last executing test programs: 7m17.630993739s ago: executing program 32 (id=123): socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x2, 0x300) socket$kcm(0x2, 0xa, 0x2) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000180)=""/181, 0xb5}], 0x1, 0x3c, 0x4) 4m15.87398147s ago: executing program 33 (id=1811): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) io_pgetevents(0x0, 0x2, 0x0, 0x0, &(0x7f0000000700)={0x0, 0x3938700}, 0x0) 3m53.458350862s ago: executing program 2 (id=1960): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0), 0x100}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032"], 0xf8}}, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0) 3m53.068031431s ago: executing program 2 (id=1962): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000840)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000340)=0x6) 3m52.075768473s ago: executing program 2 (id=1970): r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff}, 0x80) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0xcd) r3 = add_key$fscrypt_v1(&(0x7f0000000380), &(0x7f0000000280)={'fscrypt:', @auto=[0x33, 0x0, 0x37, 0x33, 0x61, 0x38, 0x62, 0x30, 0x31, 0x35, 0x34, 0x35, 0x0, 0x39, 0x65, 0x30]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x24}, 0x48, r0) keyctl$KEYCTL_MOVE(0x1e, r3, r0, r1, 0x0) 3m51.771819838s ago: executing program 2 (id=1973): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(r1, &(0x7f0000000bc0)='./file0\x00', 0x800) move_mount(r2, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x220) 3m50.76190035s ago: executing program 2 (id=1977): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b", 0x4, 0x840, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x11000, 0x0, 0x0}, &(0x7f0000000000)=0x40) 3m50.343929484s ago: executing program 2 (id=1979): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031c12d3fc140020004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 3m49.873209017s ago: executing program 34 (id=1979): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c0012800b0001006970766c616e00000c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031c12d3fc140020004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x86dd, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m13.084394712s ago: executing program 5 (id=2768): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000380)="c0") readv(r1, &(0x7f0000000300)=[{0x0}, {&(0x7f00000019c0)=""/196, 0xc4}], 0x2) 2m10.151051721s ago: executing program 5 (id=2781): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r0) setsockopt$sock_int(r3, 0x1, 0x45, &(0x7f0000000180)=0x800002, 0x4) 2m9.852756392s ago: executing program 5 (id=2785): syz_io_uring_setup(0x9e, &(0x7f0000000000)={0x0, 0x88ad, 0x0, 0x2, 0x40001333}, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24008891) r0 = io_uring_setup(0x1b7c, &(0x7f0000000040)={0x0, 0xb41f, 0xc000, 0x7, 0x33f}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 2m9.452716246s ago: executing program 5 (id=2790): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000100)='./file0\x00', 0x1) 2m9.113438366s ago: executing program 5 (id=2794): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/devices\x00', 0x0, 0x0) close(0x3) r1 = socket$netlink(0x10, 0x3, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) write(r1, &(0x7f00000000c0)="29000000140005b7ff000051915f95eb01010003a606a40e07fff024bb000000000000000040000000", 0x29) recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 2m7.035992182s ago: executing program 5 (id=2817): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e65766500001400028005000d0002000000050004000100000008000a00", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2m6.539298673s ago: executing program 35 (id=2817): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b00010067656e65766500001400028005000d0002000000050004000100000008000a00", @ANYRES32=r2], 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1m43.700012796s ago: executing program 3 (id=2986): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10) connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x2710}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) accept4(r0, 0x0, 0x0, 0x80000) 1m43.676200659s ago: executing program 3 (id=2987): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x401, 0x4) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, '\x00', 0xff, 0x0}, 0x6}, 0x1c) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) 1m43.624509106s ago: executing program 3 (id=2988): fanotify_init(0x8, 0x80000) msgget(0x3, 0x710) msgget(0x2, 0x624) msgget(0x1, 0x240) msgctl$IPC_RMID(0x0, 0x0) msgget(0x3, 0x693) msgget(0x0, 0x200) 1m43.480020315s ago: executing program 3 (id=2989): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) 1m42.503925762s ago: executing program 3 (id=2993): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @rand_addr=0x640100fe}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@cswp={0x58, 0x114, 0x7, {{0x1, 0x8000}, &(0x7f00000001c0)=0x6, 0x0, 0x7d1c, 0x8, 0x9936, 0x7fff, 0x2, 0x72e1}}], 0x58, 0x8004}, 0x0) 1m39.73911247s ago: executing program 3 (id=3011): getgroups(0x2, &(0x7f00000001c0)=[0xffffffffffffffff, 0xee00]) setresgid(r0, 0x0, r0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)) bpf$MAP_CREATE(0x0, 0x0, 0x48) 1m38.72719226s ago: executing program 36 (id=3011): getgroups(0x2, &(0x7f00000001c0)=[0xffffffffffffffff, 0xee00]) setresgid(r0, 0x0, r0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)) bpf$MAP_CREATE(0x0, 0x0, 0x48) 1m20.455216716s ago: executing program 9 (id=3124): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newtfilter={0x88, 0x2c, 0xe27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {}, {0x5, 0xf}}, [@TCA_RATE={0x5, 0x5, {0x9, 0x7}}, @filter_kind_options=@f_cgroup={{0xb}, {0x50, 0x2, [@TCA_CGROUP_ACT={0x4c, 0x1, [@m_sample={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x7, 0x81, 0x8, 0xfff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x88}}, 0x20040054) 1m20.192004594s ago: executing program 9 (id=3129): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x101001) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000100)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000a40), 0x3, r1, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000a00)={0x300, 0x1, &(0x7f0000000900)=[r1], &(0x7f0000000940)=[0x7ff], &(0x7f0000000980)=[r3], &(0x7f00000009c0), 0x0, 0xfff}) 1m19.921803786s ago: executing program 9 (id=3132): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='maps\x00') r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') read$FUSE(r1, &(0x7f0000002700)={0x2020}, 0x2020) 1m18.973551724s ago: executing program 9 (id=3144): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000a00)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00') 1m18.807966168s ago: executing program 9 (id=3146): socket$inet(0x2, 0x1, 0x0) r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 1m18.451997611s ago: executing program 9 (id=3151): r0 = mq_open(&(0x7f0000000300)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.tT\xcfY\xca\x9d\xaes\xab\n/\x82z\x887O\xf3\xd6\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|m\x97\x14\xe9\x91\xc4\xb2,\ak\x037\b\x83?\xceK\x0e\xc1R%\x8ah\xe4\xdb`\x9cm\xd4\xc9.k\x85\x1b\xd4\xc6]\xb1\xf6\xab\xe2!\x94h\x80\xa7\x1f\xbd\x1dN\np \xba\xd3\r_\xd3\x8f\xf6\xa7\x81\xa1\xe4\x1d,Qj\xce\xb5\x1b\xc0\x9ddc(\xc4\xe9\x82\xd0\x80\xf0\t{\x80h:\\V!\xaa\xc58\x135X#\xd5\xb6\xee\xc9kj\xa9\x1c\xfb\"\xbcs\ri\xe4)\x97\x8f\x8cl[', 0x42, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) r1 = syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000004600)=""/102373, 0x18fe5, 0xfffffffeffffa6d8, 0x0) 1m17.850570537s ago: executing program 37 (id=3151): r0 = mq_open(&(0x7f0000000300)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.tT\xcfY\xca\x9d\xaes\xab\n/\x82z\x887O\xf3\xd6\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|m\x97\x14\xe9\x91\xc4\xb2,\ak\x037\b\x83?\xceK\x0e\xc1R%\x8ah\xe4\xdb`\x9cm\xd4\xc9.k\x85\x1b\xd4\xc6]\xb1\xf6\xab\xe2!\x94h\x80\xa7\x1f\xbd\x1dN\np \xba\xd3\r_\xd3\x8f\xf6\xa7\x81\xa1\xe4\x1d,Qj\xce\xb5\x1b\xc0\x9ddc(\xc4\xe9\x82\xd0\x80\xf0\t{\x80h:\\V!\xaa\xc58\x135X#\xd5\xb6\xee\xc9kj\xa9\x1c\xfb\"\xbcs\ri\xe4)\x97\x8f\x8cl[', 0x42, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) r1 = syz_io_uring_setup(0x9eb, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r0, &(0x7f0000004600)=""/102373, 0x18fe5, 0xfffffffeffffa6d8, 0x0) 30.382146893s ago: executing program 8 (id=3473): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000280)="da1a0f38f15c00ba2000ed642e0f01c5360f01df0fc701dfdfad000f00d0baf80c0f98dbe1efbafc0c66edd9ee0f01c3", 0x30}], 0x40, 0x14, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 29.772831774s ago: executing program 8 (id=3477): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000000)=0x400000001, 0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c) sendmmsg(r0, &(0x7f0000004c00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000340)='\v', 0x1}], 0x1}}], 0x1, 0x4010) 29.47205282s ago: executing program 8 (id=3481): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000440)={'\x00', 0x4, 0x2, 0x9c, 0x0, 0xfffd, 0x1, 0x5000, '\x00', 0xc}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 29.060705152s ago: executing program 8 (id=3485): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41) chroot(&(0x7f0000002940)='./file0\x00') unshare(0x22020600) pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00') 28.060288712s ago: executing program 8 (id=3497): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(0xffffffffffffffff, 0xc1105518, &(0x7f00000007c0)={{0x2, 0x2, 0xf7ffffb7, 0x80, 'syz1\x00', 0x5}, 0x1, 0x100, 0x80000000, 0x0, 0x0, 0x4, 'syz0\x00', 0x0}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xfefc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000004, 0x10012, r1, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) 27.791987249s ago: executing program 8 (id=3501): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000040), 0x2, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[r3], 0x0}) 27.327127303s ago: executing program 38 (id=3501): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000040), 0x2, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r2], &(0x7f0000000200), &(0x7f0000000300)=[r3], 0x0}) 6.934186203s ago: executing program 6 (id=3589): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffff9]}, 0x0, 0x8) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = gettid() r2 = gettid() tkill(r1, 0x12) tkill(r2, 0x14) 6.600726801s ago: executing program 0 (id=3592): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2d}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0xff, @ipv4={'\x00', '\xff\xff', @empty}, 0x102}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x48880, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40040) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00') read$FUSE(r1, &(0x7f0000000540)={0x2020}, 0x205e) 6.529358061s ago: executing program 6 (id=3593): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200000) ioprio_set$pid(0x3, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 6.098725087s ago: executing program 6 (id=3594): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"9dcb37ba3871bb300eba85e89f3014f58deb2ff370e50b637b875ebcc073150a696d91c79e95afc7083b3bf09a740c7c4264a15b1760f1de54b08989230e0033106439ba22b8a388715006d12880e179e594f5bfaa890f1cca1fd7b6a2768f070beb2542771dd6f9451f22f058a3c7174a92714fe3c680e7ddb95518e2d5ef942415d510788ac73478c9081c3b90f127011702749dc7c82b33fef046602253b0a3bc7d6030ed6f6d8c8fc7b21642d8d786284320037f37b0e76db6a8a2db072a9eed410fcdd2bfa32ed885631c77955fbda3ad0e2a34b739cbd4ae14a31ae0e1d7b31cfbf1a960dca7dea4b55d77d0ea39636b4a5a683ee481dfd79cf20ba69fa25d22d5c6969ec165501e6c0e412954d4a592889bcfc15a13f4097713708d0041cb2629fb9f47d857887dd39155b2c6658d283cdad83fe910b39a9b56788d890bc88faa62dbba32ac25142e3eb05246d6acd3d5c379005837c0ac01e1335944fde055ca6a4308c6e8e78539fa047933dac5284c3b0aaaa5ada8b40ed2e2f28c84a51e017b296afdb1a28b96f339cbe1d504b3599de6ed7142a50a110b9075b077eef6179c58a8228d2c18ba0e5d467109ff81644a775975ee44f13d488aae79f5d42021cc4855e0c22faab2640195847d6ef42040c3ba8ccaed3000444587ad43d184a77246c2110f360dcd8fa66ca9d0e13164f32f1eabf83116de6d21bead6a70e95ea9cd1d70611b439a51d21a94f2b017cbdb3ed47f09fedf2ad907e354cf56500d44b488c022ed309979989c2801ef4c7c7c6c32ac49e682d1093562ed4235a9b7cc3238aa9762e06335813ce5a963cec321e760927da03fe615d593f0110d670b477eaa0e12bda94c31f628e62f2cd3c5af76a7844d46a345ad0f0fe2a06b8cc7e1ead2b3e1e8984e83df5f34f0250035616d08bfae3b2baea5f46ddc450fbed612416e5ec148773291ec095a446cada1a0ab74724265e2bb319d64525d2f41f98121709e95103549e10fa2f90c662404e84c2f339a17478c885395b999527e6dab08f73256d30a6c91366c89c54545216f3b71f50fff7c6defe35610654e426252629caa3bbfe42c2046f945d5ae91ecdee17e05dd18c4e67659fdb98234bfe59d9be203578f62fba16e67a1f77c647a42fbee5394d001d3b4597974db1dea3e25dd48d98aed9bdf48da1f9c50ad80041f0a17b9896efed36fdb21de43cb39955abfa9c6e29b0d4e283f296895a39502da08d9be021b35bcbcbff769b15656ce64f74efe0ccb1a349b60d6746fc9a8679f20d3e2667b84eec710696afd7fd062111c9fb5e4c269695ff73a448819e582501299a61e6e4a5865ea31073b993618e4a8715c5ac89fdcc0aad13f17857b7d032cc71d47491f082bd39b269e2a67a02e524ae0d526ad3bc654356bbe4dac1c5398793ad860e515fc07e6e4"}) ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f0000001080)={{'\x00', 0x3}, {0x80}, 0x96, 0x0, 0x0, 0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0, 0x0, 0x177}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x3, 0xc5, 0x0, 0x6, 0xa, 0x4, 0x7, 0x1, 0xf8, 0x0, 0xe5, 0x0, 0xe474, 0x6, 0xce, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4}) 5.869337937s ago: executing program 6 (id=3596): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cryptd(ecb-serpent-avx2)\x00'}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x24008090}, 0x40000) recvmmsg(r1, &(0x7f000000a140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001980)=""/109, 0x6d}], 0x1}, 0x8}], 0x1, 0x40010061, 0x0) 5.61961199s ago: executing program 1 (id=3598): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$PROG_LOAD(0x5, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000040), 0x0) 5.466887191s ago: executing program 0 (id=3600): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r0 = gettid() r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0) readv(r1, &(0x7f0000000180)=[{&(0x7f0000000000)=""/59, 0x3b}, {&(0x7f0000000300)=""/69, 0x45}], 0x2) tkill(r0, 0x8) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2500, 0x2500, 0xe0000000, 0x1, {{0x5, 0x4, 0x0, 0x0, 0xfffffffffffffe33, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @private}}}}) 5.186696831s ago: executing program 0 (id=3602): r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') close(0xffffffffffffffff) r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{}]}, 0x2) write$binfmt_misc(r1, &(0x7f0000000000)='\t', 0x1) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0) 4.907046177s ago: executing program 0 (id=3603): syz_usb_connect(0x1, 0x3d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) writev(r0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000019080)="00000ace2f380f29d4b5622e5bea7aaefbabb6e2ea772e16705717b2bededffb67f99041646aaefc348b1fbe2119e9199f3ddd93806cbeb55ec7a7b15ab37429d350", 0x42}], 0x2) 4.601761972s ago: executing program 7 (id=3605): mount$fuse(0x0, 0x0, 0x0, 0x100000, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x44000, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c) r2 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="e03f030025"], 0x33fe0) 4.355979204s ago: executing program 6 (id=3606): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4.207270534s ago: executing program 7 (id=3608): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000008c80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/6, 0x6}, 0x3}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000005280)=""/4096, 0x1000}, 0xfae0e63}], 0x2, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) 3.957715446s ago: executing program 7 (id=3609): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r3, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c0005"], 0x3}, 0x1, 0x0, 0x0, 0x8001}, 0x0) splice(r0, 0x0, r2, 0x0, 0x10d00, 0x0) 3.440183286s ago: executing program 7 (id=3611): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x7) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000040)={0x74, 0x0, 0xf7}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000000c0)="2ef2dd050080000048b844410000000000000f23d00f21f835000000010f23f836362e6726af440f20c0350e000000440f22c0b805000000b9009800000f01d90f01c965470f01c4410f79d226450f01cb660f013b", 0x55}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.382360063s ago: executing program 4 (id=3612): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x1f, 0x0, 0x10000}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x9}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.071749969s ago: executing program 7 (id=3613): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000000)={0x8248851b466bc885, 0x16, 0x6, "da441b5bdf3e"}, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 2.940008713s ago: executing program 4 (id=3614): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000) close_range(r0, 0xffffffffffffffff, 0x0) 2.901558906s ago: executing program 0 (id=3615): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000024d564b000000000b"]) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000002c0)=ANY=[]) 2.387098502s ago: executing program 1 (id=3616): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_io_uring_setup(0x7a85, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}}) io_uring_enter(r1, 0x32d7, 0x0, 0x46, 0x0, 0x0) ioctl$SNDCTL_SEQ_PANIC(r0, 0x5111) ioctl$SNDCTL_SEQ_RESET(r0, 0x5100) 2.294275774s ago: executing program 6 (id=3617): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d010203010902"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = socket$unix(0x1, 0x1, 0x0) close(0x3) r1 = socket$pppl2tp(0x18, 0x1, 0x1) syz_usb_connect$uac1(0x2, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES32=r1, @ANYRESDEC], 0x0) 2.160908606s ago: executing program 0 (id=3618): r0 = syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000001140)={0x34, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000003f00)={0x84, &(0x7f0000003b00)={0x40, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000880)={0x34, &(0x7f00000006c0)={0x40, 0x6}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.283620191s ago: executing program 1 (id=3619): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2004cb, 0x9, 0x10000000000, 0x0, 0xfffffffffffffffd, 0x3, 0x8], 0xdddd0000, 0x200}) r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x2f5e, 0x0, 0x0, 0xc0}, &(0x7f00000002c0)=0x0, &(0x7f0000000640)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0xc, 0x0, 0x4}]}, 0xa) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r0, 0x47bc, 0x20, 0x0, 0x0, 0x0) 1.038123014s ago: executing program 1 (id=3620): mkdirat(0xffffffffffffff9c, &(0x7f0000000740)='./file0\x00', 0x271) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b39de2c5000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3aa35dd00", 0x2000, &(0x7f00000041c0)={&(0x7f0000000000)={0x50, 0x0, 0x10000, {0x7, 0x29, 0x0, 0x100000, 0x40, 0x0, 0x0, 0x457, 0x0, 0x0, 0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000140)='./file0\x00', 