fb, 0x7, 0xeeeea000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_open_procfs(0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r3) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x164, r6, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x145, 0x33, @probe_request={{{}, {}, @device_b, @device_b}, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x24}, {0x36, 0x1}, {0x36, 0x1}, {0x60}]}, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}, [{0xdd, 0x76, "2bda80d6e0282b9ec5fadeba3ad2adbfbef6866ff53a9e7e2cf61772e12f5d04dbd66f66aad057007c9cb6ee4c57b690e42226aea9e5440963d8de50d64060079c821ab6badbeaf5739f128dc7b8840e394c92e2962425e546f963e8452a5a8e0b7c15c3737560bef47e0d1eba46b39c64dd6f5fdfda"}, {0xdd, 0xa, "b0444f75c26632eaa702"}, {0xdd, 0x71, "dd2114032795a417432050b9616e42191bff5643a2f985ffe003ffabdcc39f65693826b281607b52371778c604526c61e96859520b7d18cd6eb35ebd79d046d0e0cea4752ba24aa367052231aa5435e57f6d142d293f375cf761c7dec8c533bf1eab2967d4a602d71a268068b0ce14b68b"}]}}]}, 0x164}}, 0x14) ioctl$SIOCSIFHWADDR(r2, 0x8b19, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) 4.059467413s ago: executing program 3 (id=1236): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x422e80, 0x0) (async, rerun: 64) r1 = socket$key(0xf, 0x3, 0x2) (rerun: 64) sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001980)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a00000000000000fc010000000000000000000000000000000000001300000005000500000000000a000000000000000000000000000000000000000000000000000000000000000800120002000200000000000000000012"], 0xa0}}, 0x0) (async) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_buf(r2, 0x29, 0x20, &(0x7f00000000c0)="0bbb268dd6ffa80800000000000000000000210d0000aaa8fa017242ba9380d424000000000000000100000051000000", 0xfe60) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fffffffffffffff, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') readlinkat(r4, &(0x7f0000000140)='./mnt\x00', &(0x7f0000000180)=""/10, 0xa) (async, rerun: 32) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000040)={0x8, 0x1, 0x0, "a488d40758662bd5dc3084bb3e9ff76d536247fac5e7fe97ed75faa1fccc79ad"}) (async, rerun: 32) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f0000000040)=0x3) (async) mount(&(0x7f00000000c0)=@rnullb, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='xfs\x00', 0x1200051, 0x0) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0) socket$unix(0x1, 0x1, 0x0) 3.999855804s ago: executing program 3 (id=1237): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x68, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_SEQ_ADJ_REPLY={0x4, 0xf}]}, 0x68}}, 0x0) mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0) (async) mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0) 3.910495456s ago: executing program 3 (id=1238): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0) r1 = add_key$fscrypt_v1(0x0, 0x0, &(0x7f0000000480)={0x0, "d53c0eb582cba9f1bc16e9ca85647283ccf9e9b7cfa617c953f8334fb77453e9d63eafb578307ceb8c0de24e1a2799fbe25a20bdffddd2b9708a52e314708472", 0x3d}, 0x48, r0) keyctl$KEYCTL_WATCH_KEY(0x20, r1, 0xffffffffffffffff, 0xfffffffffffffffe) socketpair(0x26, 0x80000, 0x5, &(0x7f0000000600)) r2 = socket(0x10, 0x3, 0x0) fsopen(0x0, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001e00010a"], 0x14}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x2810408, &(0x7f0000000240)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef) splice(r2, 0x0, r5, 0x0, 0x8002, 0x0) dup(0xffffffffffffffff) syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100006e40b740e1092151c1400102030109021200010000800000000000003cac2400"], 0x0) r6 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil) shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) shmctl$IPC_INFO(r6, 0x3, &(0x7f0000001180)=""/4096) r7 = socket(0x1e, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) close(r7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) write$binfmt_misc(r7, &(0x7f0000000340), 0x2000011a) clock_gettime(0x0, 0x0) recvmmsg(r4, 0x0, 0x0, 0x52418e567e5a9d8b, 0x0) 2.972870379s ago: executing program 1 (id=1249): r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x0, 0x0, 0x1000, 0xfffffffe}) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x141002, 0x0) fallocate(r1, 0x0, 0x0, 0xaeca) unshare(0x8000000) shmget$private(0x0, 0xfffffffffeffffff, 0x4000000, &(0x7f0000ffc000/0x3000)=nil) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='reiserfs\x00', 0x0, 0x0) 2.902460403s ago: executing program 1 (id=1250): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='afs\x00', 0x2062, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 2.645567837s ago: executing program 3 (id=1252): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x13, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0000008019000000ffffffffffffefff00", [0x0, 0x2000000000001]}}) 2.477393381s ago: executing program 1 (id=1254): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) (fail_nth: 6) 1.898831085s ago: executing program 3 (id=1255): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000040)=0x1) mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0) 1.875956387s ago: executing program 1 (id=1256): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1fb, 0x7, 0xeeeea000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_open_procfs(0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r3) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)={0x164, r6, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_FRAME={0x145, 0x33, @probe_request={{{}, {}, @device_b, @device_b}, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x24}, {0x36, 0x1}, {0x36, 0x1}, {0x60}]}, @void, @val={0x2d, 0x1a, {0x8802, 0x3, 0x6, 0x0, {0x6, 0xd, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x3, 0x1}, 0x400, 0x95ce, 0xe9}}, @val={0x72, 0x6}, [{0xdd, 0x76, "2bda80d6e0282b9ec5fadeba3ad2adbfbef6866ff53a9e7e2cf61772e12f5d04dbd66f66aad057007c9cb6ee4c57b690e42226aea9e5440963d8de50d64060079c821ab6badbeaf5739f128dc7b8840e394c92e2962425e546f963e8452a5a8e0b7c15c3737560bef47e0d1eba46b39c64dd6f5fdfda"}, {0xdd, 0xa, "b0444f75c26632eaa702"}, {0xdd, 0x71, "dd2114032795a417432050b9616e42191bff5643a2f985ffe003ffabdcc39f65693826b281607b52371778c604526c61e96859520b7d18cd6eb35ebd79d046d0e0cea4752ba24aa367052231aa5435e57f6d142d293f375cf761c7dec8c533bf1eab2967d4a602d71a268068b0ce14b68b"}]}}]}, 0x164}}, 0x14) ioctl$SIOCSIFHWADDR(r2, 0x8b37, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"}) 1.706864609s ago: executing program 1 (id=1257): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000700", [0x0, 0x2000000000001]}}) 1.580717137s ago: executing program 1 (id=1258): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') syz_usb_connect(0x3, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000c277cc08bb1b0302351c0000000109021b000102000000090402000108"], 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f000056c000/0x1000)=nil, 0x1000, 0x17) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 1.382634731s ago: executing program 2 (id=1260): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x200) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000100000040"]) ioctl$KVM_GET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x1, 0x100000, 0x1000, &(0x7f000076d000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f00007c7000/0x18000)=nil, &(0x7f0000000480)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, &(0x7f0000000140)=""/246, &(0x7f0000000080)=0xf6) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010026bd7000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="040087004800330000a8100008021100000008021100"], 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0) r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x40000, 0x0) fallocate(r0, 0xa, 0x1, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000009, 0x12, r9, 0x99b33000) r10 = socket$inet(0x2, 0x2, 0x1) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r11, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010024bd7000fcdbdf2503000000180001801400020073797a5f7475000000050003000d00"/46], 0x34}, 0x1, 0x0, 0x0, 0x20009005}, 0x4000080) bind$inet(r10, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x3, 0x10000000000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) 1.001703921s ago: executing program 2 (id=1264): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) (fail_nth: 7) 834.719754ms ago: executing program 2 (id=1266): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000900", [0x0, 0x2000000000001]}}) 794.589591ms ago: executing program 4 (id=1267): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000001500), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001540)={0x44, r3, 0x1, 0x70bd2a, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1000}, {0x6, 0x11, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000840}, 0x44000) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) 716.363141ms ago: executing program 2 (id=1268): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000000000000000000000000900", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 634.762652ms ago: executing program 4 (id=1269): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) sendfile(r0, r0, 0x0, 0x8b99) 520.115931ms ago: executing program 2 (id=1270): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="84fd000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) 480.711406ms ago: executing program 4 (id=1271): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r1 = socket(0x1e, 0x805, 0x0) sendmsg$tipc(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) add_key(&(0x7f0000000000)='rxrpc_s\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) (async) add_key(&(0x7f0000000000)='rxrpc_s\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) 346.583956ms ago: executing program 2 (id=1272): syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_netdev_private(r1, 0x8946, &(0x7f0000000140)="a6cc04e2d8f1c38afbf14b29b86e3a") mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f0000000900000004796592"], 0x0}, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r5, 0x501c4814, &(0x7f00000000c0)={0x2, 0xffffffff, 0x400000, 0x3e, 0xa00010}) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000080)={0x74, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@private=0xa010100, @multicast2}, 0x10) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) r7 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000002800)={0x7, 0x0, 0x0, "83341d025a78ff8177be16998e022bc32f59496b79ac9963084f401e544b75d0", 0x76781b1d}) r8 = socket$kcm(0x2, 0x200000000000001, 0x106) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_MAP(r9, 0xc0286404, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil}) sendmsg$inet(r8, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @loopback}, 0x10, 0x0}, 0x34004000) 346.447419ms ago: executing program 4 (id=1273): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x4, 0x4001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000080)="b922cdd771b1024c1f1f9b3c77606d888451227d5749c538f96ba541525cc189dadadc7e38bd85b7ddf7f7091d9c", 0x2e) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x13, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0000008019000000001200", [0x0, 0x2000000000001]}}) 150.920122ms ago: executing program 4 (id=1274): socketpair(0x25, 0x4, 0x1, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x3, 0x6, 0xfc21df93be454ef0, 0x0, 0x0, {0x7, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000280)={'ip6gre0\x00', &(0x7f0000000200)={'syztnl2\x00', 0x0, 0x5e, 0x5, 0xb1, 0x0, 0x70, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, 0x37b077285f49671d, 0x10, 0xd583, 0x71}}) getpeername$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) (async) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000340)={@local, @broadcast, 0x0}, &(0x7f0000000380)=0xc) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000005c0)={'gretap0\x00', &(0x7f0000000400)={'syztnl2\x00', 0x0, 0x4f, 0x8000, 0x9, 0x80, {{0x5d, 0x4, 0x2, 0x4, 0x174, 0x64, 0x0, 0x1, 0x29, 0x0, @local, @local, {[@timestamp_prespec={0x44, 0x24, 0x6b, 0x3, 0xd, [{@broadcast, 0x9000}, {@private=0xa010101, 0x8}, {@rand_addr=0x64010102, 0x1}, {@multicast2, 0x5}]}, @rr={0x7, 0x17, 0xb8, [@broadcast, @multicast1, @multicast1, @dev={0xac, 0x14, 0x14, 0xd}, @private=0xa010100]}, @timestamp_prespec={0x44, 0x34, 0x64, 0x3, 0x4, [{@remote, 0x6}, {@loopback, 0xda}, {@empty, 0x7}, {@multicast1, 0x8}, {@remote, 0x8}, {@empty, 0x5}]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x13, 0xa4, [@rand_addr=0x64010100, @broadcast, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0x23}]}, @cipso={0x86, 0x6f, 0x1, [{0x5, 0x6, "6546c6e2"}, {0x6, 0x11, "f82fa89d637f11b73e19e9367d4fba"}, {0x1, 0x8, "7c2609dd8e9a"}, {0x7, 0xe, "ddbc1c416b11b0e89d59f7cc"}, {0x2, 0xf, "d7c113c0af7dd9c3707f4e7053"}, {0x1, 0x5, "05151a"}, {0x1, 0xa, "b9719d46132a4b85"}, {0x5, 0xe, "0790976b25c1ebe19ed61e5b"}, {0x5, 0xd, "820daaf64780850e48d192"}, {0x1, 0x3, 'E'}]}, @timestamp={0x44, 0x1c, 0x5a, 0x0, 0x2, [0x2, 0x8, 0xff, 0x26, 0x0, 0x6]}, @cipso={0x86, 0x36, 0x3, [{0x7, 0x9, "10bc694097a061"}, {0x6, 0x3, '.'}, {0x6, 0x12, "950c0cea6506786d9e639af5ab2acfb0"}, {0x6, 0xd, "3fc0fc11de4fa621a7155f"}, {0xebf243ecb4de37b4, 0x5, "5dd78d"}]}, @lsrr={0x83, 0x17, 0xd3, [@broadcast, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x2e}, @empty, @dev={0xac, 0x14, 0x14, 0x33}]}, @end]}}}}}) (async) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000600)=0x0, &(0x7f0000000640)=0x4) (async) getsockname$packet(r0, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000006c0)=0x14) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f00000008c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000880)={&(0x7f0000000700)={0x168, 0x0, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}]}, @HEADER={0x88, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macsec0\x00'}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}]}]}, 0x168}, 0x1, 0x0, 0x0, 0x20040041}, 0x4000) r9 = socket$packet(0x11, 0x2, 0x300) close_range(r9, r0, 0x2) (async) r10 = syz_open_dev$hidraw(&(0x7f0000000900), 0x9, 0x101000) ioctl$HIDIOCGRDESC(r10, 0x90044802, &(0x7f0000000940)={0x64a, "8cdbd64e51010157989c039815ec36d6ca6ef273012e4c0ddeeec48d939bfdd881c58853039c2c56b80154fa5ae0c7ddcd77a228e7680d7d91cabd5b91414070f7203464ed207cd6b763855a8f87ce7eb695b1a74c38a9fc651d9ecdcd8443ebea26d768b8ef27e6e68b4c08346a4e3a038177b441b5fa8c479e596e18c0ebc67116ca55b2b27eaa1eba2c08a158c5f385d1220b1e31e6e4b171fb20ce58db0b281af711c12093e1b89637c911cba44475fe27928a49994a4fe803efa0bef298d99f14a4125ceaa9792177bfd8c79bcd594f0330a1dbe198703d5f501f958a17900adf93ba04d9c24ec613e9c8e897ffc35b260348ef58496b56a00d735aa2e6c678716b3e5e71cfdb532cc2d831fa667692181f71effa40b32ceabe03c91d4a268a1184f898f5f0894ec2d1b0b15ffcde09f2bb1ee2070a5314dbbc7818f084460d0f428ac8b33143efd431b8fa9c6ec1f868ea2e65db11e2c44deb6107f46ce2508a5cd21ce996cd3a2e7ca725c404e7fc04270ed9973d4582789edd2b55ac11907bc1c7a40cd937726815c53061cd9296cf34fa42d95f01cb8abc79d12a774f480200c06bdd5ea9be85a3f1631fe25d1bce0e1330afa78a49323cd185ebe6f11294d369b89808fb209e43c8aff1ef79f7d47768e83f8d34d549da08a5438e61ca154f061aad9661b4509ceabfacf4260372085a5c4288e48fb01fb64c4bd678d80cac2d13f0d0f9b5ce1cbe46674af5556f4597999a4ec5457282c05f77201e2141e117cc474054fcbce8ddf5973b481a6ef702fac7e580236235e6a2c9c5db62cbd3cb96bb68c903d95281e79abbe11667adb8d8c8a99447467e64995c294a9747b9eb30bd74ade65c63d798ddbedbd5c48c8b1f29c88492c8c217a5fd46c9704f08c43b304f3f9a7cd37fa4092223b3b96329d4219da3f4cefa5705a158edc6fbbd55761891c386251943484fe10c00f04e396a68437b478b5228354e0908358486fe3b169533d75166a620bfef6768c6d5886445e0a7548fb604b4766205444c8729e7935d4760deea33ce98c95f84d63480edff5f085cd41ff4c6cad40e1d143429ed3efa1e1c58c2eb5a91c1d49f6b96f6c75e3fb9fca56fdbb0df40e909fa81a2814213703c044a495b2cd16f2152e2bdf965b87db44ddc7e680c274628ae29fcdcbd15ac940d2b1e7ea28c21026514c223e026bf6a104dad23ce61345382a50b29a7a3fdc1091fb05e00d3bb62b7b8a8e67071a098a5602cf5e20449ed59bc24810fb3164763787377a1dc4fbb2b6eebcb4584641a56f4eb6f284f2f32f6432bdd06658d782587f5f373625155b129233087fa551172872138b53132965dc26a2300357eaac43377ed3a36060d5d926095795b17ab762f92fbcdd17fe2298e7a943d7c52106954e6658108f9d47847c903469428d21d57bb5e46e7126185969f5e4ba81d8d00c68213a828f0dd2c2864d895c84351582a48d74083d36872d44f8ecf596057406e1ecc9f5838be81636ae10f77e9b9170def8de98e9b857158fc6a8fc66cce50389b2a5d322bb83008853e64a1a55db4c3786a541a652dae9328b3f3dadc8d87ce93146ec3b6a399193ea5786de86f43c97e277e1ff4fd43ce85ef26c46e5d808355c4312a1fb7e55cb7ec668fd7797d491b3c3d7d3e1b8ff605a6340f873e6dd7db852a0a6696e0af1bf3879bacd4f68a20511cbefa980f9d5ae1a435e1b174491ffef79006f623e9e194eb85c7466cdcd8753303a6551521ce91e5b8f5947ff5d49b1ef184394653629c32e170210ac15a88be6fcff492cdbde1940a1b4eeb61a00b3f52e802b0be0007a2c6f0a9e029fcd01db05d74642a647a6dc9a095b7fe4b08c6a7eb993efb38946e77aeef0d4422952fa49d8545ab4afd3f57d7c7a44adb8857491272b9f145fbc9982340ed45fe66ff6b5040ec59f6c33983bdfe1f9f1d092b28bad1c3a55a86f3add681fd627f725558cdb1253c9b81b8e9a9edba8d24abf9ee4146df00c7eaa7a479bc39ffeb62eb7752cde0e13875021223e4a59bc7bdc95f80a42f521ae5ccf379988b1afbaae65e5ee83cebd9c397845cb6f3a6e82125d820b151b783ca5345cd8611a13e0102407e60b3486af14801cc2abfdf547a5283bfd2c400ec131549d24c896b64fdeb4d247b7c72316901bf5996a800b5ceeb10c5811db6fe44dcea1b8dd50c99553d71e946c41be2003d2071b4dd5817360724bdba07c5bfddd6857517c44afa19d9468a1528b98f7610c18718"}) r11 = shmget(0x1, 0x1000, 0x78000000, &(0x7f0000ffe000/0x1000)=nil) shmat(r11, &(0x7f0000ffc000/0x4000)=nil, 0x1000) (async) pipe2(&(0x7f0000000fc0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x880) ioctl$sock_rose_SIOCDELRT(r13, 0x890c, &(0x7f0000001000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0xfff9, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x5, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}) (async) shmctl$SHM_LOCK(r11, 0xb) (async) read$FUSE(r13, &(0x7f0000001080)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r13, &(0x7f00000030c0)={0x50, 0x0, r14, {0x7, 0x2b, 0xff, 0x202, 0x2, 0x9, 0x5, 0xffff, 0x0, 0x0, 0x0, 0x6}}, 0x50) (async) shmctl$SHM_INFO(r11, 0xe, &(0x7f0000003140)=""/148) (async) ppoll(&(0x7f0000003200)=[{r13, 0xc000}], 0x1, &(0x7f0000003240)={0x0, 0x3938700}, &(0x7f0000003280)={[0x1]}, 0x8) (async) sendmsg$kcm(r12, &(0x7f00000036c0)={0x0, 0x0, &(0x7f0000003340)=[{&(0x7f00000032c0)="d1698a55c15781e292d99e7d68136d1c0ce389f0439cacb71456bf6be874576b5b560961f2579591064e03417657ec64aea7cdcb9f542d128c1475703d057898d028dea7a2a18e43125b12b15fc268125cf95f8d5d01d069470bd73272574b072da4e4d835efd5555f0ef33b29b4e5571cddcb2a5921d4a68f77c527314493", 0x7f}], 0x1, &(0x7f0000003380)=[{0xa8, 0x113, 0x2, "84c23b4f28349dfc493bda6eae2da41dc7568160b56547c14e4e087ddc4df4c951e77eefd944f6e036e3a50420e53c99e6f17835cda1e3af73149c36125b1f0fd7ee663a20ef045bfd3d616488f609ea77aaad97fa8ca242ebe94743ad3116f60ed164a41c549a97f8cf523026bde53020cef97f3dd4c8e96bee6818a45f7195d1662ed9fc439bf45681b1178b928e6c6878"}, {0x50, 0x10f, 