last executing test programs: 8.067620188s ago: executing program 1 (id=415): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x810) syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0xffffffffffffffd) 7.743305469s ago: executing program 1 (id=419): syz_usb_connect(0x5, 0x27, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xb7, 0x5c, 0x7f, 0x40, 0x547, 0x201, 0x1164, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa2, 0xcd, 0xd2}}]}}]}}, 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000380)={&(0x7f0000000280)=[{0xe13c, 0x1000, 0x0, 0x0}, {0x4, 0x200, 0x0, 0x0}, {0x3, 0x800, 0x0, 0x0}], 0x3}) 6.167055786s ago: executing program 1 (id=422): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1=0xe0004001}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x0) 6.048040336s ago: executing program 1 (id=423): openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1bd) close(r2) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r3 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400000101292000090509"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r5, 0x40045402, &(0x7f0000000140)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x3, 0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f00000000c0)={0x7, 0x9dc5, 0x400, 0x0, 0xf}) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000000)={0xa, @pix_mp={0x9, 0x3, 0x32315659, 0x4, 0x0, [{0x400, 0x10}, {0x5, 0xc}, {0x2}, {0x6, 0x3}, {0x7fff, 0x7}, {0x9, 0x5}, {0xfff, 0x1000}, {0x7, 0x401}], 0x0, 0x4, 0x4, 0x1, 0x7}}) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r6, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x1000000, 0x2, {0x4, 0x1}, 0x3, 0x800}) socket$igmp6(0xa, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 5.698523719s ago: executing program 0 (id=426): timerfd_create(0x0, 0x80000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='-', @ANYRESDEC], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000), 0x2, 0x0) 5.520033595s ago: executing program 3 (id=427): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x810) syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0xffffffffffffffd) 5.381405651s ago: executing program 0 (id=428): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000540)={0x0, 0x0}) ioctl$DRM_IOCTL_DMA(0xffffffffffffffff, 0xc0406429, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000200)=[0x5], 0x46, 0x3, 0xd, &(0x7f0000000280)=[0x8, 0x0, 0x5], 0x0}) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.303927734s ago: executing program 3 (id=429): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) write(r0, &(0x7f0000001780)="fc9fd3d3786d179e33251aa5ec70bcf9aff7a946dd0d9162c836f64317173e6d0ef0c53f680136e6461a8303c696c8b6f0bf14c1dabbb1f83b54beba48b165c9a4c2ebaf9b78366eddb07b0c601e999affd57d1e159c3f0df2397ff2a02cda6663b3a0fdeaa09f63bfdbd69f226ac89dc95d9071ac942e70473ae9cb503a398db501ff2c2dc8053f01284389349172b0cc0c51902763b20b673cca76248067431b829ca36389413ad9c2daa3d5041ddd89415a8b601ddf45b14f4eb6f33de5020d0404d9a3739d5430598012ec40483bd012d21a55c0fccea6b1b1ffa1fbf4ee747129ba8d586a3f9681865b51d0c2d12ba062a8ae134a87b239aa91b100e73b56e5007838a39974d224cebbb2787162d525beec9be84214535225fa90c10a117abe25eba93085837e1d7b945afa17f6669e907abe47436dc72a7aa8db1cf8a0583da26f75508069afe8006ede95d34366c385c61c52b1f127cf7a66e1fe2b1cb9fa6c29cd70d97c77eea8b358b90041e3cf32480e85b39de5f889446fdf4cd48260aa0996b83b6b9272dbd7673c6d8119dace0367beea5f13cab94cbae693115057c3e0ce23c8536eeb9b1a0c4092c3e914583af89162088c983c0ce7cccf17f0521fdff7d115e18a9a41003a3b41b04db63b2a440b69764935d144b934b8f504562c5788803a13331ec649103a97d3b7dfb69db33287f557add72eec9e5dd42cecc335b02accd75b1cc8a186415c288dca0e39e674329b16e017ee94478bdc96b4cbca7429277fab8a15385598ce92250550570f70b8730ab77f1146b2c7cb3fa349fbb5abdc211e2d313d87fda490729384b24d88e03079518c8065ecd1d0e33996fe3433f0e416427467d69ef7da1362404a375fd3a2b36d32bfca96270f32a90e9b4a456bfab869fb4fda37963c93962285c548b077c0502d2389cd0511440489697b9e2cc8108ed71a6a538192e6cd75d87c0e30bb8ceedd3b47e6a6f6778a1242da97f422e463375f77af69997480c3cb7425425d1b7465923b73c8f7b14ce369f3494a6a9e8dbf06d62be4850256e754ba3b8ca250fd94eaca787db35654821a26f56c60b83251ad33097be61586782353906f7d26aad2bbdf6b446a2c91a4b1ac84c863f597f2042edd835bee69ce218a70f7ce305d89b6334a8742034ec0deaf79b04ef59113d1e20983f36ba14bf80fff328f5bc8bee23e6f38fb76720cbc55e7fcb355470c3ef8d64fa7f6a22632e7764844373c3d0429e0af7199394ee97bbce352bf2e028cb9e28d8eadc224cce28eb233243211d76cd2d8ef7a360697d545b1605fc1bf0cb95d106cd4c9cba5bc2d8f54978af5b91895703a8c53f74349568aa8aa35a135f548288ac6a9d320c88e35da1b6da7a73fc384ebf91f8a5a84af91d4d0f64ccdcea8f5e2d17f504a28dda95d3558d979ec693d35dcc537b677838ffb8dec17a12a5d3b67c7ae8e7bab89fdf9f8f43e387902216b3834666ff56871fa1768ab0cf6201c922068bce8bd15fa1299c7dbab38e7d287b21bc057a1c5842becf7a69af0ca1d3f22b9ec7410376f07fccdc0ff6f3fdeb0e02ed6fc22dbd68dab236a45249a97c6c584acf230888213936c36a18683b2e65cc16c9a5b0ef5f4ce4c74939df772d477ea905d5a332fee0a3f3f493e81aecc32f7bdd978bfafd161557098d410634a82ffe8541fb6762bb1ec4124f88a2ef4a56bc7ffd9ac11a6970bf2cb570f70849ccd9e2ea21cf83d15dcf46bcc1d575a34d5451e653489ed4317bd81ded5ff18821ca550a234265125fe1ad59ad4ba39e75ae9cce954a5b9ec0c7244cc6efc2402529eb4c4a73f1ce96a285f87d154b2f2daf16913a0abe15c3054b6e8e29b95ecfc00da9537c58d6e7dfbe680bf17cdde03d2af310780999f58cdb2d71d6cd5de996f7b932d67d42881e171126e7d7493a5d312697d97273a4d7af308ea26f33758522a8c9259fd387dde49b16904c4586a365977f9ec78aa8571657e09dfa14f2be2f70a53dc25515802a7dd253a762338c83fd70a82257f1d102253c274196d7eefcdd9aa4e0a9a1f38ae080d0bd9bd8fbb3e3b1c69cb73bd2b39fb47322496cb9dae7522f149e2d4101cac068109bdebb719ea856fb86b1868ae4d59ab041c58a227ac1868ad2054ee2954b6c57a4e88b37b9654958613e40ad333ab408f03b200a5f978a93d44e1c58ada3ca88878fa95e70a4e50e9518aa01da7b05c1a5cc6fabaf8487ac74f04d793796cce95b47756848a260c9684ba4bca8f75a1e94d2e4efa8ddb65b5f179d2ba1b1452499b154fe6fe2229f5c040220ccf4dd6452221207f9b6776901c7986f4f529565f289dc84792fe8d7166e38ad56acdfb252c1552f36f710c853f8630a94c519191bc108284bc8f7ec91cf8f2f371fb645d2f0facd87746127ef23f1c7f6231725448447a12a9b037fa2d04655d499fd4d15e6a82ecc7bd2ffd38a95eb1bdad2d8ee50366f9bd6a16c0955668ae141fdbf9f44d48114d1a7379f7ab61a62ffc25ddfcda321ae65beac90390edc33ab801487937dcd3310c7f46735408025e61a0e6facab1d9520b1e404836ad1d994ac0455616283704038c66c645f66d3bfe0b90efa1e460ef8135bede0c85b669798551b259c7f9b9b17831949e90e59e49af884436fb374f339452c263bd9e281738559b39c9138e3e3e125fe99faadd2300c81f148b331f4749d3c0702f6ed791bf435b29785e7f588bfbef62ca0a95819ada29ffc484fbef0bacdd0c3808c7b9266f2b2c8b16b22463a74afe690462ef6ff802032216550f6e4ccc6d32256a8825aaad9b6e07a502ad70770c4d16c64d632d3c94c3f9e6b336da82a90edcbb9d4f7db9c8fa714d9a90671998fd45d34e95ff31bc8d201bcf40f39707ceb568a415935ceba80bc4356684e93c3ff5d14592bfd7357617f09bd8f3049e8e044a908536b2987926fb4454001559535a231a547e300d2f13bd73bbf87e2ff444c6e70328e992c89079582e5512cd35da6d2ef3d3da65d55d4d4e378b159e72c391dfd9b23b44dcf4b0f870d83487ed97dbd0a0b04f3020d462de28909c0007475a3a3d5c8e1acf837c990e98d79803a8dba62774bab1ad02848bee0fb63a2c5a80376be80978f9515f60a5fc25afc7541c1a02c1857a138a39db1924e76c0b38523835921a2382be7dcc9f8ac55261284fc1e74e4875e300053274145402e2b8e3c27390428e87326af2397560b3535b2d4c2e0c8e3c4cb600cb63ac5f0b8c6f4038acc50ede9504662e4e3233b38730e7dbf85ed7d6fe51bbfc2f94894e998895a617f02a59223ed51f98109c63504bb1781f6b3a189136911205ea577d07677aff1348cb791f7d2e31ecb3a4e0d62440ecc4ff031cacafec632232e600916f936f776d0bb639076acd94abe01ea0d02432c5d37dec1e2f00ce39b90fe2a487e29c15f6c7786824d7ef44eed6926d424666ca2dfd727abe04b157eca45d4f6c2260f7d9ce82aa66b3fdbc83ae461fcaa42fc0af1f04b04984f4b36760e34eef6b546f9efb4f8ea2c978ed790d8716e95b520054a6a557a205c79f60fbf5c038ba0e044277c0d36259912d63761f0c78397e9c9d8f06138222759e168299bb1a1454bc59381953fedb6373adabc910ee5fb030afc930f4eb13d57a1aa066d9f1b90c85a5fa45dea354696ca7a1d76460d6f9d35385ed5208f20bfa1bbaab400be901f5d9343489ded021791e8255c3dbb610fe450558993b4c6e2483ba72953fc8557f20ebab2770e453e80b6e25f562b5252f4ea281ce29a242c099496e22eb61a969786bf6131a7354cf4e12623cc8a1361a4604f78b269892e7c31ecad63429498eb4bfc602f41633076ab9da37bc9b1633d13fa3e0f8b4eb89d2212009b1aa7de2fbf4fbf86042f4cde7ef4e7a2ac00c05bfcf1b23f180f1088a7914cf712399af8f6f7528d43b145f76f8fe9d9cdee282bff425c258ed48a1e49da2798cafa566a515895873e3c772c4c649edd735171642d44ba48cdaf4885a1ab602622694424bd34cef72b7b360406d018e28b3a05bcd1bdd46e4d5c97ec1a9838f4823498a16e20d20bdfb2b815bcf0d066e58170d831680eb89aa33ced9290ec4031362d60d239a5cff699ba0573742a37c1bc1b457f7e9fde36d14e7715a08ae8b09cd1659a8c4bfa4493b525dfc9abad4638115a390fd2ca42c783e27cc1ac9b7c7b57ee6bf2374b95784468ca3f4ee1621ee4891d06c76ef573866ee6a4b4aca2b12833e8879aa4ac549966af0c2f12ee370505fe8132af82f7baedcc993d55cc7d503cc373840fae0c5e0de1ce65615d7edc7ac01ea342d85930103d3476bc0fcd6bc50429f8b7556aacb4f2abd6d1dbb6f5585a9c6d3dd68962ed2a81538592ca5b6119163ee6d04c76d95e2319f5eb527e9e8f02aeef53956135b352e3a4937b7e3d38eef3fa075032cf5e0b5fbc9c6bfe71a1df68f42339a4203f48a281bc21571459d697fc6ed1ee179a339fc24b444119f3e178570d5e3b641be10345c89a166ae9cd68c514ddabb8948bf698484dc219b46fbcdb1b043570c093ca5a3d5595b49d71adcfcc5a696c17c8ff580c7c6fa843e585ec1287c0801fe3934b76ca10f333df7dd5b423f44d41460ad00f05a6125c057a34d8c86e2dfd912ad53d84ce8bc55fb2d9e4dffcac03f065c7793e21c07c3c35ed88dc889fea9f31a805e65a1877304de4a618dfebbdd0b0406d630a7fbf322974061e07ced70346f189b9e6b4981a22615d2357e1d20223ff8663264852cb4556f5e0c51e6aab1a2c2f764b6585e19fe2a0998cd0c5ad3ca192cb977d7f850472de816e7ca985942ab6e2d65fca3756a730aa55f094de2625d33d857469142f65abb7679fc30a59c23b8f68fe4eb2d8a3c23352423424d39e7fce46e828be3ba621acc9b650dd7088cce0ef204a867b8c9dd319f261a10aafebbe2dd71cac3a387309480c0cf419308e29dd31e1e9b58c85cc9d44043a2b64f7821f8061d3adb4a6f29b09fddc2ebb7cd06b309ea80fbec89dee4de7994e611d4edef79ba829f5a168c2696da09bd242c12c8db2b377db65dd3542cf3980a3c6ea7f771f3eaf33583c77c680627d63019596f30749e6c5d8af74a6caf62625388ecfd535cac9b5690801147b1f67f07ce69fe9cbd6daf36343feb6ecd01c67ab0bf11b742924784be0a9ca154c593c7f0e80ab97784c69ed7b46612880677fe1bc3b20fc37753d2093978071e853c8f02e9eae9aa7fb0fa21280b5b2dd003514ba1de7f0fd922c493379059527d96709fe0b7fd71cb83306647c17b1b09a0ce4cb5280ffa38a9ec631f3593b1422b6d132d287bdb4a8991a5120e23f9cc65474df43d1135a30c2dab120a925177fe3ff0dfcf95dcaa8b28242bb2f95f46466f93eea2fa05b832ac30e0ebed1b1f38bc6b3036c793977f6501ad4da325d08985eb279606348af8a53266d45366274f76dd7ddb3469d1453575c89c90c9b427c68a7a7f2f8717ebf8e46cd7247f5db53aa071a8534e8a4ae8555a41514d0e6d12e9eb71c2601c453cfebd3d9561e88125e0524684bc20dda812bcc67aac58cc69f798e3fedc0ec4277e54a1d747f71e129c860d34b1e98c26078856992a5e7ea2c1676f169effee0f07730fb60dcf92fbb601fa3c990e042b5c6043eb2c1d97c22a17b7b04db9f86b474e1259d55db40ffbb2b2cc8564acb492c228827614a05f466b73b9bdd1a444071e0e3ec996f01e3ddcd9283fc0e02f63cf364ddf8a5ffb245f615b", 0x1000) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) read$dsp(r1, &(0x7f00000002c0)=""/4096, 0x1000) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) 2.988966079s ago: executing program 1 (id=431): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_usbip_server_init(0x6) close_range(r0, 0xffffffffffffffff, 0x0) 2.607330697s ago: executing program 3 (id=432): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0x12, r0, 0xeab9a000) syz_io_uring_setup(0x1714, &(0x7f00000002c0)={0x0, 0x0, 0x800}, 0x0, 0x0) 2.511883582s ago: executing program 3 (id=433): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) 2.51165393s ago: executing program 3 (id=434): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0xffffffffffffff9d, 0x0) 2.486427614s ago: executing program 3 (id=435): sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x230}}], 0x1, 0x4040c94) munmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x400000f, 0x80031, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r2 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371"], 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x2}, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000400)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000440)) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)="f78d9ca38fff48f3be52163448412ba88d56467914a012b7081572f4add7e91b7bddc96b0c9d9817f6768d", 0x2b}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726", 0x3f}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45", 0xc8}], 0x3, &(0x7f0000000380)}], 0x1, 0x40800) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/83, 0x53}], 0x1}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = mq_open(&(0x7f0000000380)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb85\xb5\xdb\xe9?