0x0) syz_fuse_handle_req(r0, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dc5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb0910c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae00", 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x78, 0x0, 0x7, {0xe, 0xcbff, 0x0, {0x5, 0x7, 0x9, 0x1af3, 0xa, 0x80000006, 0x5, 0x6, 0x8, 0x6000, 0x11, 0xffffffffffffffff, 0x0, 0x800003, 0x1c00}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) utimes(&(0x7f0000000280)='./file0\x00', 0x0) 962.250164ms ago: executing program 4 (id=3621): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4000, 0x2, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000840)={@in6={{0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, '\x00', 0x4, 0x0}}}, 0x0, 0x0, 0x38, 0x0, "07000000c651a9f11381328af8daf6f4bd282718050000000000000022d1af57aa193c5024c9e8b22a879aa538ed893952a15d637e8cba1b4d0bc071a2374c5b6e1a4c1929b52d39e8626bc90abcc02a"}, 0xd8) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='tunl0\x00', 0x10) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) sendmmsg$inet6(r0, &(0x7f0000000dc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) 742.277171ms ago: executing program 4 (id=3622): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5a, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x4a, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0xffffff49, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x4, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x1, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2) syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 639.535975ms ago: executing program 1 (id=3623): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x90, 0x2c, 0xe27, 0xfffffff9, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0xc}, {}, {0x5, 0xa}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x60, 0x2, [@TCA_CGROUP_ACT={0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x80000000}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x3, 0xfffffa3c, 0x3f, 0x4, 0x80000001}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x3f}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x90}}, 0x20040054) 235.984825ms ago: executing program 4 (id=3624): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000b00)={0x4, "abacd211119ca94c633774262eb5ab2c7b9c5cff6ce78185d8c4dc064744e042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, &(0x7f0000000780)={"d1ed39d88b014076ab94c1fb10628c46d2e681cdb9e581a38ebb0ddd5f307e56", r3, 0xffffffffffffffff}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SYNC_IOC_FILE_INFO(r4, 0x40103e05, &(0x7f0000000180)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) 177.435456ms ago: executing program 1 (id=3625): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000140)='g') r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 68.158531ms ago: executing program 7 (id=3626): mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket(0x10, 0x80003, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x8}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffe2a}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000010}, 0x40000) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x7ffffffc}, 0x8) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) 0s ago: executing program 4 (id=3627): syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x84, &(0x7f0000000500)=ANY=[@ANYBLOB="000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01) pipe(0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/4\x00') ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x7) write$char_usb(r0, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): setting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 394.492944][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 394.498532][ T6650] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 394.607646][ T6650] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 394.645631][ T6650] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.927815][ T6650] usb 8-1: usb_control_msg returned -32 [ 394.965714][ T6650] usbtmc 8-1:16.0: can't read capabilities [ 395.377227][ T6653] usb 5-1: USB disconnect, device number 48 [ 395.637702][T12711] usbtmc 8-1:16.0: CHECK_CLEAR_STATUS returned 6 [ 395.842332][ T6653] usb 8-1: USB disconnect, device number 4 [ 396.411971][ T5838] Bluetooth: hci2: command 0x0c1a tx timeout [ 396.568755][ T5838] Bluetooth: hci1: command 0x0c1a tx timeout [ 396.681990][T12721] tipc: Started in network mode [ 396.687390][T12721] tipc: Node identity ac14140f, cluster identity 4711 [ 396.732496][T12721] tipc: New replicast peer: 255.255.255.255 [ 396.773357][T12721] tipc: Enabled bearer , priority 10 [ 397.394636][T12744] loop6: detected capacity change from 0 to 7 [ 397.417564][ T5199] Dev loop6: unable to read RDB block 7 [ 397.432693][ T5199] loop6: AHDI p1 p2 p3 [ 397.436944][ T5199] loop6: partition table partially beyond EOD, truncated [ 397.485037][ T5199] loop6: p1 start 4217409618 is beyond EOD, truncated [ 397.502981][ T5199] loop6: p2 size 108 extends beyond EOD, truncated [ 397.518112][T12744] Dev loop6: unable to read RDB block 7 [ 397.529042][T12744] loop6: AHDI p1 p2 p3 [ 397.533511][T12744] loop6: partition table partially beyond EOD, truncated [ 397.573537][T12744] loop6: p1 start 4217409618 is beyond EOD, truncated [ 397.608585][T12744] loop6: p2 size 108 extends beyond EOD, truncated [ 397.636123][ T5199] Dev loop6: unable to read RDB block 7 [ 397.647764][ T5199] loop6: AHDI p1 p2 p3 [ 397.663186][ T5199] loop6: partition table partially beyond EOD, truncated [ 397.686228][ T5199] loop6: p1 start 4217409618 is beyond EOD, truncated [ 397.703287][ T5199] loop6: p2 size 108 extends beyond EOD, truncated [ 397.891287][ T6650] tipc: Node number set to 2886997007 [ 397.970430][ T7156] udevd[7156]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 398.149304][ T7156] udevd[7156]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 398.244464][ T7156] udevd[7156]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 398.671001][T12775] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 399.303469][T12798] netlink: 27 bytes leftover after parsing attributes in process `syz.5.2604'. [ 400.150234][ T5920] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 400.197184][T12829] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2618'. [ 400.270377][T12829] 8021q: adding VLAN 0 to HW filter on device bond1 [ 400.277885][T12831] netlink: 'syz.4.2619': attribute type 29 has an invalid length. [ 400.295366][T12833] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2618'. [ 400.325964][T12834] netlink: 'syz.4.2619': attribute type 29 has an invalid length. [ 400.356186][T12831] netlink: 500 bytes leftover after parsing attributes in process `syz.4.2619'. [ 400.365460][ T5920] usb 4-1: Using ep0 maxpacket: 32 [ 400.383809][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 9 [ 400.436572][ T5920] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 8241, setting to 1024 [ 400.493300][ T5920] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 400.514058][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.540175][ T5920] usb 4-1: Product: syz [ 400.544397][ T5920] usb 4-1: Manufacturer: syz [ 400.561069][ T5920] usb 4-1: SerialNumber: syz [ 400.580975][ T5920] usb 4-1: config 0 descriptor?? [ 400.625806][T12840] netlink: 'syz.4.2622': attribute type 7 has an invalid length. [ 400.671291][ T5920] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 400.720297][T12840] netlink: 'syz.4.2622': attribute type 7 has an invalid length. [ 400.842781][ T1334] usb 4-1: Failed to submit usb control message: -71 [ 400.849604][ T6653] usb 4-1: USB disconnect, device number 49 [ 400.861379][ T1334] usb 4-1: unable to send the bmi data to the device: -71 [ 400.888726][ T1334] usb 4-1: unable to get target info from device [ 400.904207][ T1334] usb 4-1: could not get target info (-71) [ 400.926967][ T1334] usb 4-1: could not probe fw (-71) [ 402.350025][ T5934] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 402.447549][T12884] syzkaller1: entered promiscuous mode [ 402.472757][T12884] syzkaller1: entered allmulticast mode [ 402.518518][ T5934] usb 8-1: Using ep0 maxpacket: 16 [ 402.529494][ T5934] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 402.541248][ T5934] usb 8-1: config 0 has no interface number 0 [ 402.559538][ T5934] usb 8-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 402.575676][ T5934] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.591767][ T5934] usb 8-1: Product: syz [ 402.602871][ T5934] usb 8-1: Manufacturer: syz [ 402.613236][ T5934] usb 8-1: SerialNumber: syz [ 402.686884][ T5934] usb 8-1: config 0 descriptor?? [ 402.705616][ T5934] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 403.089110][ T6650] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 403.278403][ T6650] usb 6-1: Using ep0 maxpacket: 32 [ 403.303383][ T6650] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.365711][ T6650] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.391372][ T6650] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 403.401834][ T6650] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.413669][ T6650] usb 6-1: config 0 descriptor?? [ 403.423616][ T6650] hub 6-1:0.0: USB hub found [ 403.640064][ T6650] hub 6-1:0.0: 1 port detected [ 403.948895][ T5934] gspca_spca1528: reg_w err -71 [ 403.955001][ T5934] spca1528 8-1:0.1: probe with driver spca1528 failed with error -71 [ 403.984235][ T5934] usb 8-1: USB disconnect, device number 5 [ 404.256613][ T6650] hub 6-1:0.0: activate --> -90 [ 404.459720][ C1] raw-gadget.1 gadget.5: ignoring, device is not running [ 404.467411][ T6650] hub 6-1:0.0: hub_ext_port_status failed (err = -71) [ 404.473886][ T5934] usb 6-1: USB disconnect, device number 34 [ 404.728238][T12946] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2664'. [ 404.886310][T12950] input: syz1 as /devices/virtual/input/input52 [ 405.147151][T12960] input: syz0 as /devices/virtual/input/input53 [ 405.148434][ T6653] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 405.342058][ T6653] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 405.366960][ T6653] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.397460][ T6653] usb 5-1: config 0 descriptor?? [ 405.407792][ T6653] cp210x 5-1:0.0: cp210x converter detected [ 405.458464][ T5934] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 405.660515][ T5934] usb 6-1: Using ep0 maxpacket: 32 [ 405.679307][ T5934] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 405.708741][ T5934] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 405.738151][ T5934] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 405.752435][ T5934] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 405.791236][ T5934] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 405.812941][ T5934] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.813853][T12952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.830853][ T6653] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 405.842418][ T5934] usb 6-1: Product: syz [ 405.878088][ T5934] usb 6-1: Manufacturer: syz [ 405.878517][T12952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.889223][ T5934] usb 6-1: SerialNumber: syz [ 405.939516][ C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 405.962061][ T5934] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/input/input54 [ 405.981354][ T6653] usb 5-1: cp210x converter now attached to ttyUSB0 [ 406.169503][ T5934] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 406.170222][ T6653] usb 5-1: USB disconnect, device number 49 [ 406.203819][ T5934] (id 0x00) [ 406.228976][ T6653] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 406.335805][ T6653] cp210x 5-1:0.0: device disconnected [ 406.349098][ T5934] rc_core: IR keymap rc-imon-pad not found [ 406.355143][ T5934] Registered IR keymap rc-empty [ 406.379115][ T5934] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 406.429725][ T5934] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 406.481718][ T5934] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0 [ 406.521260][ T5934] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0/input55 [ 406.541236][ T5934] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:35> initialized [ 406.781324][ T6653] usb 6-1: USB disconnect, device number 35 [ 407.618712][ T6653] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 407.790588][ T6653] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 407.836540][ T6653] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 407.859423][ T6653] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 407.880698][ T6653] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.907980][T13010] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 407.916583][T13020] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2698'. [ 407.920643][ T6653] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 407.988437][ T6650] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 408.125097][ T6653] usb 5-1: USB disconnect, device number 50 [ 408.148438][ T6650] usb 6-1: Using ep0 maxpacket: 8 [ 408.188463][ T6650] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 408.209734][ T6650] usb 6-1: config 179 has no interface number 0 [ 408.217105][ T6650] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 408.243002][T13024] binder: 13023:13024 ioctl c0306201 2000000003c0 returned -14 [ 408.252881][ T6650] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 408.300805][ T6650] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 408.322706][ T6650] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 408.366556][ T6650] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 408.404796][ T6650] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 408.427832][ T6650] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.456921][T13016] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 408.712549][ T6653] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input56 [ 408.808467][ T6650] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 408.912479][T13016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 408.946489][T13016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 408.991495][ T6650] usb 8-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 409.048598][ T6650] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.056954][ T6650] usb 8-1: Product: syz [ 409.102242][ T6650] usb 8-1: Manufacturer: syz [ 409.110958][ T6650] usb 8-1: SerialNumber: syz [ 409.141952][ T6650] usb 8-1: config 0 descriptor?? [ 409.177184][ T6650] ch341 8-1:0.0: ch341-uart converter detected [ 409.214103][ T5920] usb 6-1: USB disconnect, device number 36 [ 409.214134][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 409.233186][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 409.429133][ T5934] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 409.611844][ T5934] usb 7-1: config 0 has no interfaces? [ 409.642984][ T5934] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 409.652598][ T5934] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.660753][ T5934] usb 7-1: Product: syz [ 409.664967][ T5934] usb 7-1: Manufacturer: syz [ 409.672767][ T5934] usb 7-1: SerialNumber: syz [ 409.681460][ T5934] usb 7-1: config 0 descriptor?? [ 409.955858][ T6653] usb 7-1: USB disconnect, device number 10 [ 410.148931][ T5934] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 410.185209][ T6650] usb 8-1: ch341-uart converter now attached to ttyUSB0 [ 410.313888][ T5934] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 410.326318][ T5934] usb 4-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 410.340510][ T5934] usb 4-1: config 0 interface 0 has no altsetting 0 [ 410.347135][ T5934] usb 4-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 410.356455][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.367289][ T5934] usb 4-1: config 0 descriptor?? [ 410.374672][T13059] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 410.391385][ T6650] usb 8-1: USB disconnect, device number 6 [ 410.407852][ T6650] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 410.417871][ T6650] ch341 8-1:0.0: device disconnected [ 410.589683][T13059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.612582][T13059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.625566][ T5934] usbhid 4-1:0.0: can't add hid device: -71 [ 410.636098][ T5934] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 410.647758][ T5934] usb 4-1: USB disconnect, device number 50 [ 411.083898][T13074] veth1_to_bond: entered allmulticast mode [ 411.092200][T13074] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2721'. [ 411.170697][T13074] veth1_to_bond (unregistering): left allmulticast mode [ 411.181979][ T5934] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 411.265009][T13074] bond0: (slave bond_slave_1): Releasing backup interface [ 411.368491][ T5934] usb 4-1: Using ep0 maxpacket: 32 [ 411.384663][ T5934] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x2 has an invalid bInterval 129, changing to 11 [ 411.409812][ T5934] usb 4-1: config 0 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 7 [ 411.443777][ T5934] usb 4-1: config 0 interface 0 has no altsetting 0 [ 411.458449][ T5934] usb 4-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 411.477871][ T5934] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.503798][ T5934] usb 4-1: config 0 descriptor?? [ 411.522237][ T5934] hub 4-1:0.0: bad descriptor, ignoring hub [ 411.539091][ T5934] hub 4-1:0.0: probe with driver hub failed with error -5 [ 411.953874][ T5934] plantronics 0003:047F:C055.002B: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:c055] on usb-dummy_hcd.3-1/input0 [ 412.249298][ T5934] usb 4-1: USB disconnect, device number 51 [ 412.688609][ T6642] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 412.801175][T13113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 412.825764][T13115] netlink: 'syz.4.2737': attribute type 2 has an invalid length. [ 412.835416][T13115] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2737'. [ 412.896654][ T6642] usb 8-1: Using ep0 maxpacket: 8 [ 412.961959][ T6642] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 412.983707][ T6642] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.099308][ T6642] pvrusb2: Hardware description: Terratec Grabster AV400 [ 413.106458][ T6642] pvrusb2: ********** [ 413.128655][ T6642] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 413.163675][ T6642] pvrusb2: Important functionality might not be entirely working. [ 413.186913][ T6642] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 413.217722][ T6642] pvrusb2: ********** [ 413.232418][ T2346] pvrusb2: Invalid write control endpoint [ 413.345097][ T2346] pvrusb2: Invalid write control endpoint [ 413.374648][ T2346] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 413.406737][ T2346] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 413.426870][ T2346] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 413.454445][ T2346] pvrusb2: Device being rendered inoperable [ 413.465228][T13100] pvrusb2: Attempted to execute control transfer when device not ok [ 413.475858][ T6650] usb 8-1: USB disconnect, device number 7 [ 413.489108][ T2346] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 413.496298][ T2346] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 413.523177][ T2346] pvrusb2: Attached sub-driver cx25840 [ 413.529464][ T2346] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 413.540203][ T2346] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 413.726516][T13136] input: syz0 as /devices/virtual/input/input57 [ 413.999626][T13143] input: syz0 as /devices/virtual/input/input58 [ 414.274050][T13149] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2752'. [ 414.427587][T13158] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2756'. [ 414.449838][T13158] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2756'. [ 414.564962][T13164] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2755'. [ 414.947507][T13182] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 415.078594][ T6653] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 415.233657][ T6653] usb 8-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 415.255592][ T6653] usb 8-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 415.305334][ T6653] usb 8-1: config 1 interface 0 has no altsetting 0 [ 415.306437][T13191] netlink: 'syz.4.2769': attribute type 1 has an invalid length. [ 415.343425][ T6653] usb 8-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 415.354005][ T6653] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.372148][ T6653] usb 8-1: Product: syz [ 415.382181][ T6653] usb 8-1: Manufacturer: syz [ 415.393684][ T6653] usb 8-1: SerialNumber: syz [ 415.398640][T13191] netlink: 'syz.4.2769': attribute type 2 has an invalid length. [ 415.408369][ T6650] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 415.418751][T13191] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2769'. [ 415.442838][T13176] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 415.452292][T13176] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 415.616873][ T6650] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 415.640943][ T6650] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 415.663992][ T6650] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.725915][ T6650] usb 6-1: config 0 descriptor?? [ 415.817397][ T6653] rtl8150 8-1:1.0: couldn't reset the device [ 415.881376][ T6653] rtl8150 8-1:1.0: probe with driver rtl8150 failed with error -5 [ 415.888433][ T5920] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 415.907903][ T6653] usb 8-1: USB disconnect, device number 8 [ 416.001199][ T6650] usbhid 6-1:0.0: can't add hid device: -71 [ 416.021285][ T6650] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 416.047651][ T6650] usb 6-1: USB disconnect, device number 37 [ 416.068743][ T5920] usb 5-1: Using ep0 maxpacket: 32 [ 416.077079][ T5920] usb 5-1: config 0 has an invalid interface number: 132 but max is 0 [ 416.109936][ T5920] usb 5-1: config 0 has no interface number 0 [ 416.125892][ T5920] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 416.163323][ T5920] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 416.180471][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.191053][ T5920] usb 5-1: Product: syz [ 416.195471][ T5920] usb 5-1: Manufacturer: syz [ 416.214001][ T5920] usb 5-1: SerialNumber: syz [ 416.226555][ T5920] usb 5-1: config 0 descriptor?? [ 416.239998][ T5920] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 416.251392][ T5920] em28xx 5-1:0.132: Video interface 132 found: [ 416.398533][ T6643] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 416.508499][ T6650] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 416.558368][ T6643] usb 7-1: Using ep0 maxpacket: 32 [ 416.580440][ T6643] usb 7-1: config 0 has an invalid interface number: 132 but max is 0 [ 416.606231][ T6643] usb 7-1: config 0 has no interface number 0 [ 416.614655][ T6643] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 416.636330][ T6643] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 416.658635][ T6643] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.661199][ T5920] em28xx 5-1:0.132: chip ID is em2884 [ 416.667148][ T6643] usb 7-1: Product: syz [ 416.677559][ T6643] usb 7-1: Manufacturer: syz [ 416.682663][ T6643] usb 7-1: SerialNumber: syz [ 416.699339][ T6643] usb 7-1: config 0 descriptor?? [ 416.707898][ T6650] usb 6-1: Using ep0 maxpacket: 32 [ 416.723272][ T6643] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 416.736652][ T6650] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.758020][ T6643] em28xx 7-1:0.132: Video interface 132 found: [ 416.765195][ T6650] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 416.784629][ T6650] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.810675][ T6650] usb 6-1: config 0 descriptor?? [ 416.839284][ T6650] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 416.858719][ T6650] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 417.146159][ T6643] em28xx 7-1:0.132: unknown em28xx chip ID (0) [ 417.327612][ T6642] usb 6-1: USB disconnect, device number 38 [ 417.349171][ T6642] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 417.467731][ T5920] em28xx 5-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 417.483970][ T5920] em28xx 5-1:0.132: failed to read eeprom (err=-5) [ 417.486311][ T6643] em28xx 7-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 417.509167][ T5920] em28xx 5-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 417.530248][ T6643] em28xx 7-1:0.132: board has no eeprom [ 417.588403][ T5920] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 417.598793][ T6643] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 417.606660][ T6643] em28xx 7-1:0.132: analog set to bulk mode. [ 417.607983][ T5920] em28xx 5-1:0.132: analog set to bulk mode. [ 417.640572][ T6650] em28xx 7-1:0.132: Registering V4L2 extension [ 417.658727][ T6643] usb 7-1: USB disconnect, device number 11 [ 417.683336][ T5920] usb 5-1: USB disconnect, device number 51 [ 417.720710][ T5920] em28xx 5-1:0.132: Disconnecting em28xx [ 417.727658][ T6643] em28xx 7-1:0.132: Disconnecting em28xx [ 418.025319][ T6650] em28xx 7-1:0.132: Config register raw data: 0xffffffed [ 418.078383][ T6650] em28xx 7-1:0.132: AC97 chip type couldn't be determined [ 418.100220][ T6650] em28xx 7-1:0.132: No AC97 audio processor [ 418.139100][ T6650] usb 7-1: Decoder not found [ 418.143904][ T6650] em28xx 7-1:0.132: failed to create media graph [ 418.193900][ T6650] em28xx 7-1:0.132: V4L2 device video103 deregistered [ 418.240319][ T6650] em28xx 7-1:0.132: Remote control support is not available for this card. [ 418.282638][ T6643] em28xx 7-1:0.132: Closing input extension [ 418.313524][ T6642] em28xx 5-1:0.132: Registering V4L2 extension [ 418.444769][ T6643] em28xx 7-1:0.132: Freeing device [ 418.913835][ T6642] em28xx 5-1:0.132: Config register raw data: 0xffffffed [ 418.942049][ T6642] em28xx 5-1:0.132: AC97 chip type couldn't be determined [ 418.978589][ T6642] em28xx 5-1:0.132: No AC97 audio processor [ 419.008749][ T6642] usb 5-1: Decoder not found [ 419.021087][ T6642] em28xx 5-1:0.132: failed to create media graph [ 419.037759][ T6642] em28xx 5-1:0.132: V4L2 device video103 deregistered [ 419.091092][ T6642] em28xx 5-1:0.132: Remote control support is not available for this card. [ 419.118872][ T5920] em28xx 5-1:0.132: Closing input extension [ 419.179411][ T5920] em28xx 5-1:0.132: Freeing device [ 419.273888][T13255] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 419.671408][ T1334] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 419.728348][ T1334] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.080909][ T1334] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 420.108439][ T1334] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.352385][ T1334] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 420.391134][ T1334] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.546237][ T1334] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 420.578472][ T1334] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.939592][ T1334] bridge_slave_1: left allmulticast mode [ 420.946128][ T1334] bridge_slave_1: left promiscuous mode [ 420.955779][ T1334] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.976649][ T1334] bridge_slave_0: left allmulticast mode [ 420.995233][ T1334] bridge_slave_0: left promiscuous mode [ 421.002953][ T1334] bridge0: port 1(bridge_slave_0) entered disabled state [ 421.564871][ T1334] erspan0 (unregistering): left promiscuous mode [ 421.673614][ T1334] gretap0 (unregistering): left promiscuous mode [ 421.855587][ T1334] bond2 (unregistering): (slave geneve3): Releasing active interface [ 422.196952][T13325] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 422.220503][T13325] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 422.238011][T13325] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 422.261140][T13325] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 422.272537][T13325] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 422.371835][T13329] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 422.491403][ T1334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 422.514489][ T1334] bond0 (unregistering): Released all slaves [ 422.841914][ T1334] bond1 (unregistering): (slave batadv1): Releasing active interface [ 422.854541][ T1334] bond1 (unregistering): Released all slaves [ 423.207625][T13350] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2832'. [ 423.348791][ T1334] bond2 (unregistering): Released all slaves [ 423.398582][T13352] netlink: 148 bytes leftover after parsing attributes in process `syz.4.2834'. [ 423.438963][ T6650] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 423.648410][ T6650] usb 4-1: Using ep0 maxpacket: 32 [ 423.667249][ T6650] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.713524][ T6650] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 423.745371][ T6650] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 423.755013][ T6650] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.822358][ T6650] usb 4-1: config 0 descriptor?? [ 424.219768][ T1334] hsr_slave_0: left promiscuous mode [ 424.243195][ T1334] hsr_slave_1: left promiscuous mode [ 424.266421][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 424.273664][ T6650] savu 0003:1E7D:2D5A.002C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 424.304211][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 424.329758][T13325] Bluetooth: hci3: command tx timeout [ 424.421573][ T1334] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 424.454745][ T1334] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 424.550604][ T5920] usb 4-1: USB disconnect, device number 52 [ 424.623420][T13378] fido_id[13378]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 424.625645][ T1334] veth1_macvtap: left promiscuous mode [ 424.703384][ T1334] veth0_macvtap: left promiscuous mode [ 424.722784][ T1334] veth1_vlan: left promiscuous mode [ 424.738725][ T1334] veth0_vlan: left promiscuous mode [ 425.558528][ T5934] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 425.648414][ T6653] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 425.744030][ T5934] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 425.753059][ T5934] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 425.763634][ T5934] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 425.773403][ T5934] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.788410][ T1334] team0 (unregistering): Port device team_slave_1 removed [ 425.800446][ T5934] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 425.809951][ T5934] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 425.812753][ T6653] usb 4-1: Using ep0 maxpacket: 32 [ 425.818082][ T5934] usb 8-1: Product: syz [ 425.827498][ T5934] usb 8-1: Manufacturer: syz [ 425.847059][ T6653] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.867340][ T5934] cdc_wdm 8-1:1.0: skipping garbage [ 425.869162][ T6653] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.873017][ T5934] cdc_wdm 8-1:1.0: skipping garbage [ 425.884087][ T6653] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 425.893166][ T5934] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 425.901741][ T6653] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.903435][ T5934] cdc_wdm 8-1:1.0: Unknown control protocol [ 425.939508][ T6653] usb 4-1: config 0 descriptor?? [ 425.966869][ T6653] hub 4-1:0.0: USB hub found [ 425.973430][ T1334] team0 (unregistering): Port device team_slave_0 removed [ 426.087294][ C0] cdc_wdm 8-1:1.0: unknown notification 255 received: index 255 len 0 [ 426.164654][ T6653] hub 4-1:0.0: 1 port detected [ 426.303243][ T5934] usb 8-1: USB disconnect, device number 9 [ 426.408774][T13325] Bluetooth: hci3: command tx timeout [ 426.913535][ T6653] hub 4-1:0.0: activate --> -90 [ 426.932955][T13413] input: syz1 as /devices/virtual/input/input59 [ 426.950348][T13330] chnl_net:caif_netlink_parms(): no params data found [ 427.481033][ T6650] usb 4-1: USB disconnect, device number 53 [ 428.062617][T13330] bridge0: port 1(bridge_slave_0) entered blocking state [ 428.113960][T13330] bridge0: port 1(bridge_slave_0) entered disabled state [ 428.169259][T13330] bridge_slave_0: entered allmulticast mode [ 428.225577][T13330] bridge_slave_0: entered promiscuous mode [ 428.270755][T13330] bridge0: port 2(bridge_slave_1) entered blocking state [ 428.310760][T13330] bridge0: port 2(bridge_slave_1) entered disabled state [ 428.337272][T13330] bridge_slave_1: entered allmulticast mode [ 428.394224][T13330] bridge_slave_1: entered promiscuous mode [ 428.488473][T13325] Bluetooth: hci3: command tx timeout [ 428.617628][ T1334] IPVS: stop unused estimator thread 0... [ 428.772687][T13330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 428.881035][T13330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 429.029482][T13462] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=3356708090 (26853664720 ns) > initial count (9735166528 ns). Using initial count to start timer. [ 429.079914][T13463] kvm: Disabled LAPIC found during irq injection [ 429.161585][T13330] team0: Port device team_slave_0 added [ 429.200643][T13330] team0: Port device team_slave_1 added [ 429.374871][T13330] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 429.426336][T13330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 429.537680][T13330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 429.611446][T13330] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 429.638293][T13330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 429.734224][T13330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 429.888518][ T6643] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 430.014231][T13330] hsr_slave_0: entered promiscuous mode [ 430.031465][T13330] hsr_slave_1: entered promiscuous mode [ 430.038016][T13330] debugfs: 'hsr0' already exists in 'hsr' [ 430.063803][ T6643] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 430.069876][T13330] Cannot create hsr debugfs directory [ 430.096900][ T6643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 430.149490][ T6643] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 430.191198][ T6643] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 430.222592][T13486] netlink: 35 bytes leftover after parsing attributes in process `syz.4.2875'. [ 430.224611][ T6643] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 430.262121][ T6643] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.275229][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2875'. [ 430.288188][ T6643] usb 4-1: config 0 descriptor?? [ 430.571808][T13325] Bluetooth: hci3: command tx timeout [ 430.734401][ T6643] plantronics 0003:047F:FFFF.002D: reserved main item tag 0xd [ 430.774156][T13495] input: syz0 as /devices/virtual/input/input60 [ 430.828884][ T6643] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 431.074270][T13472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.108388][T13472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.157268][T13330] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 431.175723][ T6643] usb 4-1: USB disconnect, device number 54 [ 431.256611][T13330] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 431.309846][T13330] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 431.351918][T13330] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 431.595521][T13330] 8021q: adding VLAN 0 to HW filter on device bond0 [ 431.603061][T13509] delete_channel: no stack [ 431.631950][T13330] 8021q: adding VLAN 0 to HW filter on device team0 [ 431.658680][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state [ 431.665907][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state [ 431.715790][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.723354][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.114016][T13330] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 432.293973][T13330] veth0_vlan: entered promiscuous mode [ 432.353809][T13330] veth1_vlan: entered promiscuous mode [ 432.360475][T13534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2888'. [ 432.388620][T13534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2888'. [ 432.462728][T13330] veth0_macvtap: entered promiscuous mode [ 432.495897][T13330] veth1_macvtap: entered promiscuous mode [ 432.605030][T13330] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 432.657678][T13330] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 432.705666][ T1334] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.782195][ T1334] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.821691][ T1334] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.834424][ T1334] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.904062][ T30] audit: type=1326 audit(1762217722.821:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13542 comm="syz.3.2891" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f534818f6c9 code=0x0 [ 433.121501][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.150272][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.262544][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 433.281285][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 433.790719][T13561] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 434.468674][T13576] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2899'. [ 434.528314][T13576] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2899'. [ 434.857172][ T5840] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 435.041664][ T5840] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 435.063658][ T5840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.097993][ T5840] usb 5-1: config 0 descriptor?? [ 435.958627][ T6653] psmouse serio2: Failed to reset mouse on : -5 [ 436.156413][ T5840] usb 5-1: Cannot set autoneg [ 436.163931][ T5840] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 436.183545][ T5840] usb 5-1: USB disconnect, device number 52 [ 436.278409][ T6643] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 436.461099][ T6643] usb 8-1: Using ep0 maxpacket: 32 [ 436.478622][ T6643] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10a5, bcdDevice=eb.4c [ 436.499465][ T6643] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.524324][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.560307][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.566809][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.709810][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.716416][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.818565][ T6643] usb 8-1: dvb_usb_v2: found a 'Terratec H7 Rev.4' in warm state [ 436.830066][ T6643] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 436.860829][ T6643] dvbdev: DVB: registering new adapter (Terratec H7 Rev.4) [ 436.876073][ T6643] usb 8-1: media controller created [ 436.882402][ T6643] usb 8-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 436.891536][ T6643] usb 8-1: dvb_usb_v2: MAC address: 00:00:00:00:00:00 [ 436.952209][ T6643] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 437.008306][ T30] audit: type=1326 audit(1762217726.911:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13612 comm="syz.6.