0x2, "8c21f014a95a5e9e307638099e13c8496e5e663a489a15a76c7367aba225ca44d7d60f8e4984908ec089b855b76428a6870705b64f883c7edf6b"}, {0x110, 0x1, 0x1, "a2dc02e21086f4757d1d15f95ccf679aca19fe62c06c0f57b7d6f6ead0f7ee23b32fd6c0a66308bbbe4cbfad1a9a93055d12d98a63b85248f5ebde9b695948b3575dca33ff91d19e7263c0d272b1773d5e681602c43f6493f7de537cac3eeb5871157ea76d24a6f06f1c959e9d328a897d75f05e3d9c80568c7e3201e4fac5712a90801216d0334cd2ad8c954c1597862230c9c76288886b18184a9ba401da7629b16c4848077be90c0976a93c0950019d234b320494a954f80516013854e460f94e21ae0db25a85488ac94811812d81faedc36acdd7270590a37aa6da242cb174f514e88341ca0c416e40be5170bc2798a70361f84bde7aac"}, {0xb8, 0x108, 0x2, "4862695cec8dcc7e401c47149d6efa485e3819e7e7cc12ae1b486011def2b67eac0a8e38aface4e982ff45672c292cc8a6e9850aab5d4d90d2082d4cf3c7c6243584c246b04ac65426a7408cbb0ba264f7d8e36a068d47b820e165eca0f144c032df906abeb5cc85e3f472651c9d0416ce7cff029fab0547140284c40e4cb9c41993da98c99166ece02e89178dc7acf035785e92829ada2a68e341dee86da01fa20b5869"}, {0x78, 0x1, 0x9, "a2e639e92bb6effea93f88045c1928ef045d6c2108f0a79259699ef7413e5b0aa6e51b3aaff4466e90cd777927773b525e91dfbf676f20d5e2d4a063c0554c7f6d7552bd4c2a36faaa86e41ec2068d8ec68000a5933f35fc5d50d24c0e93ece6a4abdf0a44372919"}], 0x338}, 0x0) r15 = socket$nl_generic(0x10, 0x3, 0x10) r16 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003740), r13) (async) ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000003780)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r15, &(0x7f0000003840)={&(0x7f0000003700)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000003800)={&(0x7f00000037c0)={0x3c, r16, 0x2, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r17}, @void}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x2}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x9}]}, 0x3c}, 0x1, 0x0, 0x0, 0x26000000}, 0x4000880) bind$packet(r1, &(0x7f0000003880)={0x11, 0xf6, r8, 0x1, 0x0, 0x6, @random="b6be59383637"}, 0x14) 0s ago: executing program 4 (id=1275): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0xfffffe98, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="8400000000010104000000000000000002000000240001801400018008000100ac1414bb08000200ac0314bb0c0002800500010000000000240002801400018008000100ac1414aa08000200ac1414000c0002800500010000000000080007400000000010001700000000000000000000000000100016"], 0x84}}, 0x0) (fail_nth: 8) kernel console output (not intermixed with test programs): 9][ T92] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 258.250721][ T92] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 258.260585][ T92] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 258.269914][ T92] usb 4-1: SerialNumber: syz [ 258.348085][ T8915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.363195][ T8915] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.377142][ T5927] usb 2-1: USB disconnect, device number 27 [ 258.410008][ T8918] /dev/rnullb0: Can't open blockdev [ 258.487987][ T8923] /dev/rnullb0: Can't open blockdev [ 258.502208][ T92] usb 4-1: 0:2 : does not exist [ 258.508279][ T92] usb 4-1: unit 5: unexpected type 0x03 [ 258.515864][ T92] usb 4-1: unit 255 not found! [ 258.534231][ T92] usb 4-1: USB disconnect, device number 38 [ 258.564321][ T6364] udevd[6364]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 258.574240][ T5829] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 258.744516][ T5829] usb 3-1: device descriptor read/64, error -71 [ 258.777694][ T8926] netlink: 24 bytes leftover after parsing attributes in process `syz.4.800'. [ 258.786624][ T8926] netlink: 68 bytes leftover after parsing attributes in process `syz.4.800'. [ 258.984024][ T5829] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 259.033877][ T92] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 259.095850][ T8934] IPVS: set_ctl: invalid protocol: 1 100.1.1.0:20001 [ 259.125624][ T5829] usb 3-1: device descriptor read/64, error -71 [ 259.184470][ T92] usb 5-1: device descriptor read/64, error -71 [ 259.240849][ T5829] usb usb3-port1: attempt power cycle [ 259.319800][ T8944] /dev/rnullb0: Can't open blockdev [ 259.444487][ T92] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 259.583970][ T92] usb 5-1: device descriptor read/64, error -71 [ 259.607595][ T5829] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 259.634852][ T5829] usb 3-1: device descriptor read/8, error -71 [ 259.659677][ T8950] /dev/rnullb0: Can't open blockdev [ 259.694245][ T92] usb usb5-port1: attempt power cycle [ 259.884142][ T5829] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 259.905984][ T5829] usb 3-1: device descriptor read/8, error -71 [ 260.014747][ T5829] usb usb3-port1: unable to enumerate USB device [ 260.053937][ T92] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 260.089460][ T92] usb 5-1: device descriptor read/8, error -71 [ 260.344905][ T92] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 260.376631][ T92] usb 5-1: device descriptor read/8, error -71 [ 260.396886][ T8967] loop4: detected capacity change from 0 to 7 [ 260.415401][ T8967] Dev loop4: unable to read RDB block 7 [ 260.421325][ T8967] loop4: unable to read partition table [ 260.429097][ T8967] loop4: partition table beyond EOD, truncated [ 260.440404][ T8967] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 260.466080][ T5202] Dev loop4: unable to read RDB block 7 [ 260.471814][ T5202] loop4: unable to read partition table [ 260.479399][ T5202] loop4: partition table beyond EOD, truncated [ 260.504535][ T92] usb usb5-port1: unable to enumerate USB device [ 260.674372][ T8971] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 260.682969][ T8971] /dev/rnullb0: Can't open blockdev [ 260.758754][ T8973] /dev/rnullb0: Can't open blockdev [ 261.071381][ T8992] /dev/rnullb0: Can't open blockdev [ 261.152882][ T8994] loop4: detected capacity change from 0 to 7 [ 261.162191][ T8994] Dev loop4: unable to read RDB block 7 [ 261.169291][ T8994] loop4: unable to read partition table [ 261.176755][ T8994] loop4: partition table beyond EOD, truncated [ 261.183989][ T8994] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 261.370365][ T9002] loop6: detected capacity change from 0 to 63 [ 261.402423][ T8999] netlink: 14 bytes leftover after parsing attributes in process `syz.1.828'. [ 261.407410][ T9002] buffer_io_error: 11 callbacks suppressed [ 261.407425][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.426584][ T8999] veth0_macvtap: left promiscuous mode [ 261.456489][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.466943][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.480636][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.524019][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.532178][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.548115][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.570846][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.589264][ T9002] ldm_validate_partition_table(): Disk read failed. [ 261.614012][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.647238][ T9002] Buffer I/O error on dev loop6, logical block 0, async page read [ 261.676871][ T9002] Dev loop6: unable to read RDB block 0 [ 261.708076][ T9002] loop6: unable to read partition table [ 261.728149][ T9002] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 261.818872][ T9015] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 261.846635][ T9015] UDF-fs: Scanning with blocksize 4096 failed [ 262.038083][ T9027] netlink: 96 bytes leftover after parsing attributes in process `syz.3.835'. [ 262.059191][ T9027] /dev/rnullb0: Can't open blockdev [ 262.068517][ T9028] loop4: detected capacity change from 0 to 7 [ 262.095266][ T9028] Dev loop4: unable to read RDB block 7 [ 262.100883][ T9028] loop4: unable to read partition table [ 262.124205][ T9028] loop4: partition table beyond EOD, truncated [ 262.150851][ T9028] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 262.413156][ T9040] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 262.435884][ T9040] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 262.523864][ T5829] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 262.553889][ T92] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 262.688447][ T5829] usb 2-1: Using ep0 maxpacket: 32 [ 262.700254][ T5829] usb 2-1: config 0 has an invalid interface number: 74 but max is 0 [ 262.711461][ T5829] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.731053][ T92] usb 4-1: config 2 has an invalid interface number: 233 but max is 0 [ 262.740052][ T92] usb 4-1: config 2 has no interface number 0 [ 262.746518][ T10] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 262.746880][ T9049] netlink: 'syz.2.843': attribute type 11 has an invalid length. [ 262.754308][ T5829] usb 2-1: config 0 has no interface number 0 [ 262.754356][ T5829] usb 2-1: config 0 interface 74 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 262.754377][ T5829] usb 2-1: config 0 interface 74 has no altsetting 0 [ 262.756142][ T92] usb 4-1: config 2 interface 233 has no altsetting 0 [ 262.793571][ T5829] usb 2-1: New USB device found, idVendor=1ae7, idProduct=9003, bcdDevice=44.08 [ 262.802830][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.811424][ T5829] usb 2-1: Product: syz [ 262.816889][ T5829] usb 2-1: Manufacturer: syz [ 262.821786][ T5829] usb 2-1: SerialNumber: syz [ 262.829622][ T92] usb 4-1: New USB device found, idVendor=1b3d, idProduct=0109, bcdDevice=33.00 [ 262.838893][ T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.850120][ T5829] usb 2-1: config 0 descriptor?? [ 262.855157][ T92] usb 4-1: Product: syz [ 262.859389][ T92] usb 4-1: Manufacturer: syz [ 262.865295][ T92] usb 4-1: SerialNumber: syz [ 262.873208][ T5829] em28xx 2-1:0.74: New device syz syz @ 480 Mbps (1ae7:9003, interface 74, class 74) [ 262.892138][ T5829] em28xx 2-1:0.74: Video interface 74 found: [ 262.943993][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 262.956569][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 262.974743][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 263.006649][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 263.024100][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.042542][ T10] usb 5-1: Product: syz [ 263.047245][ T10] usb 5-1: Manufacturer: syz [ 263.051884][ T10] usb 5-1: SerialNumber: syz [ 263.105740][ T92] ftdi_sio 4-1:2.233: FTDI USB Serial Device converter detected [ 263.146540][ T92] usb 4-1: Detected FT232HP [ 263.152120][ T92] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 263.162488][ T92] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 263.174016][ T92] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 263.196416][ T92] usb 4-1: USB disconnect, device number 39 [ 263.223088][ T5829] em28xx 2-1:0.74: unknown em28xx chip ID (0) [ 263.262574][ T92] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 263.277824][ T92] ftdi_sio 4-1:2.233: device disconnected [ 263.358072][ T5829] em28xx 2-1:0.74: reading from i2c device at 0xa0 failed (error=-5) [ 263.358122][ T5829] em28xx 2-1:0.74: board has no eeprom [ 263.388923][ T9060] netlink: 'syz.1.846': attribute type 2 has an invalid length. [ 263.388944][ T9060] netlink: 'syz.1.846': attribute type 1 has an invalid length. [ 263.388956][ T9060] netlink: 152 bytes leftover after parsing attributes in process `syz.1.846'. [ 263.390968][ T5829] em28xx 2-1:0.74: writing to i2c device at 0xb8 failed (error=-5) [ 263.390999][ T5829] em28xx 2-1:0.74: couldn't read from i2c device 0xb8: error -5 [ 263.391874][ T5829] em28xx 2-1:0.74: writing to i2c device at 0xba failed (error=-5) [ 263.391899][ T5829] em28xx 2-1:0.74: couldn't read from i2c device 0xba: error -5 [ 263.393944][ T5829] em28xx 2-1:0.74: writing to i2c device at 0x90 failed (error=-5) [ 263.393967][ T5829] em28xx 2-1:0.74: couldn't read from i2c device 0x90: error -5 [ 263.399267][ T5829] em28xx 2-1:0.74: writing to i2c device at 0x42 failed (error=-5) [ 263.481810][ T5829] em28xx 2-1:0.74: couldn't read from i2c device 0x42: error -5 [ 263.507329][ T9042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.519057][ T9042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.533286][ T5829] em28xx 2-1:0.74: writing to i2c device at 0x60 failed (error=-5) [ 263.559228][ T5829] em28xx 2-1:0.74: couldn't read from i2c device 0x60: error -5 [ 263.571778][ T5829] em28xx 2-1:0.74: No sensor detected [ 263.623914][ T5894] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 263.653832][ T5829] em28xx 2-1:0.74: Identified as SpeedLink Vicious And Devine Laplace webcam (card=91) [ 263.663546][ T5829] em28xx 2-1:0.74: Currently, V4L2 is not supported on this model [ 263.690655][ T5912] em28xx 2-1:0.74: Registering snapshot button... [ 263.694663][ T9067] loop4: detected capacity change from 0 to 7 [ 263.702209][ T5912] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.74/input/input18 [ 263.719790][ T9067] Dev loop4: unable to read RDB block 7 [ 263.730568][ T9067] loop4: unable to read partition table [ 263.741313][ T9042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.751226][ T9067] loop4: partition table beyond EOD, truncated [ 263.756446][ T5829] usb 2-1: USB disconnect, device number 28 [ 263.775428][ T5912] em28xx 2-1:0.74: Remote control support is not available for this card. [ 263.781584][ T5894] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.791039][ T5829] em28xx 2-1:0.74: Disconnecting em28xx [ 263.794944][ T9067] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 263.810213][ T9042] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.819844][ T5829] em28xx 2-1:0.74: Closing input extension [ 263.829035][ T5829] em28xx 2-1:0.74: Deregistering snapshot button [ 263.853033][ T5894] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 263.876680][ T5894] usb 3-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 263.901418][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.920214][ T5894] usb 3-1: Product: syz [ 263.933105][ T5894] usb 3-1: Manufacturer: syz [ 263.952815][ T5894] usb 3-1: SerialNumber: syz [ 264.026270][ T5894] usb 3-1: config 0 descriptor?? [ 264.061133][ T5829] em28xx 2-1:0.74: Freeing device [ 264.233631][ T10] usb 5-1: 0:2 : does not exist [ 264.247642][ T10] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 264.295569][ T10] usb 5-1: USB disconnect, device number 33 [ 264.346563][ T9074] netlink: 48 bytes leftover after parsing attributes in process `syz.1.851'. [ 264.361577][ T6364] udevd[6364]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 264.833583][ T9076] trusted_key: syz.1.852 sent an empty control message without MSG_MORE. [ 264.905847][ T9080] netlink: 'syz.4.853': attribute type 11 has an invalid length. [ 265.171516][ T9084] loop4: detected capacity change from 0 to 7 [ 265.181277][ T6364] Dev loop4: unable to read RDB block 7 [ 265.188608][ T6364] loop4: unable to read partition table [ 265.194777][ T6364] loop4: partition table beyond EOD, truncated [ 265.203226][ T9084] Dev loop4: unable to read RDB block 7 [ 265.209370][ T9084] loop4: unable to read partition table [ 265.218018][ T9084] loop4: partition table beyond EOD, truncated [ 265.224621][ T9084] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 265.266651][ T9086] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 265.315044][ T9086] UDF-fs: Scanning with blocksize 4096 failed [ 265.469300][ T9094] FAULT_INJECTION: forcing a failure. [ 265.469300][ T9094] name failslab, interval 1, probability 0, space 0, times 0 [ 265.469651][ T9092] loop4: detected capacity change from 0 to 7 [ 265.482389][ T9094] CPU: 0 UID: 0 PID: 9094 Comm: syz.4.859 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 265.482411][ T9094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.482422][ T9094] Call Trace: [ 265.482429][ T9094] [ 265.482436][ T9094] dump_stack_lvl+0x189/0x250 [ 265.482460][ T9094] ? __pfx____ratelimit+0x10/0x10 [ 265.482482][ T9094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.482500][ T9094] ? __pfx__printk+0x10/0x10 [ 265.482523][ T9094] ? __pfx___might_resched+0x10/0x10 [ 265.482543][ T9094] should_fail_ex+0x414/0x560 [ 265.482573][ T9094] should_failslab+0xa8/0x100 [ 265.482593][ T9094] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 265.482611][ T9094] ? __alloc_skb+0x112/0x2d0 [ 265.482646][ T9094] __alloc_skb+0x112/0x2d0 [ 265.482671][ T9094] netlink_sendmsg+0x5c6/0xb30 [ 265.482702][ T9094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.482726][ T9094] ? aa_sock_msg_perm+0xf1/0x1d0 [ 265.482745][ T9094] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 265.482766][ T9094] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.482788][ T9094] __sock_sendmsg+0x219/0x270 [ 265.482811][ T9094] ____sys_sendmsg+0x505/0x830 [ 265.482832][ T9094] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.482856][ T9094] ? import_iovec+0x74/0xa0 [ 265.482876][ T9094] ___sys_sendmsg+0x21f/0x2a0 [ 265.482894][ T9094] ? __pfx____sys_sendmsg+0x10/0x10 [ 265.482943][ T9094] ? __fget_files+0x2a/0x420 [ 265.482963][ T9094] ? __fget_files+0x3a0/0x420 [ 265.482993][ T9094] __x64_sys_sendmsg+0x19b/0x260 [ 265.483012][ T9094] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 265.483037][ T9094] ? rcu_is_watching+0x15/0xb0 [ 265.483058][ T9094] ? do_syscall_64+0xbe/0x3b0 [ 265.483081][ T9094] do_syscall_64+0xfa/0x3b0 [ 265.483100][ T9094] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.483118][ T9094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.483133][ T9094] ? clear_bhb_loop+0x60/0xb0 [ 265.483152][ T9094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.483167][ T9094] RIP: 0033:0x7fd84258e929 [ 265.483195][ T9094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.483209][ T9094] RSP: 002b:00007fd843441038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.483227][ T9094] RAX: ffffffffffffffda RBX: 00007fd8427b5fa0 RCX: 00007fd84258e929 [ 265.483238][ T9094] RDX: 0000000000045080 RSI: 0000200000000500 RDI: 0000000000000004 [ 265.483249][ T9094] RBP: 00007fd843441090 R08: 0000000000000000 R09: 0000000000000000 [ 265.483259][ T9094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.483268][ T9094] R13: 0000000000000000 R14: 00007fd8427b5fa0 R15: 00007ffecaef8f08 [ 265.483294][ T9094] [ 265.678107][ T9097] Can't find a SQUASHFS superblock on rnullb0 [ 265.752498][ T6776] Dev loop4: unable to read RDB block 7 [ 265.771781][ T6776] loop4: unable to read partition table [ 265.778128][ T6776] loop4: partition table beyond EOD, truncated [ 265.788014][ T9092] Dev loop4: unable to read RDB block 7 [ 265.799997][ T9092] loop4: unable to read partition table [ 265.806154][ T9092] loop4: partition table beyond EOD, truncated [ 265.812359][ T9092] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 266.173402][ T9112] hpfs: Bad magic ... probably not HPFS [ 266.214023][ T10] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 266.256201][ T9115] loop4: detected capacity change from 0 to 7 [ 266.285634][ T6364] Dev loop4: unable to read RDB block 7 [ 266.291219][ T6364] loop4: unable to read partition table [ 266.309573][ T6364] loop4: partition table beyond EOD, truncated [ 266.345565][ T5881] usb 3-1: USB disconnect, device number 45 [ 266.364977][ T10] usb 2-1: device descriptor read/64, error -71 [ 266.378343][ T9115] Dev loop4: unable to read RDB block 7 [ 266.407753][ T9115] loop4: unable to read partition table [ 266.424048][ T9115] loop4: partition table beyond EOD, truncated [ 266.436346][ T9115] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 266.616718][ T10] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 266.677408][ T9128] openvswitch: netlink: Flow key attr not present in new flow. [ 266.769517][ T9134] loop4: detected capacity change from 0 to 7 [ 266.774579][ T10] usb 2-1: device descriptor read/64, error -71 [ 266.793986][ T9134] Dev loop4: unable to read RDB block 7 [ 266.799611][ T9134] loop4: unable to read partition table [ 266.805786][ T9134] loop4: partition table beyond EOD, truncated [ 266.812017][ T9134] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 266.900227][ T10] usb usb2-port1: attempt power cycle [ 267.096187][ T9151] syz.2.877: attempt to access beyond end of device [ 267.096187][ T9151] nbd2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 267.130617][ T9151] qnx4: unable to read the superblock [ 267.150929][ T9152] syz.2.877: attempt to access beyond end of device [ 267.150929][ T9152] nbd2: rw=0, sector=1, nr_sectors = 1 limit=0 [ 267.165123][ T9152] qnx4: unable to read the superblock [ 267.172736][ T9154] loop4: detected capacity change from 0 to 7 [ 267.181214][ T9154] Dev loop4: unable to read RDB block 7 [ 267.190485][ T9154] loop4: unable to read partition table [ 267.197942][ T9154] loop4: partition table beyond EOD, truncated [ 267.207066][ T9154] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 267.263860][ T10] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 267.295187][ T5894] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 267.295539][ T10] usb 2-1: device descriptor read/8, error -71 [ 267.477027][ T5829] usb 3-1: new full-speed USB device number 46 using dummy_hcd [ 267.486284][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.496732][ T5894] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 267.508604][ T5894] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 267.517700][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.525814][ T5894] usb 4-1: Product: syz [ 267.529977][ T5894] usb 4-1: Manufacturer: syz [ 267.534671][ T5894] usb 4-1: SerialNumber: syz [ 267.542495][ T5894] usb 4-1: config 0 descriptor?? [ 267.554134][ T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 267.574389][ T10] usb 2-1: device descriptor read/8, error -71 [ 267.636305][ T5829] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 267.647895][ T5829] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 267.661208][ T5829] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 267.670295][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.684604][ T10] usb usb2-port1: unable to enumerate USB device [ 267.765078][ T10] usb 4-1: USB disconnect, device number 40 [ 267.826696][ T9162] pim6reg1: entered promiscuous mode [ 267.832489][ T9162] pim6reg1: entered allmulticast mode [ 267.882921][ T5829] usb 3-1: usb_control_msg returned -32 [ 267.889487][ T9166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.890985][ T5829] usbtmc 3-1:16.0: can't read capabilities [ 267.899783][ T9166] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.990580][ T9171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 268.014665][ T9171] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 268.024068][ T5881] usb 3-1: USB disconnect, device number 46 [ 268.205857][ T9177] loop4: detected capacity change from 0 to 7 [ 268.212939][ T9177] Dev loop4: unable to read RDB block 7 [ 268.220468][ T9177] loop4: unable to read partition table [ 268.226454][ T9177] loop4: partition table beyond EOD, truncated [ 268.226851][ T5894] usb 4-1: new full-speed USB device number 41 using dummy_hcd [ 268.232765][ T9177] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 268.364025][ T5894] usb 4-1: device descriptor read/64, error -71 [ 268.414397][ T5881] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 268.545644][ T9185] program syz.4.888 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 268.584043][ T5881] usb 3-1: Using ep0 maxpacket: 32 [ 268.596017][ T5881] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 268.608446][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.622502][ T5881] usb 3-1: config 0 descriptor?? [ 268.628051][ T5894] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 268.641236][ T5881] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 268.785817][ T5894] usb 4-1: device descriptor read/64, error -71 [ 268.931350][ T9191] /dev/rnullb0: Can't open blockdev [ 268.934501][ T5894] usb usb4-port1: attempt power cycle [ 269.284184][ T5894] usb 4-1: new full-speed USB device number 43 using dummy_hcd [ 269.314946][ T5894] usb 4-1: device descriptor read/8, error -71 [ 269.384287][ T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 269.549254][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 269.566317][ T10] usb 2-1: New USB device found, idVendor=13d8, idProduct=0022, bcdDevice=17.c8 [ 269.587228][ T5894] usb 4-1: new full-speed USB device number 44 using dummy_hcd [ 269.587488][ T10] usb 2-1: New USB device strings: Mfr=1, Product=253, SerialNumber=3 [ 269.607220][ T10] usb 2-1: Product: syz [ 269.611892][ T10] usb 2-1: Manufacturer: syz [ 269.624063][ T10] usb 2-1: SerialNumber: syz [ 269.630232][ T5894] usb 4-1: device descriptor read/8, error -71 [ 269.754190][ T5894] usb usb4-port1: unable to enumerate USB device [ 269.855659][ T10] usb 2-1: selecting invalid altsetting 3 [ 269.861424][ T10] comedi comedi0: could not set alternate setting 3 in high speed [ 269.875526][ T10] usbduxsigma 2-1:5.0: driver 'usbduxsigma' failed to auto-configure device. [ 269.890379][ T10] usbduxsigma 2-1:5.0: probe with driver usbduxsigma failed with error -22 [ 269.908550][ T10] usb 2-1: USB disconnect, device number 33 [ 270.090542][ T9174] kernel read not supported for file /file1 (pid: 9174 comm: syz.2.883) [ 270.106383][ T30] audit: type=1800 audit(1751627297.633:16): pid=9174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.883" name="file1" dev="mqueue" ino=26361 res=0 errno=0 [ 270.138772][ T5881] gspca_vc032x: reg_w err -71 [ 270.147961][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.162712][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.174087][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.180666][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.190786][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.199953][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.209920][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.218835][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.221121][ T9216] /dev/rnullb0: Can't open blockdev [ 270.228098][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.239320][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.248028][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.257791][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.265389][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.274269][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.281929][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.290640][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.298397][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.307360][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 270.316376][ T5881] gspca_vc032x: Unknown sensor... [ 270.323747][ T5881] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 270.340680][ T5881] usb 3-1: USB disconnect, device number 47 [ 270.486382][ T9220] binder: 9219:9220 ioctl c0306201 2000000003c0 returned -14 [ 270.764047][ T10] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 270.913972][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 270.930433][ T10] usb 5-1: New USB device found, idVendor=13d8, idProduct=0022, bcdDevice=17.c8 [ 270.942825][ T10] usb 5-1: New USB device strings: Mfr=1, Product=253, SerialNumber=3 [ 270.951883][ T10] usb 5-1: Product: syz [ 270.959634][ T10] usb 5-1: Manufacturer: syz [ 270.966716][ T10] usb 5-1: SerialNumber: syz [ 271.034918][ T5881] usb 3-1: new full-speed USB device number 48 using dummy_hcd [ 271.217581][ T5881] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 271.225301][ T10] usb 5-1: selecting invalid altsetting 3 [ 271.233341][ T5881] usb 3-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a [ 271.243349][ T10] comedi comedi0: could not set alternate setting 3 in high speed [ 271.258740][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.262093][ T10] usbduxsigma 5-1:5.0: driver 'usbduxsigma' failed to auto-configure device. [ 271.276412][ T5881] usb 3-1: config 0 descriptor?? [ 271.279590][ T5881] pegasus_notetaker 3-1:0.0: Invalid number of endpoints [ 271.319028][ T10] usbduxsigma 5-1:5.0: probe with driver usbduxsigma failed with error -22 [ 271.327108][ T5881] pegasus_notetaker 3-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 271.366715][ T10] usb 5-1: USB disconnect, device number 34 [ 271.412057][ T9233] /dev/rnullb0: Can't open blockdev [ 271.482611][ T9226] /dev/rnullb0: Can't open blockdev [ 271.491826][ T5829] usb 3-1: USB disconnect, device number 48 [ 271.763423][ T9242] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 271.885954][ T9249] netlink: 'syz.4.910': attribute type 5 has an invalid length. [ 271.893641][ T9249] netlink: 'syz.4.910': attribute type 25 has an invalid length. [ 271.913958][ T5894] usb 2-1: new full-speed USB device number 34 using dummy_hcd [ 272.002856][ T9251] hpfs: Bad magic ... probably not HPFS [ 272.076253][ T5894] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 272.096552][ T5894] usb 2-1: config 0 has no interface number 0 [ 272.103017][ T5894] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 272.117603][ T5894] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 272.158638][ T5894] usb 2-1: config 0 interface 230 has no altsetting 0 [ 272.169374][ T5894] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 272.179095][ T5894] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.199287][ T5894] usb 2-1: Product: syz [ 272.206185][ T5894] usb 2-1: Manufacturer: syz [ 272.213079][ T5894] usb 2-1: SerialNumber: syz [ 272.234555][ T5894] usb 2-1: config 0 descriptor?? [ 272.240891][ T9240] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 272.252893][ T9240] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 272.281276][ T5894] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 272.311462][ T9263] hfs: can't find a HFS filesystem on dev rnullb0 [ 272.320432][ T5894] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 272.424143][ T5927] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 272.578691][ T9273] omfs: Invalid superblock (0) [ 272.584052][ T5927] usb 5-1: Using ep0 maxpacket: 32 [ 272.600130][ T5927] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 272.613865][ T5927] usb 5-1: config 0 has no interface number 0 [ 272.613889][ T5829] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 272.620076][ T5927] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 272.662413][ T5927] usb 5-1: config 0 interface 196 has no altsetting 0 [ 272.675189][ T5927] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 272.684719][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.690076][ T9276] fuse: Bad value for 'fd' [ 272.692778][ T5927] usb 5-1: Product: syz [ 272.701770][ T5927] usb 5-1: Manufacturer: syz [ 272.710642][ T5927] usb 5-1: SerialNumber: syz [ 272.719906][ T5927] usb 5-1: config 0 descriptor?? [ 272.728475][ T9258] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 272.750415][ T9278] /dev/sg0: Can't lookup blockdev [ 272.804485][ T5829] usb 3-1: Using ep0 maxpacket: 8 [ 272.818616][ T5829] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 272.834244][ T5829] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.845098][ T5829] usb 3-1: Product: syz [ 272.849273][ T5829] usb 3-1: Manufacturer: syz [ 272.855968][ T5829] usb 3-1: SerialNumber: syz [ 272.868713][ T5829] usb 3-1: config 0 descriptor?? [ 272.898265][ T5829] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 272.970868][ T9285] netlink: 60 bytes leftover after parsing attributes in process `syz.1.923'. [ 272.980427][ T9283] netlink: 60 bytes leftover after parsing attributes in process `syz.1.923'. [ 272.992623][ T9283] netlink: 60 bytes leftover after parsing attributes in process `syz.1.923'. [ 273.123585][ T9288] gfs2: not a GFS2 filesystem [ 273.150968][ T5927] ipheth 5-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 273.183505][ T5927] ipheth 5-1:0.196: Apple iPhone USB Ethernet device attached [ 273.218807][ T5927] usb 5-1: USB disconnect, device number 35 [ 273.335323][ T5927] ipheth 5-1:0.196: Apple iPhone USB Ethernet now disconnected [ 273.664096][ T5927] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 273.868862][ T5927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.890294][ T5927] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 273.907612][ T5927] usb 5-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 273.917087][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.925998][ T5927] usb 5-1: Product: syz [ 273.930172][ T5927] usb 5-1: Manufacturer: syz [ 273.935183][ T5927] usb 5-1: SerialNumber: syz [ 273.945638][ T5927] usb 5-1: config 0 descriptor?? [ 273.975361][ T5912] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 274.064194][ T5829] gspca_sonixj: reg_r err -110 [ 274.072084][ T5829] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 274.147727][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.170475][ T30] audit: type=1800 audit(1751627301.693:17): pid=9296 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.926" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 274.173139][ T5912] usb 4-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 274.192503][ T9296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.210293][ T9296] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.227413][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.263082][ T5912] usb 4-1: config 0 descriptor?? [ 274.278113][ T5927] usb 5-1: USB disconnect, device number 36 [ 274.489231][ T5912] itetech 0003:258A:6A88.0007: unknown main item tag 0x2 [ 274.507982][ T5912] itetech 0003:258A:6A88.0007: reserved main item tag 0xe [ 274.530536][ T5912] itetech 0003:258A:6A88.0007: hidraw0: USB HID v0.00 Device [HID 258a:6a88] on usb-dummy_hcd.3-1/input0 [ 274.567519][ T5912] usb 4-1: USB disconnect, device number 45 [ 274.573422][ T5894] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 274.609926][ T5894] usb 2-1: USB disconnect, device number 34 [ 274.649229][ T9314] netlink: 68 bytes leftover after parsing attributes in process `syz.1.930'. [ 274.677665][ T9314] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 274.687037][ T9314] /dev/rnullb0: Can't open blockdev [ 274.703238][ T9315] fido_id[9315]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 275.002945][ T9326] /dev/rnullb0: Can't open blockdev [ 275.138300][ T30] audit: type=1326 audit(1751627302.663:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9328 comm="syz.1.935" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f05d098e929 code=0x0 [ 275.314319][ T5829] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 275.388652][ T5912] usb 3-1: USB disconnect, device number 49 [ 275.488924][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 275.503829][ T5829] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 275.542165][ T5829] usb 5-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 275.571202][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.590161][ T5829] usb 5-1: Product: syz [ 275.606442][ T5829] usb 5-1: Manufacturer: syz [ 275.611059][ T5829] usb 5-1: SerialNumber: syz [ 275.632960][ T5829] usb 5-1: config 0 descriptor?? [ 275.854017][ T5912] usb 3-1: new full-speed USB device number 50 using dummy_hcd [ 275.862931][ T9339] loop4: detected capacity change from 0 to 7 [ 275.881546][ T9339] Dev loop4: unable to read RDB block 7 [ 275.900169][ T9339] loop4: unable to read partition table [ 275.920621][ T9339] loop4: partition table beyond EOD, truncated [ 275.931226][ T9339] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 275.983946][ T5912] usb 3-1: device descriptor read/64, error -71 [ 276.223923][ T5912] usb 3-1: new full-speed USB device number 51 using dummy_hcd [ 276.353866][ T5912] usb 3-1: device descriptor read/64, error -71 [ 276.475025][ T5912] usb usb3-port1: attempt power cycle [ 276.554615][ T9351] /dev/rnullb0: Can't open blockdev [ 276.563094][ T9351] netlink: 'syz.3.942': attribute type 20 has an invalid length. [ 276.668243][ T9354] random: crng reseeded on system resumption [ 276.827687][ T5912] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 276.856628][ T5912] usb 3-1: device descriptor read/8, error -71 [ 276.964016][ T5829] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 277.093947][ T5912] usb 3-1: new full-speed USB device number 53 using dummy_hcd [ 277.114991][ T5912] usb 3-1: device descriptor read/8, error -71 [ 277.126284][ T5829] usb 4-1: config 0 has an invalid interface number: 11 but max is 0 [ 277.134629][ T5829] usb 4-1: config 0 has no interface number 0 [ 277.140732][ T5829] usb 4-1: config 0 interface 11 altsetting 190 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.152070][ T5829] usb 4-1: config 0 interface 11 altsetting 190 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.162272][ T5829] usb 4-1: config 0 interface 11 has no altsetting 0 [ 277.169111][ T5829] usb 4-1: New USB device found, idVendor=046d, idProduct=c532, bcdDevice= 0.00 [ 277.178213][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.189133][ T5829] usb 4-1: config 0 descriptor?? [ 277.224342][ T5912] usb usb3-port1: unable to enumerate USB device [ 277.605663][ T5829] logitech-djreceiver 0003:046D:C532.0008: unknown main item tag 0x1 [ 277.616975][ T5829] logitech-djreceiver 0003:046D:C532.0008: hidraw0: USB HID v0.00 Device [HID 046d:c532] on usb-dummy_hcd.3-1/input11 [ 277.801548][ T5829] usb 4-1: USB disconnect, device number 46 [ 278.007966][ T5829] usb 5-1: USB disconnect, device number 37 [ 278.421822][ T9365] /dev/rnullb0: Can't open blockdev [ 278.538531][ T9371] loop4: detected capacity change from 0 to 7 [ 278.550484][ T9371] Dev loop4: unable to read RDB block 7 [ 278.556303][ T9371] loop4: unable to read partition table [ 278.562347][ T9371] loop4: partition table beyond EOD, truncated [ 278.582550][ T9371] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 278.770067][ T9378] sp0: Synchronizing with TNC [ 278.833089][ T9378] [U] è [ 278.936484][ T9392] /dev/rnullb0: Can't open blockdev [ 278.954761][ T9390] /dev/rnullb0: Can't open blockdev [ 279.367376][ T9411] Invalid ELF header magic: != ELF [ 279.395534][ T9411] syzkaller1: entered promiscuous mode [ 279.401075][ T9411] syzkaller1: entered allmulticast mode [ 279.434036][ T5829] usb 2-1: new full-speed USB device number 35 using dummy_hcd [ 279.526814][ T9413] /dev/rnullb0: Can't open blockdev [ 279.588396][ T9415] /dev/rnullb0: Can't open blockdev [ 279.598624][ T5829] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 279.619293][ T5829] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 279.641499][ T5829] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 279.660605][ T5829] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.670989][ T5829] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.699544][ T5829] usb 2-1: Product: syz [ 279.704439][ T5829] usb 2-1: Manufacturer: syz [ 279.709059][ T5829] usb 2-1: SerialNumber: syz [ 279.728303][ T5829] cdc_ncm 2-1:1.0: invalid descriptor buffer length [ 279.738091][ T5829] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 279.746181][ T5829] cdc_ncm 2-1:1.0: bind() failure [ 279.937773][ T9401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.980357][ T9401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.998637][ T9424] hpfs: Bad magic ... probably not HPFS [ 280.121177][ T9431] loop8: detected capacity change from 0 to 7 [ 280.128272][ T9431] Dev loop8: unable to read RDB block 7 [ 280.134899][ T5881] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 280.137372][ T9431] loop8: AHDI p1 p2 p3 [ 280.147334][ T9431] loop8: partition table partially beyond EOD, truncated [ 280.156322][ T9431] loop8: p1 start 1601398130 is beyond EOD, truncated [ 280.163100][ T9431] loop8: p2 start 1702059890 is beyond EOD, truncated [ 280.206554][ T9401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.226273][ T9401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.239893][ T5152] Bluetooth: hci1: unexpected event 0x03 length: 31 > 11 [ 280.259787][ T9438] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.273621][ T30] audit: type=1326 audit(1751627307.793:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9436 comm="syz.2.968" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa46178e929 code=0x0 [ 280.282740][ T9438] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.314207][ T5881] usb 5-1: Using ep0 maxpacket: 32 [ 280.326523][ T5881] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 280.343732][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.359171][ T5881] usb 5-1: config 0 descriptor?? [ 280.368887][ T5881] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 280.387040][ T5894] usb 2-1: USB disconnect, device number 35 [ 280.865073][ T9452] fuseblk: Unknown parameter 'u:¨fb' [ 281.060089][ T9461] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 281.070508][ T9461] UDF-fs: Scanning with blocksize 4096 failed [ 281.177685][ T9467] /dev/sg0: Can't lookup blockdev [ 281.182878][ T9465] loop4: detected capacity change from 0 to 7 [ 281.195758][ T6364] Dev loop4: unable to read RDB block 7 [ 281.201404][ T6364] loop4: unable to read partition table [ 281.211324][ T6364] loop4: partition table beyond EOD, truncated [ 281.219488][ T9465] Dev loop4: unable to read RDB block 7 [ 281.228613][ T9465] loop4: unable to read partition table [ 281.234699][ T9465] loop4: partition table beyond EOD, truncated [ 281.246934][ T9465] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 281.313860][ T5894] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 281.332722][ T9471] qnx4: no qnx4 filesystem (no root dir). [ 281.444921][ T5894] usb 2-1: device descriptor read/64, error -71 [ 281.477616][ T5829] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 281.643848][ T5829] usb 4-1: Using ep0 maxpacket: 8 [ 281.650534][ T5829] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 281.669754][ T5829] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 281.684203][ T5829] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.692213][ T5829] usb 4-1: Product: syz [ 281.693937][ T5894] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 281.699704][ T5829] usb 4-1: Manufacturer: syz [ 281.713954][ T5829] usb 4-1: SerialNumber: syz [ 281.744588][ T5829] usb 4-1: config 0 descriptor?? [ 281.759178][ T5829] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 281.775162][ T9422] kernel read not supported for file /file1 (pid: 9422 comm: syz.4.963) [ 281.783686][ T30] audit: type=1800 audit(1751627309.303:20): pid=9422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.963" name="file1" dev="mqueue" ino=31927 res=0 errno=0 [ 281.783880][ T5829] usb 4-1: selecting invalid altsetting 2 [ 281.823292][ T5829] snd_usb_toneport 4-1:0.0: set_interface failed [ 281.831704][ T5829] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 281.844020][ T5829] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 281.873984][ T5894] usb 2-1: device descriptor read/64, error -71 [ 281.955249][ T9469] hfs: can't find a HFS filesystem on dev rnullb0 [ 281.985332][ T9469] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.986781][ T9480] loop4: detected capacity change from 0 to 7 [ 281.994585][ T5894] usb usb2-port1: attempt power cycle [ 282.004895][ T9480] Dev loop4: unable to read RDB block 7 [ 282.011058][ T9480] loop4: unable to read partition table [ 282.019619][ T9469] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.023217][ T9480] loop4: partition table beyond EOD, [ 282.028706][ T5881] gspca_vc032x: reg_w err -71 [ 282.046453][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.052140][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.058422][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.059427][ T9480] truncated [ 282.064217][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.069285][ T5829] usb 4-1: USB disconnect, device number 47 [ 282.072168][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.072180][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.072190][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.072198][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.089699][ T9480] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 282.097017][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.130782][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.136941][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.142313][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.148195][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.153528][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.153650][ T5202] Dev loop4: unable to read RDB block 7 [ 282.160782][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.170626][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.180385][ T5202] loop4: unable to read partition table [ 282.180914][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.187094][ T5202] loop4: partition table beyond EOD, truncated [ 282.192042][ T5881] gspca_vc032x: I2c Bus Busy Wait 00 [ 282.205650][ T5881] gspca_vc032x: Unknown sensor... [ 282.210761][ T5881] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 282.223302][ T5881] usb 5-1: USB disconnect, device number 38 [ 282.364066][ T5894] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 282.385211][ T5894] usb 2-1: device descriptor read/8, error -71 [ 282.621236][ T9499] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 282.623921][ T5894] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 282.628745][ T9499] VFS: Can't find a romfs filesystem on dev rnullb0. [ 282.628745][ T9499] [ 282.652392][ T9500] loop4: detected capacity change from 0 to 7 [ 282.661773][ T9500] Dev loop4: unable to read RDB block 7 [ 282.664950][ T5894] usb 2-1: device descriptor read/8, error -71 [ 282.670298][ T9500] loop4: unable to read partition table [ 282.679519][ T9500] loop4: partition table beyond EOD, truncated [ 282.686406][ T9500] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 282.783305][ T5152] Bluetooth: hci3: SCO packet for unknown connection handle 200 [ 282.785452][ T5894] usb usb2-port1: unable to enumerate USB device [ 282.786823][ T9506] NILFS (rnullb0): couldn't find nilfs on the device [ 282.940673][ T9513] /dev/rnullb0: Can't open blockdev [ 283.284046][ T5894] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 283.312508][ T9517] /dev/rnullb0: Can't open blockdev [ 283.370476][ T9519] syz.3.995: attempt to access beyond end of device [ 283.370476][ T9519] nbd3: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 283.384784][ T9519] SQUASHFS error: Failed to read block 0x0: -5 [ 283.391093][ T9519] unable to read squashfs_super_block [ 283.464105][ T5894] usb 5-1: Using ep0 maxpacket: 8 [ 283.480543][ T5894] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 283.500265][ T5894] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 283.515244][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.523544][ T5894] usb 5-1: Product: syz [ 283.531287][ T5894] usb 5-1: Manufacturer: syz [ 283.536787][ T5894] usb 5-1: SerialNumber: syz [ 283.548327][ T5894] usb 5-1: config 0 descriptor?? [ 283.562912][ T5894] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 283.796424][ T9526] loop4: detected capacity change from 0 to 7 [ 283.803811][ T9526] Dev loop4: unable to read RDB block 7 [ 283.809562][ T9526] loop4: unable to read partition table [ 283.815853][ T9526] loop4: partition table beyond EOD, truncated [ 283.822145][ T9526] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 283.853728][ T5202] Dev loop4: unable to read RDB block 7 [ 283.859822][ T5202] loop4: unable to read partition table [ 283.866066][ T5202] loop4: partition table beyond EOD, truncated [ 284.172344][ T9534] batadv_slave_1: entered promiscuous mode [ 284.210712][ T9537] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1003'. [ 284.294828][ T9529] batadv_slave_1: left promiscuous mode [ 284.634733][ T9553] loop4: detected capacity change from 0 to 7 [ 284.642815][ T9553] Dev loop4: unable to read RDB block 7 [ 284.652053][ T9553] loop4: unable to read partition table [ 284.662281][ T9553] loop4: partition table beyond EOD, truncated [ 284.672246][ T9553] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 284.807293][ T9557] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 284.940722][ T9563] /dev/rnullb0: Can't open blockdev [ 285.345204][ T5829] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 285.503938][ T5829] usb 4-1: Using ep0 maxpacket: 8 [ 285.512982][ T5829] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 285.526893][ T5829] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 285.537746][ T5829] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 285.548237][ T5829] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 285.561568][ T5829] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 285.570781][ T5829] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.598101][ T92] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 285.759757][ T92] usb 2-1: not running at top speed; connect to a high speed hub [ 285.769264][ T92] usb 2-1: config 100 has an invalid interface number: 10 but max is 2 [ 285.778262][ T92] usb 2-1: config 100 has an invalid interface number: 109 but max is 2 [ 285.788459][ T5829] usb 4-1: GET_CAPABILITIES returned 0 [ 285.794169][ T92] usb 2-1: config 100 has an invalid interface number: 5 but max is 2 [ 285.802461][ T5829] usbtmc 4-1:16.0: can't read capabilities [ 285.809893][ T92] usb 2-1: config 100 has no interface number 0 [ 285.833417][ T92] usb 2-1: config 100 has no interface number 1 [ 285.847388][ T92] usb 2-1: config 100 has no interface number 2 [ 285.855262][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 285.867998][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 285.880221][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 285.902359][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 285.923615][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0x4, skipping [ 285.936313][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0x6, skipping [ 285.951655][ T92] usb 2-1: config 100 interface 10 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 285.969580][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 285.981787][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 285.992881][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0x6, skipping [ 286.003985][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 286.013533][ T9567] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 286.015208][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 286.015233][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0x6, skipping [ 286.015253][ T92] usb 2-1: config 100 interface 10 altsetting 1 has a duplicate endpoint with address 0x8, skipping [ 286.015277][ T92] usb 2-1: config 100 interface 10 altsetting 1 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 286.015317][ T92] usb 2-1: config 100 interface 109 altsetting 20 has a duplicate endpoint with address 0x4, skipping [ 286.015354][ T92] usb 2-1: config 100 interface 10 has no altsetting 0 [ 286.015371][ T92] usb 2-1: config 100 interface 109 has no altsetting 0 [ 286.015388][ T92] usb 2-1: config 100 interface 5 has no altsetting 0 [ 286.031044][ T92] usb 2-1: New USB device found, idVendor=1199, idProduct=68c0, bcdDevice=53.5d [ 286.047346][ T5927] usb 4-1: USB disconnect, device number 48 [ 286.062790][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.127432][ T92] usb 2-1: rejected 1 configuration due to insufficient available bus power [ 286.137348][ T92] usb 2-1: no configuration chosen from 1 choice [ 286.148692][ T92] usb 2-1: USB disconnect, device number 41 [ 286.872323][ T5894] gspca_zc3xx: reg_w_i err -71 [ 286.916925][ T5927] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 286.924818][ T5894] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 286.940629][ T5894] usb 5-1: USB disconnect, device number 39 [ 287.083867][ T5927] usb 4-1: Using ep0 maxpacket: 32 [ 287.090790][ T5927] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 287.100284][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.110157][ T5927] usb 4-1: config 0 descriptor?? [ 287.320337][ T5927] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 287.329492][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 287.342689][ T5927] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 287.350295][ T5927] usb 4-1: media controller created [ 287.370687][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 287.621506][ T5927] az6027: usb out operation failed. (-71) [ 287.635602][ T5927] az6027: usb out operation failed. (-71) [ 287.652027][ T5927] stb0899_attach: Driver disabled by Kconfig [ 287.665823][ T5927] az6027: no front-end attached [ 287.665823][ T5927] [ 287.673422][ T5927] az6027: usb out operation failed. (-71) [ 287.682075][ T5927] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 287.704312][ T5927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20 [ 287.725736][ T9607] bad cache= option: none’[()bvتr [ 287.725736][ T9607] ÜÙŸ »9Š;Ñ^Š¬dÈ!å/™ê­7u\“—ÀÝ´ßMÙDÿÒ¥eYÿoî ˜–“­PÙ50œeÂB>KÜX’/¤æÆTJ*Ÿ)—J¨ý(ÔÅ)Õ€¶˜‘Kœ’¼÷™óµÌfË5&‹˜€Lq¾¼q£2ÞWµhWd¸çÂ0 [ 287.725736][ T9607] [ 287.740067][ T5927] dvb-usb: schedule remote query interval to 400 msecs. [ 287.756102][ T9607] CIFS: VFS: bad cache= option: none’[()bvتr [ 287.756102][ T9607] ÜÙŸ »9Š;Ñ^Š¬dÈ!å/™ê­7u\“—ÀÝ´ßMÙDÿÒ¥eYÿoî ˜–“­PÙ50œeÂB>KÜX’/¤æÆTJ*Ÿ)—J¨ý(ÔÅ)Õ€¶˜‘Kœ’¼÷™óµÌfË5&‹˜€Lq¾¼q£2ÞWµhWd¸çÂ0 [ 287.764637][ T5927] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 287.964103][ T5927] usb 4-1: USB disconnect, device number 49 [ 288.009991][ T5927] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 288.565360][ T9615] loop4: detected capacity change from 0 to 7 [ 288.576821][ T9615] Dev loop4: unable to read RDB block 7 [ 288.594830][ T9615] loop4: unable to read partition table [ 288.600753][ T9615] loop4: partition table beyond EOD, truncated [ 288.610831][ T9615] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 288.709077][ T9617] omfs: Invalid superblock (0) [ 288.828299][ T9626] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1031'. [ 288.843146][ T9626] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1031'. [ 289.180519][ T9649] netlink: 'syz.3.1038': attribute type 10 has an invalid length. [ 289.209041][ T9649] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 289.237783][ T9649] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 289.369626][ T9651] XFS (rnullb0): Invalid superblock magic number [ 289.478793][ T9659] loop4: detected capacity change from 0 to 7 [ 289.487746][ T9659] Dev loop4: unable to read RDB block 7 [ 289.493326][ T9659] loop4: unable to read partition table [ 289.499371][ T9659] loop4: partition table beyond EOD, truncated [ 289.509330][ T9659] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 289.779195][ T9668] XFS (rnullb0): Invalid superblock magic number [ 289.791897][ T9672] /dev/rnullb0: Can't open blockdev [ 290.026819][ T9687] loop8: detected capacity change from 0 to 7 [ 290.036818][ T9687] Dev loop8: unable to read RDB block 7 [ 290.042408][ T9687] loop8: AHDI p1 p2 p3 [ 290.049184][ T9687] loop8: partition table partially beyond EOD, truncated [ 290.058712][ T9687] loop8: p1 start 1601398130 is beyond EOD, truncated [ 290.067137][ T9687] loop8: p2 start 1702059890 is beyond EOD, truncated [ 290.373956][ T5927] usb 2-1: new low-speed USB device number 42 using dummy_hcd [ 290.543975][ T5927] usb 2-1: Invalid ep0 maxpacket: 16 [ 290.674053][ T5927] usb 2-1: new low-speed USB device number 43 using dummy_hcd [ 290.837694][ T5927] usb 2-1: Invalid ep0 maxpacket: 16 [ 290.846372][ T5927] usb usb2-port1: attempt power cycle [ 290.852279][ T9701] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 290.862110][ T9701] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 290.969729][ T9705] Bluetooth: MGMT ver 1.23 [ 291.057831][ T9709] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1058'. [ 291.183958][ T5927] usb 2-1: new low-speed USB device number 44 using dummy_hcd [ 291.215477][ T5927] usb 2-1: Invalid ep0 maxpacket: 16 [ 291.254011][ T5894] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 291.258978][ T9714] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1060'. [ 291.343936][ T5927] usb 2-1: new low-speed USB device number 45 using dummy_hcd [ 291.364708][ T5927] usb 2-1: Invalid ep0 maxpacket: 16 [ 291.370522][ T5927] usb usb2-port1: unable to enumerate USB device [ 291.407867][ T5894] usb 4-1: Using ep0 maxpacket: 32 [ 291.427764][ T5894] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 291.436989][ T5894] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.452519][ T5894] usb 4-1: config 0 descriptor?? [ 291.470416][ T5894] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 291.670360][ T9719] wg0 speed is unknown, defaulting to 1000 [ 291.786096][ T9719] capability: warning: `syz.2.1062' uses deprecated v2 capabilities in a way that may be insecure [ 292.112427][ T9726] tmpfs: Bad value for 'nr_inodes' [ 292.120567][ T9726] /dev/rnullb0: Can't open blockdev [ 292.677116][ T9739] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1068'. [ 292.995665][ T5841] Bluetooth: hci0: command 