\xfa/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\xe5\x86>\x0e\xa6\xe6\x1aV\x17\x8b\xed\xa7\'\xd0\r_\xe8,XVR\x13\xe5%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb6\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xcb\xd9\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00', 0x40, 0x169, 0x0) fcntl$setlease(r4, 0x400, 0x0) mq_unlink(&(0x7f0000000340)='eth0\x00') syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000540)="0f09d0cef3ba610066b80100000066ef260f32660f3a16a6010005650f0159e866b91508000066b80000000066ba000000000f300fc7690fb8d8048ed80f01ca", 0x40}], 0xaaaaaaaaaaaac41, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{0x0}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x18, 0x0, 0x0) 2.405730425s ago: executing program 1 (id=436): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$KVM_GET_MSRS_sys(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000180)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3, 0x5d032, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x108) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r3, &(0x7f0000006340)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r3, &(0x7f0000000280)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50) syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xac901, 0x28) pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$USBDEVFS_GET_SPEED(r5, 0x551f) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r6, 0x0, 0x0) write$tcp_congestion(r5, &(0x7f00000000c0)='lp\x00', 0xfffffdef) dup2(r5, r3) syz_usb_connect(0x0, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x140}}, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x4000095, 0x0) 2.19969012s ago: executing program 0 (id=437): socket$netlink(0x10, 0x3, 0x4) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x749}) capset(0x0, &(0x7f0000000080)) r1 = syz_pidfd_open(0x0, 0x0) setns(r1, 0x2000000) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) madvise(&(0x7f0000c0c000/0x1000)=nil, 0x1000, 0x4) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r3 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r3, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, 0x0) r4 = socket(0x22, 0x2, 0x1) sendto$l2tp6(r4, 0x0, 0x0, 0x2c62983d46685bf1, 0x0, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000340)={0x3}) close_range(r2, 0xffffffffffffffff, 0x0) 1.73386093s ago: executing program 0 (id=438): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "0100"}, @local=@item_012={0x0, 0x2, 0x2}, @local=@item_4={0x3, 0x2, 0x0, "53743ff6"}, @local=@item_4={0x3, 0x2, 0xa, "0da83a81"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8, "0400"}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000100)=""/101) 1.255462384s ago: executing program 2 (id=439): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x810) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$poke(0x5, r0, &(0x7f0000000080), 0xffffffffffffffd) 1.170933274s ago: executing program 2 (id=440): timerfd_create(0x0, 0x80000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000001640)=0x4f1d, 0x4) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='map_files\x00') write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='-', @ANYRESDEC], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000), 0x2, 0x0) 1.036890852s ago: executing program 2 (id=441): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x40000000, @empty}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x220c) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r3, 0x3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0xd779) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 977.751887ms ago: executing program 2 (id=442): syz_usb_control_io$uac1(0xffffffffffffffff, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x0, 0x5, 0x1a, {0x1a, 0x2, "08bfce439cf0141498937e067097668459ba130b7f4ca7f6"}}, 0x0}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 361.781803ms ago: executing program 2 (id=443): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094) 287.984153ms ago: executing program 2 (id=444): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, 0x0, 0x84) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_io_uring_setup(0x499, &(0x7f0000000380)={0x0, 0xd146, 0x0, 0x3, 0x287}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x30}}) r4 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000040)=0x5) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x40000000042201, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) r7 = socket(0x40000000015, 0x5, 0x0) connect$inet(r7, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f0000000400)=0x2, 0x4) setsockopt$sock_int(r7, 0x1, 0x8, 0x0, 0x0) bind$inet(r7, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r7, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) pselect6(0x40, &(0x7f0000000340)={0xa, 0xa3cd, 0x6, 0xffffffffffffeffd, 0x9, 0x5, 0x9, 0x2}, 0x0, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_REWIND(r6, 0x40084146, &(0x7f0000000000)=0x1) syz_usb_connect$uac1(0x0, 0xa5, 0x0, 0x0) 48.79675ms ago: executing program 0 (id=445): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r0, 0x10e, 0x4, &(0x7f0000000c40)=""/4096, &(0x7f0000000080)=0x1000) 0s ago: executing program 0 (id=446): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(0xffffffffffffffff, 0xc010641d, &(0x7f0000000540)={0x0, 0x0}) ioctl$DRM_IOCTL_DMA(0xffffffffffffffff, 0xc0406429, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000200)=[0x5], 0x46, 0x3, 0xd, &(0x7f0000000280)=[0x8, 0x0, 0x5], 0x0}) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.221' (ED25519) to the list of known hosts. [ 68.724311][ T5811] cgroup: Unknown subsys name 'net' [ 68.871929][ T5811] cgroup: Unknown subsys name 'cpuset' [ 68.880641][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 70.282458][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.435081][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.441810][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.407361][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.411945][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.415539][ T5835] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.423086][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.439438][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.446534][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.455175][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.457015][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.462595][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.476874][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.477572][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.486251][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.493413][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.499717][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.506565][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.512502][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.529290][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 72.529383][ T5145] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.538252][ T5837] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.552774][ T5828] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.118029][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 73.186098][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 73.242759][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 73.378626][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 73.435391][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.443178][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.450653][ T5822] bridge_slave_0: entered allmulticast mode [ 73.458101][ T5822] bridge_slave_0: entered promiscuous mode [ 73.495555][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.502838][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.510339][ T5822] bridge_slave_1: entered allmulticast mode [ 73.517397][ T5822] bridge_slave_1: entered promiscuous mode [ 73.536647][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.544003][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.551655][ T5823] bridge_slave_0: entered allmulticast mode [ 73.558999][ T5823] bridge_slave_0: entered promiscuous mode [ 73.593257][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.600944][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.608403][ T5823] bridge_slave_1: entered allmulticast mode [ 73.615403][ T5823] bridge_slave_1: entered promiscuous mode [ 73.623144][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.630488][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.637623][ T5821] bridge_slave_0: entered allmulticast mode [ 73.645109][ T5821] bridge_slave_0: entered promiscuous mode [ 73.679838][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.687067][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.694346][ T5821] bridge_slave_1: entered allmulticast mode [ 73.701394][ T5821] bridge_slave_1: entered promiscuous mode [ 73.711667][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.749891][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.773636][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.818157][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.830376][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.851556][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.859278][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.866433][ T5820] bridge_slave_0: entered allmulticast mode [ 73.873840][ T5820] bridge_slave_0: entered promiscuous mode [ 73.895152][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.906008][ T5822] team0: Port device team_slave_0 added [ 73.913056][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.920438][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.927581][ T5820] bridge_slave_1: entered allmulticast mode [ 73.934837][ T5820] bridge_slave_1: entered promiscuous mode [ 73.965957][ T5822] team0: Port device team_slave_1 added [ 73.985057][ T5823] team0: Port device team_slave_0 added [ 74.027519][ T5823] team0: Port device team_slave_1 added [ 74.041027][ T5821] team0: Port device team_slave_0 added [ 74.060375][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.082813][ T5821] team0: Port device team_slave_1 added [ 74.089615][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.096640][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.122674][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.136834][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.172039][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.179036][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.205130][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.226973][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.234310][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.260715][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.303939][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.312792][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.338961][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.350965][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.358389][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.385125][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.398120][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.405073][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.431048][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.444619][ T5820] team0: Port device team_slave_0 added [ 74.464958][ T5820] team0: Port device team_slave_1 added [ 74.518396][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.525365][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.552279][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 74.580157][ T5822] hsr_slave_0: entered promiscuous mode [ 74.586567][ T5822] hsr_slave_1: entered promiscuous mode [ 74.606445][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 74.613603][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 74.629036][ T5838] Bluetooth: hci3: command tx timeout [ 74.639788][ T5828] Bluetooth: hci2: command tx timeout [ 74.648254][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 74.651353][ T5833] Bluetooth: hci0: command tx timeout [ 74.667658][ T5837] Bluetooth: hci1: command tx timeout [ 74.702643][ T5823] hsr_slave_0: entered promiscuous mode [ 74.710179][ T5823] hsr_slave_1: entered promiscuous mode [ 74.716781][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 74.722811][ T5823] Cannot create hsr debugfs directory [ 74.734530][ T5821] hsr_slave_0: entered promiscuous mode [ 74.741036][ T5821] hsr_slave_1: entered promiscuous mode [ 74.747121][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 