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf458f6c9 code=0x7fc00000 [ 437.155192][ T6643] usb 8-1: USB disconnect, device number 10 [ 437.585232][ T30] audit: type=1326 audit(1762217727.501:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13612 comm="syz.6.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdaf458f6c9 code=0x7fc00000 [ 437.969648][T13651] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 438.101201][ T5840] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 438.275164][ T5840] usb 5-1: unable to get BOS descriptor or descriptor too short [ 438.285449][ T5840] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 438.294194][ T5840] usb 5-1: can't read configurations, error -71 [ 438.398620][ T6652] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 438.558430][ T5902] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 438.558441][ T6652] usb 7-1: Using ep0 maxpacket: 32 [ 438.560130][ T6652] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 438.580500][ T6652] usb 7-1: config 0 has no interface number 0 [ 438.588029][ T6652] usb 7-1: config 0 interface 184 has no altsetting 0 [ 438.597768][ T6652] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 438.606999][ T6652] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.615107][ T6652] usb 7-1: Product: syz [ 438.619442][ T6652] usb 7-1: Manufacturer: syz [ 438.624082][ T6652] usb 7-1: SerialNumber: syz [ 438.631655][ T6652] usb 7-1: config 0 descriptor?? [ 438.639999][ T6652] smsc75xx v1.0.0 [ 438.720872][ T5902] usb 9-1: config 0 has no interfaces? [ 438.729876][ T5902] usb 9-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 438.740213][ T5902] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.751009][ T5902] usb 9-1: Product: syz [ 438.755583][ T5902] usb 9-1: Manufacturer: syz [ 438.760444][ T5902] usb 9-1: SerialNumber: syz [ 438.767830][ T5902] usb 9-1: config 0 descriptor?? [ 439.023182][T13668] misc userio: Can't change port type on an already running userio instance [ 439.145579][T13659] veth0_vlan: left promiscuous mode [ 439.153857][T13659] veth0_vlan: entered promiscuous mode [ 439.189318][ T6643] usb 9-1: USB disconnect, device number 2 [ 439.728998][ T6653] misc userio: Buffer overflowed, userio client isn't keeping up [ 439.871142][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 439.911370][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 439.938899][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 439.959803][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 439.979863][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 440.001051][ T6652] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 440.017372][T13677] netlink: 'syz.8.2937': attribute type 1 has an invalid length. [ 440.031428][ T6652] smsc75xx 7-1:0.184: probe with driver smsc75xx failed with error -71 [ 440.061674][ T6652] usb 7-1: USB disconnect, device number 12 [ 440.262700][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.269420][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.612580][T13685] netlink: 348 bytes leftover after parsing attributes in process `syz.8.2940'. [ 440.812118][ T6653] input: PS/2 Generic Mouse as /devices/serio2/input/input62 [ 441.292509][ T6653] psmouse serio2: Failed to enable mouse on [ 441.423634][T13706] syzkaller0: mtu greater than device maximum [ 442.277847][T13732] syzkaller1: entered promiscuous mode [ 442.296119][T13732] syzkaller1: entered allmulticast mode [ 442.708354][ T5840] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 442.899019][ T5840] usb 7-1: Using ep0 maxpacket: 32 [ 442.916619][ T5840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.942462][ T5840] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.956594][ T5840] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 442.975405][ T5840] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.994578][ T5840] usb 7-1: config 0 descriptor?? [ 443.022067][ T5840] hub 7-1:0.0: USB hub found [ 443.232587][ T5840] hub 7-1:0.0: 1 port detected [ 443.848609][ T5840] hub 7-1:0.0: activate --> -90 [ 444.263638][ T6653] usb 7-1: USB disconnect, device number 13 [ 444.280285][ T5840] hub 7-1:0.0: hub_ext_port_status failed (err = -71) [ 444.283111][T13790] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2982'. [ 444.321688][T13790] bond0: option prio: mode dependency failed, not supported in mode balance-rr(0) [ 444.388385][ T6652] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 444.551297][ T6652] usb 8-1: config 0 has an invalid interface number: 101 but max is 0 [ 444.571380][ T6652] usb 8-1: config 0 has no interface number 0 [ 444.585937][ T6652] usb 8-1: config 0 interface 101 has no altsetting 0 [ 444.593975][ T6652] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 444.603452][ T6652] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.615768][ T6652] usb 8-1: config 0 descriptor?? [ 444.624259][ T6652] cp210x 8-1:0.101: cp210x converter detected [ 444.668400][ T6650] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 444.819577][ T6650] usb 9-1: Using ep0 maxpacket: 16 [ 444.836890][ T6650] usb 9-1: too many configurations: 123, using maximum allowed: 8 [ 444.854998][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.868412][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.889952][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.912026][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.939902][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.972963][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 444.995932][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.009110][ T6650] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.092501][ T6652] cp210x 8-1:0.101: failed to get vendor val 0x000e size 3: -32 [ 445.101564][ T6650] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 445.117361][ T6650] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45 [ 445.139497][ T6650] usb 9-1: SerialNumber: syz [ 445.163059][ T6650] usb 9-1: config 0 descriptor?? [ 445.194285][ T6650] input: bcm5974 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input64 [ 445.327469][ T6652] cp210x 8-1:0.101: GPIO initialisation failed: -19 [ 445.387963][ T6652] usb 8-1: cp210x converter now attached to ttyUSB0 [ 445.456916][ T5184] bcm5974 9-1:0.0: could not read from device [ 445.481782][ T5184] bcm5974 9-1:0.0: could not read from device [ 445.556305][ T5902] usb 8-1: USB disconnect, device number 11 [ 445.567758][ T5902] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 445.573715][ T6650] usb 9-1: USB disconnect, device number 3 [ 445.589001][ T5184] bcm5974 9-1:0.0: could not read from device [ 445.616259][ T5902] cp210x 8-1:0.101: device disconnected [ 447.434078][T13860] kvm: Disabled LAPIC found during irq injection [ 448.076908][T13875] netlink: 280 bytes leftover after parsing attributes in process `syz.7.3007'. [ 448.141778][T13875] netlink: 280 bytes leftover after parsing attributes in process `syz.7.3007'. [ 448.598362][ T6652] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 448.804549][ T6650] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 448.848915][ T6652] usb 5-1: Using ep0 maxpacket: 16 [ 448.868825][ T6652] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 448.888986][ T6652] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 448.914969][ T6652] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 448.940991][ T6652] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.958601][ T6652] usb 5-1: Product: syz [ 448.968938][ T6652] usb 5-1: Manufacturer: syz [ 448.978592][ T6652] usb 5-1: SerialNumber: syz [ 448.988446][ T6650] usb 8-1: Using ep0 maxpacket: 32 [ 449.012671][ T6650] usb 8-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 449.035975][ T6650] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.060427][ T6650] usb 8-1: Product: syz [ 449.064693][ T6650] usb 8-1: Manufacturer: syz [ 449.088590][ T6650] usb 8-1: SerialNumber: syz [ 449.105047][ T6650] usb 8-1: config 0 descriptor?? [ 449.126881][ T6650] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 449.217955][ T6652] usb 5-1: 0:2 : does not exist [ 449.249607][ T6652] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 449.306988][ T6652] usb 5-1: USB disconnect, device number 55 [ 449.419376][ T7156] udevd[7156]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 449.550453][ T6650] gspca_ov534_9: reg_w failed -71 [ 449.978325][ T6650] gspca_ov534_9: Unknown sensor 0000 [ 449.978435][ T6650] ov534_9 8-1:0.0: probe with driver ov534_9 failed with error -22 [ 450.012745][ T6650] usb 8-1: USB disconnect, device number 12 [ 450.289320][T13910] binder: 13908:13910 ioctl c0306201 200000000040 returned -14 [ 450.435817][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 450.457217][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 450.471893][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 450.491374][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 450.507176][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 451.339109][T13937] loop2: detected capacity change from 0 to 7 [ 451.348353][ T5917] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 451.351054][T13937] loop2: [ 451.384392][T13937] loop2: partition table partially beyond EOD, truncated [ 451.531259][ T5917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.608468][ T5917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.663407][ T5917] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 451.695641][ T5917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.743703][T13920] chnl_net:caif_netlink_parms(): no params data found [ 451.748776][ T5917] usb 7-1: config 0 descriptor?? [ 452.152547][T13920] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.160769][T13920] bridge0: port 1(bridge_slave_0) entered disabled state [ 452.168199][T13920] bridge_slave_0: entered allmulticast mode [ 452.202051][T13920] bridge_slave_0: entered promiscuous mode [ 452.228164][ T5917] pyra 0003:1E7D:2CF6.002E: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.6-1/input0 [ 452.231794][T13920] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.280770][T13920] bridge0: port 2(bridge_slave_1) entered disabled state [ 452.309463][T13920] bridge_slave_1: entered allmulticast mode [ 452.317805][T13920] bridge_slave_1: entered promiscuous mode [ 452.569990][T13325] Bluetooth: hci0: command tx timeout [ 452.585901][T13920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 452.601503][T13920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 452.684444][T13920] team0: Port device team_slave_0 added [ 452.704901][T13920] team0: Port device team_slave_1 added [ 452.794386][T13920] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 452.818334][T13920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 452.868447][ T6650] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 452.877934][T13920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 452.902729][T13920] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 452.918295][T13920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 452.975644][T13920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.051481][ T6650] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.079856][ T6650] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 453.110125][ T6650] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 453.128853][ T6650] usb 8-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 453.131436][T13920] hsr_slave_0: entered promiscuous mode [ 453.147602][ T6650] usb 8-1: Manufacturer: syz [ 453.164848][T13920] hsr_slave_1: entered promiscuous mode [ 453.166200][ T6650] usb 8-1: config 0 descriptor?? [ 453.184764][T13920] debugfs: 'hsr0' already exists in 'hsr' [ 453.199543][T13920] Cannot create hsr debugfs directory [ 453.249641][ T5917] pyra 0003:1E7D:2CF6.002E: couldn't init struct pyra_device [ 453.278427][ T5917] pyra 0003:1E7D:2CF6.002E: couldn't install mouse [ 453.300519][ T5917] pyra 0003:1E7D:2CF6.002E: probe with driver pyra failed with error -71 [ 453.356995][ T5917] usb 7-1: USB disconnect, device number 14 [ 453.819478][T13920] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 453.862026][T13920] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 453.898752][T13920] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 453.935134][T13920] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 454.221960][ T6650] uclogic 0003:256C:006D.002F: v1 frame probing failed: -71 [ 454.242402][ T6650] uclogic 0003:256C:006D.002F: failed probing parameters: -71 [ 454.261902][ T6650] uclogic 0003:256C:006D.002F: probe with driver uclogic failed with error -71 [ 454.296316][T13920] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.316541][ T6650] usb 8-1: USB disconnect, device number 13 [ 454.416633][T13920] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.451656][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.458918][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.520724][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.527962][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.648859][T13325] Bluetooth: hci0: command tx timeout [ 454.805828][T13920] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 454.982856][T13920] veth0_vlan: entered promiscuous mode [ 455.030870][T13920] veth1_vlan: entered promiscuous mode [ 455.133236][T13920] veth0_macvtap: entered promiscuous mode [ 455.173009][T13920] veth1_macvtap: entered promiscuous mode [ 455.247810][T13920] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.328888][T13920] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.378679][ T6664] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.409703][ T6664] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.435739][ T6664] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.476923][ T6664] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.787046][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.821091][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.992489][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 456.029231][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 456.728445][T13325] Bluetooth: hci0: command tx timeout [ 457.352664][ T6642] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 457.529527][ T6642] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.551223][ T6642] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 457.592207][ T6642] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 457.621056][ T6642] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 457.649489][ T6642] usb 10-1: SerialNumber: syz [ 457.881385][ T6642] usb 10-1: 0:2 : does not exist [ 457.961756][ T6642] usb 10-1: USB disconnect, device number 2 [ 458.022398][ T7156] udevd[7156]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 458.278656][ T5902] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 458.464494][ T5902] usb 8-1: Using ep0 maxpacket: 32 [ 458.489104][ T5902] usb 8-1: config 0 has an invalid interface number: 12 but max is 0 [ 458.506524][ T5902] usb 8-1: config 0 has no interface number 0 [ 458.520908][ T5902] usb 8-1: config 0 interface 12 has no altsetting 0 [ 458.534779][ T5902] usb 8-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 458.553941][ T5902] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.592059][ T5902] usb 8-1: Product: syz [ 458.608005][ T5902] usb 8-1: Manufacturer: syz [ 458.617253][ T5902] usb 8-1: SerialNumber: syz [ 458.634669][ T5902] usb 8-1: config 0 descriptor?? [ 458.768430][ T6642] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 458.808917][T13325] Bluetooth: hci0: command tx timeout [ 458.948355][ T6642] usb 5-1: Using ep0 maxpacket: 32 [ 458.979001][ T6642] usb 5-1: config 0 has an invalid interface number: 12 but max is 0 [ 458.987274][ T6642] usb 5-1: config 0 has no interface number 0 [ 459.011271][ T6642] usb 5-1: config 0 interface 12 has no altsetting 0 [ 459.029980][ T6642] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 459.049398][ T6642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.057772][ T6642] usb 5-1: Product: syz [ 459.068316][ T6642] usb 5-1: Manufacturer: syz [ 459.078618][ T6642] usb 5-1: SerialNumber: syz [ 459.109885][ T6642] usb 5-1: config 0 descriptor?? [ 459.947603][ T5902] f81534 8-1:0.12: f81534_set_register: reg: 1003 data: b0 failed: -71 [ 459.977482][ T5902] f81534 8-1:0.12: f81534_find_config_idx: read failed: -71 [ 460.007577][ T5902] f81534 8-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 460.036525][ T5902] f81534 8-1:0.12: probe with driver f81534 failed with error -71 [ 460.076091][ T5902] usb 8-1: USB disconnect, device number 14 [ 460.511645][T14073] fuse: root generation should be zero [ 460.572366][ T6642] f81534 5-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71 [ 460.592258][ T6642] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71 [ 460.617806][ T6642] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 460.641725][ T6642] f81534 5-1:0.12: probe with driver f81534 failed with error -71 [ 460.699929][ T6642] usb 5-1: USB disconnect, device number 56 [ 461.027916][T14081] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3072'. [ 461.118578][T14081] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3072'. [ 461.547398][T14092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 462.120951][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069440c00: rx timeout, send abort [ 462.131889][ C0] vcan0: j1939_tp_rxtimer: 0xffff888069441c00: rx timeout, send abort [ 462.140447][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888069440c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 462.156934][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888069441c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 462.198584][ T6650] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 462.418315][ T6650] usb 8-1: Using ep0 maxpacket: 8 [ 462.431588][ T6650] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 462.443076][ T6650] usb 8-1: config 0 has no interface number 0 [ 462.478804][ T6650] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 462.511553][ T6650] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 462.533071][ T6650] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.557530][ T6650] usb 8-1: config 0 descriptor?? [ 462.609171][ T6650] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 462.771503][T14113] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3085'. [ 462.842567][ T5902] usb 8-1: USB disconnect, device number 15 [ 464.098488][T14137] batadv_slave_1: entered promiscuous mode [ 464.121101][T14137] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3093'. [ 464.132745][T14137] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 464.225575][T14137] batadv_slave_1 (unregistering): left promiscuous mode [ 464.241937][T14137] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.808451][ T5902] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 464.988377][ T5902] usb 7-1: Using ep0 maxpacket: 32 [ 