last executing test programs: 3.777216996s ago: executing program 3 (id=884): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x8000, 0xc0000) r3 = userfaultfd(0x80801) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000bc4000/0x4000)=nil, &(0x7f00008d6000/0x3000)=nil, 0x4000}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x200) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r4, 0x100, 0x0) getdents64(r4, 0x0, 0x0) ioctl$EVIOCGSW(r2, 0x8040451b, &(0x7f0000019200)=""/139) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r5, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 3.715988749s ago: executing program 1 (id=885): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) pipe2$9p(&(0x7f00000001c0), 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000021000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa08001900e000000214001b0017"], 0x58}}, 0x0) 3.68367673s ago: executing program 1 (id=886): syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}) ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x12, r0, 0x5809000) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) pwritev2(r3, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) write$binfmt_aout(r4, 0x0, 0x9ffc) getdents64(r3, &(0x7f0000000100)=""/59, 0x3b) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) (async) openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000000c0)={0x2, &(0x7f0000000000)=[{0x80}, {0x6}]}) (async) ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000080)) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000000, 0x12, r0, 0x5809000) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) (async) pwritev2(r3, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) (async) write$binfmt_aout(r4, 0x0, 0x9ffc) (async) getdents64(r3, &(0x7f0000000100)=""/59, 0x3b) (async) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async) mlock2(&(0x7f00002e5000/0xc00000)=nil, 0xc00000, 0x0) (async) 3.455704826s ago: executing program 1 (id=889): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000980), r0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x7ff, 0x0, 0x0, 0x8a}, 0x9c) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r4, 0x180000000) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000100)=0x80000000, 0x4) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10) listen(r5, 0x208) r6 = accept4(r5, 0x0, 0x0, 0x80000) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r6, 0x84, 0x76, &(0x7f0000000000), &(0x7f0000000040)=0x8) sendto$unix(r3, 0x0, 0x0, 0x2000080, &(0x7f0000000d40)=@abs={0x0, 0x0, 0x4e23}, 0x6e) bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$IEEE802154_SCAN_REQ(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000009c0)=ANY=[@ANYBLOB='$\x00\x00\t', @ANYRES16=r1, @ANYBLOB="010029bd7000ffdbdf250900000008001400150000000500130001000000"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r7, 0x0, 0x0) r8 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) readv(r8, &(0x7f0000000400)=[{&(0x7f0000000140)=""/103, 0x67}, {&(0x7f0000000200)=""/122, 0x7a}, {&(0x7f0000000280)=""/108, 0x6c}, {&(0x7f0000000300)=""/94, 0x5e}, {&(0x7f0000000380)=""/124, 0x7c}], 0x5) 3.417060519s ago: executing program 3 (id=890): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async, rerun: 32) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) (async, rerun: 32) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x1, 0x0, 0x1, 0x3}}) (async, rerun: 64) r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) (rerun: 64) r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r2) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000180)='asymmetric\x00', &(0x7f0000000140)=@keyring={'key_or_keyring:', r3}) (async) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200c0801}, 0x0) (async) r4 = userfaultfd(0x1) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) (async) r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f0000000000)=0x41) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000002) (async) ioctl$UFFDIO_CONTINUE(r4, 0xc020aa07, &(0x7f0000000040)={{&(0x7f00004be000/0x2000)=nil, 0x2000}, 0x1}) mremap(&(0x7f00007e2000/0x3000)=nil, 0x3000, 0x6000, 0x0, &(0x7f0000203000/0x6000)=nil) (async) getsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, 0x0, &(0x7f0000000240)) 3.259882756s ago: executing program 3 (id=892): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4}) ioctl$PTP_PIN_GETFUNC2(r2, 0xc0603d0f, &(0x7f0000000100)={'\x00', 0x6, 0x1, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r5 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r7, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r6, 0x5411, &(0x7f0000000180)) write$tun(r4, &(0x7f0000000380)={@val={0x20}, @void, @eth={@broadcast, @random="dff306308693", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x32, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1}, {0x0, 0x0, 0x8}}}}}}, 0x2e) 3.047938209s ago: executing program 3 (id=895): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x2200}, 0x0) 2.899711433s ago: executing program 3 (id=900): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000004003000608000008000e"], 0x24}}, 0x0) 2.881277577s ago: executing program 0 (id=901): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="03dd"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000002000)=ANY=[@ANYBLOB="12010000facf01406e0510401c20000000010902120001000000000904"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x1, 'w'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000003c0)={0x20, 0x16, 0x2, "f2ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f00000004c0)=ANY=[@ANYBLOB="001494"], 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f00000004c0)={0x34, &(0x7f0000000000)={0x0, 0x10, 0x1, '_'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_ep_write(r0, 0x81, 0xfffffffffffffd77, &(0x7f0000000000)="00012c61020000001c11447298a9538f168516ff037f291e463685b0139216171afd0eafbd9c28d93b8b8fbdd59f3d473eb9d29d3de65dea17") r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006380)="c66dd220cbdeb68f27c1f98bf43fd861bcf841572658a3308737983b31a434673f1003eeeb6d9b934bcd19cf754f4882114d61e15354449f763f772e86c9e2252731f7a098faad2accca3e470845b32918bcf530f9474d3cd610d9028cb7b247d3a73d887719f70554d8976c10784c8073e521a80b5ebe7501d6c3b6b5cf9a498a1e97b8201ac756e5f35d71bdd4d196e73cae0cc34c7140cde8380de823e8c76662f0844f549818b5ef6c732b8f412b79273508b69f2e6a653709b4d9bded080b6c15ca5c5b8ff23309e05d460dfb40403f60a3e5a0e1d4e1aa59d53823a047427673267e79d40fdd6f12ef696fe22887d24087373f64987e48ba20e7f47d1f08871e0c22a02593156648fc106c4529d8cf17c71d473f4ad43992b1cdbf5cfaaf1ce401d5ad8b9c6bdc3c60a88a91c52f5aae74a5d25e0cd738fd80169a98b84d4d24a7e86c9d8e4c3e3ff1a9fc44a87558aeb7acbfec13a26a4b121b2cb9ae628c682aa4c44311c45a673bab25880665d6cdf589e5c5415794c4fd6b940e7a44df93a34a684183581c850fbe97ef8c1de852ea836e0db1a104b498d6dd8fdf65c606e772de2e9dfe46a418fac3c0bdd72916c951e3df04f2ae85839305be2a86aebcf4898b6e49c27df6033ad2b8651279ceb20c779716240d3d0fef3bb6c417a8c6f75398a91942d8ab11f21f5795767650a96e246c7244f8e4935e9c01349616a098ae810487d657fd095beee05a36812f39f4266f25f4508e80f19a4aec7116f1d8bc48bc2c1f0f96ff34b66a965d428852766b78f1e7eb0260bbb355cc0859af6988ff7efa0b3fede3d5f2f2147ffae4a5eb58a7585b596270334c360a1547787a95634e13d59bf53f51f48e75a6a3e48f8348f4cb495d9699dfdf8cc71668c5b9622578100f7163394cb3171fc8a6c1e7f88f08b8c3cf4b0cd9a1bc16bd1488ebe43199d97cdf4bbcde8a06a79c5af6ff2ebf1a04add74830cfac0b946514b18de249e934dd8a1a96fce085320fa857c853480170208533acd3d41c4384a932eeccd4ce7d09827efae4c0d19d00c5b48943c4d877017be59434dae6bef767fb9ffd073c2261b06c0f23a0c77a5bcb1f5738dceb6abee00bd7c649f6ebc64b4b8b948319a22ed4add48eedda8a2cd1bad6799e1d9ed778e5ce22d5fead0cd06806cb4b7b5661f9db6bcf9ddcdc9e49e0e6a8ec98fc42c660d5d75311fb9c9d06074611ebbdbea45672dd78760ed92d0e95c1d5ae234d674dc3ffaeef3d928aa4b93c0fe55fa886bd3f2371a5bb22c4dd6b8bc13250490cf279d4e56b646dec4eaa53951d55f602c1f4081d49316f6bcb35aad0453b44c7f266e99838683404859bc372d1df5f1512f35558b3706b32093b72a78a40c8a188852a0b5aca11a34ba23195cb598ca595f243c260392cd793b65dda856f81be1b54d873a0366407ac26687262d6bda693e058f598bde80e304c83dd0c2fd0e634ff15e1ca4e2918bfa8e3a626aee7b5e445aa7fae096595fe58032c993eb06ce49c1045b1f132f2c90d6e23b76076838ad7ed7a6a74245d7ad72b38bdc04e458d3908d1d272f23fe18f68ad746e5440cfbcc3b7ad477dccd6fb2db536df0e4d24480d2765e724ca06cbde7e01cd32e36681796a454c801adc1b25b501cc4aaae778f3783dad15d12e656b09bb3d8f37efc86cc7faea5e51913902faed79ae5973f4413e275f78e7e66099f9e41bd73a07445a780dde0b189308e3b83d1a3cf5aef2d3e11fcad930eb6c60ebb899b22cdbd539412b2371d28a4331394d8f29d8b16f94ffd91d4eb5c278e7f6b4024fcc7af9dfde1b3c915b06dae683760fad05d6638c6389fdd19a9b12956c11e9b9ea7d30e09b13d9f681e012f1e41746341a61b71ac6c333b29883ca2cd1aaa3c02e66c85de1e3b2b7e77b0dd1469ab9db5c17beb2d33862db20fd77de685a1e70ba55b0d9cf4b2d3d1196196b5317324e5f189605baa37493c9586b7e475865b4bb21b335e8b291b9dea17f6afc1cd84618b189567817511de821a866a00b62c62516b716cf55dcf7f5b7d7520306fe03f00cc61b7dc297886459d74bedb8ac1d05cc506db74d018c877da735481c318224fd06f349b59f69b0d2d017c817e5a1f934d263789d418eb69c772d923b01a6a4a6afbba4a6980fbf7cddd84f8e4392eaccb98cdd30488919ea6d492d32f9ca4233649117474f4116f6ca4cb762d524c0f92bbb40d3f430dbd50dba20adda8b4170a73c3b66257c412311a7bd3ea3ecca0da47a7a00ef0a464ee0a4b2402b61db833f3cfe1847b9630de47f331d575f6e3c6fb44a9021700c6d8055ea982a05a5ba6a91a41e7445fdba7ac09202fee733a5c216b3c3090991225b98178508d1985832f8e7dae58482ec0fa2215c935bd0ef9f03c0ed3caf97bf4de023605aa8535f1e88e841471bd8842084c6715a3fd3acd07ec9c43f635e5f868d82cdc6f9424ed978d39e72cc92535c2637164f15e9a67770389535ba46cbf786189562908872274ba126b313bd1c0780e9d0ca38956d1277b58f04eaa1f97ed8c6c83d9c05df0df8b43da930707a84662e480a33d1868edc9ff65368d51fda828ad29ecbd3b2cc0ddb0aad251b4736f872ba5f066617a9e9675ed7f80685544af44c677b9d39a1a353984ea4ccbf36d759b490f8dcd5621e573baaa2c03ef367f543ca5d36d1c9d33d4762bb0b1e02ec67d3511582d69b06a57d15f5260fab5ed8d9361948eabf88d9e776a18c5c4f2d42bb46373861b613db9a91ccff8fbd563ddb37f0738fa1723c23c85cac0f9eb53a41d115fe0339eed3167f59b2f2f0739cf9c0ba5769b18a213d5809bccadecee6e781811bf584c22a6557516d12bd58420f5c67c673fdf0888ab31edcee3198927b5b87a63f89f7a07d1da8cb946f0a87e7d3bb455c888f394d17694378446c9073e54368564dc546b6c930ae17afcc8360cb2e31d87ad8923f60033aa637a399707398ffa51645ab1d9963c29375c834746004ac16d24d8f006e9674e45da3d938de524857c57fd39b22678f39096309527ed22c41677a65a67dc0998a8babc9cb688a56628d09a732773d9019d92399415e93852a12d66ccbfa571837b7689c7cc50026ed643a89c8f1bdef6d01016e6e1c21bb779db52c2254f5dae40ff173943ba62ce343ec035d93d5c92c64884d654777cf6995dd0c485c7c132db383769ae1f35f1980654d2b47e92b1862f653eeb81ada4eed6c9d0fe9da3d7db5dfb4d66b2d576676beddc4394ade2acf55f9ec24aee7c4c77138e799f62deb19367ce226a66715da515479b176c9ca06c739566d279142ce2163b8835c840a3de6e2d275b5d5a948b26ec8faa6cf322c5038fc00fb0a27f0b76b5e305780c9145e99feadf571bf8d87dc93ea0f8ff3bc246b16d4e43256507abc7ccc92e113a037ab13855058ba1e0770b90f52e0740c157d68963b3d236f681454589385c6124bddf948c5aa2e147a3543c301dc6d82acb504f76239c890b7d3d76dbd7c26445ab6fe66f9f71d95f4f0d6c51533ce4b05353ef27178f6b6813366189ff4cc19cc5c9f7aca4d6b6f3b5b213e828cbf8b8b5cacb42ade1fa2594cc4ccd3457a45a5b19926f17b9061c9072fdce96afbd3f2bbecc6dfbdf9d9b3e1a621e65a7cdf0a97cb0223b220b39a88b7414ce91e5fb52f3c9c7e10199ffc8fad826d40a798ecaebbd8881c1605f986bb0af06f416280f63f3a3c28d399d13c21e6d79501cbbfcc9483a73a931e91358807fbebefd39b466cb9f251fa4fc7d5f4fd2d87d4604c9750593d3a801b963085ad7aaa91e023977742b728d292b046d0bd49f81717a686f10096e154681b85aeb81a26fa8f46bf3dfdf5dc7c7ca37aa3da37e53a105be5935640baff476453f53ffcf786894eac35d1933a5e97fb9b6d975f9fbe7914d09dc948d305005eb4aba3a9b8cdefb30dbb3300f46041db06567956ba4327280721addb17425a2b223e81bc41467cb413cebbe16818468eeb5b24b6cd79ec4787f693f3c301e5dd10747bea13bf042d6fde42d18c48fec0e3e43454799da1d5501130fc98917fed27d696ae85a39debdb67d5b3d70a82a2097095476e24211757626c91a29e917796766bc4016456c4acf0436b6c02055778ce7f34e605264f7d6d1321072c4ba341866ac6f78e9b99a30478eb7f09a17f4fb3e23184e878c2f60d2c18617185007841778c7c256750a287ec0bbdd20bd37ab50538e43a5929456d336fb46a04593765b2692ba15e7b71b97788970a7903e12088211098bd356132862a4d586508b4aac077d3acd4f77c67d9066b436d14b20d3e2870cb19cdad5581de2e08da761fc95755c43cf0dc2cff84e6a3a8fa2d0390fcfee285a133b37ac7b2fefd0d3665b1705784187e228579680be97982194329136fb72d8b61cdeaa88f3dfc835ae22167c0130529fe81043b0e1c3aebccb1f4aadc28cb484f850158504439d389d1e559ff424217dc031d422a8b7b51731db75dc541e16fed8fae14f58c1f9c8d0fb91a685245ba558c1aeb243aa728db51c3f3aa6d8f7a4a547b8d95018402283a59a45173e7696f02304954ebfb43c2215f180c8e47e433e5262e279fdb63405c81b0f128b7d6a095ff5f85690331d94d34923a3e8beef5cccbf7b208b2a0aa898f9a32b2f1bb55aca4eaaefcdf09acd871f4b88feb535be87dfdbb5ad45ff3c26a2765230011d90baa4b5d5baaac5519f9013c8fd497d57083403ee6eb0c4e23428cf3846bd34d69840d021196f9a9a4fc101016fe2d4fbf4ec23c11e9d737c5e6d2cc3da7e0981c00ea9df07ed88ab05b7821033b2d311f2fe0525176660d0a33b0eb23a57f5b1d41e2c1698ac7bfe5f59c27792f899fd39610052b705862e798a27084450edfccd180a13d8adf8072430e9305f41b0a67bd1784b6ba9450b1e872794e0b7b55b22a2f649f83270b98d0a0137694fec0d16ec2ebf37c72d9398d231a71e40c912428929a29a433dc0fdcb697f64e07540da92067b1b5a7735fb7fb8ac8da2591fa44b676bbaa32ef5e6cc11f1b2ab3b262d9bc4b2082e081ee50fe71def63cf6e2d588bb8d66a8daa8c8a30ca07d2956463e1affc76003e4bacc632cdeee50098fe80cd7485fefed6eab639d8c42a1357fefae5a5a779fad536474e3bdebf6aab699552e807ffd8a44030f439756748dee9ddf19a6cbf5f75307b03c5ef4185a31a41583fb4ca3699e06319371c5d932d6e5f4e1bf77c02c70564d2140f7510e183ba2fa7ead8a9b8cfb085a9d0fa7dbca7561bd9dc1e5c1a1da0322982ff29c0fa2cc33bea18646445cc59b44965a01570b7b739d730df8f1f2cfe3558e7102de13994d6745ef8f91965265fbe0d29c3f381e1eb9c63242962a4409ddb0a4946ef9ce5b0eda90f8365362681943247a0d87d9b7fbbdd26d4902be34068499b6e2ab2ea746634402e1065c8cb9c32a211d10fc2796f1a7045c59b9cbc4771dbf56a5c38303f93951194d06a1b8cce31dd4869a148ae90a797d09de168e47974ed9699eab3a6424781f481d03cf1046df28b454af02df72c0f56c693343a82f7f383afb3ac452200ff155444010f6c988de71e3fb6f079bc6ac2bfab6ff451242b7e3e70578b8206529816764206d47115cda77b3e356e54f825ec745017ea8c3dcb412523b754b951d19fc075ec66012cceff51da925af9079f547e840c3f2774239cce5fd6533f3ee8d194812de2d4499ef18c4bebfa8d7273307d7aa0ac09e6ebfd95ba99946a585a4bd4afef8bb0b52857e8415a32b42e0a9ccb0749599d7a43cec793b22c96b3de91534c905456b25a5972124b83c7d8f0520cd71c5544e49afab26cccacdb7e112f0af1acbcb2b68760c7538aa6c990814d7cf7bde5ddd618bfd55bfbdd968e53e28f94042fafa2796b5bf2d1be612c81dbafbf90b0728b4b06fe216aab91b8898780ab06cff75be5239c39ac836dbdb5482222e61ff5971ea492c5b5ef509720fc886f8a07a9232653d427d176574c99d65244f1618fdaab109f732e1e1295391a25f9b750c9761bbceb81d316d9f9dcd555afb762191b7e173f06a4d8f4d97ab88b9ae19f6c85c361b8b5cbe91a3493cae594063ed457f3be99772485b34d3308da4e751e58a14cf7c771d8e5be77f88c7567af095caae1eb83d259cea709ea5441047ce96f0e21faf89ed491bba5d0dcc6bc33a07237fbef2fe671447ce14e16a1cae4361938767ce65ecfe0c63e1261cce5fbf603a2537d21b50c9a3a3ed6a7cf112a0586a653b43f813912a226aa4722f7edaf8dda5553efb22721dc71924aa73bf232c2439b1d806d3beaf157442643c81ce2b551b82d63cbcd4195029e2f63aef127ed4df0bffd41665d87213512557ce90ee54fcd01078a6a19085bde6a0343595f540b1ff610bd7a5a2d695bdc5e508cbf544d15cf5920b3e405ef4e10e6651c5ffff039adde2f805143b78916188fec05cadac443c93447d23bb25b0a0cfc787754a20f7efcdee5798de939b758f238f15c23f2622b8ed682378017c8f251dda0261baa33c6262d42d6365e68e85d43a46d92aaf04acee203c09487755df49f07ea1129782b1be0feb6f011bb914266fe2cf5361c377fe33a491089f701ac61bcab2bfa3bbe8bf7b0b834dba1bf187ab78fca751b57f1bddfc670c80d83c34c3461d823d7762b45ff0accc3af21b38137276d4e4d7a5d0a075902865f17f084cfa94cc28f70ee7296e216401b172184df0e060dd61be91efcdbeb03b4a6699c88a16ebb18f3e938cb458a377e29a3f3cbdaaf121e278b691c02b6f0dc775510840b3970b1f905b421a1cb376043cc7511e70e94cc63941ed0f864b4118592878538e12e986b9abaaf2ed588ad5f0e5e0851ffc29ef21aed080eb6f35fa10052f27767d0ddf3fea5a08c14657d68a9c3e6cba422d93a6aff222c40eee9f3c9fcb03a310453b616a80c48646f7d196433736fedcfc2ff4fa1a43bf9f8fc0a0660cf9f79fd0d8e106591a2319cff5eb0a5be578d178e0e184a9eca92991ca63bf1e9c5b1c56dba3c836975a74d9eb9b763ce7c5dc753cde77fb2d048e3656a15f9aa7f9dea249c4a3dc0456b64533513e69861fcb9f4348d78acd5b8ce1f3c41271b8551ba4d5754fbb123862236bc94192a5306c29adb2b0b053cd7d4deaa1be6c61f75bca27b53765a7356dd34a48437d5e5b356d48db64749243fea9b1f44e4625fe7ce820dc9f1a6022d77198e6e917cd4f5e23622d5b3b2fafd4f9be0b85db21371f5d35c7c651a616a8351a02dbfa74f9d273a0eb7d2ab9fca254bd28509b3d6f5420108cabc42d9a5670779dfdfb78afe74cd87fdf8e3be937e6c6981eb88156f5cbc91e4b92f8d65a151ee3307cce381dc189c54a29d21c9fa9f512c50dbc9f1c0ddb43b6b10d5190b8169f9e06f7c60a2103c9c30540e0d1cab8358cf4ddf95d5e26fbed636b2f1f474b7d10426afb5aa21948f7486e0df5275ffa6c091c46c3868703c4e30e1a15a8d27a708b6d5fa7d123f1524c221fb93b5f9f8d87b0286de38c6112a05d1f07706923b531e335db326ff756acf6cf9a5e5352953d112a842d7b2f05d296f644b01bca413f2686dbdea6b2cc6dd8115e22d832af742eb801ee61f6b90f93d227b694fe474385125801d6eb58867c15246faa6c0a1cae0b05f104fb2e97476c73a79185796e0c26bb1b59527aba4b79db6ec99f1650898b996e068329d17b94730cd6ab79a3d77d80e5ed78eecc7d680b5425231357f24c46fd01732052eb18737634915131c7ffcdb0b48a35d8761c402ff5b56aa1a9080b46836e4a888c86d7a260fb6cc2f3b9f68d52201531220bbfe0e7b2890a390acb33831fa1126b88dceb126a555181edbfa4680cadb08d38abe00c91980ce68ab58274ec28eaa697f8a4d7d6db744d8c9daac2035d40a5eb565e12c8be5c2bc1d725f713d45a03ac14ceaf91bb1c5dddcac87553b9d22e23d738742e3bf994412ab153f66ddea53a35c9ec19c555a49ae1aea112a70ddc10201258536ba93ae0dc7fb60d51ffbbe9e96eb8eeea6878e3784dcd686fc0db4516249cdfcb9f6d880fdcf8f86cdadd23ea7455b3b7e3a0e8affc9b61be59814f8e32175c869adaf7dbb5acb4c994e2269d2657011e8751c5c0e6e97e9eda4e8e6c309e842c8ea01c20de3c5f4f6372cc8cb7cdf2b0e3519155e4c662fc8572c36d9d3b7eb3ee19e985bfab9eb20e077c20dec4172e584357cc54f9cd49742e0b31d1fed87812f19efa9ae81ebebb021df0c280aa9790d2f1acb94b38f268ca7861b1da63cbb86daaeac3a5b067c86fc532a1db230a29578563f16dee5b4267f9d474c81c9ad762216452cb3a37c8ed44cbaab2e4b9a9583b134da3a64390fe5f76946879a1757d127e6e10b3b3042de48189350d844ede16134c770dba47cf56483cc14e2cfc93fc11f47cd33b06b720f531efdd1ff1254966b68fc46645ec3b45c2a60427e69ba1d710f25571522ba90622315f9f0cad33f8b1a1053a45aa07964892621ecc9256b7c4e21716e546c235fdb618f339b55c377a30b61a9add4e3b5657e3433a6feaff5b67ef34771ae6d04449b5228b6b99ce7237996b307613d14602d76f21a58a55cdc71a1f348ca18265634f094012bf4eae241df634d7424de578eb4c4199de382f2795c17eefa11ac2ad4625be7263373de4bbe189d42fa51953652d433323b9e6110f00c7cb44e4e7df1e6e1cc421c5cc5e78eac4009824d73b4bf0a0340ebd883acb90e928f6034d6a44edee021abc40726df358ef83429351f46aaf10b63b0a5f4c68bdf4e425f8ce7c6a8ad95dc4874836a56a298f586a602ad7b33350fabaacfda30b80210432dc6b59cb807d50782399624d624bbb5e759c09daec8ab3afbff204f62f94754e377cca96b00ba4842d52d8f12a5ce7d1dd81b760c1c5392f739d91f8bdc8c290090fc6e3221ee69abd2648b6c7a818e8a0d04ffd83464f7b26002e4d5614392848205fc0e766713e4c65f46ec2f9d221e98fdeaa5c329d8a0e7481690164fa1ad829ce9dd2eec2fe92231b33415c3f564161353ea7f823e3dc97c9e905f40d693082be719aff77b3b35a832ed3fc16e3bf57305fbabfbbadea1d33ece1f05ba482d3dcc391e0c709c02c335a6289a8deb035fd5b99edde61f0d936631e21251eb65c1dc23574a7a8f9ba8fd0b6c958ee146954cdab3daf90c17ffe92aef5390b4e19d32fef469e9e60ef8ea16af6b66dab7de1d6ddfeeb602cd69d8f32e4d5f06bfaebe7f000d62abc793ad34d77d1369c63785e93c2ff205769589011208ed6affc73dda9287bc8f4d9e27d33038b699431f56285f92fd9f02e78745fcdca4a4840dcfc307bf8f1806146d954ed5ccc8a66edf2179e2a5356624b3b30f8f78839ddc9940794acce40290e5eb73dbb52fe1c633e88d1492aedc69b351912a0890b63eda0d8756a5b7c47c740fcd73a0f419fa363fbf0cd3fcdd38f0fd055627932c998421f086ee0cbe0520b2f2fd6d38fce1575a2c90fef9f81aa23fc7c4c5625d6f46fbfd02ac31cd1620a92c43b7884e4a050e5ef5bb9b8f9825a159bb0370c828519ef71090e09ab43ff2bd2cc75563fb9073eadcfd869f0d9b6986e4320b1986ce3f19a3f5dce202f8c13757726e5d6a9fc9e2b0b357625362fb873709fb307ee51bc58494857fdd3811f6a8aee0086b0a62da4e327c698e5639e373567d5eefc76e0d6725272527cdbc01a2b40e7511ac986e32bb7e48558756dca3b944855fd9dfdbb2358a52e53769817cad50af13d8a5941c41f6bd121cb267acdc461c500855c6f6c0750367c62dd32fa41595a6070e728f1915bab951e5536ff8230a0608ac96c2e19a5c1415209a3774c091174f575bc937d544d495370294aaffc5e6be76364c7a212bbb4ec7f3bd38db75a159b68e2b3075ae6bb68ffa02e6bfb42553b505da20f133b2855572b7e6f8f3de240d9ab1ff32b3d9825f087774f4932024be806b78f059d4b3b40414df456aef405d1cffb2f3604834dae38932d830298df7045d404f005f5edf81061850808d4998f6ce80bc7569081765875d908d4b6a0edcb434317543a4f5954a5e0e5b7c4da75cb369e2810e2aebf950b973ad3380bca5d0de8311e59a6ed3f01d8f7c1b39060fddc7ac1febe659626ed7ad27dcee7b3d409b9f84e4f55ceb2e462f55627857f8c485c35c9abdc2fa87c4281365790ecdf1971f3a285ea0bb2038ae91d927729f4bf847bf0fc724b002cb029d2a57b89218bd4a763ab01902b7b48cb609cf3b9ad8fb568aef0ceff20c5def1a4faee11d33d304e2227b83f3ab06f0b9fa5502b1d9c6fe2a34bf9abb9a5b13928800149488cead47e48c754c75a061d5ea8a515f7f55611b0c048b88c9772ca4b1eb3d6fc931801990f1611e9b1171223527dceccfe8cfd72600a88a8486e088e21c30b997af1b60b55bc5443cecb18c2dcf54dbca3ac34f10ad2be9d755679519bb674b42904be579df62436bcf06de4cfd636d592840d674d11195edeb4dfe61370e9a9453378957fdecf2115ee008224fb8c97fcd051ddb1ed8d0419b950f2cd085bf1debaafb2a46cf65be863939cffde741797fdf64c17f3b447464be0e6bb90324c4c65b3cf66958a15d537a1675dffbc4e41f7a6c92ed27c5ef0dd0dcce6f96225b4e0ece510ce00f9611e395215e116026499dce3417cee3fbde0106b2a6fbd5937423124f6549c2206afc2ad1df5bedcc5e1371ed2b9f09f76576589450b09dd990811c59c3f848c1a4fccdfe686968903edffbc010eb73f55ac5a675fa3db70db12c826c8b7360617d8abeacefa6e2a8da62e4f304543cc9217fe1b0ec4fb044ca849802c4a140b91cc056d566c8670e4600941a54b2eb8643ff206c3401c0bd9838a025545227ae3e6bcb47fa3dcd1b40d8a0917f63744fb1ec2b72211c6cfda13248b2d0b4232e4fe7015cc42d4928f07ca9161640102f22236cca7ca3b81ffc81c4ff20532b5203e0d94771b8d0ec70e637135fdbb788fa8b4704e11d3c6083a45f51efd8560c0e63435516586aa82eaa998c140767d3ce35491e301c12f74583c61cd4d2ef1caa6fea3e353637cdeb3332d964155c9d32f826829a7174ab06c44e32063e46ce742b7027cffb8999302b602949c60496a0bf3c7cdf859d4ba51102674414867af614cffb88ac177dfbdb6131f7370dcb851002cec1742fb1561257716850c9ed3b075a6c023bcf05b5d580ac8e5d7ab7e5b1723212c681989e5f91958b635e0d076634584920c1b98d7f6ea0ddded6be9eb74de778b3c57c36b18e0c56c3a051014e09fac70ce6a7b0f042f5eeca8b8885e500bcb41f6fd974e5f6888859abdf3600706a3de9fce060c3069600c63106aff24210461c5d3423fa4e350041fd166902ad86bdba8cf965917f7e3ab019e1911d8013dad576465319c4e04b89b5ee1d07f54705718592d6aa453558294743daa8dba33159fb0e291829ac220562b007597e067e5f65841563673b69cc1d549f50e9efbdf256d797fe8c7d09596c167a45d", 0x2000, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r2, 0x45809000) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000200)={0x14, &(0x7f0000000140)={0x20, 0x6, 0x52, {0x52, 0xd, "d009a58e45b9ce7b5408c069cc915817300785146e91c3d1547de3b5202f4ed59f5487b150e8301750f99224047f37ed91813f303184b757f5d339b4df5d73923b31cce7139ac5abbb8a738cd203b4fe"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x40, 0xa, 0xb5, "0d2622075d073b9974280d4d3ffe4669a2296d24aeaa2b21bdc78eab430133ccd699a1b4c637f0d4dbf87d6b763bbd3a4970081af5df1d68a63df06d66dc397c09aa1d013e7ac174871b4bfa240baa4d5eadaf62036681f4af49d4e1c38b9c72afa6a956b5f4fd549387feb07765aa2fcbc8169e3bd2361daeaa41aaaa6139ecc1604a55fbf4a30b608ffdd30b070ec2e9803bd9115b8c873e3af05225454fcf34ef0c33578d65ab1af371212308e04f0f54d9be11"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x70, 0x22f6, 0x1, 0x9, 0xc, 0x7, 0xfc3, 0xbb, 0x6, 0x7, 0x0, 0x360a}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0x3ff}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x84d}, &(0x7f0000000480)={0x20, 0x87, 0x2, 0x5}, &(0x7f00000004c0)={0x20, 0x89, 0xa, 0xfffe}}) 2.854975095s ago: executing program 3 (id=902): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000)=0x8) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)="b54da97ad4455a7589da700e7b3930cf3e08acf7bb59936ff82bd8f5939fbeac555b7c5adbc0ba23d09079392db3fd846c540027ce570c824a3ad46b4539bf3878336b2e67003dfa51cff688290fbb62dd482a4290732d6a1043ea29203d503475a50fb053f62fd04a2ae39bec80b17f2fd2896e78a080ca6aff15aea2c5ac91a3da7c99820ca9876fdc1e2ef6755cbd8be5ecff11e876bb687ba40c579fa592c7c2f419f77c0279145b75d7c507ed74b8fdcf1361594b9f61aeb6c7daf2e5b1f03ab2a9d1877a488480a10b0f952e81017c7dd1d887db1ceaff91131b", 0xdd}, {&(0x7f0000001480)="91adae1bcb0d2ff55b8b775a64a90e8119c0c1c4449bf8f3b9ec1d1f517a062f4087dc310de7f9f6b171774ca5c3954769464f10b6463381601478a5e19281c75ca8a3baa988a8e847e9b533b7e05afe645bd2dda561cd84563fc40176bbf1258cac6caaccf92555e75d0b7714e53ab8fdd64385e92cbf6b222a7823f6ce629cbbf16858cacdbd4308f76de6b4150a27", 0x90}, {&(0x7f0000001540)="c59e6722ec13a5ecd23386a50b9aa3766ddfa6522a717bb0684ff252f48c6f01ac5b4f0e1ff9d4b5e09b8c3ae696d691180653b536ed83ad8eab6355cb8356a5da39ca5c4af2232ea510a66c534fea4c6ae5f8a81becc4f20656e1fe76b4072d042cd382f953e89f1e70fa679de9384f2f9454d6c5732b65e644d857afc646bc1ebf86602a769af1f73d4c350d6eb7a8277fb9e48cb7cb891145e958fe508dbb8b0b1c69d6b6b66c067e1b16e7a1228e29cb7d34da6656cffb7b9491d3d74b094d7d82b7036d1ee3908a28fcb394c903a1b087874d53b2f92f", 0xd9}], 0x3, 0x1) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) splice(r2, 0x0, r4, 0x0, 0xe, 0xa) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) creat(&(0x7f0000001380)='./file0\x00', 0x4) mount(&(0x7f0000001400)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='romfs\x00', 0x0, 0x0) 1.283901488s ago: executing program 2 (id=903): openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000020c0), 0x2, 0x0) landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x18, 0x0) pipe(&(0x7f0000000600)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35f5ff00000000000700ff020000000000000000000000000001"], 0xfdef) 1.19684421s ago: executing program 0 (id=904): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00)) sendmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a5", 0x1}], 0x1, &(0x7f0000008380)=ANY=[], 0x20000}}], 0x1, 0x24004851) 1.159396851s ago: executing program 2 (id=905): creat(&(0x7f0000001380)='./file0\x00', 0x0) mount(&(0x7f0000000180)=@rnullb, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='jfs\x00', 0x8010, 0x0) 1.017282258s ago: executing program 0 (id=906): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000002480)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf0e3a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b1794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746063d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c5169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a60000564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9de9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc549000000000000000015a34abef947b5b9a950e780662de18873e55899c92db3ad00437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb00800000000000000ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c040000002b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e400", 0x1000}}, 0x101a) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x100, 0x0, 0x7000000, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3e06e00d96072081000000000000002000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a03c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x200000000]}}) 1.017172556s ago: executing program 2 (id=907): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1709000000000000000001000000050007000000000008000900fffffffe060002000000000008000a000100000008001800ac1414aa080019"], 0x58}, 0x1, 0x20}, 0x0) 923.024427ms ago: executing program 2 (id=908): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) (async) r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\x01\x04\x00\x00\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x8, 0x80002, 0x5, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0xd, 0x0, 0x0, 0x800000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x3, {0x5, 0x0, 0x2, 0xfffffffffffffffc, 0x0, 0x0, {0x0, 0x2000000000, 0x0, 0x2, 0x0, 0x0, 0x4, 0x4, 0x4, 0x2000, 0x7, r2, 0x0, 0xf0ee, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) open(&(0x7f00000001c0)='./file0/file0\x00', 0x1800, 0x0) socket$key(0xf, 0x3, 0x2) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x8, 0x8, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) 347.992253ms ago: executing program 1 (id=913): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="000086dd000411001400000000006eec00be00446c010000000000ff00000000ffff7f000001ff020000000000000000000000000001"], 0x7a) 253.278284ms ago: executing program 1 (id=914): clock_adjtime(0x0, &(0x7f00000001c0)={0x8b8d, 0x1000000000000, 0x2, 0x9, 0x0, 0xfffffffffffffffd, 0xe00, 0x0, 0x0, 0xffc99a3b, 0x0, 0x6, 0x0, 0xb000000, 0x0, 0x0, 0x0, 0x10007f, 0x0, 0x0, 0x0, 0x60d2, 0x0, 0x5, 0x1, 0x2}) 223.333053ms ago: executing program 1 (id=915): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000240)=0x3, 0x4) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x125002, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(r3, 0x3b88, &(0x7f00000001c0)={0xc}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r4 = accept4(r2, 0x0, 0x0, 0x80000) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000980)={0xfe0, r7, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x8d}, @NL80211_ATTR_CSA_IES={0xfbc, 0xb9, 0x0, 0x1, [@NL80211_ATTR_CSA_C_OFF_BEACON={0x12, 0xba, [0x5, 0x6, 0x8000, 0x2, 0x4b, 0x9, 0xae5]}, @NL80211_ATTR_CSA_C_OFF_BEACON={0x6, 0xba, [0xffff]}, @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0xbc, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xa5, 0x3, "081e492cd08c88e67951c9e0a5d3d9b5ae2a47cc062d39976be7de0f99c78612a9fcad3a74fbf5eb9cfadec1ec3732a00f53409e1a614719929bb5b7b9de7511afd9b4c2c56def0374f06d2cad184c90cac91c30ef3e11e26af5fdce3f7d4b41608ff56d9eba22b8881b5834e1eb0b4662787c956d491f1a03cf258cdec8429bf3886d311089a62ea9f7317ecdf635705d844fd46f0f7e303e55d0d1f1857e6000"}, @NL80211_FTM_RESP_ATTR_LCI={0xd, 0x2, "abf83c359c1b709d19"}]}], @beacon_params=[@NL80211_ATTR_IE_PROBE_RESP={0x7, 0x7f, [@dsss={0x3, 0x1, 0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x249, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x2}, @device_b, @device_b, @initial, {0x3, 0x6}}, 0x8, @random=0x9, 0x100, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x30}, {0x9}, {0x48, 0x1}, {0x6c, 0x1}]}, @void, @val={0x4, 0x6, {0xfc, 0x6, 0xfffe, 0x7}}, @val={0x6, 0x2, 0x4d86}, @void, @val={0x25, 0x3, {0x1, 0x78, 0xfc}}, @void, @val={0x3c, 0x4, {0x0, 0x3, 0x40, 0x5}}, @val={0x2d, 0x1a, {0x1, 0x0, 0x2, 0x0, {0x6, 0x0, 0x0, 0x277, 0x0, 0x1, 0x1}, 0x1, 0x0, 0x2b}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0xffffffffffffffff, 0x1, 0x1, 0x1, 0x0, 0xc5, 0x11}}, @val={0x76, 0x6, {0x8, 0x1, 0x1a, 0x371}}, [{0xdd, 0x9e, "299cef4163785088527e7858eb0a7e1b27b76fd88244cf2ea5af4ff59538eb3de66c9b43c82b8763e50f12447d469fb995cd3326d0728ed5a35f5688cda5b1a00505a56bbed32b085c2239d96db4e167ce248c7f18cb8e57631a6e2f72ab810b3382468173d7e15316c8b012ed86aadd8ca3ee97e79e14c55d67c10aaa47c720093fde00629704618b04212f364910eb9c425488a953449059f223ec748c"}, {0xdd, 0x81, "c120b03dd28e736ce801bcf4ab686b8a2fefbd3a8d43140de976a56c7864e7d2272ccb82314815d06de6cbe0d7ffacd3fd67a48dc0af1ab50c51ed581dd4fcd7fe581ed46f775581a0cf9a07c06ea2f1647b6e5660541a26b61d7f55b21b22be436754fb25e10fab089613cb59c3a7281a13eb3e1fbb55d1d57ef1b65315d4dfbb"}, {0xdd, 0xa2, "e37e2372d43de03cf965b529e09c898ebd33f8430c61652d1f9e691e3f0b7e21f9a7cdeafe26ca8d76db38eefa2c23d6d1dbc940d31172a9b22fd55e56d35437b9b3e611c45d2959f88160fea1943015dd245cce73fc75b8663289ba3acbf3102944ce40d5324a6c5f4abcea7dfbf1de2fe8bf48a657c484d218f9b2cbac175e0b51a9d3018ce62bae0c677725ac226c1bac714a3a7c0be24255393dd32b2365abdc"}]}}, @NL80211_ATTR_BEACON_HEAD={0xe1, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0x9}, @device_a, @broadcast, @random="82768bd5effa", {0x5, 0x7}}, 0x8000000000000001, @default, 0xc21c, @void, @val, @val={0x3, 0x1}, @void, @val={0x6, 0x2, 0x7f}, @val={0x5, 0x97, {0x7, 0x40, 0xe, "d8cb8f1f495101525bed4d8c5ead4c11d9b24552ac8afb37d40df18a05d5dd3c8f9b26592d48b92bfd7d28ce568dcd2f559806e8599660baf262453667cc99e45c5c9c410a6be0b87abb5820c857ed609c659ffee82d965d00f01e0050c28fe8b9c50a3844e2827fc478653ae71e3f4ac5e2ed62b5c44130ff92acba3fe9bea71ff94e6ec239fb4c69928d20e2dc2c6a12c27970"}}, @void, @void, @val={0x3c, 0x4, {0x0, 0x0, 0x1, 0x7}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x5482e668ee86c2cc}}, @void}}], @beacon_params=[@NL80211_ATTR_IE={0x14d, 0x2a, [@random_vendor={0xdd, 0x5c, "59dfb387d0a6efc1497e990cac981e37cdd8f4403e8fc567b661aca4e0381faa45ff6f80a80d086f4ba115a10cfe9354fdb5210e032dd099b31fe9c97aae567c2b03c6aae15092fcad115825663917295a2dd441f7ecc7fa5f486822"}, @measure_req={0x26, 0xe9, {0x7f, 0xaa, 0x7, "e65460ea76cb57ee4aeeb2be8ba0d37917f4f42877a73a993ef193817e96d3747a216b89f8130db8e07deebcfd1eab3c35367005cfc417da1ca8207b3b0647b10f0463bb64dc64377c57aa056ec615310eaf68c8db596cf2da230c0a31e5c3d3e32b206944cd3349f5efb9a82e6efa72546228804fd9d0ef9fffa46e2cdcf55be796ac57f7d1a87bca55365f6f7dbc79ca7dad79e2cf9cffe79a54c9127b3172aa01e7ae21657137d454880760461d53aef1cd6e84d16af803a81eecd0cd7195165ed3a861df5a338d0785c2eee3d1244962a678b61ff04503351ba0bc522addc47b4fc6a5c2"}}]}, @NL80211_ATTR_PROBE_RESP={0x395, 0x91, "ff64a398bbb1c52b95d241ee0239d8e7856928333226b96f8b183c1ec8e8b9f7e41e286edc01d12ccc867d4de5e4ce1b3243f1725045fec8666e472c8866ef69d53414cdce2e7bd951c5da4a593e29171deeb02c5eef8d6fc87d45851b3aef75476d0453da652c26c664116f0fa70bf7b38d74e12d15418a3124e8eef7949a8815132bb216fe0c1d079c0fb2f79c31346da1ccbb0e6fbcac1c0a1267e89d16c674369b3eff44d00534f29414b457e5131d0e86eeec22de13f492c1e7e3125dd0ade997a97af335b5ce10674a90876003714cff5105359d3e780c291d78d46fadf88d28b0340282d3249cf0252be5987dda61f104e016e40d59f8d70e2518ab0a914c4bf5b5670b91d5a7951aeb7f52284240a2335e226727d73ab3790dad7fd8560511363ba2715a852c253bb21de66f18f322563e75b4f01696012ca4610fd1e2dd2441044cf30f208cd48143b1c11c3d162b0195c98ec3427437f4daeec240e563d34987202e95d23400da938723d5c9a8577b1f3153771578239c10e32023eba8b6ec8868ae7f7cc5a66685cb0815a9809d23c623b7ed9bf6590cd1a2d9676adda79b80264ad8543c854e6d2f4e26cad8f2001b637c4c5ddef802dbc988f4c285d761485914b836009df3cca7e640fbcd52dc77ae3d2aa487b996b88bfab56699cc4e2bd5253d3e1d7b56fa6d305643a5e42081dd7e4d285bfb5fa3e75f62fb88dbd3d37c16cca8adc1ea8a578b560b79fa6d5b279ee0e65eaef66009d3001a0faf2604c81a6acff52683467f43963629ae731595d6ff620aee141e844130d1bf6bd9762ebbb7263236bd7ece3fd44d31a3ca0317898ef9a1581c0693ffc180e1aee7b25af4239683623a2eb3d547aa0d9606704090b9ae0f53c8c34d7f08f4f216337cf05e1ffe93c60980deff5366dc1a0731873015eec4f12fcd7434dd49be4e6c5141fc09b27640b34afbb9f6551b0a058b0d95125699c2a1895da59694cf2ccc65478a42b16e4e08a9e6c13c823666047789e446dd1eef9487672ffc54268069db84cb44c6b33ab032e9c068573255dbbee7824247518464f31134a58cdee3e46452e2b23fbc70b0b689fa7c718177c8f5b18f0a5e6a95a5fde727383fa222746190dc6cf14ea83f7ec00d444c1961b45ca2079377f9139f58b62d3b235fd9e3759868fa9b53301afab7021c91c2c34bef5a3c14affe405bd62ad8d120982659310fa95f358fbb449c58bb420123140c091a81cc5d49fc70e7ad8c2b4dbc44d1a8e19b15e5d34b05e5a9bc98fb"}], @beacon_params=[@NL80211_ATTR_IE={0x15, 0x2a, [@challenge={0x10, 0x1, 0xa6}, @mesh_chsw={0x76, 0x6, {0xf7, 0x3, 0x30, 0x3}}, @ext_channel_switch={0x3c, 0x4, {0x1, 0xc, 0xa, 0x3}}]}], @beacon_params=[@NL80211_ATTR_FTM_RESPONDER={0x160, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0xcd, 0x3, "0aace53823ef6d2509600b84857460907cd97cf14a478c9271673b20c00b530c502a46feced50109c0d77ecda0f2934137fe7d7edeff47e19f3f9138bf4b7a3f7dbd0248e2bf210a6ac60bfc5d614de4272306927f99229eba81f3abe460ca787673de19688c8a82df46b0f34f0d0c880c71e0087f5bc0f4e5915596b2d4015919fda56c9697c80527e5c271e8cab36180e44a1a068180cff08fbde4851c4d7059d552b04a19d5248551c284cc43f02b44c355fb2f5a677ee1fd20d4e76a8a27d98e5866f0bf8364e8"}, @NL80211_FTM_RESP_ATTR_LCI={0x3d, 0x2, "aa64fd13d4552237ddb390f2fadf4bc7e04f1254a35c723e2a039bc2e02599ce7754e5acef2ed4d1b6735078991f37a2a8b52761561fc73c5c"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x42, 0x3, "54769e3bf725fcb353e8946ec697cb5d9c88899b24dd7bd30a060d02a64650045ae3971b1671416e294f39d7cbcea94a4446d22451aee04069323b7c00f4"}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}, @NL80211_ATTR_BEACON_HEAD={0x215, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x4}, @device_b, @broadcast, @random="ada3a6254ec5", {0x8, 0x9}, @value=@ver_80211n={0x0, 0x1, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}}, 0x1, @random=0x17, 0x4, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x2, [{0x18}, {0x3, 0x1}]}, @val={0x3, 0x1, 0xc}, @val={0x4, 0x6, {0xc, 0x3, 0x8, 0x51}}, @val={0x6, 0x2, 0x3}, @val={0x5, 0x73, {0x1, 0xc8, 0x4, "5824c39f05e15f41b03eaaabc9f81dd18fbdf1ed491cedcc4efba71f937a0deedcba6a3193e17a07633b57ae937c8dc8190e4896751742ac5bceaae12b148600626ce59697d682a816b719f548fd0671e026ba3e2b333ce861391758ba7f53665bcb6a6ef17645555d6d94ce88ed8f55"}}, @val={0x25, 0x3, {0x0, 0x2c, 0x4}}, @val={0x2a, 0x1, {0x0, 0x1, 0x1}}, @void, @void, @void, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2, 0x10}}, @void, [{0xdd, 0xc7, "d7e7b37ae541a53c0aeeb3fbf4e9f6c69f9bbbaf572270facea4ca8cecfe5974017f82858b1311b9e6b10242388b1df89ed14b2856976aec2d0c2d292cbbed99172f6a2f2ee125787b7a2f26f480eadf2351c956702d9ee1d799b6f974318c5b0698caecbd80288afa33e264ed6c28584bfd7fb2e188d678fc8c1d39408baa096cd7e131a5d6c4a46205467c1650ad7162786ccf58ba4a8c577fbd5786e50bed28ca30571289b3329a750040bc2541fb77d1d0ec8e4b4a5584636076255b220e5462730a06ea9e"}, {0xdd, 0x15, "7743fc25dbae4220bb265ce6fb0315139282e1aa56"}, {0xdd, 0x66, "61249fe94e145de9d9107a5d2074c7b57eb4fdedc3ba9d49dc0272da9fdf0b5c8738433ffeb093596d83ed12c608060c73fcd2f6c7f59322d465d68fa97d332e03ce0c93054e5ff2a8a7e6a1a4482866263f6242115b8e0ad6fc609ef340287d763ef8cf14bb"}]}}, @NL80211_ATTR_IE_PROBE_RESP={0x1a1, 0x7f, [@ssid={0x0, 0x14, @random="0f85efa77a2a60c40d983970057f1951d8fb37ad"}, @measure_req={0x26, 0x4d, {0xe, 0x0, 0x3f, "4129bf900eca4a0cd5361fade1fb3c9b91ff99813ce9b418a1da4f766581964f4e6269e39ea919820ce6dc479705f689139fd18d484745d75eace4dba2c27a31eb1783688110a658fce5"}}, @chsw_timing={0x68, 0x4, {0xd, 0xfff}}, @chsw_timing={0x68, 0x4, {0x7, 0xfffe}}, @tim={0x5, 0x39, {0x6, 0x19, 0x1, "d64eb4f507f0099799fcac3084edead1acaee8e130b8f2c4356059b185b60ecf914d8527785cbea41a175ea7eb9969e3620ab0f01149"}}, @perr={0x84, 0xef, {0x81, 0xf, [{{0x0, 0x1}, @broadcast, 0x7, @value=@device_b, 0xb}, {{}, @device_b, 0x2, @void, 0xd}, {{0x0, 0x1}, @device_a, 0x2, @value=@broadcast, 0x2d}, {{0x0, 0x1}, @broadcast, 0x870, @value, 0x1b}, {{}, @device_b, 0x3ff, @void, 0x35}, {{}, @broadcast, 0x0, @void, 0xa}, {{0x0, 0x1}, @device_b, 0x0, @value=@device_b, 0x1b}, {{}, @device_a, 0x8, @void, 0x1d}, {{}, @broadcast, 0x10, @void, 0x41}, {{}, @broadcast, 0x400, @void, 0x2b}, {{0x0, 0x1}, @device_b, 0x80, @value=@broadcast, 0x10}, {{0x0, 0x1}, @device_a, 0x0, @value, 0x1c}, {{0x0, 0x1}, @device_a, 0x100, @value=@broadcast, 0x21}, {{}, @device_a, 0x4, @void, 0x5}, {{}, @device_a, 0x4, @void, 0x10}]}}]}, @NL80211_ATTR_BEACON_TAIL={0x9, 0xf, [@channel_switch={0x25, 0x3, {0x1, 0x24, 0x7f}}]}, @NL80211_ATTR_PROBE_RESP={0x17d, 0x91, "0b9b6516ec8e8a77a7ed7896912aad6ad21ea30cc323f607d70b0189a4fd1f33ea67869fcd7d19fcd39649ee18a91cb12912d52cfae245d92af5b87c2ee1c6d01c28a43776369f4fa5095eafb4e8d3dd12d3de102b2b38b884b507ff1d521fad06df6870d00e1bb0e93786556891760bd9e35d2a8b4e454346d458edbdff8c8cf653e3c9c7ac56b37c19f53cc498d66f6c9a19467b8dc9462259caad18361b6a07ecb933c47a2aa2d351215bbea3fdd353baa030caa7e971cf178a33272d56e822c4f2ea1002e905e7c4df68fac54f1dc8945f8282327362ab623e979e5159fa5120331475fada08b815e7e28b060914cec6cc04356e56320c8131ce5fe459ddc052b87087c772c7d59b4546a126e9b1436ea51606fdd82cc42d8bb86bc22631a5b2273ff786b5072db830fd3eda63bf9b41b7612578800e6f0f1a4cddfd0dff644621ec86970a043c371f42bb88e0ed39601e6bcc5abbb863650bdfdeeb8defb31303fcb8d20f9b1326b860d628d560f4436ad42d3ed7dafc"}]]}]}, 0xfe0}, 0x1, 0x0, 0x0, 0x9}, 0x4000004) r8 = accept4$alg(r4, 0x0, 0x0, 0x80000) sendmmsg$alg(r8, &(0x7f0000002980)=[{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="cb8e363f2486d7bf4a8bc2f5e05a86875d8788e66617e2cfe55a2fcdc8c9b3cda2bcd2cb5f68b5c1fc763d40600b", 0x2e}, {&(0x7f0000000240)="954c", 0x2}], 0x2, 0x0, 0x0, 0x4004}], 0x1, 0x200048d1) mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x2208080, 0x0) 0s ago: executing program 2 (id=916): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00)) sendmmsg(r0, &(0x7f0000000880)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000140)="a5", 0x1}], 0x1, &(0x7f0000008380)=ANY=[], 0x2230}}], 0x1, 0x24004851) (fail_nth: 5) kernel console output (not intermixed with test programs): _hcd [ 104.755905][ T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 104.764875][ T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.776897][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 104.786474][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.790303][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 104.812626][ T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 104.814524][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 104.834514][ T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 104.847302][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 104.848280][ T24] usb 4-1: Product: syz [ 104.857298][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 104.857347][ T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 104.857367][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.860031][ T9] usb 3-1: config 0 descriptor?? [ 104.872286][ T24] usb 4-1: Manufacturer: syz [ 104.916181][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 104.921438][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 104.937290][ T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 104.943446][ T24] cdc_wdm 4-1:1.0: Unknown control protocol [ 104.971900][ T6745] binder_alloc: binder_alloc_mmap_handler: 6744 200000ffd000-200001000000 already mapped failed -16 [ 104.984635][ T6745] binder_alloc: 6744: binder_alloc_buf, no vma [ 105.160372][ T6752] netlink: 'syz.1.274': attribute type 2 has an invalid length. [ 105.199914][ T24] usb 4-1: USB disconnect, device number 10 [ 105.289923][ T9] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max [ 105.309419][ T9] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 105.467767][ T6762] netlink: 104 bytes leftover after parsing attributes in process `syz.0.278'. [ 105.742055][ T24] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 105.848379][ T6776] FAULT_INJECTION: forcing a failure. [ 105.848379][ T6776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 105.862469][ T6776] CPU: 0 UID: 0 PID: 6776 Comm: syz.0.284 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 105.862489][ T6776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 105.862497][ T6776] Call Trace: [ 105.862502][ T6776] [ 105.862508][ T6776] dump_stack_lvl+0x189/0x250 [ 105.862526][ T6776] ? __pfx____ratelimit+0x10/0x10 [ 105.862543][ T6776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 105.862556][ T6776] ? __pfx__printk+0x10/0x10 [ 105.862578][ T6776] should_fail_ex+0x414/0x560 [ 105.862612][ T6776] _copy_to_user+0x31/0xb0 [ 105.862628][ T6776] simple_read_from_buffer+0xe1/0x170 [ 105.862649][ T6776] proc_fail_nth_read+0x1df/0x250 [ 105.862665][ T6776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 105.862680][ T6776] ? rw_verify_area+0x258/0x650 [ 105.862695][ T6776] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 105.862709][ T6776] vfs_read+0x200/0x980 [ 105.862727][ T6776] ? __pfx___mutex_lock+0x10/0x10 [ 105.862745][ T6776] ? __pfx_vfs_read+0x10/0x10 [ 105.862760][ T6776] ? __fget_files+0x2a/0x420 [ 105.862780][ T6776] ? __fget_files+0x3a0/0x420 [ 105.862795][ T6776] ? __fget_files+0x2a/0x420 [ 105.862818][ T6776] ksys_read+0x145/0x250 [ 105.862834][ T6776] ? __pfx_ksys_read+0x10/0x10 [ 105.862846][ T6776] ? rcu_is_watching+0x15/0xb0 [ 105.862864][ T6776] ? do_syscall_64+0xbe/0x3b0 [ 105.862884][ T6776] do_syscall_64+0xfa/0x3b0 [ 105.862900][ T6776] ? lockdep_hardirqs_on+0x9c/0x150 [ 105.862918][ T6776] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.862933][ T6776] ? clear_bhb_loop+0x60/0xb0 [ 105.862950][ T6776] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.862964][ T6776] RIP: 0033:0x7fda8718d33c [ 105.862978][ T6776] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 105.862989][ T6776] RSP: 002b:00007fda880e4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 105.863004][ T6776] RAX: ffffffffffffffda RBX: 00007fda873b5fa0 RCX: 00007fda8718d33c [ 105.863015][ T6776] RDX: 000000000000000f RSI: 00007fda880e40a0 RDI: 0000000000000004 [ 105.863023][ T6776] RBP: 00007fda880e4090 R08: 0000000000000000 R09: 0000000000000000 [ 105.863033][ T6776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.863041][ T6776] R13: 0000000000000000 R14: 00007fda873b5fa0 R15: 00007ffee90a4ce8 [ 105.863067][ T6776] [ 105.981672][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 106.178198][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 106.196470][ T24] usb 2-1: config 129 has an invalid interface number: 71 but max is 0 [ 106.215459][ T24] usb 2-1: config 129 has no interface number 0 [ 106.232783][ T24] usb 2-1: config 129 interface 71 has no altsetting 0 [ 106.255337][ T24] usb 2-1: New USB device found, idVendor=2013, idProduct=0262, bcdDevice=5b.8b [ 106.278612][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.297029][ T24] usb 2-1: Product: syz [ 106.307642][ T24] usb 2-1: Manufacturer: syz [ 106.317776][ T24] usb 2-1: SerialNumber: syz [ 106.351609][ T6790] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 106.360389][ T6790] UDF-fs: Scanning with blocksize 4096 failed [ 106.450092][ T6792] tipc: Enabling of bearer rejected, already enabled [ 106.505406][ T6794] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 106.525014][ T6794] VFS: Can't find a romfs filesystem on dev rnullb0. [ 106.525014][ T6794] [ 106.597383][ T24] usb 2-1: USB disconnect, device number 12 [ 106.659066][ T6800] netlink: 4 bytes leftover after parsing attributes in process `syz.3.294'. [ 106.786147][ T6805] trusted_key: syz.3.303 sent an empty control message without MSG_MORE. [ 106.924234][ T6812] netlink: 20 bytes leftover after parsing attributes in process `syz.0.298'. [ 107.063299][ T6818] netlink: 20 bytes leftover after parsing attributes in process `syz.0.300'. [ 107.277489][ T30] audit: type=1326 audit(6881821110.938:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6825 comm="syz.1.305" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0 [ 107.329672][ T6830] netlink: 'syz.1.305': attribute type 11 has an invalid length. [ 107.356524][ T5874] usb 3-1: USB disconnect, device number 9 [ 108.000369][ T5874] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 108.170472][ T5874] usb 1-1: Using ep0 maxpacket: 32 [ 108.181807][ T5874] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 108.209863][ T5874] usb 1-1: config 0 has no interface number 0 [ 108.224091][ T5874] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 108.241617][ T5874] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 108.246373][ T30] audit: type=1800 audit(6881821111.909:4): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.319" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 108.271033][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.271059][ T5874] usb 1-1: Product: syz [ 108.271071][ T5874] usb 1-1: Manufacturer: syz [ 108.271082][ T5874] usb 1-1: SerialNumber: syz [ 108.273814][ T5874] usb 1-1: config 0 descriptor?? [ 108.344479][ T5874] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 108.363483][ T5874] em28xx 1-1:0.132: Video interface 132 found: [ 108.646027][ T6878] netlink: 'syz.3.325': attribute type 27 has an invalid length. [ 108.763749][ T5874] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 108.820634][ T6880] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 108.855869][ T5874] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 108.873131][ T5874] em28xx 1-1:0.132: board has no eeprom [ 108.891301][ T6890] tipc: New replicast peer: 255.255.255.255 [ 108.898281][ T6890] tipc: Enabled bearer , priority 10 [ 108.934885][ T5874] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 108.953854][ T5874] em28xx 1-1:0.132: analog set to bulk mode. [ 108.969049][ T24] em28xx 1-1:0.132: Registering V4L2 extension [ 108.995802][ T5874] usb 1-1: USB disconnect, device number 14 [ 109.028102][ T5874] em28xx 1-1:0.132: Disconnecting em28xx [ 109.157643][ T6899] vxfs: WRONG superblock magic 00000000 at 1 [ 109.186271][ T6899] vxfs: WRONG superblock magic 00000000 at 8 [ 109.206895][ T6899] vxfs: can't find superblock. [ 109.235462][ T24] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 109.252449][ T24] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 109.271468][ T24] em28xx 1-1:0.132: No AC97 audio processor [ 109.282869][ T24] usb 1-1: Decoder not found [ 109.287513][ T24] em28xx 1-1:0.132: failed to create media graph [ 109.328837][ T24] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 109.353555][ T24] em28xx 1-1:0.132: Remote control support is not available for this card. [ 109.369570][ T5874] em28xx 1-1:0.132: Closing input extension [ 109.405316][ T5874] em28xx 1-1:0.132: Freeing device [ 109.429876][ T6910] netlink: 'syz.2.336': attribute type 4 has an invalid length. [ 109.493488][ T6910] netlink: 'syz.2.336': attribute type 4 has an invalid length. [ 109.629142][ T6919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.341'. [ 109.815299][ T6929] 9p filesystem being mounted at /94/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 109.898051][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'. [ 110.129652][ T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 110.291175][ T24] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 110.306165][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 110.330711][ T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 110.330766][ T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.332699][ T24] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 110.332726][ T24] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 110.332745][ T24] usb 1-1: Product: syz [ 110.332757][ T24] usb 1-1: Manufacturer: syz [ 110.342869][ T24] cdc_wdm 1-1:1.0: skipping garbage [ 110.342889][ T24] cdc_wdm 1-1:1.0: skipping garbage [ 110.345060][ T24] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 110.345078][ T24] cdc_wdm 1-1:1.0: Unknown control protocol [ 110.392186][ T30] audit: type=1326 audit(7049593274.063:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6955 comm="syz.1.357" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0 [ 110.494541][ T6958] netlink: 'syz.1.357': attribute type 11 has an invalid length. [ 110.548339][ C1] cdc_wdm 1-1:1.0: unknown notification 63 received: index 770 len 2305 [ 110.570054][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.578730][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.619580][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.662854][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.706511][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.729941][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.748377][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.763389][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.789902][ C1] cdc_wdm 1-1:1.0: unknown notification 63 received: index 770 len 2305 [ 110.802250][ T6961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.824774][ T6961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.891214][ T9] usb 1-1: USB disconnect, device number 15 [ 111.193151][ T6983] netlink: 'syz.2.366': attribute type 27 has an invalid length. [ 111.279040][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 111.362392][ T6989] netlink: 'syz.1.370': attribute type 27 has an invalid length. [ 111.371073][ T6991] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'. [ 111.385180][ T6992] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'. [ 111.386050][ T6993] netlink: 32 bytes leftover after parsing attributes in process `syz.3.369'. [ 111.439390][ T6991] netlink: 60 bytes leftover after parsing attributes in process `syz.3.369'. [ 111.457894][ T6995] loop8: detected capacity change from 0 to 7 [ 111.471920][ T5985] Dev loop8: unable to read RDB block 7 [ 111.479106][ T5985] loop8: unable to read partition table [ 111.484332][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 111.485073][ T5985] loop8: partition table beyond EOD, [ 111.494599][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 111.496884][ T5985] truncated [ 111.545335][ T30] audit: type=1800 audit(7049593275.192:6): pid=6997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.372" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0 [ 111.546559][ T6995] Dev loop8: unable to read RDB block 7 [ 111.576879][ T6995] loop8: unable to read partition table [ 111.579334][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 111.584029][ T6995] loop8: partition table beyond EOD, truncated [ 111.599552][ T6995] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 111.639077][ T24] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 111.652998][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.666257][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 111.687888][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 111.702792][ T9] usb 1-1: Product: syz [ 111.710930][ T9] usb 1-1: Manufacturer: syz [ 111.750588][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 111.770061][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 111.789189][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 111.795123][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 111.841916][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 111.863340][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.875008][ T24] usb 4-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 111.885138][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.897804][ T24] usb 4-1: config 0 descriptor?? [ 111.946072][ T7007] tipc: Enabling of bearer rejected, already enabled [ 112.017864][ T7009] tipc: New replicast peer: 255.255.255.255 [ 112.025784][ T7009] tipc: Enabled bearer , priority 10 [ 112.162103][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 112.168158][ T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 112.196546][ T24] usb 4-1: USB disconnect, device number 11 [ 112.279630][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 112.495006][ T7027] /dev/rnullb0: Can't open blockdev [ 112.601007][ T7033] /dev/rnullb0: Can't open blockdev [ 112.682928][ T7030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.078754][ T6083] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 113.265495][ T6083] usb 2-1: not running at top speed; connect to a high speed hub [ 113.286196][ T6083] usb 2-1: config 1 has an invalid interface number: 196 but max is 3 [ 113.301941][ T6083] usb 2-1: config 1 has an invalid interface number: 45 but max is 3 [ 113.309962][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.397'. [ 113.320351][ T6083] usb 2-1: config 1 has an invalid interface number: 219 but max is 3 [ 113.328592][ T6083] usb 2-1: config 1 has an invalid interface number: 233 but max is 3 [ 113.336932][ T6083] usb 2-1: config 1 has an invalid interface number: 90 but max is 3 [ 113.345127][ T6083] usb 2-1: config 1 has 5 interfaces, different from the descriptor's value: 4 [ 113.354213][ T6083] usb 2-1: config 1 has no interface number 0 [ 113.363059][ T6083] usb 2-1: config 1 has no interface number 1 [ 113.369271][ T6083] usb 2-1: config 1 has no interface number 2 [ 113.376374][ T6083] usb 2-1: config 1 has no interface number 3 [ 113.382610][ T6083] usb 2-1: config 1 has no interface number 4 [ 113.388860][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 113.403094][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 113.438911][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 113.469507][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has an endpoint descriptor with address 0xB4, changing to 0x84 [ 113.485647][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x84 has invalid maxpacket 62828, setting to 64 [ 113.501271][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x9 has an invalid bInterval 67, changing to 4 [ 113.536225][ T6083] usb 2-1: config 1 interface 196 altsetting 8 endpoint 0x9 has invalid maxpacket 1024, setting to 1023 [ 113.552262][ T6083] usb 2-1: config 1 interface 196 altsetting 8 has 7 endpoint descriptors, different from the interface descriptor's value: 6 [ 113.566317][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an endpoint descriptor with address 0x9D, changing to 0x8D [ 113.593896][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 113.612974][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has a duplicate endpoint with address 0x9, skipping [ 113.623734][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 113.649499][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has a duplicate endpoint with address 0xF, skipping [ 113.668121][ T6083] usb 2-1: config 1 interface 45 altsetting 3 has 6 endpoint descriptors, different from the interface descriptor's value: 7 [ 113.681778][ T7066] netlink: 36 bytes leftover after parsing attributes in process `syz.3.402'. [ 113.688814][ T5915] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 113.691449][ T6083] usb 2-1: config 1 interface 233 altsetting 2 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 113.710032][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x5, skipping [ 113.720824][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x9, skipping [ 113.763001][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0xD, skipping [ 113.774729][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x6, skipping [ 113.787091][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x82, skipping [ 113.797985][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 113.808932][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x5, skipping [ 113.819679][ T6083] usb 2-1: config 1 interface 233 altsetting 2 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 113.830854][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0xE, skipping [ 113.835475][ T7068] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 113.844115][ T6083] usb 2-1: config 1 interface 233 altsetting 2 has a duplicate endpoint with address 0x6, skipping [ 113.869063][ T6083] usb 2-1: too many endpoints for config 1 interface 90 altsetting 60: 205, using maximum allowed: 30 [ 113.871014][ T5915] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 113.880459][ T6083] usb 2-1: config 1 interface 90 altsetting 60 has 0 endpoint descriptors, different from the interface descriptor's value: 205 [ 113.893722][ T5915] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.905899][ T6083] usb 2-1: config 1 interface 196 has no altsetting 0 [ 113.914568][ T5915] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 113.925155][ T6083] usb 2-1: config 1 interface 45 has no altsetting 0 [ 113.930201][ T5915] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.936691][ T6083] usb 2-1: config 1 interface 219 has no altsetting 0 [ 113.949445][ T5915] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 113.957486][ T6083] usb 2-1: config 1 interface 233 has no altsetting 0 [ 113.963972][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 113.978816][ T7068] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 113.986428][ T7068] /dev/rnullb0: Can't open blockdev [ 113.994781][ T5915] usb 3-1: Product: syz [ 114.020872][ T6083] usb 2-1: config 1 interface 90 has no altsetting 0 [ 114.043987][ T6083] usb 2-1: New USB device found, idVendor=12d1, idProduct=143f, bcdDevice= 0.00 [ 114.054763][ T9] usb 1-1: USB disconnect, device number 16 [ 114.072645][ T5915] usb 3-1: Manufacturer: syz [ 114.095342][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.105856][ T6083] usb 2-1: Product: 㰁 [ 114.111232][ T6083] usb 2-1: Manufacturer: ࡃ [ 114.126132][ T5915] cdc_wdm 3-1:1.0: skipping garbage [ 114.136002][ T5915] cdc_wdm 3-1:1.0: skipping garbage [ 114.136360][ T6083] usb 2-1: SerialNumber: 憶₂뤺灤澍嶓ﯙ蝒⍭藁㸯衜棃ᖯ헒댦뇺윺룔訵ᬊ⍇⧱㸝ꬠ伻ỉ儬橘攏ᆷ끪᎔샺具곌賷걀喪找 [ 114.155160][ T5915] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 114.177832][ T5915] cdc_wdm 3-1:1.0: Unknown control protocol [ 114.182962][ T7042] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 114.263214][ T7074] netlink: 'syz.0.405': attribute type 4 has an invalid length. [ 114.284782][ T7074] netlink: 'syz.0.405': attribute type 4 has an invalid length. [ 114.342784][ T7078] netlink: 4 bytes leftover after parsing attributes in process `syz.3.407'. [ 114.381924][ T24] usb 3-1: USB disconnect, device number 10 [ 114.422626][ T6083] usb-storage 2-1:1.196: USB Mass Storage device detected [ 114.485215][ T7082] UDF-fs: warning (device rnullb0): udf_load_vrs: No VRS found [ 114.491036][ T6083] usb-storage 2-1:1.45: USB Mass Storage device detected [ 114.493274][ T7082] UDF-fs: Scanning with blocksize 4096 failed [ 114.572454][ T6083] usb-storage 2-1:1.219: USB Mass Storage device detected [ 114.627567][ T6083] usb-storage 2-1:1.233: USB Mass Storage device detected [ 114.742429][ T6083] option 2-1:1.233: GSM modem (1-port) converter detected [ 114.763745][ T6083] usb-storage 2-1:1.90: USB Mass Storage device detected [ 114.852148][ T6083] usb 2-1: USB disconnect, device number 13 [ 114.880813][ T6083] option 2-1:1.233: device disconnected [ 115.112082][ T7110] netlink: 'syz.0.414': attribute type 27 has an invalid length. [ 115.204206][ T7110] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.211971][ T7110] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.358454][ T30] audit: type=1326 audit(7217365439.022:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7120 comm="syz.2.