0x0c1a tx timeout [ 293.001909][ T5152] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 293.060058][ T9744] netlink: 14568 bytes leftover after parsing attributes in process `syz.2.1070'. [ 293.078425][ T5894] gspca_vc032x: reg_w err -71 [ 293.085557][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.101016][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.106818][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.112234][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.121042][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.127768][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.133264][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.142042][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.159107][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.172269][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.185629][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.205351][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.214964][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.224260][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.232241][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.248599][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.269631][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.286539][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 293.314239][ T5894] gspca_vc032x: Unknown sensor... [ 293.319574][ T5894] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 293.331841][ T5894] usb 4-1: USB disconnect, device number 50 [ 293.432712][ T9752] x_tables: duplicate underflow at hook 1 [ 293.732994][ T9764] loop4: detected capacity change from 0 to 7 [ 293.750225][ T6364] Dev loop4: unable to read RDB block 7 [ 293.761607][ T6364] loop4: unable to read partition table [ 293.773575][ T6364] loop4: partition table beyond EOD, truncated [ 293.788705][ T9764] Dev loop4: unable to read RDB block 7 [ 293.798196][ T9764] loop4: unable to read partition table [ 293.811061][ T9764] loop4: partition table beyond EOD, truncated [ 293.832842][ T9764] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 293.879754][ T5202] Dev loop4: unable to read RDB block 7 [ 293.888992][ T5202] loop4: unable to read partition table [ 293.895437][ T9766] FAT-fs (rnullb0): bogus number of reserved sectors [ 293.896263][ T5202] loop4: partition table beyond EOD, truncated [ 293.902239][ T9766] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 294.396337][ T92] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 294.536843][ T5894] usb 3-1: new full-speed USB device number 54 using dummy_hcd [ 294.565880][ T92] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.580189][ T92] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 294.590443][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.607534][ T5881] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 294.608472][ T92] usb 5-1: config 0 descriptor?? [ 294.716640][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 294.751103][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 294.765220][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 294.778606][ T5894] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 294.787983][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.796176][ T5894] usb 3-1: Product: syz [ 294.800774][ T5894] usb 3-1: Manufacturer: syz [ 294.805957][ T5894] usb 3-1: SerialNumber: syz [ 294.811594][ T5881] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.822012][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 294.837760][ T5894] usb 3-1: config 0 descriptor?? [ 294.843646][ T92] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor [ 294.844370][ T9778] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 294.873991][ T9778] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 294.881418][ T5881] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 294.884545][ T92] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0009/input/input21 [ 294.890752][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 294.925813][ T5894] usb 3-1: ucan: probing device on interface #0 [ 294.932300][ T5881] usb 2-1: SerialNumber: syz [ 295.044273][ T9783] /dev/rnullb0: Can't open blockdev [ 295.074148][ T92] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 295.190293][ T5881] usb 2-1: 0:2 : does not exist [ 295.276005][ T5881] usb 2-1: unit 5: unexpected type 0x0c [ 295.329905][ T5881] usb 2-1: USB disconnect, device number 46 [ 295.339831][ T5894] usb 3-1: ucan: device reported invalid tx-fifo size [ 295.347978][ T5894] usb 3-1: ucan: probe failed; try to update the device firmware [ 295.373737][ T92] usb 5-1: USB disconnect, device number 40 [ 295.542713][ T9778] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3530656212 (225961997568 ns) > initial count (8983529216 ns). Using initial count to start timer. [ 295.571440][ T9778] /dev/rnullb0: Can't open blockdev [ 295.585834][ T5894] usb 3-1: USB disconnect, device number 54 [ 296.049839][ T9788] batadv_slave_1: entered promiscuous mode [ 296.210644][ T9787] batadv_slave_1: left promiscuous mode [ 296.217450][ T5829] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 296.321704][ T9794] loop4: detected capacity change from 0 to 7 [ 296.347215][ T9794] Dev loop4: unable to read RDB block 7 [ 296.352833][ T9794] loop4: unable to read partition table [ 296.409853][ T9797] bond0: (slave rose0): Releasing backup interface [ 296.424717][ T9794] loop4: partition table beyond EOD, truncated [ 296.436642][ T5829] usb 5-1: Using ep0 maxpacket: 32 [ 296.437261][ T9794] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 296.455306][ T5829] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 296.483073][ T5202] Dev loop4: unable to read RDB block 7 [ 296.484060][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.496815][ T5202] loop4: unable to read partition table [ 296.503157][ T5202] loop4: partition table beyond EOD, truncated [ 296.541259][ T5829] usb 5-1: config 0 descriptor?? [ 296.565454][ T5829] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 297.255932][ T9818] loop8: detected capacity change from 0 to 7 [ 297.274850][ T9818] Dev loop8: unable to read RDB block 7 [ 297.290700][ T9818] loop8: AHDI p1 p2 p3 [ 297.298170][ T9818] loop8: partition table partially beyond EOD, truncated [ 297.310075][ T9818] loop8: p1 start 1601398130 is beyond EOD, truncated [ 297.321147][ T9818] loop8: p2 start 1702059890 is beyond EOD, truncated [ 297.481682][ T9822] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 297.789090][ T9822] /dev/rnullb0: Can't open blockdev [ 297.920129][ T9834] netlink: 'syz.1.1096': attribute type 1 has an invalid length. [ 297.930752][ T9834] netlink: 1316 bytes leftover after parsing attributes in process `syz.1.1096'. [ 297.950710][ T9834] IPVS: wlc: UDP 224.0.0.2:0 - no destination available [ 298.110478][ T9842] loop4: detected capacity change from 0 to 7 [ 298.123440][ T9842] Dev loop4: unable to read RDB block 7 [ 298.132902][ T9842] loop4: unable to read partition table [ 298.144889][ T9844] fuseblk: Invalid rootmode [ 298.154182][ T9842] loop4: partition table beyond EOD, truncated [ 298.177221][ T9842] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 298.183979][ T5829] gspca_vc032x: reg_w err -71 [ 298.210508][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.217954][ T5202] Dev loop4: unable to read RDB block 7 [ 298.232504][ T5202] loop4: unable to read partition table [ 298.233899][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.249655][ T5202] loop4: partition table beyond EOD, truncated [ 298.256987][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.272497][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.293837][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.299150][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.334209][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.344044][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.349347][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.389162][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.426110][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.432242][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.446186][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.451491][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.481578][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.493134][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.501939][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.524804][ T5829] gspca_vc032x: I2c Bus Busy Wait 00 [ 298.533288][ T5829] gspca_vc032x: Unknown sensor... [ 298.558833][ T5829] vc032x 5-1:0.0: probe with driver vc032x failed with error -22 [ 298.583031][ T5829] usb 5-1: USB disconnect, device number 41 [ 298.601932][ T9865] loop8: detected capacity change from 0 to 7 [ 298.631605][ T6364] Dev loop8: unable to read RDB block 7 [ 298.640925][ T6364] loop8: AHDI p1 p2 p3 [ 298.645487][ T6364] loop8: partition table partially beyond EOD, truncated [ 298.654322][ T6364] loop8: p1 start 1601398130 is beyond EOD, truncated [ 298.661189][ T6364] loop8: p2 start 1702059890 is beyond EOD, truncated [ 298.677325][ T9865] Dev loop8: unable to read RDB block 7 [ 298.684115][ T9865] loop8: AHDI p1 p2 p3 [ 298.688371][ T9865] loop8: partition table partially beyond EOD, truncated [ 298.702676][ T9865] loop8: p1 start 1601398130 is beyond EOD, truncated [ 298.711930][ T9865] loop8: p2 start 1702059890 is beyond EOD, truncated [ 298.901354][ T9877] sit0: entered promiscuous mode [ 298.912453][ T9877] netlink: 'syz.1.1105': attribute type 1 has an invalid length. [ 298.920416][ T9877] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1105'. [ 299.364729][ T9893] loop4: detected capacity change from 0 to 7 [ 299.414143][ T9893] Dev loop4: unable to read RDB block 7 [ 299.431080][ T9893] loop4: unable to read partition table [ 299.461581][ T9893] loop4: partition table beyond EOD, truncated [ 299.510158][ T9893] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 299.773850][ T5894] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 299.908651][ T9902] /dev/rnullb0: Can't open blockdev [ 299.933916][ T5894] usb 3-1: Using ep0 maxpacket: 8 [ 299.954030][ T5894] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 299.989302][ T5894] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 300.028441][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.047359][ T5894] usb 3-1: Product: syz [ 300.062213][ T5894] usb 3-1: Manufacturer: syz [ 300.077278][ T5894] usb 3-1: SerialNumber: syz [ 300.112159][ T5894] usb 3-1: config 0 descriptor?? [ 300.140985][ T5894] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 300.311152][ T9916] hfs: can't find a HFS filesystem on dev rnullb0 [ 300.344368][ T9918] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1116'. [ 300.443967][ T5927] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 300.457222][ T9918] sp0: Synchronizing with TNC [ 300.602617][ T9926] /dev/rnullb0: Can't open blockdev [ 300.614021][ T5927] usb 4-1: Using ep0 maxpacket: 32 [ 300.628324][ T5927] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 300.639303][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.651921][ T5927] usb 4-1: config 0 descriptor?? [ 300.676772][ T5927] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 300.699974][ T9931] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 300.707423][ T9931] /dev/rnullb0: Can't open blockdev [ 301.035547][ T9943] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1123'. [ 301.440097][ T9955] qnx4: no qnx4 filesystem (no root dir). [ 301.624050][ T92] usb 5-1: new full-speed USB device number 42 using dummy_hcd [ 301.673477][ T9961] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 301.699648][ T9962] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 301.791208][ T92] usb 5-1: config 0 has an invalid interface number: 107 but max is 0 [ 301.802102][ T92] usb 5-1: config 0 has no interface number 0 [ 301.809827][ T92] usb 5-1: config 0 interface 107 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 301.822216][ T92] usb 5-1: config 0 interface 107 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 301.838232][ T92] usb 5-1: config 0 interface 107 altsetting 0 endpoint 0x84 has invalid maxpacket 1794, setting to 64 [ 301.849832][ T92] usb 5-1: config 0 interface 107 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 301.869255][ T92] usb 5-1: config 0 interface 107 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 301.893562][ T92] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0127, bcdDevice=7b.4a [ 301.903720][ T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.918853][ T92] usb 5-1: Product: syz [ 301.923052][ T92] usb 5-1: Manufacturer: syz [ 301.930745][ T92] usb 5-1: SerialNumber: syz [ 301.943476][ T92] usb 5-1: config 0 descriptor?? [ 301.953095][ T9953] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 301.962583][ T92] kvaser_usb 5-1:0.107: error -EMSGSIZE: Cannot get software info [ 301.972072][ T92] kvaser_usb 5-1:0.107: probe with driver kvaser_usb failed with error -90 [ 302.173963][ T5881] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 302.221213][ T24] usb 5-1: USB disconnect, device number 42 [ 302.292891][ T5927] gspca_vc032x: reg_w err -71 [ 302.297712][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.303114][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.312350][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.317819][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.323139][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.331093][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.337062][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.342516][ T5881] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 302.352861][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.358955][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.364427][ T5881] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 302.373490][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.378883][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.384390][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.389731][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.395306][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.400705][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.406237][ T5881] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 302.416538][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.421874][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.427293][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 302.435412][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 302.440699][ T5927] gspca_vc032x: Unknown sensor... [ 302.445804][ T5881] usb 2-1: SerialNumber: syz [ 302.451566][ T5927] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 302.465870][ T5927] usb 4-1: USB disconnect, device number 51 [ 302.680640][ T5881] usb 2-1: 0:2 : does not exist [ 302.685749][ T5881] usb 2-1: unit 5 not found! [ 302.708993][ T5881] usb 2-1: USB disconnect, device number 47 [ 302.765268][ T6364] udevd[6364]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 302.910232][ T9976] /dev/rnullb0: Can't open blockdev [ 302.995816][ T9981] /dev/rnullb0: Can't open blockdev [ 303.020004][ T9981] nfs: Unknown parameter '/dev/rnullb0' [ 303.171496][ T9985] @: renamed from vlan0 (while UP) [ 303.172201][ T9987] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1140'. [ 303.189559][ T9987] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1140'. [ 303.198842][ T9987] netlink: 584 bytes leftover after parsing attributes in process `syz.4.1140'. [ 303.367835][ T5894] gspca_zc3xx: reg_w_i err -71 [ 303.403964][ T5894] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 303.421750][ T5894] usb 3-1: USB disconnect, device number 55 [ 303.447316][ T92] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 303.557321][ T5152] Bluetooth: hci1: unexpected event for opcode 0x0c20 [ 303.605571][ T92] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.616762][ T92] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 303.629265][ T92] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 303.639648][ T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 303.648909][ T92] usb 5-1: SerialNumber: syz [ 303.738430][T10002] qnx4: no qnx4 filesystem (no root dir). [ 303.830597][T10004] af_packet: tpacket_rcv: packet too big, clamped from 630 to 4294967272. macoff=96 [ 303.847846][T10005] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 303.857593][T10005] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 303.869180][ T9987] /dev/rnullb0: Can't open blockdev [ 303.892206][ T9987] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1140'. [ 303.897236][ T5927] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 303.917571][ T9987] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.1140'. [ 303.942744][ T9987] netlink: 584 bytes leftover after parsing attributes in process `syz.4.1140'. [ 304.015801][ T92] usb 5-1: 0:2 : does not exist [ 304.020765][ T92] usb 5-1: unit 255 not found! [ 304.069886][ T92] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 304.084214][ T5927] usb 2-1: Using ep0 maxpacket: 32 [ 304.094428][ T92] usb 5-1: USB disconnect, device number 43 [ 304.099277][ T5927] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 304.112310][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.146703][ T5927] usb 2-1: config 0 descriptor?? [ 304.169210][ T6364] udevd[6364]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 304.192861][ T5927] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 304.282491][T10017] loop8: detected capacity change from 0 to 7 [ 304.292052][T10017] Dev loop8: unable to read RDB block 7 [ 304.298191][T10017] loop8: AHDI p1 p2 p3 [ 304.302491][T10017] loop8: partition table partially beyond EOD, truncated [ 304.310190][T10017] loop8: p1 start 1601398130 is beyond EOD, truncated [ 304.317170][T10017] loop8: p2 start 1702059890 is beyond EOD, truncated [ 304.469259][T10028] zonefs (rnullb0) ERROR: Not a zoned block device [ 304.616956][T10036] loop4: detected capacity change from 0 to 7 [ 304.626835][T10036] Dev loop4: unable to read RDB block 7 [ 304.632519][T10036] loop4: unable to read partition table [ 304.640718][T10036] loop4: partition table beyond EOD, truncated [ 304.647288][T10036] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 304.977142][T10050] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.999371][T10050] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.008856][T10052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1159'. [ 305.025134][T10050] NILFS (rnullb0): couldn't find nilfs on the device [ 305.118128][T10055] loop4: detected capacity change from 0 to 7 [ 305.126820][ T6364] Dev loop4: unable to read RDB block 7 [ 305.132408][ T6364] loop4: unable to read partition table [ 305.138337][ T6364] loop4: partition table beyond EOD, truncated [ 305.147636][T10055] Dev loop4: unable to read RDB