465.002992][ T5902] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 465.019416][ T5902] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 465.058471][ T5902] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 465.088385][ T5902] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.150715][ T5902] usb 7-1: config 0 descriptor?? [ 465.180503][ T5902] hub 7-1:0.0: bad descriptor, ignoring hub [ 465.221870][ T5902] hub 7-1:0.0: probe with driver hub failed with error -5 [ 465.590390][ T5902] usb 7-1: USB disconnect, device number 15 [ 467.387804][T14202] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3120'. [ 467.916074][T14182] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 468.392145][ T30] audit: type=1326 audit(1762217758.311:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14232 comm="syz.9.3132" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f052c38f6c9 code=0x0 [ 468.698352][ T6652] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 468.869036][ T6652] usb 8-1: Using ep0 maxpacket: 8 [ 468.891647][ T6652] usb 8-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d [ 468.915472][ T6652] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.934140][ T6652] usb 8-1: Product: syz [ 468.945536][ T6652] usb 8-1: Manufacturer: syz [ 468.955661][ T6652] usb 8-1: SerialNumber: syz [ 468.982713][ T6652] usb 8-1: config 0 descriptor?? [ 469.012372][ T6652] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 469.250396][T14260] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3143'. [ 469.556841][T14269] sctp: [Deprecated]: syz.4.3148 (pid 14269) Use of struct sctp_assoc_value in delayed_ack socket option. [ 469.556841][T14269] Use struct sctp_sack_info instead [ 469.852962][ T49] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.110747][ T49] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.232069][ T6652] input: sonixj as /devices/platform/dummy_hcd.7/usb8/8-1/input/input65 [ 470.513065][ T6642] usb 8-1: USB disconnect, device number 16 [ 470.715535][ T49] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.938101][ T49] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 471.274248][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 471.286272][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 471.295936][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 471.315590][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 471.324741][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 471.600748][ T49] bridge_slave_1: left allmulticast mode [ 471.610888][ T49] bridge_slave_1: left promiscuous mode [ 471.628691][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.708641][ T49] bridge_slave_0: left allmulticast mode [ 471.733277][ T49] bridge_slave_0: left promiscuous mode [ 471.774951][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.920729][T14317] loop6: detected capacity change from 0 to 7 [ 471.938611][T14317] Dev loop6: unable to read RDB block 7 [ 471.944258][T14317] loop6: unable to read partition table [ 471.961498][T14317] loop6: partition table beyond EOD, truncated [ 471.988155][T14317] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 472.138339][ T6652] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 472.318459][ T6652] usb 9-1: Using ep0 maxpacket: 16 [ 472.343529][ T6652] usb 9-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 472.367703][ T6652] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.376293][ T6652] usb 9-1: Product: syz [ 472.381896][ T6652] usb 9-1: Manufacturer: syz [ 472.390502][ T6652] usb 9-1: SerialNumber: syz [ 472.413249][ T6652] usb 9-1: config 0 descriptor?? [ 472.670342][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 472.709241][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 472.724130][ T49] bond0 (unregistering): Released all slaves [ 472.836776][T14334] input: syz0 as /devices/virtual/input/input66 [ 472.842766][ T6652] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 472.867850][ T6652] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 472.888999][ T6652] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 472.911199][ T6652] usb 9-1: media controller created [ 472.963788][ T6652] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 473.044683][ T6652] zl10353_read_register: readreg error (reg=127, ret==0) [ 473.065712][ T6652] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 473.086504][ T6652] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 473.370375][T13325] Bluetooth: hci0: command tx timeout [ 473.660669][ T6652] usb 9-1: USB disconnect, device number 4 [ 473.766070][ T6652] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 474.265522][ T49] hsr_slave_0: left promiscuous mode [ 474.289063][ T49] hsr_slave_1: left promiscuous mode [ 474.295477][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 474.312371][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 474.340386][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 474.370166][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 474.423610][ T49] veth1_macvtap: left promiscuous mode [ 474.432569][ T49] veth0_macvtap: left promiscuous mode [ 474.439000][ T49] veth1_vlan: left promiscuous mode [ 474.444809][ T49] veth0_vlan: left promiscuous mode [ 475.449577][T13325] Bluetooth: hci0: command tx timeout [ 475.867481][ T49] team0 (unregistering): Port device team_slave_1 removed [ 475.972045][ T49] team0 (unregistering): Port device team_slave_0 removed [ 476.711428][T14300] chnl_net:caif_netlink_parms(): no params data found [ 477.310276][T14300] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.317712][T14300] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.350757][T14300] bridge_slave_0: entered allmulticast mode [ 477.374412][T14300] bridge_slave_0: entered promiscuous mode [ 477.419372][T14300] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.426569][T14300] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.489070][T14300] bridge_slave_1: entered allmulticast mode [ 477.507437][T14300] bridge_slave_1: entered promiscuous mode [ 477.528514][T13325] Bluetooth: hci0: command tx timeout [ 477.732761][T14300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.766863][T14300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 477.810842][ T6652] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 477.906429][T14300] team0: Port device team_slave_0 added [ 477.924356][T14300] team0: Port device team_slave_1 added [ 477.978496][ T6652] usb 9-1: Using ep0 maxpacket: 8 [ 477.993221][ T6652] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 478.003446][ T6652] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 478.039286][ T6652] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 478.055107][T14300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 478.072048][ T6652] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 478.074064][T14300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 478.088289][ T6652] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 478.132288][T14300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 478.158898][T14300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 478.166122][T14300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 478.192933][ T6652] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 478.192965][ T6652] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.330338][T14300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 478.373063][ T30] audit: type=1326 audit(1762217768.291:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14439 comm="syz.4.3201" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x0 [ 478.432466][ T6652] usb 9-1: usb_control_msg returned -32 [ 478.448659][ T6652] usbtmc 9-1:16.0: can't read capabilities [ 478.527309][T14443] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3965544961 (63448719376 ns) > initial count (51650093520 ns). Using initial count to start timer. [ 478.577162][T14300] hsr_slave_0: entered promiscuous mode [ 478.610765][T14300] hsr_slave_1: entered promiscuous mode [ 478.617458][T14300] debugfs: 'hsr0' already exists in 'hsr' [ 478.623600][T14300] Cannot create hsr debugfs directory [ 479.228454][ T5902] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 479.398431][ T5902] usb 7-1: Using ep0 maxpacket: 32 [ 479.416747][ T5902] usb 7-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 479.454895][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.490081][ T5902] usb 7-1: Product: syz [ 479.494301][ T5902] usb 7-1: Manufacturer: syz [ 479.515475][ T5902] usb 7-1: SerialNumber: syz [ 479.565274][ T5902] usb 7-1: config 0 descriptor?? [ 479.603022][ T5902] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 479.619741][T13325] Bluetooth: hci0: command tx timeout [ 479.730459][T14471] usbtmc 9-1:16.0: usb_control_msg returned -32 [ 479.874853][ T6652] usb 9-1: USB disconnect, device number 5 [ 480.009029][T14476] A link change request failed with some changes committed already. Interface gre1 may have been left with an inconsistent configuration, please check. [ 480.503262][T14300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 480.598143][T14300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 480.645523][T14300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 480.696518][T14491] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3213'. [ 480.764296][T14300] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 481.036342][ T5902] gspca_stk1135: reg_w 0xf err -71 [ 481.046588][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.054702][ T5902] gspca_stk1135: Sensor write failed [ 481.065772][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.089555][ T5902] gspca_stk1135: Sensor write failed [ 481.096323][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.303782][ T5902] gspca_stk1135: Sensor read failed [ 481.319004][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.337425][ T5902] gspca_stk1135: Sensor read failed [ 481.342901][ T5902] gspca_stk1135: Detected sensor type unknown (0x0) [ 481.370406][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.376812][ T5902] gspca_stk1135: Sensor read failed [ 481.382917][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.418518][ T5902] gspca_stk1135: Sensor read failed [ 481.424557][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.461819][ T5902] gspca_stk1135: Sensor write failed [ 481.467204][ T5902] gspca_stk1135: serial bus timeout: status=0x00 [ 481.507389][ T5902] gspca_stk1135: Sensor write failed [ 481.518391][ T5902] stk1135 7-1:0.0: probe with driver stk1135 failed with error -71 [ 481.546653][ T5902] usb 7-1: USB disconnect, device number 16 [ 481.632824][T14491] team0 (unregistering): Port device team_slave_0 removed [ 481.675747][T14491] team0 (unregistering): Port device team_slave_1 removed [ 482.126663][T14300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 482.215352][T14300] 8021q: adding VLAN 0 to HW filter on device team0 [ 482.262682][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.269989][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.364546][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.371875][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.550869][ T5920] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 482.733993][T14300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 482.753356][ T5920] usb 5-1: config 0 has no interfaces? [ 482.769879][ T5920] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 482.792345][ T5920] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.820966][ T5920] usb 5-1: Product: syz [ 482.849717][ T5920] usb 5-1: Manufacturer: syz [ 482.863141][ T5920] usb 5-1: SerialNumber: syz [ 482.925032][ T5920] usb 5-1: config 0 descriptor?? [ 482.991955][T14300] veth0_vlan: entered promiscuous mode [ 483.030866][T14300] veth1_vlan: entered promiscuous mode [ 483.140012][T14300] veth0_macvtap: entered promiscuous mode [ 483.165345][T14300] veth1_macvtap: entered promiscuous mode [ 483.194734][ T5902] usb 5-1: USB disconnect, device number 57 [ 483.255886][T14300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.317544][T14300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.383659][ T1334] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.412718][ T1334] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.460758][ T1334] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.488526][ T1334] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.628385][ T5902] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 483.644068][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.661822][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.785249][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.806251][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.828640][ T5902] usb 9-1: Using ep0 maxpacket: 8 [ 483.843018][ T5902] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 483.884948][ T5902] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 483.925207][ T5902] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 483.991053][ T5902] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 484.032145][ T5902] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 484.075993][ T5902] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 484.095464][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.351288][ T5902] usb 9-1: usb_control_msg returned -32 [ 484.374226][ T5902] usbtmc 9-1:16.0: can't read capabilities [ 484.728524][T14597] input: syz1 as /devices/virtual/input/input67 [ 485.142180][T14607] usbtmc 9-1:16.0: usb_control_msg returned -32 [ 485.344680][ T5902] usb 9-1: USB disconnect, device number 6 [ 485.692227][ T30] audit: type=1326 audit(1762217775.601:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 485.777366][ T30] audit: type=1326 audit(1762217775.641:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 485.854880][ T30] audit: type=1326 audit(1762217775.641:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 485.969859][ T30] audit: type=1326 audit(1762217775.651:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 486.110120][ T30] audit: type=1326 audit(1762217775.651:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 486.207319][ T30] audit: type=1326 audit(1762217775.721:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 486.361801][ T30] audit: type=1326 audit(1762217775.721:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f661c18f703 code=0x7ffc0000 [ 486.788952][ T30] audit: type=1326 audit(1762217776.701:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f661c18f6c9 code=0x7ffc0000 [ 486.887824][ T30] audit: type=1326 audit(1762217776.701:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f661c18f787 code=0x7ffc0000 [ 486.927963][ T30] audit: type=1326 audit(1762217776.711:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14622 comm="syz.7.3245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f661c146b2d code=0x7ffc0000 [ 487.459677][T14665] syz_tun: entered promiscuous mode [ 487.484848][T14665] syz_tun: left promiscuous mode [ 488.133305][ C0] vxcan1: j1939_tp_rxtimer: 0xffff8881417d5800: rx timeout, send abort [ 488.142464][ C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff8881417d5800: 0x2ff01: (3) A timeout occurred and this is the connection abort to close the session. [ 488.859627][T14713] netlink: 220 bytes leftover after parsing attributes in process `syz.8.3271'. [ 488.882461][T14713] netlink: 220 bytes leftover after parsing attributes in process `syz.8.3271'. [ 488.928328][ T5920] usb 7-1: new full-speed USB device number 17 using dummy_hcd [ 489.091657][ T5920] usb 7-1: config 0 has an invalid interface number: 49 but max is 0 [ 489.109432][ T5920] usb 7-1: config 0 has no interface number 0 [ 489.126003][ T5920] usb 7-1: config 0 interface 49 has no altsetting 0 [ 489.136173][ T5920] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10b2, bcdDevice=c7.1b [ 489.178363][ T5920] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.218058][ T5920] usb 7-1: config 0 descriptor?? [ 489.382222][T14737] netlink: 'syz.4.3277': attribute type 3 has an invalid length. [ 489.390510][T14737] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3277'. [ 489.559558][ T6652] usb 8-1: new full-speed USB device number 17 using dummy_hcd [ 489.766551][ T6652] usb 8-1: unable to get BOS descriptor or descriptor too short [ 489.782402][ T6652] usb 8-1: unable to read config index 0 descriptor/start: -71 [ 489.806880][ T6652] usb 8-1: can't read configurations, error -71 [ 489.970093][ T5920] usb 7-1: string descriptor 0 read error: -71 [ 490.011716][T14751] loop6: detected capacity change from 0 to 7 [ 490.025321][ T5920] usb 7-1: USB disconnect, device number 17 [ 490.043413][T14751] Dev loop6: unable to read RDB block 7 [ 490.068598][T14751] loop6: unable to read partition table [ 490.096248][T14751] loop6: partition table beyond EOD, truncated [ 490.117520][T14751] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 490.124777][T14755] netlink: 184 bytes leftover after parsing attributes in process `syz.4.3282'. [ 490.154468][T14755] netlink: 80 bytes leftover after parsing attributes in process `syz.4.3282'. [ 490.606893][T14772] loop5: detected capacity change from 0 to 7 [ 490.626863][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.636170][ C1] buffer_io_error: 329 callbacks suppressed [ 490.636190][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.673197][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.682584][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.696850][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.706293][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.735101][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.744418][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.756155][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.765547][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.776136][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.785434][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.813872][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.823126][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.838450][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.847949][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.856053][T14772] ldm_validate_partition_table(): Disk read failed. [ 490.863229][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.872730][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.895305][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 490.904627][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 490.928875][T14772] Dev loop5: unable to read RDB block 0 [ 490.956973][T14772] loop5: unable to read partition table [ 490.975553][T14772] loop5: partition table beyond EOD, truncated [ 490.992503][T14772] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 491.758364][ T5902] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 491.918505][ T5902] usb 7-1: Using ep0 maxpacket: 32 [ 491.926401][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.963572][ T5902] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.015046][ T5902] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 492.054871][ T5902] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.093099][ T5902] usb 7-1: config 0 descriptor?? [ 492.129589][ T5902] hub 7-1:0.0: USB hub found [ 492.324909][ T5902] hub 7-1:0.0: 1 port detected [ 492.738412][ T6642] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 