74.752911][ T5821] Cannot create hsr debugfs directory [ 74.860554][ T5820] hsr_slave_0: entered promiscuous mode [ 74.867093][ T5820] hsr_slave_1: entered promiscuous mode [ 74.873478][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 74.879735][ T5820] Cannot create hsr debugfs directory [ 75.289311][ T5822] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 75.317282][ T5822] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 75.329823][ T5822] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 75.359097][ T5822] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 75.420138][ T5823] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 75.432708][ T5823] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 75.459006][ T5823] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 75.470474][ T5823] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 75.560191][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 75.573849][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 75.589279][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 75.629891][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 75.728679][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 75.741715][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 75.762868][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 75.779557][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 75.873454][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.942600][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.956322][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.981516][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.988986][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.010950][ T1149] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.018156][ T1149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.037336][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.055151][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.087548][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.094720][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.116589][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.126407][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.133703][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.155880][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.163362][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.192002][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.199175][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.221805][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.277236][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.343655][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.350952][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.402112][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.409365][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.601117][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.711210][ T5828] Bluetooth: hci2: command tx timeout [ 76.711467][ T5833] Bluetooth: hci0: command tx timeout [ 76.716646][ T5838] Bluetooth: hci3: command tx timeout [ 76.722565][ T5837] Bluetooth: hci1: command tx timeout [ 76.792155][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.819186][ T5822] veth0_vlan: entered promiscuous mode [ 76.857691][ T5822] veth1_vlan: entered promiscuous mode [ 76.927294][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.965652][ T5823] veth0_vlan: entered promiscuous mode [ 76.991954][ T5823] veth1_vlan: entered promiscuous mode [ 77.009770][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.021912][ T5822] veth0_macvtap: entered promiscuous mode [ 77.043889][ T5822] veth1_macvtap: entered promiscuous mode [ 77.096276][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.112088][ T5821] veth0_vlan: entered promiscuous mode [ 77.130622][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.153637][ T5823] veth0_macvtap: entered promiscuous mode [ 77.171381][ T5823] veth1_macvtap: entered promiscuous mode [ 77.184137][ T3492] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.194123][ T3492] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.204486][ T5821] veth1_vlan: entered promiscuous mode [ 77.214885][ T3492] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.224259][ T3492] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.281409][ T5820] veth0_vlan: entered promiscuous mode [ 77.307702][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.334046][ T5821] veth0_macvtap: entered promiscuous mode [ 77.357052][ T5821] veth1_macvtap: entered promiscuous mode [ 77.376695][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.385411][ T5820] veth1_vlan: entered promiscuous mode [ 77.416542][ T4400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.435765][ T3492] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.436351][ T4400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.463637][ T3492] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.472530][ T3492] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.495817][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.503340][ T3492] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.532550][ T1149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.543093][ T1149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.545455][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.583555][ T3492] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.614238][ T3492] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.638758][ T3492] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.653362][ T3492] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.670068][ T5820] veth0_macvtap: entered promiscuous mode [ 77.681460][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 77.710332][ T5820] veth1_macvtap: entered promiscuous mode [ 77.718291][ T3492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.726523][ T3492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.834309][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.845622][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.857488][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.882095][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.926269][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.947148][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.000382][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.015442][ T4400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.043561][ T4400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.052732][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.166655][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.185365][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.324935][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.349213][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.493894][ T5931] netlink: 'syz.2.3': attribute type 21 has an invalid length. [ 78.513128][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.533864][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.568593][ T5928] mmap: syz.1.8 (5928): VmData 29208576 exceed data ulimit 1. Update limits or use boot option ignore_rlimit_data. [ 78.763809][ T5938] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 78.790294][ T5833] Bluetooth: hci2: command tx timeout [ 78.790320][ T5828] Bluetooth: hci0: command tx timeout [ 78.795780][ T5837] Bluetooth: hci3: command tx timeout [ 78.801748][ T5838] Bluetooth: hci1: command tx timeout [ 79.138736][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 79.228137][ T1217] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.308031][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 79.316564][ T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 79.326001][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 79.336533][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 79.348579][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 79.363378][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.372658][ T5890] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 79.382181][ T9] usb 2-1: Product: syz [ 79.386398][ T9] usb 2-1: Manufacturer: syz [ 79.391445][ T9] usb 2-1: SerialNumber: syz [ 79.398232][ T1217] usb 1-1: Using ep0 maxpacket: 8 [ 79.407778][ T1217] usb 1-1: unable to get BOS descriptor or descriptor too short [ 79.418242][ T1217] usb 1-1: config 4 has an invalid descriptor of length 238, skipping remainder of the config [ 79.443544][ T1217] usb 1-1: config 4 has 0 interfaces, different from the descriptor's value: 1 [ 79.455142][ T1217] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 79.464427][ T1217] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 79.473848][ T1217] usb 1-1: Manufacturer: syz [ 79.478907][ T1217] usb 1-1: SerialNumber: syz [ 79.548517][ T5890] usb 4-1: Using ep0 maxpacket: 16 [ 79.555892][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.567048][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.579749][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 79.593550][ T5890] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 79.602865][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.622208][ T5890] usb 4-1: config 0 descriptor?? [ 79.695448][ T5948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 79.727306][ T5948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 79.747039][ T1217] usb 1-1: USB disconnect, device number 2 [ 79.777458][ T5961] netlink: 'syz.2.14': attribute type 2 has an invalid length. [ 79.795799][ T5961] netlink: 16126 bytes leftover after parsing attributes in process `syz.2.14'. [ 79.999856][ T9] usb 2-1: 0:2 : does not exist [ 80.010519][ T5964] syzkaller1: entered promiscuous mode [ 80.016059][ T5964] syzkaller1: entered allmulticast mode [ 80.026066][ T9] usb 2-1: 1:0: cannot get min/max values for control 4 (id 1) [ 80.036590][ T5964] netlink: 260 bytes leftover after parsing attributes in process `syz.2.15'. [ 80.063949][ T5890] microsoft 0003:045E:07DA.0001: ignoring exceeding usage max [ 80.084036][ T9] usb 2-1: USB disconnect, device number 2 [ 80.103759][ T5890] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.0001/input/input5 [ 80.214852][ T5890] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 80.287970][ T906] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 80.459966][ T906] usb 3-1: unable to get BOS descriptor or descriptor too short [ 80.469192][ T906] usb 3-1: not running at top speed; connect to a high speed hub [ 80.478264][ T906] usb 3-1: config 129 has an invalid interface number: 28 but max is 0 [ 80.486559][ T906] usb 3-1: config 129 has no interface number 0 [ 80.494282][ T906] usb 3-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 80.507960][ T906] usb 3-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64 [ 80.532954][ T906] usb 3-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 80.546690][ T906] usb 3-1: config 129 interface 28 has no altsetting 0 [ 80.562444][ T906] usb 3-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 80.585954][ T906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.610269][ T906] usb 3-1: Product: syz [ 80.614502][ T906] usb 3-1: Manufacturer: syz [ 80.621101][ T906] usb 3-1: SerialNumber: syz [ 80.636288][ T5964] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 80.779989][ T5826] usb 4-1: USB disconnect, device number 2 [ 80.864155][ T906] etas_es58x 3-1:129.28: Starting syz syz (Serial Number syz) [ 80.876029][ T5828] Bluetooth: hci0: command tx timeout [ 80.878009][ T5833] Bluetooth: hci2: command tx timeout [ 80.881552][ T5838] Bluetooth: hci1: command tx timeout [ 80.887629][ T5837] Bluetooth: hci3: command tx timeout [ 80.912125][ T906] etas_es58x 3-1:129.28: could not retrieve the product info string [ 81.033759][ T906] usb 3-1: USB disconnect, device number 2 [ 81.043150][ T906] etas_es58x 3-1:129.28: Disconnecting syz syz [ 81.208015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #3c0!!! [ 81.310641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.335729][ T5890] usb 2-1: new low-speed USB device number 3 using dummy_hcd [ 81.510434][ T5890] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 81.521064][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 81.599512][ T5890] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 81.617663][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 81.626916][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 