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0 [ 115.456865][ T7126] netlink: 'syz.2.418': attribute type 11 has an invalid length. [ 115.522205][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 115.550225][ T7110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 115.630700][ T7133] input: syz0 as /devices/virtual/input/input9 [ 115.712849][ T7136] netlink: 'syz.1.423': attribute type 27 has an invalid length. [ 115.761262][ T59] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.779738][ T59] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.798644][ T59] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.816410][ T7138] /dev/loop0: Can't open blockdev [ 115.826371][ T59] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.903723][ T7142] netlink: 104 bytes leftover after parsing attributes in process `syz.1.426'. [ 116.384223][ T7154] tty tty1: ldisc open failed (-12), clearing slot 0 [ 116.522019][ T7161] vxfs: WRONG superblock magic 00000000 at 1 [ 116.529608][ T7161] vxfs: WRONG superblock magic 00000000 at 8 [ 116.535731][ T7161] vxfs: can't find superblock. [ 116.633100][ T7165] netlink: 20 bytes leftover after parsing attributes in process `syz.3.436'. [ 116.677564][ T5874] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 116.695652][ T7167] netlink: 124 bytes leftover after parsing attributes in process `syz.3.437'. [ 116.827513][ T5874] usb 3-1: device descriptor read/64, error -71 [ 116.947447][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 117.067381][ T5874] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 117.098124][ T7174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 117.110070][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 117.119885][ T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 117.129607][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 117.144428][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 117.153579][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.162047][ T9] usb 4-1: Product: syz [ 117.166214][ T9] usb 4-1: Manufacturer: syz [ 117.170852][ T9] usb 4-1: SerialNumber: syz [ 117.181172][ T9] hub 4-1:1.0: bad descriptor, ignoring hub [ 117.187996][ T9] hub 4-1:1.0: probe with driver hub failed with error -5 [ 117.197336][ T5874] usb 3-1: device descriptor read/64, error -71 [ 117.308597][ T5874] usb usb3-port1: attempt power cycle [ 117.388568][ T9] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 117.440697][ T9] usb 4-1: USB disconnect, device number 12 [ 117.445949][ T7178] netlink: 12 bytes leftover after parsing attributes in process `syz.3.441'. [ 117.461216][ T9] usblp0: removed [ 117.520697][ T7180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'. [ 117.573507][ T7182] warning: `syz.3.443' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 117.659611][ T5874] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 117.678664][ T7184] netlink: 36 bytes leftover after parsing attributes in process `syz.3.444'. [ 117.705689][ T5874] usb 3-1: device descriptor read/8, error -71 [ 117.743570][ T7188] netlink: 40 bytes leftover after parsing attributes in process `syz.3.446'. [ 117.946833][ T5874] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 117.967353][ T5874] usb 3-1: device descriptor read/8, error -71 [ 117.998368][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 118.046777][ T5915] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 118.078922][ T5874] usb usb3-port1: unable to enumerate USB device [ 118.148541][ T24] usb 1-1: config 0 has an invalid descriptor of length 30, skipping remainder of the config [ 118.158854][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 118.170146][ T24] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 118.179463][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.188098][ T24] usb 1-1: Product: syz [ 118.192270][ T24] usb 1-1: Manufacturer: syz [ 118.196974][ T24] usb 1-1: SerialNumber: syz [ 118.204544][ T24] usb 1-1: config 0 descriptor?? [ 118.213686][ T5915] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 118.223346][ T5915] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 118.234286][ T5915] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 118.243393][ T5915] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 118.256342][ T5915] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 118.265460][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 118.273476][ T5915] usb 4-1: Product: syz [ 118.277705][ T5915] usb 4-1: Manufacturer: syz [ 118.287544][ T5915] cdc_wdm 4-1:1.0: skipping garbage [ 118.292779][ T5915] cdc_wdm 4-1:1.0: skipping garbage [ 118.299956][ T5915] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 118.305911][ T5915] cdc_wdm 4-1:1.0: Unknown control protocol [ 118.412029][ T5156] Bluetooth: hci0: unexpected cc 0x0402 length: 4 > 1 [ 118.555950][ T5915] usb 4-1: USB disconnect, device number 13 [ 119.119072][ T7193] netlink: 'syz.3.448': attribute type 1 has an invalid length. [ 119.128016][ T7193] netlink: 'syz.3.448': attribute type 2 has an invalid length. [ 119.407764][ T5915] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 119.589859][ T5915] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 119.622747][ T5915] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 119.634627][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.650645][ T5915] aiptek 4-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 119.845886][ T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 119.868504][ T6083] usb 4-1: USB disconnect, device number 14 [ 119.998519][ T9] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 120.007543][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.020095][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 120.029568][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.037640][ T9] usb 3-1: Product: syz [ 120.041826][ T9] usb 3-1: Manufacturer: syz [ 120.047162][ T9] usb 3-1: SerialNumber: syz [ 120.053557][ T9] usb 3-1: config 0 descriptor?? [ 120.061834][ T9] ims_pcu 3-1:0.0: Missing CDC union descriptor [ 120.068187][ T9] ims_pcu 3-1:0.0: probe with driver ims_pcu failed with error -22 [ 120.267175][ T7202] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 120.274884][ T7202] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 120.286814][ T5915] usb 3-1: USB disconnect, device number 15 [ 120.565769][ T7208] input: syz0 as /devices/virtual/input/input12 [ 120.738431][ T5915] usb 1-1: USB disconnect, device number 17 [ 121.190378][ T30] audit: type=1326 audit(7217365444.859:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7222 comm="syz.2.459" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0 [ 121.293020][ T7224] netlink: 'syz.2.459': attribute type 11 has an invalid length. [ 121.774671][ T7234] __nla_validate_parse: 1 callbacks suppressed [ 121.774684][ T7234] netlink: 4 bytes leftover after parsing attributes in process `syz.3.464'. [ 122.367573][ T7262] loop8: detected capacity change from 0 to 7 [ 122.375771][ T7262] Dev loop8: unable to read RDB block 7 [ 122.381705][ T7262] loop8: unable to read partition table [ 122.390141][ T7262] loop8: partition table beyond EOD, truncated [ 122.396902][ T7262] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 122.397041][ T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 122.476399][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 122.564990][ T24] usb 3-1: device descriptor read/64, error -71 [ 122.614985][ T9] usb 1-1: device descriptor read/64, error -71 [ 122.764903][ T5874] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 122.804909][ T24] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 122.854801][ T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 122.916439][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.927555][ T5874] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 122.936764][ T24] usb 3-1: device descriptor read/64, error -71 [ 122.943039][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.953127][ T5874] usb 4-1: config 0 descriptor?? [ 122.984808][ T9] usb 1-1: device descriptor read/64, error -71 [ 123.045146][ T24] usb usb3-port1: attempt power cycle [ 123.094900][ T9] usb usb1-port1: attempt power cycle [ 123.404668][ T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 123.434542][ T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 123.436450][ T24] usb 3-1: device descriptor read/8, error -71 [ 123.451074][ T5874] keytouch 0003:0926:3333.0004: fixing up Keytouch IEC report descriptor [ 123.460304][ T9] usb 1-1: device descriptor read/8, error -71 [ 123.471773][ T5874] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0004/input/input14 [ 123.581405][ T5874] keytouch 0003:0926:3333.0004: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 123.705750][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 123.716717][ T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 123.725128][ T9] usb 1-1: device descriptor read/8, error -71 [ 123.755309][ T24] usb 3-1: device descriptor read/8, error -71 [ 123.836847][ T9] usb usb1-port1: unable to enumerate USB device [ 123.864457][ T24] usb usb3-port1: unable to enumerate USB device [ 123.985537][ T24] usb 4-1: USB disconnect, device number 15 [ 124.712340][ T7276] tipc: Enabling of bearer rejected, already enabled [ 124.753051][ T7278] tipc: New replicast peer: 255.255.255.255 [ 124.759664][ T7278] tipc: Enabled bearer , priority 10 [ 125.437189][ T7293] netlink: 4 bytes leftover after parsing attributes in process `syz.3.488'. [ 125.487795][ T7295] sp0: Synchronizing with TNC [ 125.494002][ T7296] sp0: Found TNC [ 125.518789][ T7296] [U] ` [ 125.543847][ T24] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 125.597265][ T7300] netlink: 20 bytes leftover after parsing attributes in process `syz.3.490'. [ 125.667479][ T5874] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 125.706200][ T30] audit: type=1326 audit(7217365449.381:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7303 comm="syz.3.492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0 [ 125.734068][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 125.740876][ T24] usb 3-1: config 0 has an invalid interface number: 132 but max is 0 [ 125.749644][ T24] usb 3-1: config 0 has no interface number 0 [ 125.756705][ T24] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 125.770163][ T24] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 125.779404][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.787603][ T24] usb 3-1: Product: syz [ 125.791782][ T24] usb 3-1: Manufacturer: syz [ 125.796569][ T24] usb 3-1: SerialNumber: syz [ 125.803918][ T24] usb 3-1: config 0 descriptor?? [ 125.814315][ T24] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 125.815070][ T7305] netlink: 'syz.3.492': attribute type 11 has an invalid length. [ 125.824133][ T24] em28xx 3-1:0.132: Video interface 132 found: [ 125.845710][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.856991][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.867353][ T5874] usb 1-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 125.877321][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.888660][ T5874] usb 1-1: config 0 descriptor?? [ 126.098786][ T7307] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 126.111833][ T7307] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 126.120083][ T5874] samsung 0003:0419:0600.0005: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.0-1/input0 [ 126.305903][ T5874] usb 1-1: USB disconnect, device number 22 [ 126.825215][ T5874] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 126.993262][ T5874] usb 4-1: Using ep0 maxpacket: 16 [ 126.999911][ T5874] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 127.008446][ T5874] usb 4-1: config 0 has no interface number 0 [ 127.017753][ T5874] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 127.027041][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.035157][ T5874] usb 4-1: Product: syz [ 127.039352][ T5874] usb 4-1: Manufacturer: syz [ 127.044042][ T5874] usb 4-1: SerialNumber: syz [ 127.051585][ T5874] usb 4-1: config 0 descriptor?? [ 127.059884][ T5874] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 127.105376][ T24] em28xx 3-1:0.132: unknown em28xx chip ID (0) [ 127.178593][ T24] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 127.188411][ T24] em28xx 3-1:0.132: board has no eeprom [ 127.266121][ T24] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 127.274155][ T24] em28xx 3-1:0.132: analog set to bulk mode. [ 127.280301][ T5915] em28xx 3-1:0.132: Registering V4L2 extension [ 127.314704][ T7328] netlink: 'syz.1.500': attribute type 27 has an invalid length. [ 127.347797][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 127.371189][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 127.391093][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 127.402640][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 127.472237][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x84 (error=-5) [ 127.483729][ T5891] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 127.483902][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x86 (error=-5) [ 127.510887][ T5874] gspca_spca1528: reg_w err -71 [ 127.521787][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x94 (error=-5) [ 127.533999][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0x96 (error=-5) [ 127.543187][ T5874] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71 [ 127.559862][ T5874] usb 4-1: USB disconnect, device number 16 [ 127.576371][ T6097] udevd[6097]: setting owner of /dev/bus/usb/004/016 to uid=0, gid=0 failed: No such file or directory [ 127.606590][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5) [ 127.618745][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5) [ 127.629806][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5) [ 127.639863][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5) [ 127.648902][ T5915] em28xx 3-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5) [ 127.658862][ T5915] em28xx 3-1:0.132: Config register raw data: 0xfffffffb [ 127.663224][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 127.667718][ T5915] em28xx 3-1:0.132: AC97 chip type couldn't be determined [ 127.679519][ T5915] em28xx 3-1:0.132: No AC97 audio processor [ 127.685914][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 127.697998][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xEE, changing to 0x8E [ 127.703167][ T5915] usb 3-1: Decoder not found [ 127.710345][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 127.725856][ T5915] em28xx 3-1:0.132: failed to create media graph [ 127.729796][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 127.745971][ T5891] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1 [ 127.755768][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 127.756162][ T5915] em28xx 3-1:0.132: V4L2 device video103 deregistered [ 127.772367][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 127.775111][ T5915] em28xx 3-1:0.132: Remote control support is not available for this card. [ 127.803790][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 127.811439][ T5891] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 127.833637][ T5891] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 127.844031][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.852027][ T5891] usb 1-1: Product: syz [ 127.856452][ T5891] usb 1-1: Manufacturer: syz [ 127.861106][ T5891] usb 1-1: SerialNumber: syz [ 127.868810][ T5891] usb 1-1: config 0 descriptor?? [ 127.874973][ T7325] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 127.886471][ T5891] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 127.902426][ T5874] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 127.932114][ T5891] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 127.970652][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 127.974342][ T9] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 128.005849][ T9] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 128.015226][ T9] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 128.026521][ T9] usb 2-1: config 220 has no interface number 2 [ 128.032885][ T9] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 128.046113][ T9] usb 2-1: config 220 interface 0 has no altsetting 0 [ 128.053040][ T9] usb 2-1: config 220 interface 76 has no altsetting 0 [ 128.059999][ T9] usb 2-1: config 220 interface 1 has no altsetting 0 [ 128.069208][ T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 128.078546][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.096975][ T5874] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 128.106002][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.107141][ T5891] usb 1-1: USB disconnect, device number 23 [ 128.120016][ T5874] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 128.123555][ T9] usb 2-1: Product: syz [ 128.137283][ T9] usb 2-1: Manufacturer: syz [ 128.138935][ T5874] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.142676][ T9] usb 2-1: SerialNumber: syz [ 128.157186][ T5874] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 128.168245][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 128.185243][ T5874] usb 4-1: Product: syz [ 128.189525][ T5874] usb 4-1: Manufacturer: syz [ 128.205342][ T5874] cdc_wdm 4-1:1.0: skipping garbage [ 128.210777][ T5874] cdc_wdm 4-1:1.0: skipping garbage [ 128.219138][ T5874] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 128.226884][ T5874] cdc_wdm 4-1:1.0: Unknown control protocol [ 128.254515][ T6083] usb 3-1: USB disconnect, device number 20 [ 128.266730][ T6083] em28xx 3-1:0.132: Disconnecting em28xx [ 128.280188][ T6083] em28xx 3-1:0.132: Closing input extension [ 128.297972][ T6083] em28xx 3-1:0.132: Freeing device [ 128.376355][ T7334] /dev/rnullb0: Can't open blockdev [ 128.402835][ T9] usb 2-1: selecting invalid altsetting 0 [ 128.423589][ T9] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 128.429989][ T9] usb 2-1: No valid video chain found. [ 128.461623][ T9] usb 2-1: selecting invalid altsetting 0 [ 128.461704][ T7343] /dev/rnullb0: Can't open blockdev [ 128.468979][ T9] usbtest 2-1:220.1: probe with driver usbtest failed with error -22 [ 128.486814][ T5874] usb 4-1: USB disconnect, device number 17 [ 128.494846][ T9] usb 2-1: USB disconnect, device number 14 [ 128.566375][ T7345] /dev/rnullb0: Can't open blockdev [ 128.871962][ T6083] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 128.987943][ T7364] tipc: Enabling of bearer rejected, already enabled [ 129.027531][ T6083] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.045250][ T6083] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 129.068227][ T6083] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 129.070219][ T7366] process 'syz.1.515' launched './file1' with NULL argv: empty string added [ 129.077853][ T6083] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 129.098960][ T6083] usb 3-1: SerialNumber: syz [ 129.100864][ T7368] tipc: Enabling of bearer rejected, already enabled [ 129.204550][ T7373] netlink: 'syz.0.519': attribute type 39 has an invalid length. [ 129.241898][ T30] audit: type=1326 audit(7385137612.916:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7374 comm="syz.3.518" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7feaad18e929 code=0x0 [ 129.343001][ T6083] usb 3-1: 0:2 : does not exist [ 129.348072][ T6083] usb 3-1: unit 5: unexpected type 0x0d [ 129.382617][ T6083] usb 3-1: USB disconnect, device number 21 [ 129.424793][ T7339] udevd[7339]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 129.796678][ T7394] netlink: 4 bytes leftover after parsing attributes in process `syz.1.526'. [ 129.919678][ T30] audit: type=1326 audit(7385137613.586:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7397 comm="syz.0.528" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda8718e929 code=0x0 [ 129.950324][ T7400] netlink: 20 bytes leftover after parsing attributes in process `syz.2.529'. [ 130.023850][ T7403] hpfs: Bad magic ... probably not HPFS [ 130.200314][ T7411] loop8: detected capacity change from 0 to 7 [ 130.218931][ T7411] Dev loop8: unable to read RDB block 7 [ 130.229587][ T7411] loop8: unable to read partition table [ 130.238922][ T7411] loop8: partition table beyond EOD, truncated [ 130.248275][ T7411] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 130.276707][ T30] audit: type=1326 audit(7385137613.947:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7414 comm="syz.3.535" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0 [ 130.378049][ T7418] netlink: 'syz.3.535': attribute type 11 has an invalid length. [ 