492.923128][ T6642] usb 1-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 492.958792][ T6642] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.004997][ T6642] usb 1-1: Product: syz [ 493.016435][ T5902] hub 7-1:0.0: activate --> -90 [ 493.023503][ T6642] usb 1-1: Manufacturer: syz [ 493.028143][ T6642] usb 1-1: SerialNumber: syz [ 493.105499][ T6642] usb 1-1: config 0 descriptor?? [ 493.134233][ T6642] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 493.418914][ T5902] usb 7-1-port1: cannot disable (err = -71) [ 493.418922][ T6652] usb 7-1: USB disconnect, device number 18 [ 494.532661][T14874] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3312'. [ 494.561045][ T6642] gspca_sunplus: reg_w_riv err -71 [ 494.566591][ T6642] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 494.612061][ T6642] usb 1-1: USB disconnect, device number 5 [ 494.826266][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 494.826285][ T30] audit: type=1326 audit(1762217784.741:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 494.863463][T14881] syz.4.3314 (14881): drop_caches: 0 [ 494.936028][ T30] audit: type=1326 audit(1762217784.781:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.000841][ T30] audit: type=1326 audit(1762217784.781:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.054288][ T30] audit: type=1326 audit(1762217784.781:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.093299][ T30] audit: type=1326 audit(1762217784.781:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.218703][ T30] audit: type=1326 audit(1762217784.781:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.274783][ T30] audit: type=1326 audit(1762217784.781:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.378725][ T30] audit: type=1326 audit(1762217784.781:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.382204][T14902] loop6: detected capacity change from 0 to 7 [ 495.457363][ T30] audit: type=1326 audit(1762217784.781:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=18 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.525717][T14902] Dev loop6: unable to read RDB block 7 [ 495.530568][ T30] audit: type=1326 audit(1762217784.791:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14879 comm="syz.4.3314" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x7ffc0000 [ 495.532227][T14902] loop6: unable to read partition table [ 495.581200][T14902] loop6: partition table beyond EOD, truncated [ 495.620081][T14902] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 498.688342][ T10] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 498.927359][ T10] usb 1-1: New USB device found, idVendor=055d, idProduct=9002, bcdDevice=23.5e [ 498.957231][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.010550][ T10] usb 1-1: Product: syz [ 499.014779][ T10] usb 1-1: Manufacturer: syz [ 499.048440][ T10] usb 1-1: SerialNumber: syz [ 499.069410][ T10] usb 1-1: config 0 descriptor?? [ 499.143852][ T10] pwc: Samsung SNC-35E (v3.0) USB webcam detected. [ 499.236336][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3353'. [ 499.299138][ T10] pwc: Failed to set LED on/off time (-71) [ 499.333432][ T10] pwc: send_video_command error -71 [ 499.352607][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3353'. [ 499.361863][ T1334] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.377604][ T10] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 499.396260][ T1334] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.407645][ T10] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 499.446826][ T1334] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.473223][ T10] usb 1-1: USB disconnect, device number 6 [ 499.496168][ T1334] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.593266][T15020] loop6: detected capacity change from 0 to 7 [ 499.631774][T15020] Dev loop6: unable to read RDB block 7 [ 499.637422][T15020] loop6: unable to read partition table [ 499.669238][T15020] loop6: partition table beyond EOD, truncated [ 499.676341][T15020] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 500.599508][ T5917] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 500.778867][ T5917] usb 9-1: Using ep0 maxpacket: 8 [ 500.799479][ T5917] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 500.835372][ T5917] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 500.886323][ T5917] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 500.938375][ T5917] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 500.964211][ T5917] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 501.042884][ T5917] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 501.078962][ T5917] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.321715][ T5917] usb 9-1: GET_CAPABILITIES returned 0 [ 501.327384][ T5917] usbtmc 9-1:16.0: can't read capabilities [ 501.666443][T15035] usbtmc 9-1:16.0: usb_control_msg returned -71 [ 501.674805][ T6643] usb 9-1: USB disconnect, device number 7 [ 501.696158][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.712073][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.621582][T15085] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 502.698505][ T30] audit: type=1326 audit(1762217792.591:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15086 comm="syz.4.3374" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x0 [ 504.089525][T15125] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 504.297326][T15130] kvm: Disabled LAPIC found during irq injection [ 504.790915][ T6642] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 505.001598][ T6642] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 505.030245][ T6642] usb 9-1: config 0 has no interfaces? [ 505.057810][ T6642] usb 9-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 505.087528][ T6642] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.143997][ T6642] usb 9-1: Product: syz [ 505.162316][ T6642] usb 9-1: Manufacturer: syz [ 505.167002][ T6642] usb 9-1: SerialNumber: syz [ 505.201545][ T6642] usb 9-1: config 0 descriptor?? [ 505.255053][ T6650] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 505.446756][ T6642] usb 9-1: USB disconnect, device number 8 [ 505.463946][ T6650] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.485081][ T6650] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 505.513230][ T6650] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.535641][ T6650] usb 5-1: config 0 descriptor?? [ 506.013456][ T6650] lenovo 0003:17EF:6047.0030: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 506.575389][T15180] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3410'. [ 506.605913][T15180] netlink: 'syz.8.3410': attribute type 7 has an invalid length. [ 506.636370][T15180] netlink: 'syz.8.3410': attribute type 8 has an invalid length. [ 506.656693][T15180] netlink: 4 bytes leftover after parsing attributes in process `syz.8.3410'. [ 507.037378][ T6650] usb 5-1: USB disconnect, device number 58 [ 507.468350][ T6644] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 507.657168][ T6644] usb 9-1: Using ep0 maxpacket: 8 [ 507.664613][ T6644] usb 9-1: config 0 has no interfaces? [ 507.676572][ T6644] usb 9-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 507.698347][ T6644] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.722009][ T6644] usb 9-1: Product: syz [ 507.726430][ T6644] usb 9-1: Manufacturer: syz [ 507.744082][ T6644] usb 9-1: SerialNumber: syz [ 507.769413][ T6644] usb 9-1: config 0 descriptor?? [ 508.203938][ T6650] usb 9-1: USB disconnect, device number 9 [ 508.396706][T15210] netlink: 136 bytes leftover after parsing attributes in process `syz.4.3417'. [ 508.438626][T15210] netlink: 19 bytes leftover after parsing attributes in process `syz.4.3417'. [ 508.663909][T15216] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 509.718618][T15225] block device autoloading is deprecated and will be removed. [ 510.006309][T15238] loop4: detected capacity change from 0 to 7 [ 510.025165][T15238] Dev loop4: unable to read RDB block 7 [ 510.047004][T15238] loop4: unable to read partition table [ 510.054531][ T5917] IPVS: starting estimator thread 0... [ 510.075193][T15238] loop4: partition table beyond EOD, truncated [ 510.105182][T15238] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 510.115056][ T6644] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 510.158362][T15243] IPVS: using max 27 ests per chain, 64800 per kthread [ 510.289196][ T6644] usb 7-1: Using ep0 maxpacket: 32 [ 510.328689][ T6644] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 510.356310][ T6644] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 510.378621][ T6644] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 510.407539][ T6644] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 510.431156][ T6644] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 510.461911][ T6644] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 510.496486][ T6644] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 510.538831][ T6644] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.563914][ T6644] usb 7-1: config 0 descriptor?? [ 510.628343][ T5902] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 510.801698][ T5902] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 510.810218][T15233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.828744][ T6644] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 19 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 510.830850][ T5902] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 510.841611][T15233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.925316][ T5902] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 510.959084][ T5902] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 510.974390][ T6644] usb 7-1: USB disconnect, device number 19 [ 510.974944][ T5902] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 511.011453][ T6644] usblp0: removed [ 511.013382][ T5902] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 511.027102][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 511.036887][ T5902] usb 1-1: Product: syz [ 511.043659][ T5902] usb 1-1: Manufacturer: syz [ 511.061523][ T5902] cdc_wdm 1-1:1.0: skipping garbage [ 511.067333][ T5902] cdc_wdm 1-1:1.0: skipping garbage [ 511.075995][ T5902] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 511.108628][ T5902] cdc_wdm 1-1:1.0: Unknown control protocol [ 511.349213][T15249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 511.379013][T15249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.410642][ T5902] usb 1-1: USB disconnect, device number 7 [ 512.776586][ T10] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 512.990975][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 513.009892][ T10] usb 1-1: config 1 has no interface number 0 [ 513.036294][ T10] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 513.099715][ T10] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 513.110918][ T10] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 513.120477][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 513.135136][ T10] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 4 [ 513.169195][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 513.188349][ T6644] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 513.226807][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.366141][ T10] usb 1-1: Product: syz [ 513.378372][ T6644] usb 9-1: Using ep0 maxpacket: 16 [ 513.384220][ T10] usb 1-1: Manufacturer: syz [ 513.389047][ T6644] usb 9-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 513.389077][ T6644] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 513.389096][ T6644] usb 9-1: Product: syz [ 513.430837][ T10] usb 1-1: SerialNumber: syz [ 513.598349][ T6644] usb 9-1: Manufacturer: syz [ 513.638279][ T6644] usb 9-1: SerialNumber: syz [ 513.644177][T15286] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 513.692391][ T6644] usb 9-1: config 0 descriptor?? [ 513.878594][ T5902] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 513.925696][T15286] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 514.066621][ T5902] usb 7-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 514.106534][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.128483][ T5902] usb 7-1: Product: syz [ 514.145609][ T5902] usb 7-1: Manufacturer: syz [ 514.150278][ T6644] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 514.159720][ T5902] usb 7-1: SerialNumber: syz [ 514.182397][ T6644] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 514.183311][T15286] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 514.202887][ T6644] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 514.228504][ T6644] usb 9-1: media controller created [ 514.232204][ T5902] usb 7-1: config 0 descriptor?? [ 514.280937][ T5902] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 514.323276][ T5902] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 514.350512][ T6644] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 514.449367][ T5902] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 514.471925][ T6644] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 514.483603][ T6644] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 514.492791][ T5902] usb 7-1: media controller created [ 514.613180][ T5902] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 514.659973][T15286] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 514.702054][ T10] cdc_ncm 1-1:1.1: bind() failure [ 514.777631][ T6644] usb 9-1: USB disconnect, device number 10 [ 514.858471][ T5902] DVB: Unable to find symbol mt352_attach() [ 514.889469][ T6644] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 514.955243][ T6643] usb 1-1: USB disconnect, device number 8 [ 515.048052][ T5902] DVB: Unable to find symbol nxt6000_attach() [ 515.088031][ T5902] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 515.136734][ T5902] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input68 [ 515.162711][ T5902] dvb-usb: schedule remote query interval to 1000 msecs. [ 515.172147][ T5902] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 515.219547][ T5902] dvb-usb: bulk message failed: -22 (7/0) [ 515.245837][ T5902] dvb-usb: bulk message failed: -22 (7/0) [ 515.287587][ T5902] usb 7-1: USB disconnect, device number 20 [ 515.619991][ T5902] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 515.924975][T15341] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3459'. [ 517.226383][T15337] lo: entered promiscuous mode [ 517.249298][T15337] lo: entered allmulticast mode [ 517.957804][T15395] bridge0: entered allmulticast mode [ 517.975648][T15395] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3470'. [ 518.271881][T15395] bridge_slave_1: left allmulticast mode [ 518.290999][T15395] bridge_slave_1: left promiscuous mode [ 518.298319][T15395] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.410483][T15395] bridge_slave_0: left allmulticast mode [ 518.416189][T15395] bridge_slave_0: left promiscuous mode [ 518.468147][T15395] bridge0: port 1(bridge_slave_0) entered disabled state [ 518.669671][T15395] bridge0 (unregistering): left allmulticast mode [ 519.603018][T15454] lo: entered allmulticast mode [ 519.812446][T15458] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 520.040298][T15449] lo: left allmulticast mode [ 520.503023][ T1165] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.532436][ T1165] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.654152][ T1165] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.664965][ T1165] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.775059][ T1165] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.787355][ T1165] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 520.970616][ T1165] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 520.995093][ T1165] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 521.393402][ T1165] bridge_slave_1: left allmulticast mode [ 521.418542][ T1165] bridge_slave_1: left promiscuous mode [ 521.425664][ T1165] bridge0: port 2(bridge_slave_1) entered disabled state [ 521.465139][ T1165] bridge_slave_0: left allmulticast mode [ 521.484396][ T1165] bridge_slave_0: left promiscuous mode [ 521.502139][T15494] loop7: detected capacity change from 0 to 7 [ 521.511027][ T1165] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.540864][T15494] Dev loop7: unable to read RDB block 7 [ 521.559426][T15494] loop7: unable to read partition table [ 521.581180][T15494] loop7: partition table beyond EOD, truncated [ 521.604095][T15494] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 521.776200][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 521.793935][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 521.806049][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 521.824587][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 521.833215][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 523.047183][ T1165] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 523.062066][ T1165] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 523.275989][ T1165] bond0 (unregistering): Released all slaves [ 523.888746][ T5902] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 523.928454][T13325] Bluetooth: hci3: command tx timeout [ 524.061768][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 524.094345][ T5902] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 524.128161][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.190919][ T5902] usb 8-1: config 0 descriptor?? [ 524.460413][ T5902] usbhid 8-1:0.0: can't add hid device: -71 [ 524.466573][ T5902] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 524.550806][ T5902] usb 8-1: USB disconnect, device number 19 [ 524.650428][ T1165] hsr_slave_0: left promiscuous mode [ 524.681658][ T1165] hsr_slave_1: left promiscuous mode [ 524.694912][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 524.709688][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 524.719763][ T1165] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 524.727938][ T1165] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 524.754664][ T1165] veth1_macvtap: left promiscuous mode [ 524.763855][ T1165] veth0_macvtap: left promiscuous mode [ 525.088394][ T5902] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 525.248379][ T5902] usb 8-1: Using ep0 maxpacket: 32 [ 525.262739][ T5902] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 525.274239][ T5902] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 525.307072][ T5902] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.341502][ T5902] usb 8-1: config 0 descriptor?? [ 525.361973][ T5902] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 525.404560][ T5902] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 525.782445][ T6644] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 525.903308][ T5902] usb 8-1: USB disconnect, device number 20 [ 525.914337][ T5902] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 525.948377][ T6644] usb 1-1: Using ep0 maxpacket: 16 [ 525.961766][ T6644] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 525.973574][ T6644] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 525.996884][ T6644] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 526.009538][T13325] Bluetooth: hci3: command tx timeout [ 526.019574][ T6644] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 526.029201][ T6644] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.038035][ T6644] usb 1-1: Product: syz [ 526.043250][ T6644] usb 1-1: Manufacturer: syz [ 526.048016][ T6644] usb 1-1: SerialNumber: syz [ 526.551650][ T6644] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 526.955182][T15502] chnl_net:caif_netlink_parms(): no params data found [ 526.988410][ T6643] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 527.169446][ T6643] usb 7-1: Using ep0 maxpacket: 8 [ 527.228390][ T6643] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 527.298473][ T6643] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 527.312510][ T6643] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 527.328458][ T6643] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 527.354178][ T6644] usb 1-1: current rate 9315074 is different from the runtime rate 9338507 [ 527.378156][ T6643] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 527.397880][ T6643] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.447869][T15502] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.463974][T15502] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.472382][T15502] bridge_slave_0: entered allmulticast mode [ 527.490273][T15502] bridge_slave_0: entered promiscuous mode [ 527.500841][T15502] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.508448][T15502] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.516154][T15502] bridge_slave_1: entered allmulticast mode [ 527.537723][T15502] bridge_slave_1: entered promiscuous mode [ 527.577607][ T1165] IPVS: stop unused estimator thread 0... [ 527.641762][ T6643] usb 7-1: GET_CAPABILITIES returned 0 [ 527.648035][ T6643] usbtmc 7-1:16.0: can't read capabilities [ 527.667994][ T6644] usb 1-1: USB disconnect, device number 9 [ 527.845695][T15502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.894514][T15502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.911663][ C1] usbtmc 7-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 527.931623][ T6643] usb 7-1: USB disconnect, device number 21 [ 528.051174][T15502] team0: Port device team_slave_0 added [ 528.064219][T15502] team0: Port device team_slave_1 added [ 528.093024][T13325] Bluetooth: hci3: command tx timeout [ 528.161048][T15502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 528.201492][T15502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.300338][T15502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 528.341035][T15502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 528.359270][T15502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 528.456103][T15502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.845346][T15502] hsr_slave_0: entered promiscuous mode [ 528.872588][T15502] hsr_slave_1: entered promiscuous mode [ 529.021144][T15502] debugfs: 'hsr0' already exists in 'hsr' [ 529.026942][T15502] Cannot create hsr debugfs directory [ 530.176326][T13325] Bluetooth: hci3: command tx timeout [ 531.083971][T15670] loop6: detected capacity change from 0 to 7 [ 531.202241][T15670] Dev loop6: unable to read RDB block 7 [ 531.289551][T15670] loop6: unable to read partition table [ 531.321795][T15670] loop6: partition table beyond EOD, truncated [ 531.348373][T15670] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 531.850322][ T6653] usb 5-1: new full-speed USB device number 59 using dummy_hcd [ 532.030482][ T6653] usb 5-1: config 1 interface 0 has no altsetting 0 [ 532.040577][ T6653] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 532.061561][ T6653] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.080468][ T6653] usb 5-1: Product: syz [ 532.086127][ T6653] usb 5-1: Manufacturer: syz [ 532.095255][ T6653] usb 5-1: SerialNumber: syz [ 532.151844][ C0] vcan0: j1939_tp_rxtimer: 0xffff888055042000: rx timeout, send abort [ 532.556928][ T6653] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 59 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 532.662198][ C0] vcan0: j1939_tp_rxtimer: 0xffff888055042000: abort rx timeout. Force session deactivation [ 534.600645][ T5840] usb 5-1: USB disconnect, device number 59 [ 534.682433][ T5840] usblp0: removed [ 535.229799][T15712] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3567'. [ 536.455699][T15502] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 536.545171][T15502] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 536.561676][T15731] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2971776544 (190193698816 ns) > initial count (100702872320 ns). Using initial count to start timer. [ 536.616133][T15502] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 536.694554][T15502] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 537.296149][T15502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 537.668334][ T6644] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 537.753204][T15502] 8021q: adding VLAN 0 to HW filter on device team0 [ 537.828540][ T6644] usb 7-1: Using ep0 maxpacket: 32 [ 537.836453][ T6644] usb 7-1: config 0 has an invalid interface number: 132 but max is 0 [ 537.852438][ T6644] usb 7-1: config 0 has no interface number 0 [ 537.955391][ T6644] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 537.975251][ T6644] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 538.007965][ T6664] bridge0: port 1(bridge_slave_0) entered blocking state [ 538.015182][ T6664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 538.024666][ T6644] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.093693][ T6644] usb 7-1: Product: syz [ 538.098786][ T6644] usb 7-1: Manufacturer: syz [ 538.104975][ T6644] usb 7-1: SerialNumber: syz [ 538.122659][ T6644] usb 7-1: config 0 descriptor?? [ 538.152884][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 538.155856][ T6644] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 538.160138][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 538.400836][ T6644] em28xx 7-1:0.132: Video interface 132 found: [ 538.611219][ T6644] em28xx 7-1:0.132: unknown em28xx chip ID (0) [ 538.681253][T15502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 538.981620][T15502] veth0_vlan: entered promiscuous mode [ 539.022721][ T6644] em28xx 7-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5) [ 539.067183][T15502] veth1_vlan: entered promiscuous mode [ 539.078261][ T6644] em28xx 7-1:0.132: board has no eeprom [ 539.168382][ T6644] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 539.176359][ T6644] em28xx 7-1:0.132: analog set to bulk mode. [ 539.212619][T15502] veth0_macvtap: entered promiscuous mode [ 539.219883][ T6650] em28xx 7-1:0.132: Registering V4L2 extension [ 539.339698][T15502] veth1_macvtap: entered promiscuous mode [ 539.367988][ T6643] usb 7-1: USB disconnect, device number 22 [ 539.381658][ T6643] em28xx 7-1:0.132: Disconnecting em28xx [ 539.468800][T15502] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.546233][T15502] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.631360][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.648293][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.685820][ T6650] em28xx 7-1:0.132: Config register raw data: 0xffffffed [ 539.695346][ T6650] em28xx 7-1:0.132: AC97 chip type couldn't be determined [ 539.791535][ T1165] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.808407][ T6650] em28xx 7-1:0.132: No AC97 audio processor [ 539.819727][ T1165] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.854556][ T6650] usb 7-1: Decoder not found [ 539.883149][ T6650] em28xx 7-1:0.132: failed to create media graph [ 539.932984][ T6650] em28xx 7-1:0.132: V4L2 device video103 deregistered [ 540.020803][ T6650] em28xx 7-1:0.132: Remote control support is not available for this card. [ 540.077499][ T6643] em28xx 7-1:0.132: Closing input extension [ 540.151693][ T6643] em28xx 7-1:0.132: Freeing device [ 540.275050][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.323442][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.734730][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.780798][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 541.439277][T15822] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3590'. [ 541.488514][ T6642] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 541.663094][ T6642] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 541.696777][ T6642] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.734750][ T6642] usb 5-1: Product: syz [ 541.743055][ T6642] usb 5-1: Manufacturer: syz [ 541.747711][ T6642] usb 5-1: SerialNumber: syz [ 541.771191][ T6642] usb 5-1: config 0 descriptor?? [ 541.791087][ T6642] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 542.186903][T15843] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1946294017 (31140704272 ns) > initial count (4518400576 ns). Using initial count to start timer. [ 543.124495][T15873] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3601'. [ 543.184056][T15873] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3601'. [ 543.248496][ T5840] usb 5-1: USB disconnect, device number 60 [ 543.619174][ T5902] usb 1-1: new low-speed USB device number 10 using dummy_hcd [ 543.727811][T15886] netlink: 212892 bytes leftover after parsing attributes in process `syz.7.3605'. [ 543.809245][ T5902] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 543.837552][ T5902] usb 1-1: config 0 has no interface number 0 [ 543.854903][ T5902] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 543.926911][ T5902] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 543.967635][ T5902] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 544.031419][ T5902] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 544.075443][ T5902] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 544.090292][ T5902] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 544.127774][ T5902] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 544.181497][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 544.219374][ T5902] usb 1-1: config 0 descriptor?? [ 544.235682][T15880] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 544.243659][T15880] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 544.319644][ T5902] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 544.538961][T15906] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3609'. [ 544.586465][T15880] ldusb 1-1:0.55: Write buffer overflow, 2147479472 bytes dropped [ 544.630089][ T6644] usb 1-1: USB disconnect, device number 10 [ 544.661372][ T6644] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 545.479805][ T6642] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 545.658370][ T6642] usb 8-1: Using ep0 maxpacket: 8 [ 545.702982][ T6642] usb 8-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 545.747272][ T6642] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.775080][ T6642] usb 8-1: Product: syz [ 545.783653][ T6642] usb 8-1: Manufacturer: syz [ 545.804620][ T6642] usb 8-1: SerialNumber: syz [ 545.813007][ T6642] usb 8-1: config 0 descriptor?? [ 546.054691][ T6642] usb 8-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 546.348381][ T6644] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 546.388279][ T6643] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 546.491435][ T30] audit: type=1326 audit(1762217836.411:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15923 comm="syz.4.3614" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc905f8f6c9 code=0x0 [ 546.519567][ T6644] usb 7-1: Using ep0 maxpacket: 16 [ 546.532361][ T6644] usb 7-1: config 0 has no interfaces? [ 546.542190][ T6644] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 546.558477][ T6644] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.584971][ T6643] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 546.621521][ T6644] usb 7-1: Product: syz [ 546.681554][ T6643] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.708266][ T6644] usb 7-1: Manufacturer: syz [ 546.712933][ T6644] usb 7-1: SerialNumber: syz [ 546.728420][ T6643] usb 1-1: Product: syz [ 546.732722][ T6643] usb 1-1: Manufacturer: syz [ 546.737346][ T6643] usb 1-1: SerialNumber: syz [ 546.774964][ T6644] usb 7-1: config 0 descriptor?? [ 547.026154][ T5902] usb 7-1: USB disconnect, device number 23 [ 547.218630][ T6643] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 547.287977][ T6643] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 547.370456][ T5902] usb 7-1: new full-speed USB device number 24 using dummy_hcd [ 547.473013][ T6642] usb write operation failed. (-71) [ 547.482181][ T6642] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 547.524867][ T6642] dvbdev: DVB: registering new adapter (Terratec H7) [ 547.563139][ T6642] usb 8-1: media controller created [ 547.575639][ T5902] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 547.605260][ T6642] usb read operation failed. (-71) [ 547.611060][ T5902] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 547.628785][ T6642] usb write operation failed. (-71) [ 547.651874][ T6642] dvb_usb_az6007 8-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 547.679355][ T5902] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 547.699448][ T5902] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.719781][ T6642] usb 8-1: USB disconnect, device number 21 [ 547.755746][ T5902] usb 7-1: Product: syz [ 547.771926][ T5902] usb 7-1: Manufacturer: syz [ 547.803040][ T5902] usb 7-1: SerialNumber: syz [ 548.047191][ T5902] usb 7-1: 0:2 : does not exist [ 548.095104][ T5902] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 548.145733][ T6643] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO [ 548.186862][ T6643] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 548.215828][ T6643] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 548.268884][ T5902] usb 7-1: USB disconnect, device number 24 [ 548.274064][T15983] [ 548.277270][T15983] ===================================================== [ 548.284661][T15983] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 548.292145][T15983] syzkaller #0 Not tainted [ 548.296600][T15983] ----------------------------------------------------- [ 548.303819][T15983] syz.4.3627/15983 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 548.311668][T15983] ffff888077ccf8a0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 548.320609][T15983] [ 548.320609][T15983] and this task is already holding: [ 548.328029][T15983] ffff888028be8028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 548.337825][T15983] which would create a new lock dependency: [ 548.343824][T15983] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 548.352117][T15983] [ 548.352117][T15983] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 548.361858][T15983] (&dev->event_lock#2){..-.}-{3:3} [ 548.361904][T15983] [ 548.361904][T15983] ... which became SOFTIRQ-irq-safe at: [ 548.374973][T15983] lock_acquire+0x120/0x360 [ 548.379691][T15983] _raw_spin_lock_irqsave+0xa7/0xf0 [ 548.384990][T15983] input_event+0x76/0xe0 [ 548.389329][T15983] atp_complete_geyser_3_4+0x11f2/0x1e80 [ 548.395059][T15983] __usb_hcd_giveback_urb+0x376/0x540 [ 548.400698][T15983] dummy_timer+0x85f/0x44c0 [ 548.405291][T15983] __hrtimer_run_queues+0x52c/0xc60 [ 548.410578][T15983] hrtimer_run_softirq+0x187/0x2b0 [ 548.415781][T15983] handle_softirqs+0x286/0x870 [ 548.420894][T15983] __irq_exit_rcu+0xca/0x1f0 [ 548.425584][T15983] irq_exit_rcu+0x9/0x30 [ 548.429921][T15983] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 548.435643][T15983] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 548.441715][T15983] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 548.447526][T15983] dummy_urb_enqueue+0x58a/0x780 [ 548.452737][T15983] usb_hcd_submit_urb+0x325/0x1aa0 [ 548.457948][T15983] atp_open+0x63/0xc0 [ 548.462026][T15983] input_open_device+0x1d3/0x390 [ 548.467138][T15983] mousedev_open_device+0xcc/0x150 [ 548.472421][T15983] mousedev_open+0x2ef/0x4a0 [ 548.477103][T15983] chrdev_open+0x4cc/0x5e0 [ 548.481607][T15983] do_dentry_open+0x953/0x13f0 [ 548.486455][T15983] vfs_open+0x3b/0x340 [ 548.490610][T15983] path_openat+0x2ee5/0x3830 [ 548.495295][T15983] do_filp_open+0x1fa/0x410 [ 548.499973][T15983] do_sys_openat2+0x121/0x1c0 [ 548.504740][T15983] __x64_sys_openat+0x138/0x170 [ 548.509941][T15983] do_syscall_64+0xfa/0xfa0 [ 548.514541][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.520521][T15983] [ 548.520521][T15983] to a SOFTIRQ-irq-unsafe lock: [ 548.527533][T15983] (tasklist_lock){.+.+}-{3:3} [ 548.527559][T15983] [ 548.527559][T15983] ... which became SOFTIRQ-irq-unsafe at: [ 548.540624][T15983] ... [ 548.540631][T15983] lock_acquire+0x120/0x360 [ 548.547807][T15983] _raw_read_lock+0x36/0x50 [ 548.552398][T15983] __do_wait+0xde/0x740 [ 548.556750][T15983] do_wait+0x1f8/0x510 [ 548.561092][T15983] kernel_wait+0xab/0x170 [ 548.565516][T15983] call_usermodehelper_exec_work+0xbe/0x230 [ 548.571723][T15983] process_scheduled_works+0xae1/0x17b0 [ 548.577469][T15983] worker_thread+0x8a0/0xda0 [ 548.582174][T15983] kthread+0x711/0x8a0 [ 548.586429][T15983] ret_from_fork+0x4bc/0x870 [ 548.591112][T15983] ret_from_fork_asm+0x1a/0x30 [ 548.596229][T15983] [ 548.596229][T15983] other info that might help us debug this: [ 548.596229][T15983] [ 548.606629][T15983] Chain exists of: [ 548.606629][T15983] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 548.606629][T15983] [ 548.620467][T15983] Possible interrupt unsafe locking scenario: [ 548.620467][T15983] [ 548.628829][T15983] CPU0 CPU1 [ 548.634298][T15983] ---- ---- [ 548.639682][T15983] lock(tasklist_lock); [ 548.643956][T15983] local_irq_disable(); [ 548.650724][T15983] lock(&dev->event_lock#2); [ 548.657935][T15983] lock(&client->buffer_lock); [ 548.665742][T15983] [ 548.669201][T15983] lock(&dev->event_lock#2); [ 548.674063][T15983] [ 548.674063][T15983] *** DEADLOCK *** [ 548.674063][T15983] [ 548.682215][T15983] 7 locks held by syz.4.3627/15983: [ 548.687499][T15983] #0: ffff888028e54118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 548.696789][T15983] #1: ffff888146e8d230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 548.706904][T15983] #2: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 548.716578][T15983] #3: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 548.726331][T15983] #4: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 548.735480][T15983] #5: ffff888028be8028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 548.745667][T15983] #6: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 548.754983][T15983] [ 548.754983][T15983] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 548.765583][T15983] -> (&dev->event_lock#2){..-.