block 7 [ 305.153234][T10055] loop4: unable to read partition table [ 305.159288][T10055] loop4: partition table beyond EOD, truncated [ 305.169994][T10055] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 305.213944][ T5894] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 305.384306][ T5894] usb 5-1: Using ep0 maxpacket: 8 [ 305.399091][ T5894] usb 5-1: unable to get BOS descriptor or descriptor too short [ 305.412026][ T5894] usb 5-1: config 1 interface 0 has no altsetting 0 [ 305.422136][ T5894] usb 5-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40 [ 305.436660][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.448253][T10064] loop4: detected capacity change from 0 to 7 [ 305.453945][ T5894] usb 5-1: Product: syz [ 305.469748][ T5894] usb 5-1: Manufacturer: syz [ 305.474202][T10064] Dev loop4: unable to read RDB block 7 [ 305.477083][ T5894] usb 5-1: SerialNumber: syz [ 305.495617][T10064] loop4: unable to read partition table [ 305.501486][T10064] loop4: partition table beyond EOD, truncated [ 305.516925][T10064] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 305.620966][T10070] devpts: Bad value for 'max' [ 305.721244][ T5894] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input22 [ 305.755039][ T5187] bcm5974 5-1:1.0: could not read from device [ 305.763006][ T5894] usb 5-1: USB disconnect, device number 44 [ 305.791885][ T5927] gspca_vc032x: reg_w err -71 [ 305.801378][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.807687][ T5187] bcm5974 5-1:1.0: could not read from device [ 305.816237][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.823263][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.834281][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.839620][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.851794][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.863503][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.889421][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.898192][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.910654][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.917405][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.922850][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.931646][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.939267][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.951460][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.965083][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.970400][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.981117][ T5927] gspca_vc032x: I2c Bus Busy Wait 00 [ 305.989309][ T5927] gspca_vc032x: Unknown sensor... [ 305.996823][ T5927] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 306.016124][ T5927] usb 2-1: USB disconnect, device number 48 [ 306.104854][ T92] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 306.272240][ T92] usb 4-1: Using ep0 maxpacket: 32 [ 306.279447][ T92] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 306.304102][ T92] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 306.334278][ T92] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 306.365833][T10085] loop4: detected capacity change from 0 to 7 [ 306.373171][ T92] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 306.387961][T10085] Dev loop4: unable to read RDB block 7 [ 306.393576][T10085] loop4: unable to read partition table [ 306.424475][ T92] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 306.436660][T10085] loop4: partition table beyond EOD, truncated [ 306.442871][T10085] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 306.460265][ T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.470894][ T92] usb 4-1: Product: syz [ 306.475352][ T92] usb 4-1: Manufacturer: syz [ 306.479960][ T92] usb 4-1: SerialNumber: syz [ 306.589547][ T92] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input23 [ 306.622352][T10092] netlink: 'syz.2.1172': attribute type 3 has an invalid length. [ 306.640423][T10097] loop4: detected capacity change from 0 to 7 [ 306.657702][T10092] netlink: 'syz.2.1172': attribute type 1 has an invalid length. [ 306.672142][T10097] Dev loop4: unable to read RDB block 7 [ 306.694471][T10097] loop4: unable to read partition table [ 306.695100][T10092] netlink: 192 bytes leftover after parsing attributes in process `syz.2.1172'. [ 306.700327][T10097] loop4: partition table beyond EOD, [ 306.717614][T10092] NCSI netlink: No device for ifindex 0 [ 306.757700][T10097] truncated [ 306.760877][T10097] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 306.795542][ T92] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 306.852377][ T92] (id 0x00) [ 307.056524][T10107] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 307.083660][ T92] rc_core: IR keymap rc-imon-pad not found [ 307.115883][ T92] Registered IR keymap rc-empty [ 307.121173][ T92] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 307.153896][ T92] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 307.166813][ T92] imon:send_packet: packet tx failed (-71) [ 307.188953][T10122] exFAT-fs (rnullb0): invalid boot record signature [ 307.215166][ T92] imon 4-1:155.0: remote input dev register failed [ 307.222257][ T92] imon 4-1:155.0: imon_init_intf0: rc device setup failed [ 307.244178][T10122] exFAT-fs (rnullb0): failed to read boot sector [ 307.288688][T10122] exFAT-fs (rnullb0): failed to recognize exfat type [ 307.373148][ T30] audit: type=1804 audit(1751627334.893:21): pid=10130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1180" name="/newroot/278/cgroup.controllers" dev="tmpfs" ino=1551 res=1 errno=0 [ 307.386861][ T92] imon 4-1:155.0: unable to initialize intf0, err 0 [ 307.415907][ T92] imon:imon_probe: failed to initialize context! [ 307.423547][ T92] imon 4-1:155.0: unable to register, err -19 [ 307.463680][ T92] usb 4-1: USB disconnect, device number 52 [ 307.464021][ T30] audit: type=1800 audit(1751627334.943:22): pid=10130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1180" name="cgroup.controllers" dev="tmpfs" ino=1551 res=0 errno=0 [ 307.518240][T10132] loop8: detected capacity change from 0 to 7 [ 307.543332][ T6644] Dev loop8: unable to read RDB block 7 [ 307.558878][ T6644] loop8: AHDI p1 p2 p3 [ 307.569928][ T6644] loop8: partition table partially beyond EOD, truncated [ 307.587358][ T6644] loop8: p1 start 1601398130 is beyond EOD, truncated [ 307.595045][ T6644] loop8: p2 start 1702059890 is beyond EOD, truncated [ 307.603061][T10132] Dev loop8: unable to read RDB block 7 [ 307.603962][ T5927] usb 5-1: new full-speed USB device number 45 using dummy_hcd [ 307.609250][T10132] loop8: AHDI p1 p2 p3 [ 307.640969][T10132] loop8: partition table partially beyond EOD, truncated [ 307.649633][T10132] loop8: p1 start 1601398130 is beyond EOD, truncated [ 307.691446][T10132] loop8: p2 start 1702059890 is beyond EOD, truncated [ 307.797525][ T5927] usb 5-1: config index 0 descriptor too short (expected 69, got 36) [ 307.808984][ T5927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 307.832359][ T5927] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 307.848035][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 307.856333][ T5927] usb 5-1: Product: syz [ 307.883897][ T5927] usb 5-1: Manufacturer: syz [ 307.891927][ T5927] usb 5-1: SerialNumber: syz [ 307.923588][ T5927] usb 5-1: config 0 descriptor?? [ 307.940607][ T5927] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 308.148010][ T5927] gspca_pac7302: reg_w() failed i: ff v: 01 error -71 [ 308.180283][ T5927] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 308.228763][ T5927] usb 5-1: USB disconnect, device number 45 [ 308.257898][T10143] loop4: detected capacity change from 0 to 7 [ 308.302370][ T6367] Dev loop4: unable to read RDB block 7 [ 308.317376][ T6367] loop4: unable to read partition table [ 308.323737][ T6367] loop4: partition table beyond EOD, truncated [ 308.337224][T10143] Dev loop4: unable to read RDB block 7 [ 308.347549][T10143] loop4: unable to read partition table [ 308.363463][T10143] loop4: partition table beyond EOD, truncated [ 308.370425][T10143] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 308.476339][T10147] /dev/rnullb0: Can't open blockdev [ 308.657267][T10157] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 308.670773][T10157] UDF-fs: Scanning with blocksize 4096 failed [ 308.726425][T10161] loop8: detected capacity change from 0 to 7 [ 308.733665][T10161] Dev loop8: unable to read RDB block 7 [ 308.742223][T10160] hfs: can't find a HFS filesystem on dev rnullb0 [ 308.742267][T10161] loop8: AHDI p1 p2 p3 [ 308.758292][T10161] loop8: partition table partially beyond EOD, truncated [ 308.770917][T10161] loop8: p1 start 1601398130 is beyond EOD, truncated [ 308.781516][T10161] loop8: p2 start 1702059890 is beyond EOD, truncated [ 308.789703][T10163] FAULT_INJECTION: forcing a failure. [ 308.789703][T10163] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 308.834418][T10163] CPU: 1 UID: 0 PID: 10163 Comm: syz.2.1192 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 308.834445][T10163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 308.834455][T10163] Call Trace: [ 308.834463][T10163] [ 308.834470][T10163] dump_stack_lvl+0x189/0x250 [ 308.834495][T10163] ? __pfx____ratelimit+0x10/0x10 [ 308.834516][T10163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.834535][T10163] ? __pfx__printk+0x10/0x10 [ 308.834554][T10163] ? __might_fault+0xb0/0x130 [ 308.834582][T10163] should_fail_ex+0x414/0x560 [ 308.834614][T10163] _copy_from_user+0x2d/0xb0 [ 308.834630][T10163] ___sys_sendmsg+0x158/0x2a0 [ 308.834649][T10163] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.834702][T10163] ? __fget_files+0x2a/0x420 [ 308.834721][T10163] ? __fget_files+0x3a0/0x420 [ 308.834753][T10163] __x64_sys_sendmsg+0x19b/0x260 [ 308.834772][T10163] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 308.834799][T10163] ? __pfx_ksys_write+0x10/0x10 [ 308.834816][T10163] ? rcu_is_watching+0x15/0xb0 [ 308.834839][T10163] ? do_syscall_64+0xbe/0x3b0 [ 308.834863][T10163] do_syscall_64+0xfa/0x3b0 [ 308.834883][T10163] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.834902][T10163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.834919][T10163] ? clear_bhb_loop+0x60/0xb0 [ 308.834939][T10163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.834955][T10163] RIP: 0033:0x7fa46178e929 [ 308.834970][T10163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.834985][T10163] RSP: 002b:00007fa4625ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 308.835003][T10163] RAX: ffffffffffffffda RBX: 00007fa4619b5fa0 RCX: 00007fa46178e929 [ 308.835015][T10163] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 308.835026][T10163] RBP: 00007fa4625ee090 R08: 0000000000000000 R09: 0000000000000000 [ 308.835036][T10163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.835046][T10163] R13: 0000000000000000 R14: 00007fa4619b5fa0 R15: 00007ffccbbd9fb8 [ 308.835074][T10163] [ 309.105696][T10169] NILFS (loop1): device size too small [ 309.186640][T10172] FAULT_INJECTION: forcing a failure. [ 309.186640][T10172] name failslab, interval 1, probability 0, space 0, times 0 [ 309.204211][T10172] CPU: 1 UID: 0 PID: 10172 Comm: syz.1.1197 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 309.204234][T10172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 309.204244][T10172] Call Trace: [ 309.204251][T10172] [ 309.204257][T10172] dump_stack_lvl+0x189/0x250 [ 309.204280][T10172] ? __pfx____ratelimit+0x10/0x10 [ 309.204302][T10172] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.204318][T10172] ? __pfx__printk+0x10/0x10 [ 309.204341][T10172] ? __pfx___might_resched+0x10/0x10 [ 309.204368][T10172] ? fs_reclaim_acquire+0x7d/0x100 [ 309.204393][T10172] should_fail_ex+0x414/0x560 [ 309.204423][T10172] should_failslab+0xa8/0x100 [ 309.204441][T10172] __kmalloc_noprof+0xcb/0x4f0 [ 309.204456][T10172] ? kfree+0x4d/0x440 [ 309.204469][T10172] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 309.204492][T10172] tomoyo_realpath_from_path+0xe3/0x5d0 [ 309.204512][T10172] ? tomoyo_domain+0xd9/0x130 [ 309.204536][T10172] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 309.204559][T10172] tomoyo_path_number_perm+0x1e8/0x5a0 [ 309.204585][T10172] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 309.204625][T10172] ? __lock_acquire+0xab9/0xd20 [ 309.204666][T10172] ? __fget_files+0x2a/0x420 [ 309.204690][T10172] ? __fget_files+0x2a/0x420 [ 309.204709][T10172] ? __fget_files+0x3a0/0x420 [ 309.204727][T10172] ? __fget_files+0x2a/0x420 [ 309.204748][T10172] security_file_ioctl+0xcb/0x2d0 [ 309.204772][T10172] __se_sys_ioctl+0x47/0x170 [ 309.204789][T10172] do_syscall_64+0xfa/0x3b0 [ 309.204809][T10172] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.204827][T10172] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.204842][T10172] ? clear_bhb_loop+0x60/0xb0 [ 309.204862][T10172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.204876][T10172] RIP: 0033:0x7f05d098e929 [ 309.204890][T10172] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.204903][T10172] RSP: 002b:00007f05d174d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 309.204920][T10172] RAX: ffffffffffffffda RBX: 00007f05d0bb5fa0 RCX: 00007f05d098e929 [ 309.204931][T10172] RDX: 0000200000000000 RSI: 0000000000008b06 RDI: 0000000000000005 [ 309.204941][T10172] RBP: 00007f05d174d090 R08: 0000000000000000 R09: 0000000000000000 [ 309.204950][T10172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 309.204958][T10172] R13: 0000000000000000 R14: 00007f05d0bb5fa0 R15: 00007ffd4d02b6f8 [ 309.204985][T10172] [ 309.204992][T10172] ERROR: Out of memory at tomoyo_realpath_from_path. [ 309.262169][T10176] loop4: detected capacity change from 0 to 7 [ 309.478340][T10176] Dev loop4: unable to read RDB block 7 [ 309.484738][T10176] loop4: unable to read partition table [ 309.490579][T10176] loop4: partition table beyond EOD, truncated [ 309.499685][T10176] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 309.689090][T10183] loop4: detected capacity change from 0 to 7 [ 309.713097][T10181] Can't find a SQUASHFS superblock on rnullb0 [ 309.713988][T10183] Dev loop4: unable to read RDB block 7 [ 309.737637][T10183] loop4: unable to read partition table [ 309.743511][T10183] loop4: partition table beyond EOD, truncated [ 309.752733][T10183] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 309.778028][ T5202] Dev loop4: unable to read RDB block 7 [ 309.784026][ T5912] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 309.802462][ T5202] loop4: unable to read partition table [ 309.808923][ T5202] loop4: partition table beyond EOD, truncated [ 309.943989][ T5912] usb 4-1: Using ep0 maxpacket: 32 [ 309.965803][T10190] loop8: detected capacity change from 0 to 7 [ 309.978102][ T5912] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 309.987629][T10190] Dev loop8: unable to read RDB block 7 [ 309.992575][ T5912] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 309.993478][T10190] loop8: AHDI p1 p2 p3 [ 310.007344][ T5912] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 310.020573][T10190] loop8: partition table partially beyond EOD, truncated [ 310.022467][ T5912] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 310.041879][T10190] loop8: p1 start 1601398130 is beyond EOD, truncated [ 310.047483][ T5912] usb 4-1: config 0 interface 0 has no altsetting 0 [ 310.052118][T10190] loop8: p2 start 1702059890 is beyond EOD, truncated [ 310.065996][ T5912] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 310.080650][ T5912] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=6 [ 310.116771][ T5912] usb 4-1: Product: syz [ 310.120964][ T5912] usb 4-1: Manufacturer: syz [ 310.141667][ T5912] usb 4-1: SerialNumber: syz [ 310.167513][ T5912] usb 4-1: config 0 descriptor?? [ 310.190696][ T5912] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 310.203952][ T5927] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 310.221317][ T5912] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 310.254718][T10198] FAULT_INJECTION: forcing a failure. [ 310.254718][T10198] name failslab, interval 1, probability 0, space 0, times 0 [ 310.283928][T10198] CPU: 0 UID: 0 PID: 10198 Comm: syz.1.1205 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 310.283952][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 310.283962][T10198] Call Trace: [ 310.283969][T10198] [ 310.283977][T10198] dump_stack_lvl+0x189/0x250 [ 310.284000][T10198] ? __pfx____ratelimit+0x10/0x10 [ 310.284021][T10198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 310.284039][T10198] ? __pfx__printk+0x10/0x10 [ 310.284063][T10198] ? __pfx___might_resched+0x10/0x10 [ 310.284084][T10198] should_fail_ex+0x414/0x560 [ 310.284114][T10198] should_failslab+0xa8/0x100 [ 310.284136][T10198] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 310.284156][T10198] ? __alloc_skb+0x112/0x2d0 [ 310.284182][T10198] __alloc_skb+0x112/0x2d0 [ 310.284208][T10198] netlink_sendmsg+0x5c6/0xb30 [ 310.284239][T10198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.284271][T10198] ? aa_sock_msg_perm+0xf1/0x1d0 [ 310.284291][T10198] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 310.284312][T10198] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.284335][T10198] __sock_sendmsg+0x219/0x270 [ 310.284358][T10198] ____sys_sendmsg+0x505/0x830 [ 310.284381][T10198] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.284406][T10198] ? import_iovec+0x74/0xa0 [ 310.284425][T10198] ___sys_sendmsg+0x21f/0x2a0 [ 310.284445][T10198] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.284496][T10198] ? __fget_files+0x2a/0x420 [ 310.284517][T10198] ? __fget_files+0x3a0/0x420 [ 310.284548][T10198] __x64_sys_sendmsg+0x19b/0x260 [ 310.284568][T10198] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 310.284594][T10198] ? __pfx_ksys_write+0x10/0x10 [ 310.284611][T10198] ? rcu_is_watching+0x15/0xb0 [ 310.284633][T10198] ? do_syscall_64+0xbe/0x3b0 [ 310.284657][T10198] do_syscall_64+0xfa/0x3b0 [ 310.284676][T10198] ? lockdep_hardirqs_on+0x9c/0x150 [ 310.284695][T10198] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.284711][T10198] ? clear_bhb_loop+0x60/0xb0 [ 310.284732][T10198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.284748][T10198] RIP: 0033:0x7f05d098e929 [ 310.284763][T10198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 310.284777][T10198] RSP: 002b:00007f05d174d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.284795][T10198] RAX: ffffffffffffffda RBX: 00007f05d0bb5fa0 RCX: 00007f05d098e929 [ 310.284808][T10198] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 310.284819][T10198] RBP: 00007f05d174d090 R08: 0000000000000000 R09: 0000000000000000 [ 310.284829][T10198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.284839][T10198] R13: 0000000000000000 R14: 00007f05d0bb5fa0 R15: 00007ffd4d02b6f8 [ 310.284867][T10198] [ 310.559625][ C0] vkms_vblank_simulate: vblank timer overrun [ 310.585592][ T5927] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 310.598852][ T5927] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 310.631593][ T5927] usb 5-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 310.670421][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.699329][ T5927] usb 5-1: Product: syz [ 310.712096][ T5927] usb 5-1: Manufacturer: syz [ 310.735938][ T5927] usb 5-1: SerialNumber: syz [ 310.744074][T10205] loop4: detected capacity change from 0 to 7 [ 310.746875][ T5927] usb 5-1: config 0 descriptor?? [ 310.761779][ T6367] Dev loop4: unable to read RDB block 7 [ 310.772282][ T6367] loop4: unable to read partition table [ 310.778421][ T6367] loop4: partition table beyond EOD, truncated [ 310.797734][T10205] Dev loop4: unable to read RDB block 7 [ 310.803338][T10205] loop4: unable to read partition table [ 310.856250][T10175] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1195'. [ 310.884177][T10205] loop4: partition table beyond EOD, truncated [ 310.890911][T10205] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 310.900414][T10175] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1195'. [ 310.912421][T10175] netlink: 'syz.3.1195': attribute type 5 has an invalid length. [ 310.918534][ T5202] Dev loop4: unable to read RDB block 7 [ 310.933541][ T5202] loop4: unable to read partition table [ 310.939690][ T5202] loop4: partition table beyond EOD, truncated [ 310.953809][T10175] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1195'. [ 311.060723][ T5927] usb 4-1: USB disconnect, device number 53 [ 311.079943][ T5927] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 311.334827][T10219] loop4: detected capacity change from 0 to 7 [ 311.341922][T10219] Dev loop4: unable to read RDB block 7 [ 311.351759][T10219] loop4: unable to read partition table [ 311.357700][T10219] loop4: partition table beyond EOD, truncated [ 311.365261][T10219] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 311.782725][T10232] loop8: detected capacity change from 0 to 7 [ 311.814113][T10232] Dev loop8: unable to read RDB block 7 [ 311.819856][T10232] loop8: AHDI p1 p2 p3 [ 311.827381][T10232] loop8: partition table partially beyond EOD, truncated [ 311.835107][T10232] loop8: p1 start 1601398130 is beyond EOD, truncated [ 311.842029][T10232] loop8: p2 start 1702059890 is beyond EOD, truncated [ 312.051902][T10241] loop4: detected capacity change from 0 to 7 [ 312.075380][T10241] Dev loop4: unable to read RDB block 7 [ 312.080980][T10241] loop4: unable to read partition table [ 312.094188][T10241] loop4: partition table beyond EOD, truncated [ 312.109155][T10241] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 312.219444][T10243] NILFS (rnullb0): couldn't find nilfs on the device [ 312.263911][ T5894] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 312.314111][T10245] loop4: detected capacity change from 0 to 7 [ 312.333942][T10245] Dev loop4: unable to read RDB block 7 [ 312.339521][T10245] loop4: unable to read partition table [ 312.354269][T10245] loop4: partition table beyond EOD, truncated [ 312.373624][T10245] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 312.444022][ T5894] usb 3-1: Using ep0 maxpacket: 32 [ 312.451352][ T5894] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 312.461008][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.490269][ T5894] usb 3-1: config 0 descriptor?? [ 312.510282][ T5894] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 312.562050][T10254] hpfs: Bad magic ... probably not HPFS [ 312.681429][T10261] qnx4: no qnx4 filesystem (no root dir). [ 312.956170][ T24] usb 5-1: USB disconnect, device number 46 [ 313.048122][ T5927] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 313.111070][T10268] "syz.3.1227" (10268) uses obsolete ecb(arc4) skcipher [ 313.211541][T10281] loop4: detected capacity change from 0 to 7 [ 313.221257][T10281] Dev loop4: unable to read RDB block 7 [ 313.230734][T10281] loop4: unable to read partition table [ 313.234364][ T5927] usb 2-1: Using ep0 maxpacket: 16 [ 313.242092][T10281] loop4: partition table beyond EOD, truncated [ 313.246176][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.250111][T10281] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 313.274525][ T5927] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 313.289152][ T5927] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 313.324058][ T5912] usb 4-1: new full-speed USB device number 54 using dummy_hcd [ 313.324224][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.373282][ T5927] usb 2-1: config 0 descriptor?? [ 313.478156][ T5912] usb 4-1: config 0 has an invalid interface number: 232 but max is 0 [ 313.486460][ T5912] usb 4-1: config 0 has no interface number 0 [ 313.495365][ T5912] usb 4-1: New USB device found, idVendor=2040, idProduct=651b, bcdDevice=29.5a [ 313.504496][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.512842][ T5912] usb 4-1: Product: syz [ 313.517077][ T5912] usb 4-1: Manufacturer: syz [ 313.521860][ T5912] usb 4-1: SerialNumber: syz [ 313.529928][ T5912] usb 4-1: config 0 descriptor?? [ 313.538345][ T5912] em28xx 4-1:0.232: New device syz syz @ 12 Mbps (2040:651b, interface 232, class 232) [ 313.548104][ T5912] em28xx 4-1:0.232: Device initialization failed. [ 313.554624][ T5912] em28xx 4-1:0.232: Device must be connected to a high-speed USB 2.0 port. [ 313.741684][ T5881] usb 4-1: USB disconnect, device number 54 [ 313.793225][ T5927] microsoft 0003:045E:07DA.000A: item 0 4 0 8 parsing failed [ 313.804541][ T5927] microsoft 0003:045E:07DA.000A: parse failed [ 313.810693][ T5927] microsoft 0003:045E:07DA.000A: probe with driver microsoft failed with error -22 [ 313.997612][T10264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.006425][T10264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 314.018512][T10264] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 314.030834][ T5912] usb 2-1: USB disconnect, device number 49 [ 314.115341][ T5894] gspca_vc032x: reg_w err -71 [ 314.120194][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.127712][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.133128][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.138544][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.144029][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.149309][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.154705][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.159985][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.166423][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.171707][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.177074][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.182355][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.188065][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.193342][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.198675][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.204146][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.209425][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.214725][ T5894] gspca_vc032x: I2c Bus Busy Wait 00 [ 314.220000][ T5894] gspca_vc032x: Unknown sensor... [ 314.225155][ T5894] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 314.235548][ T5894] usb 3-1: USB disconnect, device number 56 [ 314.294265][ T5881] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 314.453964][ T5881] usb 5-1: device descriptor read/64, error -71 [ 314.482879][T10298] hfs: can't find a HFS filesystem on dev rnullb0 [ 314.493095][T10299] hfs: can't find a HFS filesystem on dev rnullb0 [ 314.704109][ T5881] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 314.778205][T10310] syzkaller1: entered promiscuous mode [ 314.783705][T10310] syzkaller1: entered allmulticast mode [ 314.794252][ T5894] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 314.850962][T10316] IPVS: length: 78 != 8 [ 314.859565][T10316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1243'. [ 314.881004][ T5881] usb 5-1: device descriptor read/64, error -71 [ 314.976413][ T5894] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.989755][ T5894] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 315.000845][ T5881] usb usb5-port1: attempt power cycle [ 315.010802][ T5894] usb 4-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 315.022842][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.037118][ T5894] usb 4-1: Product: syz [ 315.041413][ T5894] usb 4-1: Manufacturer: syz [ 315.046331][ T5894] usb 4-1: SerialNumber: syz [ 315.056527][ T5894] usb 4-1: config 0 descriptor?? [ 315.117961][T10322] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1246'. [ 315.268454][ T92] usb 4-1: USB disconnect, device number 55 [ 315.354418][ T5881] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 315.387952][ T5881] usb 5-1: device descriptor read/8, error -71 [ 315.633984][ T5881] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 315.664581][ T5881] usb 5-1: device descriptor read/8, error -71 [ 315.791449][ T5881] usb usb5-port1: unable to enumerate USB device [ 315.878298][T10339] loop4: detected capacity change from 0 to 7 [ 315.887673][T10339] Dev loop4: unable to read RDB block 7 [ 315.893269][T10339] loop4: unable to read partition table [ 315.901017][T10339] loop4: partition table beyond EOD, truncated [ 315.920377][T10339] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 315.973123][ T5202] Dev loop4: unable to read RDB block 7 [ 315.979589][ T5202] loop4: unable to read partition table [ 315.989319][ T5202] loop4: partition table beyond EOD, truncated [ 316.005089][T10343] FAULT_INJECTION: forcing a failure. [ 316.005089][T10343] name failslab, interval 1, probability 0, space 0, times 0 [ 316.019378][T10343] CPU: 1 UID: 0 PID: 10343 Comm: syz.1.1254 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 316.019402][T10343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 316.019411][T10343] Call Trace: [ 316.019419][T10343] [ 316.019426][T10343] dump_stack_lvl+0x189/0x250 [ 316.019450][T10343] ? __pfx____ratelimit+0x10/0x10 [ 316.019472][T10343] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.019490][T10343] ? __pfx__printk+0x10/0x10 [ 316.019513][T10343] ? xa_load+0x60/0x210 [ 316.019539][T10343] should_fail_ex+0x414/0x560 [ 316.019564][T10343] should_failslab+0xa8/0x100 [ 316.019585][T10343] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 316.019603][T10343] ? __alloc_skb+0x112/0x2d0 [ 316.019628][T10343] __alloc_skb+0x112/0x2d0 [ 316.019654][T10343] ctnetlink_conntrack_event+0x45d/0x1490 [ 316.019681][T10343] ? __lock_acquire+0xab9/0xd20 [ 316.019715][T10343] ? __pfx_ctnetlink_conntrack_event+0x10/0x10 [ 316.019750][T10343] ? __nf_conntrack_eventmask_report+0xc1/0x480 [ 316.019768][T10343] __nf_conntrack_eventmask_report+0x1f7/0x480 [ 316.019793][T10343] nf_conntrack_eventmask_report+0x2ce/0x4a0 [ 316.019816][T10343] ? __pfx_nf_conntrack_eventmask_report+0x10/0x10 [ 316.019836][T10343] ? __nf_conntrack_find_get+0xc1/0x520 [ 316.019869][T10343] nf_ct_delete+0x22f/0x600 [ 316.019898][T10343] nf_ct_gc_expired+0x267/0x380 [ 316.019914][T10343] ? __pfx_nf_ct_gc_expired+0x10/0x10 [ 316.019948][T10343] __nf_conntrack_find_get+0x20b/0x520 [ 316.019980][T10343] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 316.020006][T10343] ? __siphash_unaligned+0x232/0x3b0 [ 316.020035][T10343] nf_conntrack_find_get+0x25d/0x600 [ 316.020062][T10343] ? nf_conntrack_find_get+0x120/0x600 [ 316.020085][T10343] ? __pfx_nf_conntrack_find_get+0x10/0x10 [ 316.020129][T10343] ctnetlink_new_conntrack+0x32c/0x2070 [ 316.020161][T10343] ? __pfx___mutex_trylock_common+0x10/0x10 [ 316.020183][T10343] ? __pfx_ctnetlink_new_conntrack+0x10/0x10 [ 316.020205][T10343] ? rcu_is_watching+0x15/0xb0 [ 316.020222][T10343] ? trace_contention_end+0x39/0x120 [ 316.020240][T10343] ? __mutex_lock+0x330/0xe80 [ 316.020265][T10343] ? __lock_acquire+0xab9/0xd20 [ 316.020291][T10343] ? nfnetlink_rcv_msg+0x9dc/0x1130 [ 316.020336][T10343] nfnetlink_rcv_msg+0xb4a/0x1130 [ 316.020356][T10343] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 316.020395][T10343] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 316.020411][T10343] ? kasan_save_free_info+0x46/0x50 [ 316.020487][T10343] netlink_rcv_skb+0x208/0x470 [ 316.020511][T10343] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 316.020532][T10343] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 316.020568][T10343] ? bpf_lsm_capable+0x9/0x20 [ 316.020585][T10343] ? security_capable+0x7e/0x2e0 [ 316.020609][T10343] nfnetlink_rcv+0x26a/0x2520 [ 316.020632][T10343] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 316.020655][T10343] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 316.020675][T10343] ? __dev_queue_xmit+0x27e/0x3a70 [ 316.020693][T10343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.020722][T10343] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 316.020741][T10343] ? __pfx___dev_queue_xmit+0x10/0x10 [ 316.020773][T10343] ? ref_tracker_free+0x63a/0x7d0 [ 316.020789][T10343] ? __copy_skb_header+0xa7/0x550 [ 316.020806][T10343] ? __pfx_ref_tracker_free+0x10/0x10 [ 316.020822][T10343] ? __skb_clone+0x63/0x7a0 [ 316.020844][T10343] ? __skb_clone+0x483/0x7a0 [ 316.020869][T10343] ? skb_clone+0x246/0x3a0 [ 316.020889][T10343] ? __netlink_deliver_tap+0x807/0x850 [ 316.020910][T10343] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.020945][T10343] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.020966][T10343] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.020993][T10343] netlink_unicast+0x75b/0x8d0 [ 316.021026][T10343] netlink_sendmsg+0x805/0xb30 [ 316.021058][T10343] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.021084][T10343] ? aa_sock_msg_perm+0xf1/0x1d0 [ 316.021102][T10343] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 316.021123][T10343] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.021146][T10343] __sock_sendmsg+0x219/0x270 [ 316.021170][T10343] ____sys_sendmsg+0x505/0x830 [ 316.021194][T10343] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.021220][T10343] ? import_iovec+0x74/0xa0 [ 316.021241][T10343] ___sys_sendmsg+0x21f/0x2a0 [ 316.021260][T10343] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.021318][T10343] ? __fget_files+0x2a/0x420 [ 316.021338][T10343] ? __fget_files+0x3a0/0x420 [ 316.021371][T10343] __x64_sys_sendmsg+0x19b/0x260 [ 316.021390][T10343] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 316.021418][T10343] ? __pfx_ksys_write+0x10/0x10 [ 316.021435][T10343] ? rcu_is_watching+0x15/0xb0 [ 316.021456][T10343] ? do_syscall_64+0xbe/0x3b0 [ 316.021481][T10343] do_syscall_64+0xfa/0x3b0 [ 316.021501][T10343] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.021520][T10343] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.021535][T10343] ? clear_bhb_loop+0x60/0xb0 [ 316.021556][T10343] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.021572][T10343] RIP: 0033:0x7f05d098e929 [ 316.021587][T10343] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.021601][T10343] RSP: 002b:00007f05d174d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.021619][T10343] RAX: ffffffffffffffda RBX: 00007f05d0bb5fa0 RCX: 00007f05d098e929 [ 316.021632][T10343] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 316.021642][T10343] RBP: 00007f05d174d090 R08: 0000000000000000 R09: 0000000000000000 [ 316.021652][T10343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.021662][T10343] R13: 0000000000000000 R14: 00007f05d0bb5fa0 R15: 00007ffd4d02b6f8 [ 316.021691][T10343] [ 316.673689][T10348] Can't find a SQUASHFS superblock on rnullb0 [ 316.770946][T10350] loop4: detected capacity change from 0 to 7 [ 316.780684][ T6364] Dev loop4: unable to read RDB block 7 [ 316.786372][ T6364] loop4: unable to read partition table [ 316.792130][ T6364] loop4: partition table beyond EOD, truncated [ 316.803555][T10350] Dev loop4: unable to read RDB block 7 [ 316.809781][T10350] loop4: unable to read partition table [ 316.816207][T10350] loop4: partition table beyond EOD, truncated [ 316.822485][T10350] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 316.904103][ T92] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 316.959712][T10354] loop8: detected capacity change from 0 to 7 [ 316.967716][T10354] Dev loop8: unable to read RDB block 7 [ 316.973486][T10354] loop8: AHDI p1 p2 p3 [ 316.978411][T10354] loop8: partition table partially beyond EOD, truncated [ 316.986742][T10354] loop8: p1 start 1601398130 is beyond EOD, truncated [ 316.997042][T10354] loop8: p2 start 1702059890 is beyond EOD, truncated [ 317.055094][ T92] usb 4-1: device descriptor read/64, error -71 [ 317.178975][T10356] IPVS: length: 246 != 24 [ 317.202695][T10362] FAT-fs (rnullb0): bogus number of reserved sectors [ 317.204015][ T5829] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 317.209554][T10362] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 317.229650][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.229728][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.313943][ T92] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 317.317868][T10364] loop4: detected capacity change from 0 to 7 [ 317.331596][ T6364] Dev loop4: unable to read RDB block 7 [ 317.340915][ T6364] loop4: unable to read partition table [ 317.346892][ T6364] loop4: partition table beyond EOD, truncated [ 317.363292][T10364] Dev loop4: unable to read RDB block 7 [ 317.374119][ T5829] usb 2-1: Using ep0 maxpacket: 8 [ 317.379660][T10364] loop4: unable to read partition table [ 317.381291][ T5829] usb 2-1: config 2 has an invalid interface number: 2 but max is 0 [ 317.386997][T10364] loop4: partition table beyond EOD, truncated [ 317.395017][ T5829] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 317.403686][T10364] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 317.410319][ T5829] usb 2-1: config 2 has no interface number 0 [ 317.453983][ T92] usb 4-1: device descriptor read/64, error -71 [ 317.473556][ T5829] usb 2-1: config 2 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 317.503430][ T5829] usb 2-1: New USB device found, idVendor=1bbb, idProduct=0203, bcdDevice=1c.35 [ 317.537308][ T5829] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.574189][ T92] usb usb4-port1: attempt power cycle [ 317.675484][T10370] loop4: detected capacity change from 0 to 7 [ 317.683045][T10370] Dev loop4: unable to read RDB block 7 [ 317.689227][T10370] loop4: unable to read partition table [ 317.697755][T10370] loop4: partition table beyond EOD, truncated [ 317.704443][T10370] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 317.820712][T10374] loop8: detected capacity change from 0 to 7 [ 317.844828][T10374] Dev loop8: unable to read RDB block 7 [ 317.850433][T10374] loop8: AHDI p1 p2 p3 [ 317.864479][T10374] loop8: partition table partially beyond EOD, truncated [ 317.882677][T10374] loop8: p1 start 1601398130 is beyond EOD, truncated [ 317.898451][T10374] loop8: p2 start 1702059890 is beyond EOD, truncated [ 317.923866][ T92] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 317.958464][ T92] usb 4-1: device descriptor read/8, error -71 [ 318.169214][T10387] loop4: detected capacity change