130.976380][ T7437] netlink: 'syz.1.543': attribute type 4 has an invalid length. [ 131.005355][ T7437] netlink: 'syz.1.543': attribute type 4 has an invalid length. [ 131.025585][ T7441] netlink: 55631 bytes leftover after parsing attributes in process `syz.0.544'. [ 131.036059][ T7441] netlink: 6332 bytes leftover after parsing attributes in process `syz.0.544'. [ 131.071297][ T5915] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 131.137159][ T7444] netlink: 'syz.3.545': attribute type 27 has an invalid length. [ 131.226757][ T7450] netlink: 104 bytes leftover after parsing attributes in process `syz.0.548'. [ 131.252780][ T5915] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 131.262232][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.276621][ T5915] usb 3-1: config 0 descriptor?? [ 131.292195][ T5915] cp210x 3-1:0.0: cp210x converter detected [ 131.340427][ T7454] fuse: Unknown parameter '0xffffffffffffffff' [ 131.431084][ T43] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 131.484952][ T7461] input: syz0 as /devices/virtual/input/input15 [ 131.610915][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 131.623036][ T43] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 131.631589][ T43] usb 4-1: config 0 has no interface number 0 [ 131.637807][ T43] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 131.649398][ T43] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 131.662571][ T43] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 131.672129][ T43] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 131.680345][ T43] usb 4-1: Product: syz [ 131.684862][ T43] usb 4-1: SerialNumber: syz [ 131.695718][ T5915] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 131.703683][ T43] usb 4-1: config 0 descriptor?? [ 131.717677][ T43] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 131.728072][ T43] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input16 [ 131.946827][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 131.956487][ T5915] usb 3-1: cp210x converter now attached to ttyUSB0 [ 132.003567][ T7468] vxfs: WRONG superblock magic 00000000 at 1 [ 132.009843][ T7468] vxfs: WRONG superblock magic 00000000 at 8 [ 132.017784][ T7468] vxfs: can't find superblock. [ 132.100581][ T7470] fuse: Bad value for 'fd' [ 132.307300][ T7482] qnx4: no qnx4 filesystem (no root dir). [ 132.450242][ T6083] usb 4-1: USB disconnect, device number 18 [ 132.465072][ T6083] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 132.518920][ T7489] tipc: Enabling of bearer rejected, already enabled [ 132.630486][ T9] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 132.785780][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.792284][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.802072][ T9] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 132.802278][ T5915] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 132.811400][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.829441][ T9] usb 2-1: config 0 descriptor?? [ 132.972965][ T5915] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 132.981652][ T5915] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.992168][ T5915] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 133.001538][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.014587][ T5915] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 133.024389][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 133.032762][ T5915] usb 1-1: Product: syz [ 133.037079][ T5915] usb 1-1: Manufacturer: syz [ 133.049073][ T5915] cdc_wdm 1-1:1.0: skipping garbage [ 133.059366][ T5915] cdc_wdm 1-1:1.0: skipping garbage [ 133.068209][ T5915] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 133.074447][ T5915] cdc_wdm 1-1:1.0: Unknown control protocol [ 133.234055][ T7495] netlink: 20 bytes leftover after parsing attributes in process `syz.3.568'. [ 133.289578][ T7497] tipc: Enabling of bearer rejected, already enabled [ 133.324568][ T6083] usb 1-1: USB disconnect, device number 24 [ 133.749849][ T5915] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 133.853863][ T43] usb 3-1: USB disconnect, device number 22 [ 133.865457][ T43] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 133.886105][ T5915] usb 4-1: device descriptor read/64, error -71 [ 133.926662][ T43] cp210x 3-1:0.0: device disconnected [ 133.972238][ T7508] netlink: 'syz.2.573': attribute type 39 has an invalid length. [ 134.046532][ T7486] qnx4: no qnx4 filesystem (no root dir). [ 134.062506][ T7486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.083025][ T7486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.107243][ T9] pegasus 2-1:0.0: can't reset MAC [ 134.124105][ T9] pegasus 2-1:0.0: probe with driver pegasus failed with error -5 [ 134.140186][ T5915] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 134.159170][ T9] usb 2-1: USB disconnect, device number 15 [ 134.299554][ T5915] usb 4-1: device descriptor read/64, error -71 [ 134.329582][ T43] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 134.410990][ T5915] usb usb4-port1: attempt power cycle [ 134.499357][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 134.506134][ T43] usb 1-1: config 0 has an invalid interface number: 176 but max is 2 [ 134.517994][ T43] usb 1-1: config 0 has an invalid interface number: 49 but max is 2 [ 134.526829][ T43] usb 1-1: config 0 has no interface number 1 [ 134.546158][ T7520] syz.2.577: attempt to access beyond end of device [ 134.546158][ T7520] loop2: rw=0, sector=64, nr_sectors = 8 limit=0 [ 134.546308][ T43] usb 1-1: config 0 has no interface number 2 [ 134.569354][ T7520] syz.2.577: attempt to access beyond end of device [ 134.569354][ T7520] loop2: rw=0, sector=120, nr_sectors = 8 limit=0 [ 134.570421][ T43] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 134.582566][ T7520] Mount JFS Failure: -5 [ 134.595874][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.606915][ T43] usb 1-1: config 0 descriptor?? [ 134.616480][ T43] qmi_wwan 1-1:0.0: probe with driver qmi_wwan failed with error -22 [ 134.749382][ T5915] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 134.781654][ T5915] usb 4-1: device descriptor read/8, error -71 [ 134.985687][ T24] usb 1-1: USB disconnect, device number 25 [ 135.029106][ T5915] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 135.049552][ T5915] usb 4-1: device descriptor read/8, error -71 [ 135.159901][ T5915] usb usb4-port1: unable to enumerate USB device [ 135.199087][ T5891] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 135.291953][ T7533] netlink: 4 bytes leftover after parsing attributes in process `syz.2.582'. [ 135.339327][ T5891] usb 2-1: device descriptor read/64, error -71 [ 135.592293][ T5891] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 135.674851][ T7541] netlink: 20 bytes leftover after parsing attributes in process `syz.2.586'. [ 135.743917][ T5891] usb 2-1: device descriptor read/64, error -71 [ 135.859109][ T5891] usb usb2-port1: attempt power cycle [ 136.099378][ T7559] loop8: detected capacity change from 0 to 7 [ 136.107765][ T7559] Dev loop8: unable to read RDB block 7 [ 136.122601][ T7559] loop8: unable to read partition table [ 136.130037][ T7559] loop8: partition table beyond EOD, truncated [ 136.136599][ T7559] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 136.203882][ T5891] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 136.232942][ T5891] usb 2-1: device descriptor read/8, error -71 [ 136.488380][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 136.498409][ T5891] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 136.498525][ T7569] /dev/rnullb0: Can't open blockdev [ 136.530119][ T5891] usb 2-1: device descriptor read/8, error -71 [ 136.648968][ T5891] usb usb2-port1: unable to enumerate USB device [ 136.682589][ T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 136.692725][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 136.704834][ T30] audit: type=1326 audit(7552909845.385:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7577 comm="syz.3.602" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feaad18e929 code=0x0 [ 136.706426][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 136.736070][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.748840][ T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 136.757895][ T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 136.766143][ T9] usb 3-1: Product: syz [ 136.770373][ T9] usb 3-1: Manufacturer: syz [ 136.782073][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 136.787704][ T9] cdc_wdm 3-1:1.0: skipping garbage [ 136.795571][ T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 136.801589][ T9] cdc_wdm 3-1:1.0: Unknown control protocol [ 136.814467][ T7580] netlink: 'syz.3.602': attribute type 11 has an invalid length. [ 137.139861][ T5915] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 137.231238][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -EPIPE [ 137.241117][ T43] usb 3-1: USB disconnect, device number 23 [ 137.278067][ T5915] usb 1-1: device descriptor read/64, error -71 [ 137.528032][ T5915] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 137.560127][ T7585] netlink: 'syz.3.603': attribute type 27 has an invalid length. [ 137.604970][ T7587] netlink: 32 bytes leftover after parsing attributes in process `syz.3.604'. [ 137.615682][ T7587] /dev/rnullb0: Can't open blockdev [ 137.667891][ T5915] usb 1-1: device descriptor read/64, error -71 [ 137.724989][ T7593] netlink: 104 bytes leftover after parsing attributes in process `syz.3.606'. [ 137.778106][ T5915] usb usb1-port1: attempt power cycle [ 137.911694][ T7603] cgroup: Name too long [ 137.919881][ T5156] Bluetooth: Frame is too long (len 18, expected len 4) [ 138.078925][ T7611] qnx4: no qnx4 filesystem (no root dir). [ 138.080684][ T7609] input: syz0 as /devices/virtual/input/input17 [ 138.085439][ T7612] netlink: 'syz.3.613': attribute type 4 has an invalid length. [ 138.119680][ T5915] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 138.143492][ T7612] netlink: 'syz.3.613': attribute type 4 has an invalid length. [ 138.168746][ T5915] usb 1-1: device descriptor read/8, error -71 [ 138.232976][ T7616] vxfs: WRONG superblock magic 00000000 at 1 [ 138.239313][ T7616] vxfs: WRONG superblock magic 00000000 at 8 [ 138.245550][ T7616] vxfs: can't find superblock. [ 138.417640][ T5915] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 138.438676][ T5915] usb 1-1: device descriptor read/8, error -71 [ 138.497686][ T9] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 138.527634][ T6083] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 138.548078][ T5915] usb usb1-port1: unable to enumerate USB device [ 138.627533][ T9] usb 3-1: device descriptor read/64, error -71 [ 138.680116][ T6083] usb 2-1: unable to get BOS descriptor or descriptor too short [ 138.688413][ T6083] usb 2-1: not running at top speed; connect to a high speed hub [ 138.697114][ T6083] usb 2-1: config 0 has an invalid interface number: 122 but max is 0 [ 138.705577][ T6083] usb 2-1: config 0 has no interface number 0 [ 138.711986][ T6083] usb 2-1: config 0 interface 122 has no altsetting 0 [ 138.722474][ T6083] usb 2-1: string descriptor 0 read error: -22 [ 138.728996][ T6083] usb 2-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=9a.f6 [ 138.739206][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.750343][ T6083] usb 2-1: config 0 descriptor?? [ 138.870743][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 138.950519][ T7625] devtmpfs: Too few inodes for current use [ 138.961019][ T7625] hpfs: Bad magic ... probably not HPFS [ 138.965645][ T7619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.978885][ T7619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.007861][ T9] usb 3-1: device descriptor read/64, error -71 [ 139.071565][ T5915] usb 2-1: USB disconnect, device number 20 [ 139.118092][ T9] usb usb3-port1: attempt power cycle [ 139.255004][ T7635] tipc: Enabling of bearer rejected, already enabled [ 139.294061][ T7637] netlink: 20 bytes leftover after parsing attributes in process `syz.3.626'. [ 139.430609][ T7649] tipc: Enabling of bearer rejected, already enabled [ 139.467461][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 139.499609][ T9] usb 3-1: device descriptor read/8, error -71 [ 139.621454][ T7653] hpfs: Bad magic ... probably not HPFS [ 139.697330][ T6083] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 139.737306][ T9] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 139.758294][ T9] usb 3-1: device descriptor read/8, error -71 [ 139.789615][ T7659] netlink: 'syz.1.633': attribute type 39 has an invalid length. [ 139.862295][ T6083] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 139.871604][ T9] usb usb3-port1: unable to enumerate USB device [ 139.878215][ T6083] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.890737][ T6083] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 139.910278][ T6083] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.935166][ T6083] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 139.945852][ T6083] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 139.954408][ T6083] usb 4-1: Product: syz [ 139.961903][ T6083] usb 4-1: Manufacturer: syz [ 139.983862][ T6083] cdc_wdm 4-1:1.0: skipping garbage [ 139.993153][ T6083] cdc_wdm 4-1:1.0: skipping garbage [ 140.011710][ T6083] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 140.022426][ T6083] cdc_wdm 4-1:1.0: Unknown control protocol [ 140.261692][ T979] usb 4-1: USB disconnect, device number 23 [ 140.426597][ T7684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.642'. [ 140.522154][ T7688] nfs: Unknown parameter '/dev/rnullb0' [ 140.669717][ T7693] netlink: 20 bytes leftover after parsing attributes in process `syz.1.646'. [ 140.865467][ T7710] loop8: detected capacity change from 0 to 7 [ 140.876088][ T7339] Dev loop8: unable to read RDB block 7 [ 140.881820][ T7339] loop8: unable to read partition table [ 140.888670][ T7339] loop8: partition table beyond EOD, truncated [ 140.910468][ T7710] Dev loop8: unable to read RDB block 7 [ 140.916083][ T7710] loop8: unable to read partition table [ 140.922149][ T7710] loop8: partition table beyond EOD, truncated [ 140.931070][ T7710] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 141.066543][ T5915] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 141.206497][ T5915] usb 4-1: device descriptor read/64, error -71 [ 141.211567][ T7726] /dev/rnullb0: Can't open blockdev [ 141.300747][ T30] audit: type=1326 audit(7720682777.985:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7729 comm="syz.1.662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0 [ 141.322850][ T7730] netlink: 'syz.0.663': attribute type 27 has an invalid length. [ 141.349013][ T7733] /dev/rnullb0: Can't open blockdev [ 141.353397][ T7734] netlink: 'syz.1.662': attribute type 11 has an invalid length. [ 141.418268][ T7738] netlink: 104 bytes leftover after parsing attributes in process `syz.2.666'. [ 141.468102][ T5915] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 141.618626][ T5915] usb 4-1: device descriptor read/64, error -71 [ 141.668569][ T7750] input: syz0 as /devices/virtual/input/input18 [ 141.747221][ T5915] usb usb4-port1: attempt power cycle [ 141.754168][ T7752] /dev/rnullb0: Can't open blockdev [ 141.895542][ T7757] netlink: 'syz.0.675': attribute type 4 has an invalid length. [ 141.907830][ T7757] netlink: 'syz.0.675': attribute type 4 has an invalid length. [ 142.046323][ T979] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 142.096290][ T5915] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 142.116893][ T5915] usb 4-1: device descriptor read/8, error -71 [ 142.209281][ T979] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 142.221001][ T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 142.236409][ T979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 142.249087][ T979] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 142.262575][ T979] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 142.272548][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.283419][ T979] usb 3-1: config 0 descriptor?? [ 142.366289][ T5915] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 142.406814][ T5915] usb 4-1: device descriptor read/8, error -71 [ 142.517397][ T5915] usb usb4-port1: unable to enumerate USB device [ 142.665220][ T7775] tipc: Enabling of bearer rejected, already enabled [ 142.705716][ T979] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max [ 142.740357][ T979] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 142.881482][ T7781] binder: 7778:7781 ioctl c0306201 200000000640 returned -22 [ 142.958103][ T7785] tipc: Enabling of bearer rejected, already enabled [ 143.043009][ T7787] Bluetooth: MGMT ver 1.23 [ 143.204751][ T7792] netlink: 'syz.1.690': attribute type 39 has an invalid length. [ 143.235356][ T7794] hfs: can't find a HFS filesystem on dev nullb0 [ 143.409657][ T7800] /dev/rnullb0: Can't open blockdev [ 143.652890][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.1.699'. [ 143.741090][ T7814] /dev/rnullb0: Can't open blockdev [ 143.854388][ T7819] netlink: 20 bytes leftover after parsing attributes in process `syz.3.703'. [ 143.946172][ T979] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 143.980597][ T7825] nvme_fabrics: unknown parameter or missing value 'inMjp=so&'۽켣YdSR~ob1(4wp' in ctrl creation request [ 144.020838][ T7825] nvme_fabrics: missing parameter 'transport=%s' [ 144.027314][ T7825] nvme_fabrics: missing parameter 'nqn=%s' [ 144.127747][ T979] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.138701][ T979] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 144.149017][ T979] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 144.158286][ T979] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 144.167639][ T979] usb 2-1: SerialNumber: syz [ 144.195858][ T5874] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 144.358269][ T5874] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 144.366951][ T5874] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.377247][ T5874] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 144.386673][ T5874] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.402057][ T5874] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 144.414122][ T43] usb 1-1: new full-speed USB device number 30 using dummy_hcd [ 144.421809][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 144.429964][ T5874] usb 4-1: Product: syz [ 144.434208][ T5874] usb 4-1: Manufacturer: syz [ 144.451919][ T5874] cdc_wdm 4-1:1.0: skipping garbage [ 144.465731][ T5874] cdc_wdm 4-1:1.0: skipping garbage [ 144.484856][ T5874] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device [ 144.492511][ T5874] cdc_wdm 4-1:1.0: Unknown control protocol [ 144.567174][ T979] usb 2-1: 0:2 : does not exist [ 144.575646][ T43] usb 1-1: device descriptor read/64, error -71 [ 144.582939][ T979] usb 2-1: USB disconnect, device number 21 [ 144.613715][ T7339] udevd[7339]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 144.717859][ T5915] usb 3-1: USB disconnect, device number 28 [ 144.785152][ T5874] usb 4-1: USB disconnect, device number 28 [ 144.835469][ T43] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 144.894461][ T7845] loop8: detected capacity change from 0 to 7 [ 144.903301][ T7845] Dev loop8: unable to read RDB block 7 [ 144.909862][ T7845] loop8: unable to read partition table [ 144.915741][ T7845] loop8: partition table beyond EOD, truncated [ 144.921914][ T7845] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 144.975481][ T43] usb 1-1: device descriptor read/64, error -71 [ 145.095700][ T43] usb usb1-port1: attempt power cycle [ 145.275829][ T5874] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 145.445317][ T43] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 145.463511][ T5874] usb 3-1: config index 0 descriptor too short (expected 65183, got 72) [ 145.476129][ T43] usb 1-1: device descriptor read/8, error -71 [ 145.484893][ T5874] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 145.504657][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.513637][ T5874] usb 3-1: Product: syz [ 145.518211][ T5874] usb 3-1: Manufacturer: syz [ 145.522831][ T5874] usb 3-1: SerialNumber: syz [ 145.610227][ T5874] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 145.643369][ T5915] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 145.735135][ T43] usb 1-1: new full-speed USB device number 33 using dummy_hcd [ 