}-{3:3} { [ 548.771265][T15983] IN-SOFTIRQ-W at: [ 548.775347][T15983] lock_acquire+0x120/0x360 [ 548.781685][T15983] _raw_spin_lock_irqsave+0xa7/0xf0 [ 548.788720][T15983] input_event+0x76/0xe0 [ 548.794880][T15983] atp_complete_geyser_3_4+0x11f2/0x1e80 [ 548.802410][T15983] __usb_hcd_giveback_urb+0x376/0x540 [ 548.809626][T15983] dummy_timer+0x85f/0x44c0 [ 548.816002][T15983] __hrtimer_run_queues+0x52c/0xc60 [ 548.823046][T15983] hrtimer_run_softirq+0x187/0x2b0 [ 548.830073][T15983] handle_softirqs+0x286/0x870 [ 548.836660][T15983] __irq_exit_rcu+0xca/0x1f0 [ 548.843079][T15983] irq_exit_rcu+0x9/0x30 [ 548.849148][T15983] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 548.856675][T15983] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 548.864565][T15983] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 548.872181][T15983] dummy_urb_enqueue+0x58a/0x780 [ 548.879400][T15983] usb_hcd_submit_urb+0x325/0x1aa0 [ 548.886339][T15983] atp_open+0x63/0xc0 [ 548.892141][T15983] input_open_device+0x1d3/0x390 [ 548.899078][T15983] mousedev_open_device+0xcc/0x150 [ 548.906103][T15983] mousedev_open+0x2ef/0x4a0 [ 548.912616][T15983] chrdev_open+0x4cc/0x5e0 [ 548.918871][T15983] do_dentry_open+0x953/0x13f0 [ 548.925477][T15983] vfs_open+0x3b/0x340 [ 548.931455][T15983] path_openat+0x2ee5/0x3830 [ 548.937888][T15983] do_filp_open+0x1fa/0x410 [ 548.944310][T15983] do_sys_openat2+0x121/0x1c0 [ 548.950909][T15983] __x64_sys_openat+0x138/0x170 [ 548.957673][T15983] do_syscall_64+0xfa/0xfa0 [ 548.964091][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.971904][T15983] INITIAL USE at: [ 548.976000][T15983] lock_acquire+0x120/0x360 [ 548.982266][T15983] _raw_spin_lock_irqsave+0xa7/0xf0 [ 548.989215][T15983] input_inject_event+0xa5/0x340 [ 548.995904][T15983] kbd_led_trigger_activate+0xbc/0x100 [ 549.003102][T15983] led_trigger_set+0x52d/0x950 [ 549.009685][T15983] led_trigger_set_default+0x260/0x2a0 [ 549.016890][T15983] led_classdev_register_ext+0x73d/0x930 [ 549.024353][T15983] input_leds_connect+0x517/0x790 [ 549.031303][T15983] input_register_device+0xd00/0x1140 [ 549.038409][T15983] atkbd_connect+0x72e/0xa00 [ 549.045027][T15983] serio_driver_probe+0x82/0xd0 [ 549.051701][T15983] really_probe+0x26d/0x9e0 [ 549.057972][T15983] __driver_probe_device+0x18c/0x2f0 [ 549.065084][T15983] driver_probe_device+0x4f/0x430 [ 549.071846][T15983] __driver_attach+0x452/0x700 [ 549.078443][T15983] bus_for_each_dev+0x233/0x2b0 [ 549.085045][T15983] serio_handle_event+0x1f9/0x8d0 [ 549.091827][T15983] process_scheduled_works+0xae1/0x17b0 [ 549.099112][T15983] worker_thread+0x8a0/0xda0 [ 549.105528][T15983] kthread+0x711/0x8a0 [ 549.111335][T15983] ret_from_fork+0x4bc/0x870 [ 549.117659][T15983] ret_from_fork_asm+0x1a/0x30 [ 549.124241][T15983] } [ 549.126824][T15983] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 549.135945][T15983] -> (&client->buffer_lock){....}-{3:3} { [ 549.141773][T15983] INITIAL USE at: [ 549.145776][T15983] lock_acquire+0x120/0x360 [ 549.151869][T15983] _raw_spin_lock+0x2e/0x40 [ 549.157957][T15983] evdev_pass_values+0xb9/0xbd0 [ 549.164383][T15983] evdev_events+0x1e6/0x340 [ 549.170455][T15983] input_pass_values+0x288/0x890 [ 549.177048][T15983] input_event_dispose+0x330/0x6b0 [ 549.183733][T15983] input_inject_event+0x1dd/0x340 [ 549.190331][T15983] evdev_write+0x2fc/0x480 [ 549.196403][T15983] vfs_write+0x27e/0xb30 [ 549.202385][T15983] ksys_write+0x145/0x250 [ 549.208331][T15983] do_syscall_64+0xfa/0xfa0 [ 549.214410][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.221871][T15983] } [ 549.224370][T15983] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 549.232789][T15983] ... acquired at: [ 549.236595][T15983] lock_acquire+0x120/0x360 [ 549.241273][T15983] _raw_spin_lock+0x2e/0x40 [ 549.246051][T15983] evdev_pass_values+0xb9/0xbd0 [ 549.251077][T15983] evdev_events+0x1e6/0x340 [ 549.255787][T15983] input_pass_values+0x288/0x890 [ 549.260903][T15983] input_event_dispose+0x330/0x6b0 [ 549.266287][T15983] input_inject_event+0x1dd/0x340 [ 549.271489][T15983] evdev_write+0x2fc/0x480 [ 549.276168][T15983] vfs_write+0x27e/0xb30 [ 549.281020][T15983] ksys_write+0x145/0x250 [ 549.285528][T15983] do_syscall_64+0xfa/0xfa0 [ 549.290210][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.296392][T15983] [ 549.298739][T15983] [ 549.298739][T15983] the dependencies between the lock to be acquired [ 549.298750][T15983] and SOFTIRQ-irq-unsafe lock: [ 549.312475][T15983] -> (tasklist_lock){.+.+}-{3:3} { [ 549.317883][T15983] HARDIRQ-ON-R at: [ 549.322232][T15983] lock_acquire+0x120/0x360 [ 549.328945][T15983] _raw_read_lock+0x36/0x50 [ 549.335628][T15983] __do_wait+0xde/0x740 [ 549.341792][T15983] do_wait+0x1f8/0x510 [ 549.347872][T15983] kernel_wait+0xab/0x170 [ 549.354205][T15983] call_usermodehelper_exec_work+0xbe/0x230 [ 549.362188][T15983] process_scheduled_works+0xae1/0x17b0 [ 549.369735][T15983] worker_thread+0x8a0/0xda0 [ 549.376414][T15983] kthread+0x711/0x8a0 [ 549.382483][T15983] ret_from_fork+0x4bc/0x870 [ 549.389770][T15983] ret_from_fork_asm+0x1a/0x30 [ 549.396541][T15983] SOFTIRQ-ON-R at: [ 549.400835][T15983] lock_acquire+0x120/0x360 [ 549.407510][T15983] _raw_read_lock+0x36/0x50 [ 549.414278][T15983] __do_wait+0xde/0x740 [ 549.420438][T15983] do_wait+0x1f8/0x510 [ 549.426597][T15983] kernel_wait+0xab/0x170 [ 549.433023][T15983] call_usermodehelper_exec_work+0xbe/0x230 [ 549.441180][T15983] process_scheduled_works+0xae1/0x17b0 [ 549.448730][T15983] worker_thread+0x8a0/0xda0 [ 549.455332][T15983] kthread+0x711/0x8a0 [ 549.461406][T15983] ret_from_fork+0x4bc/0x870 [ 549.467995][T15983] ret_from_fork_asm+0x1a/0x30 [ 549.474758][T15983] INITIAL USE at: [ 549.478834][T15983] lock_acquire+0x120/0x360 [ 549.485249][T15983] _raw_write_lock_irq+0xa2/0xf0 [ 549.492193][T15983] copy_process+0x224f/0x3c00 [ 549.498786][T15983] kernel_clone+0x21e/0x840 [ 549.505291][T15983] user_mode_thread+0xdd/0x140 [ 549.511966][T15983] rest_init+0x23/0x300 [ 549.518215][T15983] start_kernel+0x3ae/0x410 [ 549.526383][T15983] x86_64_start_reservations+0x24/0x30 [ 549.533781][T15983] x86_64_start_kernel+0x143/0x1c0 [ 549.540842][T15983] common_startup_64+0x13e/0x147 [ 549.547805][T15983] INITIAL READ USE at: [ 549.552449][T15983] lock_acquire+0x120/0x360 [ 549.559306][T15983] _raw_read_lock+0x36/0x50 [ 549.566155][T15983] __do_wait+0xde/0x740 [ 549.572664][T15983] do_wait+0x1f8/0x510 [ 549.579084][T15983] kernel_wait+0xab/0x170 [ 549.585767][T15983] call_usermodehelper_exec_work+0xbe/0x230 [ 549.594010][T15983] process_scheduled_works+0xae1/0x17b0 [ 549.602090][T15983] worker_thread+0x8a0/0xda0 [ 549.609142][T15983] kthread+0x711/0x8a0 [ 549.615565][T15983] ret_from_fork+0x4bc/0x870 [ 549.622524][T15983] ret_from_fork_asm+0x1a/0x30 [ 549.629644][T15983] } [ 549.632317][T15983] ... key at: [] tasklist_lock+0x18/0x40 [ 549.640300][T15983] ... acquired at: [ 549.644275][T15983] lock_acquire+0x120/0x360 [ 549.648947][T15983] _raw_read_lock+0x36/0x50 [ 549.653669][T15983] send_sigurg+0x12b/0x420 [ 549.658265][T15983] sk_send_sigurg+0x6c/0x2e0 [ 549.663037][T15983] queue_oob+0x420/0x4f0 [ 549.667456][T15983] unix_stream_sendmsg+0xc3f/0xdf0 [ 549.672841][T15983] __sock_sendmsg+0x21c/0x270 [ 549.677707][T15983] ____sys_sendmsg+0x52d/0x830 [ 549.682649][T15983] ___sys_sendmsg+0x21f/0x2a0 [ 549.687585][T15983] __sys_sendmmsg+0x227/0x430 [ 549.692609][T15983] __x64_sys_sendmmsg+0xa0/0xc0 [ 549.697920][T15983] do_syscall_64+0xfa/0xfa0 [ 549.702689][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.709023][T15983] [ 549.711522][T15983] -> (&f_owner->lock){....}-{3:3} { [ 549.716862][T15983] INITIAL USE at: [ 549.720842][T15983] lock_acquire+0x120/0x360 [ 549.727090][T15983] _raw_write_lock_irq+0xa2/0xf0 [ 549.734068][T15983] __f_setown+0x67/0x370 [ 549.740091][T15983] generic_setlease+0xd60/0x1240 [ 549.746851][T15983] fcntl_setlease+0x3a2/0x4c0 [ 549.753301][T15983] do_fcntl+0x6a9/0x1910 [ 549.759299][T15983] __se_sys_fcntl+0xc8/0x150 [ 549.765661][T15983] do_syscall_64+0xfa/0xfa0 [ 549.771932][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.779663][T15983] INITIAL READ USE at: [ 549.784084][T15983] lock_acquire+0x120/0x360 [ 549.790863][T15983] _raw_read_lock_irqsave+0xaf/0x100 [ 549.798349][T15983] send_sigio+0x38/0x370 [ 549.804875][T15983] kill_fasync+0x24d/0x4d0 [ 549.811561][T15983] lease_break_callback+0x26/0x30 [ 549.818771][T15983] __break_lease+0x6a5/0x1620 [ 549.825716][T15983] do_dentry_open+0x8b7/0x13f0 [ 549.832665][T15983] vfs_open+0x3b/0x340 [ 549.839171][T15983] path_openat+0x2ee5/0x3830 [ 549.845936][T15983] do_filp_open+0x1fa/0x410 [ 549.852627][T15983] do_sys_openat2+0x121/0x1c0 [ 549.859522][T15983] __x64_sys_creat+0x8f/0xc0 [ 549.866389][T15983] do_syscall_64+0xfa/0xfa0 [ 549.873246][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.881312][T15983] } [ 549.883922][T15983] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 549.893311][T15983] ... acquired at: [ 549.897212][T15983] lock_acquire+0x120/0x360 [ 549.901901][T15983] _raw_read_lock_irqsave+0xaf/0x100 [ 549.907392][T15983] send_sigio+0x38/0x370 [ 549.911810][T15983] kill_fasync+0x24d/0x4d0 [ 549.916405][T15983] lease_break_callback+0x26/0x30 [ 549.921613][T15983] __break_lease+0x6a5/0x1620 [ 549.926470][T15983] do_dentry_open+0x8b7/0x13f0 [ 549.931407][T15983] vfs_open+0x3b/0x340 [ 549.935676][T15983] path_openat+0x2ee5/0x3830 [ 549.940547][T15983] do_filp_open+0x1fa/0x410 [ 549.945224][T15983] do_sys_openat2+0x121/0x1c0 [ 549.950084][T15983] __x64_sys_creat+0x8f/0xc0 [ 549.954864][T15983] do_syscall_64+0xfa/0xfa0 [ 549.959543][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.965617][T15983] [ 549.967955][T15983] -> (&new->fa_lock){....}-{3:3} { [ 549.973090][T15983] INITIAL USE at: [ 549.976987][T15983] lock_acquire+0x120/0x360 [ 549.983054][T15983] _raw_write_lock_irq+0xa2/0xf0 [ 549.989700][T15983] fasync_remove_entry+0xf1/0x1c0 [ 549.996377][T15983] lease_modify+0x1ca/0x3c0 [ 550.002451][T15983] generic_setlease+0x9ae/0x1240 [ 550.008964][T15983] fcntl_setlease+0xc6/0x4c0 [ 550.015124][T15983] do_fcntl+0x6a9/0x1910 [ 550.020952][T15983] __se_sys_fcntl+0xc8/0x150 [ 550.027119][T15983] do_syscall_64+0xfa/0xfa0 [ 550.033191][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.040673][T15983] INITIAL READ USE at: [ 550.045001][T15983] lock_acquire+0x120/0x360 [ 550.051682][T15983] _raw_read_lock_irqsave+0xaf/0x100 [ 550.058975][T15983] kill_fasync+0x199/0x4d0 [ 550.065423][T15983] sock_wake_async+0x137/0x160 [ 550.072196][T15983] sk_wake_async+0x184/0x280 [ 550.078793][T15983] mptcp_destroy_common+0x152/0x320 [ 550.086001][T15983] mptcp_disconnect+0x23d/0x700 [ 550.092856][T15983] inet_shutdown+0x1c4/0x390 [ 550.099447][T15983] __x64_sys_shutdown+0x13f/0x1a0 [ 550.106588][T15983] do_syscall_64+0xfa/0xfa0 [ 550.113096][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.120991][T15983] } [ 550.123681][T15983] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 550.132474][T15983] ... acquired at: [ 550.136372][T15983] lock_acquire+0x120/0x360 [ 550.141311][T15983] _raw_read_lock_irqsave+0xaf/0x100 [ 550.146772][T15983] kill_fasync+0x199/0x4d0 [ 550.151492][T15983] evdev_pass_values+0x627/0xbd0 [ 550.156695][T15983] evdev_events+0x1e6/0x340 [ 550.161375][T15983] input_pass_values+0x288/0x890 [ 550.166503][T15983] input_event_dispose+0x330/0x6b0 [ 550.171793][T15983] input_inject_event+0x1dd/0x340 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 550.177007][T15983] evdev_write+0x2fc/0x480 [ 550.181601][T15983] vfs_write+0x27e/0xb30 [ 550.186025][T15983] ksys_write+0x145/0x250 [ 550.190534][T15983] do_syscall_64+0xfa/0xfa0 [ 550.195216][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.201280][T15983] [ 550.203605][T15983] [ 550.203605][T15983] stack backtrace: [ 550.209499][T15983] CPU: 1 UID: 0 PID: 15983 Comm: syz.4.3627 Not tainted syzkaller #0 PREEMPT(full) [ 550.209519][T15983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 550.209528][T15983] Call Trace: [ 550.209534][T15983] [ 550.209541][T15983] dump_stack_lvl+0x189/0x250 [ 550.209564][T15983] ? __pfx_dump_stack_lvl+0x10/0x10 [ 550.209584][T15983] ? __pfx__printk+0x10/0x10 [ 550.209602][T15983] validate_chain+0x1f05/0x2140 [ 550.209627][T15983] __lock_acquire+0xab9/0xd20 [ 550.209643][T15983] ? kill_fasync+0x199/0x4d0 [ 550.209659][T15983] lock_acquire+0x120/0x360 [ 550.209672][T15983] ? kill_fasync+0x199/0x4d0 [ 550.209693][T15983] _raw_read_lock_irqsave+0xaf/0x100 [ 550.209712][T15983] ? kill_fasync+0x199/0x4d0 [ 550.209728][T15983] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 550.209745][T15983] ? do_raw_spin_lock+0x121/0x290 [ 550.209767][T15983] kill_fasync+0x199/0x4d0 [ 550.209784][T15983] ? kill_fasync+0x53/0x4d0 [ 550.209800][T15983] evdev_pass_values+0x627/0xbd0 [ 550.209826][T15983] ? evdev_pass_values+0x621/0xbd0 [ 550.209844][T15983] evdev_events+0x1e6/0x340 [ 550.209860][T15983] ? evdev_events+0x79/0x340 [ 550.209876][T15983] ? input_pass_values+0x8d/0x890 [ 550.209891][T15983] input_pass_values+0x288/0x890 [ 550.209908][T15983] ? input_handle_event+0x70c/0xf30 [ 550.209930][T15983] input_event_dispose+0x330/0x6b0 [ 550.209952][T15983] input_inject_event+0x1dd/0x340 [ 550.209973][T15983] ? input_inject_event+0xb6/0x340 [ 550.209994][T15983] evdev_write+0x2fc/0x480 [ 550.210012][T15983] ? __pfx_evdev_write+0x10/0x10 [ 550.210029][T15983] ? bpf_lsm_file_permission+0x9/0x20 [ 550.210045][T15983] ? security_file_permission+0x75/0x290 [ 550.210063][T15983] ? rw_verify_area+0x255/0x4d0 [ 550.210081][T15983] ? __lock_acquire+0xab9/0xd20 [ 550.210094][T15983] ? __pfx_evdev_write+0x10/0x10 [ 550.210111][T15983] vfs_write+0x27e/0xb30 [ 550.210132][T15983] ? __pfx_vfs_write+0x10/0x10 [ 550.210151][T15983] ? __fget_files+0x2a/0x420 [ 550.210165][T15983] ? __fget_files+0x2a/0x420 [ 550.210178][T15983] ? __fget_files+0x3a0/0x420 [ 550.210190][T15983] ? __fget_files+0x2a/0x420 [ 550.210205][T15983] ksys_write+0x145/0x250 [ 550.210225][T15983] ? __pfx_ksys_write+0x10/0x10 [ 550.210245][T15983] ? do_syscall_64+0xbe/0xfa0 [ 550.210265][T15983] do_syscall_64+0xfa/0xfa0 [ 550.210283][T15983] ? lockdep_hardirqs_on+0x9c/0x150 [ 550.210301][T15983] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.210316][T15983] ? clear_bhb_loop+0x60/0xb0 [ 550.210331][T15983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 550.210345][T15983] RIP: 0033:0x7fc905f8f6c9 [ 550.210359][T15983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 550.210371][T15983] RSP: 002b:00007fc906dab038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 550.210388][T15983] RAX: ffffffffffffffda RBX: 00007fc9061e5fa0 RCX: 00007fc905f8f6c9 [ 550.210399][T15983] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004 [ 550.210409][T15983] RBP: 00007fc906011f91 R08: 0000000000000000 R09: 0000000000000000 [ 550.210418][T15983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 550.210427][T15983] R13: 00007fc9061e6038 R14: 00007fc9061e5fa0 R15: 00007fc90630fa28 [ 550.210442][T15983] [ 550.569403][ T6644] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 550.579809][ T6643] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 550.595064][ T6643] usb 1-1: USB disconnect, device number 11 [ 550.728368][ T6644] usb 2-1: Using ep0 maxpacket: 16 [ 550.729455][T12221] udevd[12221]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 551.671880][ T6644] usb 2-1: device descriptor read/all, error -71 [ 551.769787][ T3017] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.875560][ T3017] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 551.929865][ T3017] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.009945][ T3017] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 552.135146][ T3017] bridge_slave_1: left allmulticast mode [ 552.141189][ T3017] bridge_slave_1: left promiscuous mode [ 552.147228][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.165455][ T3017] bridge_slave_0: left allmulticast mode [ 552.171396][ T3017] bridge_slave_0: left promiscuous mode [ 552.177582][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.315914][ T3017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 552.330443][ T3017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 552.340971][ T3017] bond0 (unregistering): Released all slaves [ 552.616771][ T3017] hsr_slave_0: left promiscuous mode [ 552.624813][ T3017] hsr_slave_1: left promiscuous mode [ 552.631523][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 552.639696][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 552.647666][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 552.662520][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 552.679680][ T3017] veth1_macvtap: left promiscuous mode [ 552.685368][ T3017] veth0_macvtap: left promiscuous mode [ 552.691140][ T3017] veth1_vlan: left promiscuous mode [ 552.696453][ T3017] veth0_vlan: left promiscuous mode [ 552.924884][ T3017] team0 (unregistering): Port device team_slave_1 removed [ 552.965277][ T3017] team0 (unregistering): Port device team_slave_0 removed [ 553.325602][ T3017] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.372235][ T3017] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.438738][ T3017] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.506459][ T3017] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.630788][ T3017] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.706528][ T3017] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.785455][ T3017] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.876432][ T3017] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 553.974102][ T3017] bridge_slave_1: left allmulticast mode [ 553.980325][ T3017] bridge_slave_1: left promiscuous mode [ 553.986760][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 553.997435][ T3017] bridge_slave_0: left allmulticast mode [ 554.003379][ T3017] bridge_slave_0: left promiscuous mode [ 554.009483][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.020003][ T3017] bridge_slave_1: left allmulticast mode [ 554.025702][ T3017] bridge_slave_1: left promiscuous mode [ 554.032809][ T3017] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.044128][ T3017] bridge_slave_0: left allmulticast mode [ 554.050231][ T3017] bridge_slave_0: left promiscuous mode [ 554.055985][ T3017] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.237646][ T3017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 554.248885][ T3017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 554.258666][ T3017] bond0 (unregistering): Released all slaves [ 554.596073][ T3017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 554.606878][ T3017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 554.617054][ T3017] bond0 (unregistering): Released all slaves [ 554.769436][ T3017] bond1 (unregistering): Released all slaves [ 554.861290][ T3017] tipc: Disabling bearer [ 554.866686][ T3017] tipc: Left network mode [ 555.180641][ T3017] hsr_slave_0: left promiscuous mode [ 555.186560][ T3017] hsr_slave_1: left promiscuous mode [ 555.192730][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 555.200578][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.210382][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.217800][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 555.230403][ T3017] hsr_slave_0: left promiscuous mode [ 555.236471][ T3017] hsr_slave_1: left promiscuous mode [ 555.243098][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 555.251720][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 555.259858][ T3017] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 555.267265][ T3017] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 555.286194][ T3017] veth1_macvtap: left promiscuous mode [ 555.292188][ T3017] veth0_macvtap: left promiscuous mode [ 555.297827][ T3017] veth1_vlan: left promiscuous mode [ 555.303727][ T3017] veth0_vlan: left promiscuous mode [ 555.311546][ T3017] veth1_macvtap: left promiscuous mode [ 555.317107][ T3017] veth0_macvtap: left promiscuous mode [ 555.324438][ T3017] veth1_vlan: left promiscuous mode [ 555.329783][ T3017] veth0_vlan: left promiscuous mode [ 555.581368][ T3017] team0 (unregistering): Port device team_slave_1 removed [ 555.613544][ T3017] team0 (unregistering): Port device team_slave_0 removed [ 556.052076][ T3017] team0 (unregistering): Port device team_slave_1 removed [ 556.098269][ T3017] team0 (unregistering): Port device team_slave_0 removed [ 556.963836][ T3017] IPVS: stop unused estimator thread 0...