from 0 to 7 [ 318.186497][T10387] Dev loop4: unable to read RDB block 7 [ 318.197741][T10387] loop4: unable to read partition table [ 318.209422][T10387] loop4: partition table beyond EOD, truncated [ 318.220197][T10387] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 318.224260][ T92] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 318.277581][ T92] usb 4-1: device descriptor read/8, error -71 [ 318.304894][ T5912] usb 2-1: USB disconnect, device number 50 [ 318.394298][ T92] usb usb4-port1: unable to enumerate USB device [ 318.491793][T10397] FAULT_INJECTION: forcing a failure. [ 318.491793][T10397] name failslab, interval 1, probability 0, space 0, times 0 [ 318.509142][T10397] CPU: 0 UID: 0 PID: 10397 Comm: syz.4.1275 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 318.509158][T10397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 318.509164][T10397] Call Trace: [ 318.509169][T10397] [ 318.509173][T10397] dump_stack_lvl+0x189/0x250 [ 318.509190][T10397] ? __pfx____ratelimit+0x10/0x10 [ 318.509203][T10397] ? __pfx_dump_stack_lvl+0x10/0x10 [ 318.509214][T10397] ? __pfx__printk+0x10/0x10 [ 318.509228][T10397] ? ref_tracker_alloc+0x318/0x460 [ 318.509241][T10397] should_fail_ex+0x414/0x560 [ 318.509260][T10397] should_failslab+0xa8/0x100 [ 318.509273][T10397] kmem_cache_alloc_noprof+0x73/0x3c0 [ 318.509283][T10397] ? skb_clone+0x212/0x3a0 [ 318.509295][T10397] skb_clone+0x212/0x3a0 [ 318.509306][T10397] __netlink_deliver_tap+0x404/0x850 [ 318.509327][T10397] ? netlink_deliver_tap+0x2e/0x1b0 [ 318.509341][T10397] netlink_deliver_tap+0x19c/0x1b0 [ 318.509354][T10397] netlink_broadcast_filtered+0xcbb/0x1140 [ 318.509378][T10397] nlmsg_notify+0xf0/0x1a0 [ 318.509393][T10397] ctnetlink_conntrack_event+0x10b2/0x1490 [ 318.509418][T10397] ? __pfx_ctnetlink_conntrack_event+0x10/0x10 [ 318.509437][T10397] ? __nf_conntrack_eventmask_report+0xc1/0x480 [ 318.509447][T10397] __nf_conntrack_eventmask_report+0x1f7/0x480 [ 318.509462][T10397] nf_conntrack_eventmask_report+0x2ce/0x4a0 [ 318.509480][T10397] ? __pfx_nf_conntrack_eventmask_report+0x10/0x10 [ 318.509492][T10397] ? __nf_conntrack_find_get+0xc1/0x520 [ 318.509512][T10397] nf_ct_delete+0x22f/0x600 [ 318.509529][T10397] nf_ct_gc_expired+0x267/0x380 [ 318.509537][T10397] ? __pfx_nf_ct_gc_expired+0x10/0x10 [ 318.509552][T10397] __nf_conntrack_find_get+0x20b/0x520 [ 318.509572][T10397] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 318.509587][T10397] ? __siphash_unaligned+0x232/0x3b0 [ 318.509604][T10397] nf_conntrack_find_get+0x25d/0x600 [ 318.509620][T10397] ? nf_conntrack_find_get+0x120/0x600 [ 318.509634][T10397] ? __pfx_nf_conntrack_find_get+0x10/0x10 [ 318.509660][T10397] ctnetlink_new_conntrack+0x32c/0x2070 [ 318.509678][T10397] ? __pfx___mutex_trylock_common+0x10/0x10 [ 318.509692][T10397] ? __pfx_ctnetlink_new_conntrack+0x10/0x10 [ 318.509705][T10397] ? rcu_is_watching+0x15/0xb0 [ 318.509726][T10397] ? trace_contention_end+0x39/0x120 [ 318.509736][T10397] ? __mutex_lock+0x330/0xe80 [ 318.509751][T10397] ? __lock_acquire+0xab9/0xd20 [ 318.509766][T10397] ? nfnetlink_rcv_msg+0x9dc/0x1130 [ 318.509792][T10397] nfnetlink_rcv_msg+0xb4a/0x1130 [ 318.509803][T10397] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 318.509824][T10397] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 318.509833][T10397] ? kasan_save_free_info+0x46/0x50 [ 318.509897][T10397] netlink_rcv_skb+0x208/0x470 [ 318.509919][T10397] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 318.509939][T10397] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 318.509961][T10397] ? bpf_lsm_capable+0x9/0x20 [ 318.509972][T10397] ? security_capable+0x7e/0x2e0 [ 318.509987][T10397] nfnetlink_rcv+0x26a/0x2520 [ 318.509999][T10397] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 318.510013][T10397] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 318.510025][T10397] ? __dev_queue_xmit+0x27e/0x3a70 [ 318.510036][T10397] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.510051][T10397] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 318.510060][T10397] ? __pfx___dev_queue_xmit+0x10/0x10 [ 318.510079][T10397] ? ref_tracker_free+0x63a/0x7d0 [ 318.510087][T10397] ? __copy_skb_header+0xa7/0x550 [ 318.510098][T10397] ? __pfx_ref_tracker_free+0x10/0x10 [ 318.510107][T10397] ? __skb_clone+0x63/0x7a0 [ 318.510119][T10397] ? __skb_clone+0x483/0x7a0 [ 318.510132][T10397] ? skb_clone+0x246/0x3a0 [ 318.510144][T10397] ? __netlink_deliver_tap+0x807/0x850 [ 318.510156][T10397] ? netlink_deliver_tap+0x2e/0x1b0 [ 318.510173][T10397] ? netlink_deliver_tap+0x2e/0x1b0 [ 318.510185][T10397] ? netlink_deliver_tap+0x2e/0x1b0 [ 318.510201][T10397] netlink_unicast+0x75b/0x8d0 [ 318.510219][T10397] netlink_sendmsg+0x805/0xb30 [ 318.510238][T10397] ? __pfx_netlink_sendmsg+0x10/0x10 [ 318.510253][T10397] ? aa_sock_msg_perm+0xf1/0x1d0 [ 318.510264][T10397] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 318.510278][T10397] ? __pfx_netlink_sendmsg+0x10/0x10 [ 318.510291][T10397] __sock_sendmsg+0x219/0x270 [ 318.510305][T10397] ____sys_sendmsg+0x505/0x830 [ 318.510318][T10397] ? __pfx_____sys_sendmsg+0x10/0x10 [ 318.510332][T10397] ? import_iovec+0x74/0xa0 [ 318.510343][T10397] ___sys_sendmsg+0x21f/0x2a0 [ 318.510354][T10397] ? __pfx____sys_sendmsg+0x10/0x10 [ 318.510383][T10397] ? __fget_files+0x2a/0x420 [ 318.510396][T10397] ? __fget_files+0x3a0/0x420 [ 318.510415][T10397] __x64_sys_sendmsg+0x19b/0x260 [ 318.510425][T10397] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 318.510440][T10397] ? __pfx_ksys_write+0x10/0x10 [ 318.510455][T10397] ? do_syscall_64+0xbe/0x3b0 [ 318.510472][T10397] do_syscall_64+0xfa/0x3b0 [ 318.510484][T10397] ? lockdep_hardirqs_on+0x9c/0x150 [ 318.510495][T10397] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.510504][T10397] ? clear_bhb_loop+0x60/0xb0 [ 318.510516][T10397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.510525][T10397] RIP: 0033:0x7fd84258e929 [ 318.510534][T10397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.510542][T10397] RSP: 002b:00007fd843441038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 318.510553][T10397] RAX: ffffffffffffffda RBX: 00007fd8427b5fa0 RCX: 00007fd84258e929 [ 318.510560][T10397] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 318.510566][T10397] RBP: 00007fd843441090 R08: 0000000000000000 R09: 0000000000000000 [ 318.510571][T10397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.510577][T10397] R13: 0000000000000000 R14: 00007fd8427b5fa0 R15: 00007ffecaef8f08 [ 318.510593][T10397] [ 319.068480][ C0] ================================================================== [ 319.076548][ C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 [ 319.084195][ C0] Write of size 8 at addr ffff8880304c14c0 by task swapper/0/0 [ 319.091772][ C0] [ 319.094084][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 319.094103][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.094114][ C0] Call Trace: [ 319.094123][ C0] [ 319.094131][ C0] dump_stack_lvl+0x189/0x250 [ 319.094154][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 319.094169][ C0] ? rcu_is_watching+0x15/0xb0 [ 319.094179][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.094187][ C0] ? rcu_is_watching+0x15/0xb0 [ 319.094195][ C0] ? lock_release+0x4b/0x3e0 [ 319.094209][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 319.094218][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 319.094227][ C0] print_report+0xd2/0x2b0 [ 319.094239][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 319.094248][ C0] kasan_report+0x118/0x150 [ 319.094259][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 319.094270][ C0] kasan_check_range+0x2b0/0x2c0 [ 319.094281][ C0] flush_tlb_func+0x23d/0x6c0 [ 319.094292][ C0] ? sched_clock+0x3f/0x60 [ 319.094304][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 319.094315][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 319.094325][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 319.094335][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 319.094345][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 319.094357][ C0] sysvec_call_function_single+0x4f/0xc0 [ 319.094369][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 319.094379][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 319.094389][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 319.094397][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 319.094412][ C0] RAX: be8be6e4e2e52700 RBX: 0000000000000382 RCX: be8be6e4e2e52700 [ 319.094419][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 319.094425][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 319.094432][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 319.094439][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 319.094449][ C0] ? lapic_next_event+0x11/0x20 [ 319.094457][ C0] ? clockevents_program_event+0x24d/0x360 [ 319.094469][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 319.094478][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 319.094486][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 319.094497][ C0] __irq_exit_rcu+0xca/0x1f0 [ 319.094506][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 319.094524][ C0] irq_exit_rcu+0x9/0x30 [ 319.094536][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 319.094554][ C0] [ 319.094559][ C0] [ 319.094565][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 319.094582][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 319.094599][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 319.094606][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 319.094614][ C0] RAX: be8be6e4e2e52700 RBX: ffffffff81971188 RCX: be8be6e4e2e52700 [ 319.094621][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 319.094627][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 319.094634][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 319.094640][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 319.094647][ C0] ? do_idle+0x1e8/0x510 [ 319.094660][ C0] default_idle+0x13/0x20 [ 319.094672][ C0] default_idle_call+0x74/0xb0 [ 319.094683][ C0] do_idle+0x1e8/0x510 [ 319.094692][ C0] ? __pfx_do_idle+0x10/0x10 [ 319.094703][ C0] cpu_startup_entry+0x44/0x60 [ 319.094711][ C0] rest_init+0x2de/0x300 [ 319.094719][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 319.094729][ C0] start_kernel+0x47d/0x500 [ 319.094742][ C0] x86_64_start_reservations+0x24/0x30 [ 319.094752][ C0] x86_64_start_kernel+0x143/0x1c0 [ 319.094760][ C0] common_startup_64+0x13e/0x147 [ 319.094774][ C0] [ 319.094777][ C0] [ 319.492597][ C0] Allocated by task 6776: [ 319.496910][ C0] kasan_save_track+0x3e/0x80 [ 319.501571][ C0] __kasan_slab_alloc+0x6c/0x80 [ 319.506403][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 319.511841][ C0] copy_mm+0xdb/0x4b0 [ 319.515804][ C0] copy_process+0x1706/0x3c00 [ 319.520457][ C0] kernel_clone+0x21e/0x870 [ 319.524950][ C0] __x64_sys_clone+0x18b/0x1e0 [ 319.529705][ C0] do_syscall_64+0xfa/0x3b0 [ 319.534202][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.540096][ C0] [ 319.542408][ C0] Freed by task 10396: [ 319.546448][ C0] kasan_save_track+0x3e/0x80 [ 319.551107][ C0] kasan_save_free_info+0x46/0x50 [ 319.556113][ C0] __kasan_slab_free+0x62/0x70 [ 319.560852][ C0] kmem_cache_free+0x18f/0x400 [ 319.565592][ C0] exit_mm+0x1da/0x2c0 [ 319.569638][ C0] do_exit+0x648/0x2300 [ 319.573771][ C0] do_group_exit+0x21c/0x2d0 [ 319.578349][ C0] __x64_sys_exit_group+0x3f/0x40 [ 319.583354][ C0] x64_sys_call+0x21f7/0x2200 [ 319.588009][ C0] do_syscall_64+0xfa/0x3b0 [ 319.592494][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.598362][ C0] [ 319.600662][ C0] The buggy address belongs to the object at ffff8880304c0ac0 [ 319.600662][ C0] which belongs to the cache mm_struct of size 2584 [ 319.614602][ C0] The buggy address is located 2560 bytes inside of [ 319.614602][ C0] freed 2584-byte region [ffff8880304c0ac0, ffff8880304c14d8) [ 319.628547][ C0] [ 319.630853][ C0] The buggy address belongs to the physical page: [ 319.637236][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880304c2040 pfn:0x304c0 [ 319.647275][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 319.655747][ C0] memcg:ffff88807e8f9981 [ 319.659962][ C0] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 319.667839][ C0] page_type: f5(slab) [ 319.671800][ C0] raw: 00fff00000000040 ffff88801a84bb40 ffffea0000a9fe00 dead000000000003 [ 319.680361][ C0] raw: ffff8880304c2040 00000000800b000a 00000000f5000000 ffff88807e8f9981 [ 319.688922][ C0] head: 00fff00000000040 ffff88801a84bb40 ffffea0000a9fe00 dead000000000003 [ 319.697572][ C0] head: ffff8880304c2040 00000000800b000a 00000000f5000000 ffff88807e8f9981 [ 319.706217][ C0] head: 00fff00000000003 ffffea0000c13001 00000000ffffffff 00000000ffffffff [ 319.714873][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 319.723514][ C0] page dumped because: kasan: bad access detected [ 319.729909][ C0] page_owner tracks the page as allocated [ 319.735615][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevd), ts 34556555944, free_ts 34542670636 [ 319.756357][ C0] post_alloc_hook+0x240/0x2a0 [ 319.761119][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 319.766656][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 319.772489][ C0] alloc_pages_mpol+0x232/0x4a0 [ 319.777348][ C0] allocate_slab+0x8a/0x370 [ 319.781853][ C0] ___slab_alloc+0xbeb/0x1410 [ 319.786515][ C0] kmem_cache_alloc_noprof+0x283/0x3c0 [ 319.791957][ C0] copy_mm+0xdb/0x4b0 [ 319.795918][ C0] copy_process+0x1706/0x3c00 [ 319.800573][ C0] kernel_clone+0x21e/0x870 [ 319.805051][ C0] __x64_sys_clone+0x18b/0x1e0 [ 319.809792][ C0] do_syscall_64+0xfa/0x3b0 [ 319.814275][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.820145][ C0] page last free pid 5214 tgid 5214 stack trace: [ 319.826447][ C0] __free_frozen_pages+0xb80/0xd80 [ 319.831546][ C0] __put_partials+0x156/0x1a0 [ 319.836216][ C0] put_cpu_partial+0x17c/0x250 [ 319.840959][ C0] __slab_free+0x2d5/0x3c0 [ 319.845356][ C0] qlist_free_all+0x97/0x140 [ 319.849920][ C0] kasan_quarantine_reduce+0x148/0x160 [ 319.855352][ C0] __kasan_slab_alloc+0x22/0x80 [ 319.860180][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 319.865614][ C0] getname_flags+0xb8/0x540 [ 319.870111][ C0] do_readlinkat+0xbc/0x500 [ 319.874616][ C0] __x64_sys_readlink+0x7f/0x90 [ 319.879459][ C0] do_syscall_64+0xfa/0x3b0 [ 319.883951][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.889826][ C0] [ 319.892127][ C0] Memory state around the buggy address: [ 319.897731][ C0] ffff8880304c1380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 319.905772][ C0] ffff8880304c1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 319.913811][ C0] >ffff8880304c1480: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 319.921844][ C0] ^ [ 319.927973][ C0] ffff8880304c1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 319.936012][ C0] ffff8880304c1580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 319.944047][ C0] ================================================================== [ 319.952091][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 319.959264][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 319.970354][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 319.980394][ C0] Call Trace: [ 319.983657][ C0] [ 319.986483][ C0] dump_stack_lvl+0x99/0x250 [ 319.991059][ C0] ? __asan_memcpy+0x40/0x70 [ 319.995627][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 320.000812][ C0] ? __pfx__printk+0x10/0x10 [ 320.005386][ C0] panic+0x2db/0x790 [ 320.009268][ C0] ? __pfx_panic+0x10/0x10 [ 320.013662][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 320.019537][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 320.025857][ C0] ? print_memory_metadata+0x314/0x400 [ 320.031320][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 320.036159][ C0] check_panic_on_warn+0x89/0xb0 [ 320.041083][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 320.045915][ C0] end_report+0x78/0x160 [ 320.050140][ C0] kasan_report+0x129/0x150 [ 320.054626][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 320.059460][ C0] kasan_check_range+0x2b0/0x2c0 [ 320.064377][ C0] flush_tlb_func+0x23d/0x6c0 [ 320.069035][ C0] ? sched_clock+0x3f/0x60 [ 320.073434][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 320.078613][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 320.083793][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 320.089927][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 320.095107][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 320.100984][ C0] sysvec_call_function_single+0x4f/0xc0 [ 320.106598][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 320.112556][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 320.118078][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 320.137669][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 320.145458][ C0] RAX: be8be6e4e2e52700 RBX: 0000000000000382 RCX: be8be6e4e2e52700 [ 320.153408][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 320.161357][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 320.169308][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 320.177257][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 320.185237][ C0] ? lapic_next_event+0x11/0x20 [ 320.190073][ C0] ? clockevents_program_event+0x24d/0x360 [ 320.195863][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 320.200606][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 320.205869][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 320.211046][ C0] __irq_exit_rcu+0xca/0x1f0 [ 320.215613][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 320.220789][ C0] irq_exit_rcu+0x9/0x30 [ 320.225007][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 320.230621][ C0] [ 320.233538][ C0] [ 320.236447][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 320.242409][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 320.248107][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 320.267690][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 320.273737][ C0] RAX: be8be6e4e2e52700 RBX: ffffffff81971188 RCX: be8be6e4e2e52700 [ 320.281696][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 320.289646][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 320.297595][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 320.305547][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 320.313498][ C0] ? do_idle+0x1e8/0x510 [ 320.317729][ C0] default_idle+0x13/0x20 [ 320.322042][ C0] default_idle_call+0x74/0xb0 [ 320.326788][ C0] do_idle+0x1e8/0x510 [ 320.330837][ C0] ? __pfx_do_idle+0x10/0x10 [ 320.335410][ C0] cpu_startup_entry+0x44/0x60 [ 320.340151][ C0] rest_init+0x2de/0x300 [ 320.344369][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 320.349893][ C0] start_kernel+0x47d/0x500 [ 320.354383][ C0] x86_64_start_reservations+0x24/0x30 [ 320.359820][ C0] x86_64_start_kernel+0x143/0x1c0 [ 320.364908][ C0] common_startup_64+0x13e/0x147 [ 320.369832][ C0] [ 320.373082][ C0] Kernel Offset: disabled [ 320.377383][ C0] Rebooting in 86400 seconds..