81.635741][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.644490][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.720236][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.720468][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.737139][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.745745][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.877879][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 81.925512][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 82.019085][ T5890] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 82.028939][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 82.059566][ T5890] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 82.122682][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 82.181383][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 82.220677][ T5890] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 82.239128][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 82.267970][ T5877] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 82.275567][ T5890] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 82.307983][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 82.329410][ T5890] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 82.364940][ T5890] usb 2-1: string descriptor 0 read error: -22 [ 82.378591][ T5890] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 82.387628][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.435333][ T5890] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 82.443830][ T5877] usb 3-1: Using ep0 maxpacket: 8 [ 82.454925][ T5877] usb 3-1: config index 0 descriptor too short (expected 65535, got 27) [ 82.476867][ T5877] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 82.519581][ T5877] usb 3-1: config 0 has no interfaces? [ 82.535987][ T5877] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 82.561923][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.579040][ T5877] usb 3-1: Product: syz [ 82.588747][ T5877] usb 3-1: Manufacturer: syz [ 82.595898][ T5877] usb 3-1: SerialNumber: syz [ 82.610241][ T5877] usb 3-1: config 0 descriptor?? [ 82.757279][ T5830] usb 2-1: USB disconnect, device number 3 [ 82.764786][ T5983] usb 2-1: Couldn't submit interrupt_out_urb -19 [ 84.023489][ T5830] hid-generic 0400:0001:0000.0002: item fetching failed at offset 0/4 [ 84.036328][ T5830] hid-generic 0400:0001:0000.0002: probe with driver hid-generic failed with error -22 [ 84.928573][ T5877] usb 3-1: USB disconnect, device number 3 [ 85.318914][ T30] audit: type=1326 audit(1764536997.068:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.365436][ T30] audit: type=1326 audit(1764536997.108:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.502397][ T30] audit: type=1326 audit(1764536997.118:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.604619][ T30] audit: type=1326 audit(1764536997.128:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.614319][ T6065] netlink: 'syz.2.50': attribute type 4 has an invalid length. [ 85.639197][ T30] audit: type=1326 audit(1764536997.128:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.678640][ T30] audit: type=1326 audit(1764536997.128:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.704934][ T6065] netlink: 'syz.2.50': attribute type 4 has an invalid length. [ 85.726976][ T30] audit: type=1326 audit(1764536997.128:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.751225][ T30] audit: type=1326 audit(1764536997.128:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.777622][ T30] audit: type=1326 audit(1764536997.128:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 85.989138][ T30] audit: type=1326 audit(1764536997.128:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6056 comm="syz.3.47" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 86.826687][ T10] cfg80211: failed to load regulatory.db [ 86.887908][ T5877] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 87.067998][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 87.074873][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 87.116680][ T5877] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 87.126122][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.170206][ T5877] usb 4-1: config 0 descriptor?? [ 87.291747][ T48] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 87.389522][ T5877] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 87.462470][ T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 87.481805][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 87.517557][ T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 87.535905][ T6095] capability: warning: `syz.0.61' uses deprecated v2 capabilities in a way that may be insecure [ 87.536157][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 87.560616][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 87.575852][ T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 87.583529][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 87.593613][ T5877] usb 4-1: USB disconnect, device number 3 [ 87.594238][ C0] iowarrior 4-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 87.613598][ T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 87.625726][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 87.637205][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 87.650760][ T48] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 87.670734][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 87.694243][ T48] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 87.741299][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 87.757097][ T48] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 87.806411][ T48] usb 2-1: string descriptor 0 read error: -22 [ 87.815536][ T48] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 87.825264][ T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.866203][ T48] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 88.210447][ T24] usb 2-1: USB disconnect, device number 4 [ 88.953574][ T6125] syz.1.71 uses obsolete (PF_INET,SOCK_PACKET) [ 89.417910][ T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 89.577942][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 89.585665][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 89.610533][ T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 89.633486][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.652051][ T10] usb 2-1: Product: syz [ 89.680183][ T10] usb 2-1: Manufacturer: syz [ 89.684828][ T10] usb 2-1: SerialNumber: syz [ 89.719002][ T10] usb 