145.756952][ T43] usb 1-1: device descriptor read/8, error -71 [ 145.786874][ T979] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 145.844433][ T7849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.853396][ T7869] netlink: 'syz.1.722': attribute type 27 has an invalid length. [ 145.870683][ T43] usb usb1-port1: unable to enumerate USB device [ 145.879652][ T7850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 145.879909][ T7849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.889716][ T7850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 145.944881][ T979] usb 4-1: Using ep0 maxpacket: 32 [ 145.957670][ T979] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 145.974910][ T979] usb 4-1: config 0 has no interface number 0 [ 145.981836][ T979] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 145.993795][ T6083] usb 3-1: USB disconnect, device number 29 [ 146.010913][ T979] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 146.036912][ T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.054855][ T979] usb 4-1: Product: syz [ 146.074341][ T979] usb 4-1: Manufacturer: syz [ 146.084452][ T979] usb 4-1: SerialNumber: syz [ 146.092714][ T7878] netlink: 104 bytes leftover after parsing attributes in process `syz.2.725'. [ 146.095656][ T979] usb 4-1: config 0 descriptor?? [ 146.118666][ T979] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 146.145278][ T979] em28xx 4-1:0.132: Video interface 132 found: [ 146.230805][ T7882] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 146.293119][ T7888] input: syz0 as /devices/virtual/input/input19 [ 146.385508][ T7890] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 146.394334][ T7890] VFS: Can't find a romfs filesystem on dev rnullb0. [ 146.394334][ T7890] [ 146.408696][ T7893] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 146.412285][ T7892] vxfs: WRONG superblock magic 00000000 at 1 [ 146.416022][ T7893] /dev/rnullb0: Can't open blockdev [ 146.421990][ T7892] vxfs: WRONG superblock magic 00000000 at 8 [ 146.437657][ T7892] vxfs: can't find superblock. [ 146.496799][ T30] audit: type=1326 audit(7888457503.166:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7896 comm="syz.2.732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0 [ 146.518391][ C1] vkms_vblank_simulate: vblank timer overrun [ 146.523818][ T979] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 146.563064][ T7900] netlink: 'syz.2.732': attribute type 11 has an invalid length. [ 146.604323][ T979] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 146.613648][ T979] em28xx 4-1:0.132: board has no eeprom [ 146.675513][ T979] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 146.683413][ T979] em28xx 4-1:0.132: analog set to bulk mode. [ 146.693091][ T9] em28xx 4-1:0.132: Registering V4L2 extension [ 146.704967][ T5915] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 146.719918][ T7906] syzkaller1: entered promiscuous mode [ 146.721376][ T979] usb 4-1: USB disconnect, device number 29 [ 146.727541][ T7906] syzkaller1: entered allmulticast mode [ 146.739991][ T5915] ath9k_htc: Failed to initialize the device [ 146.752404][ T979] em28xx 4-1:0.132: Disconnecting em28xx [ 146.761927][ T6083] usb 3-1: ath9k_htc: USB layer deinitialized [ 146.872762][ T9] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 146.887578][ T9] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 146.895229][ T9] em28xx 4-1:0.132: No AC97 audio processor [ 146.902299][ T9] usb 4-1: Decoder not found [ 146.907164][ T9] em28xx 4-1:0.132: failed to create media graph [ 146.913510][ T9] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 146.922347][ T9] em28xx 4-1:0.132: Remote control support is not available for this card. [ 146.931224][ T979] em28xx 4-1:0.132: Closing input extension [ 146.942294][ T979] em28xx 4-1:0.132: Freeing device [ 147.035362][ T43] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 147.168335][ T43] usb 2-1: device descriptor read/64, error -71 [ 147.261557][ T7923] tipc: Enabling of bearer rejected, already enabled [ 147.268044][ T7924] netlink: 'syz.0.740': attribute type 4 has an invalid length. [ 147.283271][ T7924] netlink: 'syz.0.740': attribute type 4 has an invalid length. [ 147.426161][ T43] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 147.474026][ T7931] tipc: Enabling of bearer rejected, already enabled [ 147.575016][ T43] usb 2-1: device descriptor read/64, error -71 [ 147.696833][ T43] usb usb2-port1: attempt power cycle [ 147.750509][ T7937] netlink: 'syz.2.747': attribute type 39 has an invalid length. [ 148.054430][ T43] usb 2-1: new full-speed USB device number 24 using dummy_hcd [ 148.091080][ T43] usb 2-1: device descriptor read/8, error -71 [ 148.238261][ T7951] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'. [ 148.312927][ T7955] /dev/rnullb0: Can't open blockdev [ 148.344275][ T6083] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 148.354568][ T43] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 148.392173][ T7958] netlink: 28 bytes leftover after parsing attributes in process `syz.2.756'. [ 148.401772][ T43] usb 2-1: device descriptor read/8, error -71 [ 148.494692][ T6083] usb 1-1: Using ep0 maxpacket: 16 [ 148.512034][ T6083] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 148.524299][ T43] usb usb2-port1: unable to enumerate USB device [ 148.527670][ T6083] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 148.542164][ T6083] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.553812][ T6083] usb 1-1: Product: syz [ 148.558489][ T6083] usb 1-1: Manufacturer: syz [ 148.563108][ T6083] usb 1-1: SerialNumber: syz [ 148.582571][ T6083] usb 1-1: config 0 descriptor?? [ 148.597918][ T6083] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 148.607827][ T6083] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 148.761297][ T7976] /dev/rnullb0: Can't open blockdev [ 148.861886][ T7980] loop8: detected capacity change from 0 to 7 [ 148.871447][ T7980] Dev loop8: unable to read RDB block 7 [ 148.877293][ T7980] loop8: unable to read partition table [ 148.883409][ T7980] loop8: partition table beyond EOD, truncated [ 148.893452][ T7980] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 149.279026][ T7995] FAULT_INJECTION: forcing a failure. [ 149.279026][ T7995] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 149.296331][ T7995] CPU: 1 UID: 0 PID: 7995 Comm: syz.2.770 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 149.296357][ T7995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.296367][ T7995] Call Trace: [ 149.296374][ T7995] [ 149.296381][ T7995] dump_stack_lvl+0x189/0x250 [ 149.296412][ T7995] ? __pfx____ratelimit+0x10/0x10 [ 149.296433][ T7995] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.296450][ T7995] ? __pfx__printk+0x10/0x10 [ 149.296468][ T7995] ? __might_fault+0xb0/0x130 [ 149.296495][ T7995] should_fail_ex+0x414/0x560 [ 149.296526][ T7995] _copy_from_user+0x2d/0xb0 [ 149.296544][ T7995] ___sys_sendmsg+0x158/0x2a0 [ 149.296564][ T7995] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.296616][ T7995] ? __fget_files+0x2a/0x420 [ 149.296636][ T7995] ? __fget_files+0x3a0/0x420 [ 149.296668][ T7995] __sys_sendmmsg+0x227/0x430 [ 149.296690][ T7995] ? __pfx___sys_sendmmsg+0x10/0x10 [ 149.296704][ T7995] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 149.296750][ T7995] ? ksys_write+0x22a/0x250 [ 149.296772][ T7995] ? __pfx_ksys_write+0x10/0x10 [ 149.296788][ T7995] ? rcu_is_watching+0x15/0xb0 [ 149.296811][ T7995] __x64_sys_sendmmsg+0xa0/0xc0 [ 149.296830][ T7995] do_syscall_64+0xfa/0x3b0 [ 149.296849][ T7995] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.296869][ T7995] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.296884][ T7995] ? clear_bhb_loop+0x60/0xb0 [ 149.296904][ T7995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.296920][ T7995] RIP: 0033:0x7f3aa478e929 [ 149.296940][ T7995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.296954][ T7995] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 149.296972][ T7995] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929 [ 149.296984][ T7995] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003 [ 149.296995][ T7995] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000 [ 149.297005][ T7995] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001 [ 149.297016][ T7995] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8 [ 149.297043][ T7995] [ 149.519221][ C1] vkms_vblank_simulate: vblank timer overrun [ 149.589045][ T5915] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 149.717445][ T6083] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 149.767403][ T5915] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 149.777671][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.787212][ T5915] usb 4-1: Product: syz [ 149.791520][ T5915] usb 4-1: Manufacturer: syz [ 149.797626][ T5915] usb 4-1: SerialNumber: syz [ 149.812164][ T5915] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 149.829700][ T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 149.842715][ T6083] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 149.895915][ T6083] em28xx 1-1:0.0: board has no eeprom [ 149.977690][ T6083] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 149.985822][ T6083] em28xx 1-1:0.0: dvb set to bulk mode. [ 149.991447][ T979] em28xx 1-1:0.0: Binding DVB extension [ 150.052318][ T8001] netlink: 20 bytes leftover after parsing attributes in process `syz.1.772'. [ 150.082212][ T979] em28xx 1-1:0.0: Registering input extension [ 150.083691][ T8001] /dev/rnullb0: Can't open blockdev [ 150.314219][ T5915] usb 4-1: USB disconnect, device number 30 [ 150.612227][ T5874] hid_parser_main: 6 callbacks suppressed [ 150.612248][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.640118][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.652497][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.667572][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.684075][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.696489][ T8009] syz.2.775: vmalloc error: size 33177600, failed to allocated page array size 64800, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 150.717996][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.725813][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 150.734450][ T8009] CPU: 1 UID: 0 PID: 8009 Comm: syz.2.775 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 150.734474][ T8009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.734486][ T8009] Call Trace: [ 150.734493][ T8009] [ 150.734500][ T8009] dump_stack_lvl+0x189/0x250 [ 150.734527][ T8009] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.734546][ T8009] ? __pfx__printk+0x10/0x10 [ 150.734565][ T8009] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 150.734584][ T8009] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 150.734605][ T8009] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 150.734627][ T8009] warn_alloc+0x214/0x310 [ 150.734655][ T8009] ? __pfx_warn_alloc+0x10/0x10 [ 150.734682][ T8009] ? __get_vm_area_node+0x28f/0x300 [ 150.734701][ T8009] ? vb2_vmalloc_alloc+0xef/0x340 [ 150.734754][ T8009] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 150.734805][ T8009] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 150.734831][ T8009] ? __kasan_kmalloc+0x93/0xb0 [ 150.734854][ T8009] vmalloc_user_noprof+0xad/0xf0 [ 150.734874][ T8009] ? vb2_vmalloc_alloc+0xef/0x340 [ 150.734892][ T8009] vb2_vmalloc_alloc+0xef/0x340 [ 150.734909][ T8009] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 150.734932][ T8009] __vb2_queue_alloc+0x9c2/0x15a0 [ 150.734980][ T8009] vb2_core_reqbufs+0xc31/0x1420 [ 150.735019][ T8009] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 150.735048][ T8009] ? __vb2_init_fileio+0x1e8/0xff0 [ 150.735073][ T8009] __vb2_init_fileio+0x318/0xff0 [ 150.735094][ T8009] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.735116][ T8009] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 150.735147][ T8009] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 150.735176][ T8009] vb2_core_poll+0x4c1/0x840 [ 150.735203][ T8009] vb2_fop_poll+0x168/0x380 [ 150.735223][ T8009] ? __fget_files+0x2a/0x420 [ 150.735245][ T8009] ? __pfx_vb2_fop_poll+0x10/0x10 [ 150.735266][ T8009] v4l2_poll+0x144/0x2c0 [ 150.735285][ T8009] ? __pfx_v4l2_poll+0x10/0x10 [ 150.735305][ T8009] do_sys_poll+0x8c9/0x1070 [ 150.735333][ T8009] ? do_sys_poll+0x3b1/0x1070 [ 150.735362][ T8009] ? __pfx_do_sys_poll+0x10/0x10 [ 150.735388][ T8009] ? futex_unqueue+0x22/0x240 [ 150.735407][ T8009] ? __pfx___pollwait+0x10/0x10 [ 150.735431][ T8009] ? __pfx_pollwake+0x10/0x10 [ 150.735507][ T8009] ? futex_wait+0x285/0x360 [ 150.735532][ T8009] ? __pfx_futex_wait+0x10/0x10 [ 150.735589][ T8009] ? __pfx_do_futex+0x10/0x10 [ 150.735610][ T8009] ? set_user_sigmask+0xc7/0x1b0 [ 150.735627][ T8009] ? __pfx_set_user_sigmask+0x10/0x10 [ 150.735655][ T8009] __se_sys_ppoll+0x1ff/0x260 [ 150.735679][ T8009] ? __pfx___se_sys_ppoll+0x10/0x10 [ 150.735701][ T8009] ? rcu_is_watching+0x15/0xb0 [ 150.735723][ T8009] ? do_syscall_64+0xbe/0x3b0 [ 150.735742][ T8009] ? __x64_sys_ppoll+0x20/0xc0 [ 150.735765][ T8009] do_syscall_64+0xfa/0x3b0 [ 150.735785][ T8009] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.735805][ T8009] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.735822][ T8009] ? clear_bhb_loop+0x60/0xb0 [ 150.735842][ T8009] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.735858][ T8009] RIP: 0033:0x7f3aa478e929 [ 150.735873][ T8009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.735887][ T8009] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 150.735905][ T8009] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929 [ 150.735918][ T8009] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000200 [ 150.735929][ T8009] RBP: 00007f3aa4810b39 R08: 0000000000000000 R09: 0000000000000000 [ 150.735939][ T8009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 150.735950][ T8009] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8 [ 150.735978][ T8009] [ 150.736145][ T8009] Mem-Info: [ 151.111631][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 151.119262][ T43] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 151.126798][ T43] ath9k_htc: Failed to initialize the device [ 151.132779][ T8009] active_anon:6624 inactive_anon:0 isolated_anon:0 [ 151.132779][ T8009] active_file:10905 inactive_file:48986 isolated_file:0 [ 151.132779][ T8009] unevictable:1862 dirty:47 writeback:0 [ 151.132779][ T8009] slab_reclaimable:11178 slab_unreclaimable:93828 [ 151.132779][ T8009] mapped:24878 shmem:1364 pagetables:1145 [ 151.132779][ T8009] sec_pagetables:0 bounce:0 [ 151.132779][ T8009] kernel_misc_reclaimable:0 [ 151.132779][ T8009] free:1317729 free_pcp:13024 free_cma:0 [ 151.132888][ T8009] Node 0 active_anon:26496kB inactive_anon:0kB active_file:43620kB inactive_file:195748kB unevictable:5912kB isolated(anon):0kB isolated(file):0kB mapped:99512kB dirty:184kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11420kB pagetables:4440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 151.178641][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 151.178693][ T5874] hid-generic 00A0:0006:0003.0007: unknown main item tag 0x0 [ 151.184650][ T5915] usb 4-1: ath9k_htc: USB layer deinitialized [ 151.232414][ T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 151.242261][ T5874] hid-generic 00A0:0006:0003.0007: hidraw0: HID v0.05 Device [syz1] on syz0 [ 151.256561][ T8009] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 151.328461][ T8009] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 151.396356][ T8009] lowmem_reserve[]: 0 2496 2498 2498 2498 [ 151.409414][ T8009] Node 0 DMA32 free:1364844kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22852kB inactive_anon:0kB active_file:43620kB inactive_file:194408kB unevictable:1712kB writepending:180kB present:3129332kB managed:2556912kB mlocked:176kB bounce:0kB free_pcp:43308kB local_pcp:22980kB free_cma:0kB [ 151.454737][ T24] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 151.463639][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 151.474158][ T8009] lowmem_reserve[]: 0 0 1 1 1 [ 151.484287][ T8009] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1340kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 151.492655][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 151.537833][ T8009] lowmem_reserve[]: 0 0 0 0 0 [ 151.541897][ T43] usb 1-1: USB disconnect, device number 34 [ 151.556334][ T8009] Node 1 Normal free:3890712kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17744kB local_pcp:8672kB free_cma:0kB [ 151.597892][ T43] em28xx 1-1:0.0: Disconnecting em28xx [ 151.603919][ T43] em28xx 1-1:0.0: Closing input extension [ 151.607377][ T8022] netlink: 'syz.0.779': attribute type 27 has an invalid length. [ 151.616996][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.635711][ T8009] lowmem_reserve[]: 0 0 0 0 0 [ 151.637560][ T24] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 151.641568][ T8009] Node 0 [ 151.655220][ T43] em28xx 1-1:0.0: Freeing device [ 151.671778][ T8009] DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 151.675541][ T24] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 151.699397][ T24] usb 2-1: Product: syz [ 151.708103][ T24] usb 2-1: Manufacturer: syz [ 151.711297][ T8009] Node 0 DMA32: 2*4kB (UM) 1*8kB (E) 335*16kB (UM) 296*32kB (UME) 232*64kB (UM) 15*128kB (UM) 8*256kB (ME) 7*512kB (UME) 8*1024kB (UM) 4*2048kB (ME) 320*4096kB (M) = 1364352kB [ 151.721977][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 151.738534][ T8009] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 151.745163][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 151.750944][ T8009] Node 1 Normal: 198*4kB (UM) 58*8kB (UME) 41*16kB (UME) 97*32kB (UME) 24*64kB (UME) 7*128kB (UM) 5*256kB (UME) 2*512kB (M) 2*1024kB (ME) 2*2048kB (UE) 946*4096kB (M) = 3890712kB [ 151.774084][ T979] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 151.775947][ T24] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 151.791496][ T24] cdc_wdm 2-1:1.0: Unknown control protocol [ 151.808289][ T8009] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.818591][ T8009] Node 0 hugepages_total=6 hugepages_free=3 hugepages_surp=4 hugepages_size=2048kB [ 151.828340][ T8009] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.838392][ T8009] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 151.848175][ T8009] 61283 total pagecache pages [ 151.853405][ T8009] 0 pages in swap cache [ 151.857780][ T8009] Free swap = 124996kB [ 151.861931][ T8009] Total swap = 124996kB [ 151.872516][ T8009] 2097051 pages RAM [ 151.876394][ T8009] 0 pages HighMem/MovableOnly [ 151.881191][ T8009] 425845 pages reserved [ 151.885508][ T8009] 0 pages cma reserved [ 151.894389][ T8026] hpfs: Bad magic ... probably not HPFS [ 151.924666][ T979] usb 4-1: device descriptor read/64, error -71 [ 152.011807][ T24] usb 2-1: USB disconnect, device number 26 [ 152.071850][ T8030] netlink: 104 bytes leftover after parsing attributes in process `syz.2.783'. [ 152.172324][ T979] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 152.206929][ T8039] input: syz0 as /devices/virtual/input/input21 [ 152.290527][ T8041] vxfs: WRONG superblock magic 00000000 at 1 [ 152.307774][ T8041] vxfs: WRONG superblock magic 00000000 at 8 [ 152.312278][ T979] usb 4-1: device descriptor read/64, error -71 [ 152.314395][ T8041] vxfs: can't find superblock. [ 152.433171][ T979] usb usb4-port1: attempt power cycle [ 152.559462][ T8051] fuse: Unknown parameter '' [ 152.592249][ T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 152.702395][ T24] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 152.743749][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 152.753356][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 152.764206][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 152.773759][ T979] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 152.781799][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.797390][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 152.807410][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 152.815892][ T9] usb 1-1: Product: syz [ 152.820444][ T979] usb 4-1: device descriptor read/8, error -71 [ 152.827173][ T9] usb 1-1: Manufacturer: syz [ 152.838439][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 152.843923][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 152.845797][ T8060] Mount JFS Failure: -22 [ 152.856511][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 152.857542][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 152.864264][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 152.894451][ T24] usb 3-1: config 0 has an invalid descriptor of length 76, skipping remainder of the config [ 152.907260][ T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 152.919622][ T24] usb 3-1: New USB device found, idVendor=11ba, idProduct=1001, bcdDevice=81.b0 [ 152.931403][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.943900][ T24] usb 3-1: Product: syz [ 152.948102][ T24] usb 3-1: Manufacturer: syz [ 152.950343][ T8062] tipc: Enabling of bearer rejected, already enabled [ 152.952744][ T24] usb 3-1: SerialNumber: syz [ 152.968688][ T24] usb 3-1: config 0 descriptor?? [ 153.007824][ T30] audit: type=1326 audit(8224021285.689:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8063 comm="syz.1.798" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd988f8e929 code=0x0 [ 153.093950][ T979] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 153.109748][ T8065] netlink: 'syz.1.798': attribute type 11 has an invalid length. [ 153.113028][ T979] usb 4-1: device descriptor read/8, error -71 [ 153.235450][ T979] usb usb4-port1: unable to enumerate USB device [ 153.251812][ T8066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.263574][ T8066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.297395][ C1] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 153.304489][ C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 153.316121][ T9] usb 1-1: USB disconnect, device number 35 [ 153.943785][ T8074] tipc: Enabling of bearer rejected, already enabled [ 154.240621][ T8084] netlink: 'syz.1.804': attribute type 39 has an invalid length. [ 154.298666][ T8086] /dev/rnullb0: Can't open blockdev [ 154.421703][ T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 154.476136][ T8093] netlink: 'syz.1.807': attribute type 4 has an invalid length. [ 154.493323][ T8093] netlink: 'syz.1.807': attribute type 4 has an invalid length. [ 154.772222][ T979] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 154.921458][ T979] usb 4-1: Using ep0 maxpacket: 16 [ 154.930630][ T979] usb 4-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 154.943009][ T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.951020][ T979] usb 4-1: Product: syz [ 154.956758][ T979] usb 4-1: Manufacturer: syz [ 154.961466][ T979] usb 4-1: SerialNumber: syz [ 154.968540][ T979] usb 4-1: config 0 descriptor?? [ 154.980964][ T979] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 155.002982][ T979] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 155.038647][ T5985] udevd[5985]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 155.182869][ T8092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.192802][ T8092] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.206562][ T979] usb 4-1: USB disconnect, device number 35 [ 155.394902][ T8104] netlink: 4 bytes leftover after parsing attributes in process `syz.0.812'. [ 155.509447][ T24] usb 3-1: USB disconnect, device number 30 [ 155.578646][ T8112] netlink: 28 bytes leftover after parsing attributes in process `syz.2.815'. [ 155.698413][ T8120] FAULT_INJECTION: forcing a failure. [ 155.698413][ T8120] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 155.714465][ T8120] CPU: 1 UID: 0 PID: 8120 Comm: syz.2.817 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 155.714490][ T8120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 155.714500][ T8120] Call Trace: [ 155.714507][ T8120] [ 155.714514][ T8120] dump_stack_lvl+0x189/0x250 [ 155.714538][ T8120] ? __pfx____ratelimit+0x10/0x10 [ 155.714560][ T8120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.714579][ T8120] ? __pfx__printk+0x10/0x10 [ 155.714598][ T8120] ? fs_reclaim_acquire+0x7d/0x100 [ 155.714627][ T8120] should_fail_ex+0x414/0x560 [ 155.714657][ T8120] prepare_alloc_pages+0x213/0x610 [ 155.714686][ T8120] __alloc_frozen_pages_noprof+0x123/0x370 [ 155.714727][ T8120] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 155.714773][ T8120] alloc_pages_mpol+0x232/0x4a0 [ 155.714798][ T8120] ___kmalloc_large_node+0x5f/0x1b0 [ 155.714822][ T8120] __kmalloc_large_node_noprof+0x18/0x90 [ 155.714843][ T8120] __kmalloc_noprof+0x36f/0x4f0 [ 155.714860][ T8120] ? sock_kmalloc+0xd6/0x160 [ 155.714887][ T8120] sock_kmalloc+0xd6/0x160 [ 155.714907][ T8120] ____sys_sendmsg+0x1b5/0x830 [ 155.714930][ T8120] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.714956][ T8120] ? import_iovec+0x74/0xa0 [ 155.714977][ T8120] ___sys_sendmsg+0x21f/0x2a0 [ 155.714996][ T8120] ? __pfx____sys_sendmsg+0x10/0x10 [ 155.715049][ T8120] ? __fget_files+0x2a/0x420 [ 155.715069][ T8120] ? __fget_files+0x3a0/0x420 [ 155.715101][ T8120] __sys_sendmmsg+0x227/0x430 [ 155.715124][ T8120] ? __pfx___sys_sendmmsg+0x10/0x10 [ 155.715138][ T8120] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 155.715186][ T8120] ? ksys_write+0x22a/0x250 [ 155.715207][ T8120] ? __pfx_ksys_write+0x10/0x10 [ 155.715224][ T8120] ? rcu_is_watching+0x15/0xb0 [ 155.715248][ T8120] __x64_sys_sendmmsg+0xa0/0xc0 [ 155.715267][ T8120] do_syscall_64+0xfa/0x3b0 [ 155.715286][ T8120] ? lockdep_hardirqs_on+0x9c/0x150 [ 155.715305][ T8120] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.715321][ T8120] ? clear_bhb_loop+0x60/0xb0 [ 155.715341][ T8120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.715357][ T8120] RIP: 0033:0x7f3aa478e929 [ 155.715372][ T8120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.715386][ T8120] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 155.715405][ T8120] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929 [ 155.715418][ T8120] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003 [ 155.715429][ T8120] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000 [ 155.715439][ T8120] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001 [ 155.715449][ T8120] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8 [ 155.715477][ T8120] [ 155.720585][ T8118] sp0: Synchronizing with TNC [ 155.904855][ T8129] netlink: 'syz.3.821': attribute type 27 has an invalid length. [ 156.098458][ T8135] netlink: 104 bytes leftover after parsing attributes in process `syz.0.823'. [ 156.441917][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 156.520811][ T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 156.520811][ T979] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 156.591189][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 156.597942][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.608227][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 156.619512][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 156.629268][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 156.639117][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 156.653744][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 156.666534][ T9] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 156.676384][ T9] usb 2-1: Manufacturer: syz [ 156.676678][ T979] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 156.690120][ T979] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.701795][ T979] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 156.712586][ T979] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.714439][ T24] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 156.726429][ T979] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 156.743433][ T9] usb 2-1: config 0 descriptor?? [ 156.748793][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.757909][ T24] usb 4-1: Product: syz [ 156.761343][ T979] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 156.762459][ T24] usb 4-1: Manufacturer: syz [ 156.774249][ T979] usb 1-1: Product: syz [ 156.779776][ T24] usb 4-1: SerialNumber: syz [ 156.780918][ T979] usb 1-1: Manufacturer: syz [ 156.792256][ T24] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 156.812034][ T43] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 156.827034][ T979] cdc_wdm 1-1:1.0: skipping garbage [ 156.839174][ T8152] tipc: Enabling of bearer rejected, already enabled [ 156.845756][ T979] cdc_wdm 1-1:1.0: skipping garbage [ 156.877845][ T979] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 156.900983][ T979] cdc_wdm 1-1:1.0: Unknown control protocol [ 156.923419][ T30] audit: type=1326 audit(8224021289.611:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8153 comm="syz.2.831" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0 [ 157.027372][ T8157] netlink: 'syz.2.831': attribute type 11 has an invalid length. [ 157.043833][ T9] rc_core: IR keymap rc-hauppauge not found [ 157.049769][ T9] Registered IR keymap rc-empty [ 157.068892][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.080142][ T979] usb 4-1: USB disconnect, device number 36 [ 157.121661][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.125897][ T24] usb 1-1: USB disconnect, device number 37 [ 157.137277][ T8163] netlink: 20 bytes leftover after parsing attributes in process `syz.3.833'. [ 157.162947][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 157.184748][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input22 [ 157.220321][ T8165] tipc: Enabling of bearer rejected, already enabled [ 157.229343][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.260493][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.273880][ T8168] netlink: 'syz.3.835': attribute type 39 has an invalid length. [ 157.280302][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.301182][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.320420][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.340294][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.360305][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.380237][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.400229][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.420216][ T9] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 157.442720][ T9] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 157.452649][ T9] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 157.468035][ T9] usb 2-1: USB disconnect, device number 27 [ 157.641310][ T8173] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 157.801926][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 157.894031][ T43] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 157.907589][ T43] ath9k_htc: Failed to initialize the device [ 157.919970][ T979] usb 4-1: ath9k_htc: USB layer deinitialized [ 157.927583][ T8181] netlink: 4 bytes leftover after parsing attributes in process `syz.0.841'. [ 157.961591][ T9] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 157.980088][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.011600][ T9] usb 2-1: config 0 descriptor?? [ 158.034716][ T9] gspca_main: spca508-2.14.0 probing 8086:0110 [ 158.234314][ T9] gspca_spca508: reg_read err -32 [ 158.256894][ T9] gspca_spca508: reg_read err -32 [ 158.272722][ T9] gspca_spca508: reg_read err -32 [ 158.296942][ T8188] netlink: 28 bytes leftover after parsing attributes in process `syz.0.844'. [ 158.571700][ T43] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 158.580529][ T9] gspca_spca508: reg write: error -71 [ 158.595431][ T9] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 158.625729][ T9] usb 2-1: USB disconnect, device number 28 [ 158.729612][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 158.745384][ T43] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 158.763180][ T43] usb 4-1: config 0 has no interface number 0 [ 158.771589][ T43] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 158.786841][ T43] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 158.798587][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.809631][ T43] usb 4-1: Product: syz [ 158.813826][ T43] usb 4-1: Manufacturer: syz [ 158.819003][ T43] usb 4-1: SerialNumber: syz [ 158.831062][ T43] usb 4-1: config 0 descriptor?? [ 158.844011][ T43] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 158.855507][ T43] em28xx 4-1:0.132: Video interface 132 found: [ 158.864719][ T8199] FAULT_INJECTION: forcing a failure. [ 158.864719][ T8199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 158.884043][ T8199] CPU: 0 UID: 0 PID: 8199 Comm: syz.2.848 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 158.884068][ T8199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 158.884079][ T8199] Call Trace: [ 158.884085][ T8199] [ 158.884092][ T8199] dump_stack_lvl+0x189/0x250 [ 158.884116][ T8199] ? __pfx____ratelimit+0x10/0x10 [ 158.884138][ T8199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 158.884155][ T8199] ? __pfx__printk+0x10/0x10 [ 158.884172][ T8199] ? __might_fault+0xb0/0x130 [ 158.884201][ T8199] should_fail_ex+0x414/0x560 [ 158.884232][ T8199] _copy_from_user+0x2d/0xb0 [ 158.884246][ T8199] ____sys_sendmsg+0x2fe/0x830 [ 158.884259][ T8199] ? __pfx_____sys_sendmsg+0x10/0x10 [ 158.884273][ T8199] ? import_iovec+0x74/0xa0 [ 158.884284][ T8199] ___sys_sendmsg+0x21f/0x2a0 [ 158.884294][ T8199] ? __pfx____sys_sendmsg+0x10/0x10 [ 158.884343][ T8199] ? __fget_files+0x2a/0x420 [ 158.884365][ T8199] ? __fget_files+0x3a0/0x420 [ 158.884394][ T8199] __sys_sendmmsg+0x227/0x430 [ 158.884412][ T8199] ? __pfx___sys_sendmmsg+0x10/0x10 [ 158.884419][ T8199] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 158.884446][ T8199] ? ksys_write+0x22a/0x250 [ 158.884465][ T8199] ? __pfx_ksys_write+0x10/0x10 [ 158.884481][ T8199] ? rcu_is_watching+0x15/0xb0 [ 158.884504][ T8199] __x64_sys_sendmmsg+0xa0/0xc0 [ 158.884523][ T8199] do_syscall_64+0xfa/0x3b0 [ 158.884542][ T8199] ? lockdep_hardirqs_on+0x9c/0x150 [ 158.884554][ T8199] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.884563][ T8199] ? clear_bhb_loop+0x60/0xb0 [ 158.884575][ T8199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 158.884584][ T8199] RIP: 0033:0x7f3aa478e929 [ 158.884593][ T8199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 158.884603][ T8199] RSP: 002b:00007f3aa5672038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 158.884621][ T8199] RAX: ffffffffffffffda RBX: 00007f3aa49b5fa0 RCX: 00007f3aa478e929 [ 158.884633][ T8199] RDX: 0000000000000001 RSI: 0000200000000880 RDI: 0000000000000003 [ 158.884644][ T8199] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000 [ 158.884654][ T8199] R10: 0000000024004851 R11: 0000000000000246 R12: 0000000000000001 [ 158.884664][ T8199] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8 [ 158.884692][ T8199] [ 159.213816][ T8206] netlink: 'syz.0.850': attribute type 27 has an invalid length. [ 159.325015][ T8213] netlink: 16 bytes leftover after parsing attributes in process `syz.0.853'. [ 159.349250][ T43] em28xx 4-1:0.132: unknown em28xx chip ID (0) [ 159.430941][ T43] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 159.454650][ T43] em28xx 4-1:0.132: board has no eeprom [ 159.499203][ T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 159.520140][ T43] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 159.535040][ T43] em28xx 4-1:0.132: analog set to bulk mode. [ 159.541194][ T5874] em28xx 4-1:0.132: Registering V4L2 extension [ 159.547641][ T8221] tipc: Enabling of bearer rejected, already enabled [ 159.559378][ T43] usb 4-1: USB disconnect, device number 37 [ 159.580769][ T43] em28xx 4-1:0.132: Disconnecting em28xx [ 159.659631][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 159.667176][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 159.678218][ T8225] qnx4: no qnx4 filesystem (no root dir). [ 159.691983][ T24] usb 3-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13 [ 159.702654][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.710839][ T24] usb 3-1: Product: syz [ 159.718066][ T24] usb 3-1: Manufacturer: syz [ 159.722831][ T24] usb 3-1: SerialNumber: syz [ 159.731239][ T24] usb 3-1: config 0 descriptor?? [ 159.744200][ T24] rndis_host 3-1:0.0: skipping garbage [ 159.750223][ T24] usb 3-1: bad CDC descriptors [ 159.787110][ T5874] em28xx 4-1:0.132: Config register raw data: 0xffffffed [ 159.794863][ T5874] em28xx 4-1:0.132: AC97 chip type couldn't be determined [ 159.803662][ T5874] em28xx 4-1:0.132: No AC97 audio processor [ 159.811897][ T5874] usb 4-1: Decoder not found [ 159.816508][ T5874] em28xx 4-1:0.132: failed to create media graph [ 159.823556][ T5874] em28xx 4-1:0.132: V4L2 device video103 deregistered [ 159.840117][ T5874] em28xx 4-1:0.132: Remote control support is not available for this card. [ 159.854673][ T43] em28xx 4-1:0.132: Closing input extension [ 159.866375][ T43] em28xx 4-1:0.132: Freeing device [ 159.915515][ T8232] netlink: 'syz.1.860': attribute type 27 has an invalid length. [ 159.939959][ T9] usb 3-1: USB disconnect, device number 31 [ 160.113156][ T8240] tipc: Enabling of bearer rejected, already enabled [ 160.127670][ T8241] netlink: 'syz.1.865': attribute type 39 has an invalid length. [ 160.158843][ T5874] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 160.319510][ T5874] usb 1-1: Using ep0 maxpacket: 16 [ 160.331821][ T5874] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 160.340393][ T5874] usb 1-1: config 1 has no interface number 0 [ 160.346494][ T5874] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 160.357538][ T5874] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 160.369099][ T5874] usb 1-1: config 1 interface 105 has no altsetting 0 [ 160.378175][ T5874] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 160.387311][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.395400][ T5874] usb 1-1: Product: syz [ 160.401249][ T5874] usb 1-1: Manufacturer: syz [ 160.405830][ T5874] usb 1-1: SerialNumber: syz [ 160.413182][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 160.422295][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 160.542965][ T6083] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 160.636175][ T30] audit: type=1326 audit(8224021293.323:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8260 comm="syz.2.873" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3aa478e929 code=0x0 [ 160.710390][ T6083] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 160.719141][ T6083] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 160.729565][ T6083] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 160.738957][ T6083] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.750947][ T8262] netlink: 'syz.2.873': attribute type 11 has an invalid length. [ 160.760868][ T6083] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 160.770857][ T6083] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 160.778919][ T6083] usb 2-1: Product: syz [ 160.783071][ T6083] usb 2-1: Manufacturer: syz [ 160.792821][ T6083] cdc_wdm 2-1:1.0: skipping garbage [ 160.798036][ T6083] cdc_wdm 2-1:1.0: skipping garbage [ 160.809771][ T6083] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 160.815683][ T6083] cdc_wdm 2-1:1.0: Unknown control protocol [ 160.861976][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 160.871177][ T8231] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 161.059620][ T6083] usb 2-1: USB disconnect, device number 29 [ 161.448650][ T8273] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 161.482582][ T8231] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 161.522167][ T5874] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 161.551659][ T5874] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 161.593674][ T5874] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41 [ 161.629626][ T5874] usb 1-1: USB disconnect, device number 38 [ 161.637653][ T5874] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 161.755521][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 161.765307][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 161.776448][ T5874] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 161.854186][ T8286] vxfs: WRONG superblock magic 00000000 at 1 [ 161.860823][ T8286] vxfs: WRONG superblock magic 00000000 at 8 [ 161.866849][ T8286] vxfs: can't find superblock. [ 161.947295][ T8290] netlink: 'syz.1.885': attribute type 27 has an invalid length. [ 162.122376][ T8297] tipc: Enabling of bearer rejected, already enabled [ 162.426275][ T8315] binder: 8314:8315 ioctl c0603d0f 200000000100 returned -22 [ 162.626055][ T8316] Process accounting resumed [ 162.632255][ T8323] tipc: Enabling of bearer rejected, already enabled [ 162.640424][ T5874] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 162.827554][ T5874] usb 2-1: Using ep0 maxpacket: 32 [ 162.838820][ T5874] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 162.847019][ T5874] usb 2-1: config 0 has no interface number 0 [ 162.864710][ T5874] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 162.879665][ T5874] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 162.888964][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.896973][ T5874] usb 2-1: Product: syz [ 162.901311][ T5874] usb 2-1: Manufacturer: syz [ 162.905912][ T5874] usb 2-1: SerialNumber: syz [ 162.914161][ T5874] usb 2-1: config 0 descriptor?? [ 162.924233][ T5874] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 162.937888][ T5874] em28xx 2-1:0.132: Video interface 132 found: [ 163.077377][ T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 163.077431][ T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 163.167613][ T8340] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 163.174758][ T8340] syz.3.902: attempt to access beyond end of device [ 163.174758][ T8340] nbd3: rw=0, sector=0, nr_sectors = 2 limit=0 [ 163.249319][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.259763][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 163.269052][ T24] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 163.270112][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 163.278800][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.297270][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 163.306104][ T24] usb 3-1: config 0 descriptor?? [ 163.312450][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 163.322914][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 163.338756][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 163.349668][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 163.358475][ T9] usb 1-1: Product: syz [ 163.362650][ T9] usb 1-1: Manufacturer: syz [ 163.374862][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 163.381853][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 163.390794][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 163.396717][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 163.583629][ T8337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.594143][ T8337] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.788686][ T24] Bluetooth: Can't get version to change to load ram patch err [ 163.796332][ T24] Bluetooth: Loading patch file failed [ 163.811575][ T24] ath3k 3-1:0.0: probe with driver ath3k failed with error -71 [ 163.822955][ T24] usb 3-1: USB disconnect, device number 32 [ 163.886751][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -EPIPE [ 163.894659][ C0] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 163.909045][ T43] usb 1-1: USB disconnect, device number 39 [ 164.208683][ T5874] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 164.279833][ T5874] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 164.288684][ T5874] em28xx 2-1:0.132: board has no eeprom [ 164.347053][ T5874] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 164.361624][ T5874] em28xx 2-1:0.132: analog set to bulk mode. [ 164.386737][ T43] em28xx 2-1:0.132: Registering V4L2 extension [ 164.467935][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 164.487025][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 164.507285][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 164.518843][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 164.551940][ T8350] Mount JFS Failure: -22 [ 164.610661][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x84 (error=-5) [ 164.635296][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x86 (error=-5) [ 164.646372][ T8353] netlink: 20 bytes leftover after parsing attributes in process `syz.2.907'. [ 164.655666][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x94 (error=-5) [ 164.656006][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0x96 (error=-5) [ 164.680343][ T8355] loop8: detected capacity change from 0 to 7 [ 164.713339][ T8355] Dev loop8: unable to read RDB block 7 [ 164.716104][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5) [ 164.719754][ T8355] loop8: unable to read partition table [ 164.748879][ T8355] loop8: partition table beyond EOD, truncated [ 164.756021][ T8355] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 164.779264][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5) [ 164.802568][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5) [ 164.827760][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5) [ 164.862707][ T43] em28xx 2-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5) [ 164.887101][ T43] em28xx 2-1:0.132: Config register raw data: 0xfffffffb [ 164.920973][ T43] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 164.934661][ T43] em28xx 2-1:0.132: No AC97 audio processor [ 164.963128][ T43] usb 2-1: Decoder not found [ 164.967973][ T43] em28xx 2-1:0.132: failed to create media graph [ 164.978721][ T43] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 164.995656][ T43] em28xx 2-1:0.132: Remote control support is not available for this card. [ 165.091276][ T8362] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.236788][ T43] usb 2-1: USB disconnect, device number 30 [ 165.243451][ T43] em28xx 2-1:0.132: Disconnecting em28xx [ 165.265815][ T43] em28xx 2-1:0.132: Closing input extension [ 165.280052][ T43] em28xx 2-1:0.132: Freeing device [ 165.643318][ T8379] FAULT_INJECTION: forcing a failure. [ 165.643318][ T8379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 165.657749][ T8379] CPU: 0 UID: 0 PID: 8379 Comm: syz.2.916 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 165.657774][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.657784][ T8379] Call Trace: [ 165.657792][ T8379] [ 165.657800][ T8379] dump_stack_lvl+0x189/0x250 [ 165.657823][ T8379] ? __pfx____ratelimit+0x10/0x10 [ 165.657844][ T8379] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.657862][ T8379] ? __pfx__printk+0x10/0x10 [ 165.657881][ T8379] ? __might_fault+0xb0/0x130 [ 165.657912][ T8379] should_fail_ex+0x414/0x560 [ 165.657942][ T8379] _copy_from_user+0x2d/0xb0 [ 165.657960][ T8379] kstrtouint_from_user+0xc4/0x170 [ 165.657985][ T8379] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 165.658033][ T8379] proc_fail_nth_write+0x88/0x240 [ 165.658050][ T8379] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 165.658072][ T8379] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 165.658090][ T8379] vfs_write+0x27e/0xa90 [ 165.658120][ T8379] ? __pfx_vfs_write+0x10/0x10 [ 165.658141][ T8379] ? __fget_files+0x2a/0x420 [ 165.658168][ T8379] ? __fget_files+0x3a0/0x420 [ 165.658187][ T8379] ? __fget_files+0x2a/0x420 [ 165.658218][ T8379] ksys_write+0x145/0x250 [ 165.658241][ T8379] ? __pfx_ksys_write+0x10/0x10 [ 165.658256][ T8379] ? rcu_is_watching+0x15/0xb0 [ 165.658279][ T8379] ? do_syscall_64+0xbe/0x3b0 [ 165.658305][ T8379] do_syscall_64+0xfa/0x3b0 [ 165.658324][ T8379] ? lockdep_hardirqs_on+0x9c/0x150 [ 165.658344][ T8379] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.658360][ T8379] ? clear_bhb_loop+0x60/0xb0 [ 165.658381][ T8379] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 165.658397][ T8379] RIP: 0033:0x7f3aa478d3df [ 165.658413][ T8379] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 165.658427][ T8379] RSP: 002b:00007f3aa5672030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 165.658446][ T8379] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f3aa478d3df [ 165.658458][ T8379] RDX: 0000000000000001 RSI: 00007f3aa56720a0 RDI: 0000000000000004 [ 165.658469][ T8379] RBP: 00007f3aa5672090 R08: 0000000000000000 R09: 0000000000000000 [ 165.658479][ T8379] R10: 0000000024004851 R11: 0000000000000293 R12: 0000000000000001 [ 165.658490][ T8379] R13: 0000000000000000 R14: 00007f3aa49b5fa0 R15: 00007ffc4d1b08c8 [ 165.658519][ T8379] [ 165.896223][ C0] ================================================================== [ 165.904293][ C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0 [ 165.911915][ C0] Write of size 8 at addr ffff8880772c8a00 by task swapper/0/0 [ 165.919443][ C0] [ 165.921771][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 165.921783][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 165.921790][ C0] Call Trace: [ 165.921797][ C0] [ 165.921802][ C0] dump_stack_lvl+0x189/0x250 [ 165.921816][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 165.921827][ C0] ? rcu_is_watching+0x15/0xb0 [ 165.921836][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 165.921845][ C0] ? rcu_is_watching+0x15/0xb0 [ 165.921853][ C0] ? lock_release+0x4b/0x3e0 [ 165.921866][ C0] ? __virt_addr_valid+0x1c8/0x5c0 [ 165.921876][ C0] ? __virt_addr_valid+0x4a5/0x5c0 [ 165.921885][ C0] print_report+0xd2/0x2b0 [ 165.921897][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 165.921906][ C0] kasan_report+0x118/0x150 [ 165.921917][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 165.921928][ C0] kasan_check_range+0x2b0/0x2c0 [ 165.921938][ C0] flush_tlb_func+0x23d/0x6c0 [ 165.921949][ C0] ? sched_clock+0x3f/0x60 [ 165.921963][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 165.921988][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 165.922007][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 165.922025][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 165.922046][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 165.922068][ C0] sysvec_call_function_single+0x4f/0xc0 [ 165.922080][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 165.922090][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 165.922101][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 165.922109][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 165.922118][ C0] RAX: 61924b6c72559400 RBX: 0000000000000382 RCX: 61924b6c72559400 [ 165.922125][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 165.922132][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 165.922138][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 165.922144][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 165.922155][ C0] ? lapic_next_event+0x11/0x20 [ 165.922163][ C0] ? clockevents_program_event+0x24d/0x360 [ 165.922175][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 165.922183][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 165.922192][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 165.922204][ C0] __irq_exit_rcu+0xca/0x1f0 [ 165.922211][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 165.922222][ C0] irq_exit_rcu+0x9/0x30 [ 165.922230][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 165.922245][ C0] [ 165.922248][ C0] [ 165.922252][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 165.922261][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 165.922271][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 165.922278][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 165.922286][ C0] RAX: 61924b6c72559400 RBX: ffffffff81971188 RCX: 61924b6c72559400 [ 165.922292][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 165.922298][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 165.922305][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 165.922311][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 165.922317][ C0] ? do_idle+0x1e8/0x510 [ 165.922328][ C0] default_idle+0x13/0x20 [ 165.922339][ C0] default_idle_call+0x74/0xb0 [ 165.922350][ C0] do_idle+0x1e8/0x510 [ 165.922359][ C0] ? __pfx_do_idle+0x10/0x10 [ 165.922370][ C0] cpu_startup_entry+0x44/0x60 [ 165.922378][ C0] rest_init+0x2de/0x300 [ 165.922386][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 165.922397][ C0] start_kernel+0x47d/0x500 [ 165.922410][ C0] x86_64_start_reservations+0x24/0x30 [ 165.922420][ C0] x86_64_start_kernel+0x143/0x1c0 [ 165.922428][ C0] common_startup_64+0x13e/0x147 [ 165.922442][ C0] [ 165.922446][ C0] [ 166.320925][ C0] Allocated by task 5845: [ 166.325231][ C0] kasan_save_track+0x3e/0x80 [ 166.329893][ C0] __kasan_slab_alloc+0x6c/0x80 [ 166.334723][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 166.340162][ C0] copy_mm+0xdb/0x4b0 [ 166.344131][ C0] copy_process+0x1706/0x3c00 [ 166.348786][ C0] kernel_clone+0x21e/0x870 [ 166.353277][ C0] __x64_sys_clone+0x18b/0x1e0 [ 166.358041][ C0] do_syscall_64+0xfa/0x3b0 [ 166.362549][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.368441][ C0] [ 166.370755][ C0] Freed by task 8378: [ 166.374716][ C0] kasan_save_track+0x3e/0x80 [ 166.379382][ C0] kasan_save_free_info+0x46/0x50 [ 166.384395][ C0] __kasan_slab_free+0x62/0x70 [ 166.389145][ C0] kmem_cache_free+0x18f/0x400 [ 166.394239][ C0] exit_mm+0x1da/0x2c0 [ 166.398317][ C0] do_exit+0x648/0x2300 [ 166.402463][ C0] do_group_exit+0x21c/0x2d0 [ 166.407041][ C0] get_signal+0x1286/0x1340 [ 166.411534][ C0] arch_do_signal_or_restart+0x9a/0x750 [ 166.417066][ C0] exit_to_user_mode_loop+0x75/0x110 [ 166.422340][ C0] do_syscall_64+0x2bd/0x3b0 [ 166.426916][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.432805][ C0] [ 166.435109][ C0] The buggy address belongs to the object at ffff8880772c8000 [ 166.435109][ C0] which belongs to the cache mm_struct of size 2584 [ 166.449062][ C0] The buggy address is located 2560 bytes inside of [ 166.449062][ C0] freed 2584-byte region [ffff8880772c8000, ffff8880772c8a18) [ 166.463034][ C0] [ 166.465351][ C0] The buggy address belongs to the physical page: [ 166.471737][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x772c8 [ 166.480476][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 166.488965][ C0] memcg:ffff88805a00dc01 [ 166.493180][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 166.500708][ C0] page_type: f5(slab) [ 166.504673][ C0] raw: 00fff00000000040 ffff88801a84bb40 ffffea000083d200 dead000000000002 [ 166.513236][ C0] raw: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805a00dc01 [ 166.521800][ C0] head: 00fff00000000040 ffff88801a84bb40 ffffea000083d200 dead000000000002 [ 166.530447][ C0] head: 0000000000000000 00000000800b000b 00000000f5000000 ffff88805a00dc01 [ 166.539101][ C0] head: 00fff00000000003 ffffea0001dcb201 00000000ffffffff 00000000ffffffff [ 166.547757][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 166.556405][ C0] page dumped because: kasan: bad access detected [ 166.562806][ C0] page_owner tracks the page as allocated [ 166.568498][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5567, tgid 5567 (dhcpcd-run-hook), ts 46979264357, free_ts 46964107218 [ 166.590100][ C0] post_alloc_hook+0x240/0x2a0 [ 166.594854][ C0] get_page_from_freelist+0x21e4/0x22c0 [ 166.600408][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 166.606210][ C0] alloc_pages_mpol+0x232/0x4a0 [ 166.611061][ C0] allocate_slab+0x8a/0x370 [ 166.615566][ C0] ___slab_alloc+0xbeb/0x1410 [ 166.620231][ C0] kmem_cache_alloc_noprof+0x283/0x3c0 [ 166.625672][ C0] copy_mm+0xdb/0x4b0 [ 166.629638][ C0] copy_process+0x1706/0x3c00 [ 166.634295][ C0] kernel_clone+0x21e/0x870 [ 166.638788][ C0] __x64_sys_clone+0x18b/0x1e0 [ 166.643552][ C0] do_syscall_64+0xfa/0x3b0 [ 166.648041][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.653927][ C0] page last free pid 5570 tgid 5570 stack trace: [ 166.660258][ C0] __free_frozen_pages+0xb80/0xd80 [ 166.665372][ C0] __put_partials+0x156/0x1a0 [ 166.670042][ C0] put_cpu_partial+0x17c/0x250 [ 166.674793][ C0] __slab_free+0x2d5/0x3c0 [ 166.679195][ C0] qlist_free_all+0x97/0x140 [ 166.683769][ C0] kasan_quarantine_reduce+0x148/0x160 [ 166.689215][ C0] __kasan_slab_alloc+0x22/0x80 [ 166.694059][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 166.699505][ C0] getname_flags+0xb8/0x540 [ 166.704081][ C0] vfs_fstatat+0x43/0x170 [ 166.708392][ C0] __x64_sys_newfstatat+0x116/0x190 [ 166.713571][ C0] do_syscall_64+0xfa/0x3b0 [ 166.718059][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.723934][ C0] [ 166.726238][ C0] Memory state around the buggy address: [ 166.731851][ C0] ffff8880772c8900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.739902][ C0] ffff8880772c8980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.747980][ C0] >ffff8880772c8a00: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 166.756021][ C0] ^ [ 166.760072][ C0] ffff8880772c8a80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 166.768114][ C0] ffff8880772c8b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 166.776156][ C0] ================================================================== [ 166.784220][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 166.791407][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 166.802496][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 166.812544][ C0] Call Trace: [ 166.815809][ C0] [ 166.818642][ C0] dump_stack_lvl+0x99/0x250 [ 166.823220][ C0] ? __asan_memcpy+0x40/0x70 [ 166.827834][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 166.833019][ C0] ? __pfx__printk+0x10/0x10 [ 166.837606][ C0] panic+0x2db/0x790 [ 166.841486][ C0] ? __pfx_panic+0x10/0x10 [ 166.845932][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 166.851935][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 166.858272][ C0] ? print_memory_metadata+0x314/0x400 [ 166.863837][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 166.868694][ C0] check_panic_on_warn+0x89/0xb0 [ 166.873641][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 166.878499][ C0] end_report+0x78/0x160 [ 166.882741][ C0] kasan_report+0x129/0x150 [ 166.887324][ C0] ? flush_tlb_func+0x23d/0x6c0 [ 166.892179][ C0] kasan_check_range+0x2b0/0x2c0 [ 166.897119][ C0] flush_tlb_func+0x23d/0x6c0 [ 166.901820][ C0] ? sched_clock+0x3f/0x60 [ 166.906298][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 166.911522][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 166.916707][ C0] __flush_smp_call_function_queue+0x370/0xaa0 [ 166.922852][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 166.928051][ C0] __sysvec_call_function_single+0xa8/0x3d0 [ 166.933962][ C0] sysvec_call_function_single+0x4f/0xc0 [ 166.939601][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 166.945575][ C0] RIP: 0010:handle_softirqs+0x1b0/0x870 [ 166.951105][ C0] Code: 89 64 24 30 0f b7 db 48 c7 c7 a0 99 89 8b e8 87 55 f1 09 65 66 c7 05 c5 4e 3e 11 00 00 e8 f8 55 42 00 fb 49 c7 c7 c0 c0 00 8e ff ff ff ff 0f bc c3 41 89 c5 41 ff c5 0f 84 c2 03 00 00 89 5c [ 166.970695][ C0] RSP: 0018:ffffc90000007e40 EFLAGS: 00000286 [ 166.976746][ C0] RAX: 61924b6c72559400 RBX: 0000000000000382 RCX: 61924b6c72559400 [ 166.984701][ C0] RDX: 0000000000000000 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 166.992655][ C0] RBP: ffffc90000007f50 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6 [ 167.000607][ C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: 000000000000000a [ 167.008567][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: ffffffff8e00c0c0 [ 167.016534][ C0] ? lapic_next_event+0x11/0x20 [ 167.021371][ C0] ? clockevents_program_event+0x24d/0x360 [ 167.027169][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 167.031937][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 167.037220][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 167.042403][ C0] __irq_exit_rcu+0xca/0x1f0 [ 167.046973][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 167.052153][ C0] irq_exit_rcu+0x9/0x30 [ 167.056376][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 167.061997][ C0] [ 167.064911][ C0] [ 167.067828][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 167.073791][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 167.079494][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 86 11 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 167.099081][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 167.105131][ C0] RAX: 61924b6c72559400 RBX: ffffffff81971188 RCX: 61924b6c72559400 [ 167.113084][ C0] RDX: 0000000000000001 RSI: ffffffff8da6993f RDI: ffffffff8be4b100 [ 167.121042][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f1b R09: 1ffff110170c65e3 [ 167.129001][ C0] R10: dffffc0000000000 R11: ffffed10170c65e4 R12: ffffffff8fc29e30 [ 167.136958][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 167.144923][ C0] ? do_idle+0x1e8/0x510 [ 167.149158][ C0] default_idle+0x13/0x20 [ 167.153560][ C0] default_idle_call+0x74/0xb0 [ 167.158771][ C0] do_idle+0x1e8/0x510 [ 167.162842][ C0] ? __pfx_do_idle+0x10/0x10 [ 167.167438][ C0] cpu_startup_entry+0x44/0x60 [ 167.172202][ C0] rest_init+0x2de/0x300 [ 167.176432][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 167.182086][ C0] start_kernel+0x47d/0x500 [ 167.186601][ C0] x86_64_start_reservations+0x24/0x30 [ 167.192061][ C0] x86_64_start_kernel+0x143/0x1c0 [ 167.197164][ C0] common_startup_64+0x13e/0x147 [ 167.202284][ C0] [ 167.205531][ C0] Kernel Offset: disabled [ 167.209847][ C0] Rebooting in 86400 seconds..