2-1: config 0 descriptor?? [ 89.728225][ T10] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 89.764472][ T10] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 90.063892][ T6151] process 'syz.3.80' launched './file1' with NULL argv: empty string added [ 90.349039][ T10] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 91.076409][ T6169] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.181180][ T10] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 91.192666][ T10] em28xx 2-1:0.0: board has no eeprom [ 91.274214][ T10] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 91.282326][ T5890] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 91.295848][ T10] em28xx 2-1:0.0: dvb set to bulk mode. [ 91.304959][ T5826] em28xx 2-1:0.0: Binding DVB extension [ 91.326829][ T10] usb 2-1: USB disconnect, device number 5 [ 91.359939][ T10] em28xx 2-1:0.0: Disconnecting em28xx [ 91.417185][ T5826] em28xx 2-1:0.0: Registering input extension [ 91.425102][ T10] em28xx 2-1:0.0: Closing input extension [ 91.450633][ T5890] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 91.469623][ T5890] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 91.481620][ T10] em28xx 2-1:0.0: Freeing device [ 91.500795][ T5890] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 91.528452][ T5890] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 91.546884][ T5890] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 14129, setting to 64 [ 91.580299][ T5890] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 91.589882][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 91.598907][ T5890] usb 4-1: Product: syz [ 91.603253][ T5890] usb 4-1: Manufacturer: syz [ 91.621803][ T5890] cdc_wdm 4-1:1.0: skipping garbage [ 91.637340][ T5890] cdc_wdm 4-1:1.0: skipping garbage [ 91.643297][ T5890] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 91.778065][ T48] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 91.826938][ T10] usb 4-1: USB disconnect, device number 4 [ 91.944412][ T48] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 91.953825][ T48] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.969536][ T48] usb 3-1: Product: syz [ 91.973735][ T48] usb 3-1: Manufacturer: syz [ 91.978954][ T48] usb 3-1: SerialNumber: syz [ 91.991331][ T48] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 92.018902][ T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 92.247070][ T48] usb 3-1: USB disconnect, device number 4 [ 92.438837][ T906] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 92.789888][ T906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 92.808262][ T906] usb 2-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 92.837722][ T906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.865284][ T906] usb 2-1: config 0 descriptor?? [ 93.085561][ T6201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.096084][ T6201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.129352][ T906] usbhid 2-1:0.0: can't add hid device: -71 [ 93.135393][ T906] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 93.149668][ T24] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 93.157012][ T24] ath9k_htc: Failed to initialize the device [ 93.222941][ T906] usb 2-1: USB disconnect, device number 6 [ 93.229139][ T48] usb 3-1: ath9k_htc: USB layer deinitialized [ 93.733431][ T48] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 93.925364][ T48] usb 3-1: Using ep0 maxpacket: 32 [ 93.933877][ T48] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 93.957437][ T6230] pimreg: entered allmulticast mode [ 93.968093][ T48] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 93.997558][ T48] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 94.027927][ T48] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 94.075626][ T48] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 94.115757][ T48] usb 3-1: config 0 interface 0 has no altsetting 0 [ 94.139716][ T48] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 94.161638][ T48] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 94.187901][ T48] usb 3-1: Product: syz [ 94.192188][ T48] usb 3-1: Manufacturer: syz [ 94.203345][ T48] usb 3-1: SerialNumber: syz [ 94.223762][ T48] usb 3-1: config 0 descriptor?? [ 94.260468][ T48] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 94.270161][ T6238] program syz.3.116 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 94.316913][ T48] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 94.474074][ T6224] ldusb 3-1:0.0: Couldn't submit interrupt_in_urb -90 [ 94.507018][ T48] usb 3-1: USB disconnect, device number 5 [ 94.522452][ T48] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 94.578237][ T6244] netlink: 'syz.1.118': attribute type 1 has an invalid length. [ 94.586413][ T6244] netlink: 'syz.1.118': attribute type 1 has an invalid length. [ 95.491941][ T5830] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 95.668319][ T5830] usb 3-1: Using ep0 maxpacket: 8 [ 95.675758][ T5830] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 95.685207][ T5830] usb 3-1: config 0 has no interface number 0 [ 95.708510][ T5830] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 95.729298][ T5830] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 95.753427][ T5830] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 95.786458][ T5830] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 95.815417][ T5830] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 95.824967][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.835977][ T5830] usb 3-1: config 0 descriptor?? [ 95.847050][ T5830] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 96.114006][ T5826] usb 3-1: USB disconnect, device number 6 [ 96.126505][ T5826] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 96.441609][ T5890] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 96.529618][ T6203] Set syz1 is full, maxelem 65536 reached [ 96.618218][ T5890] usb 4-1: Using ep0 maxpacket: 16 [ 96.642106][ T5890] usb 4-1: unable to get BOS descriptor or descriptor too short [ 96.673832][ T5890] usb 4-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=a7.8c [ 96.691732][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.710862][ T5890] usb 4-1: Product: syz [ 96.715130][ T5890] usb 4-1: Manufacturer: syz [ 96.721442][ T5890] usb 4-1: SerialNumber: syz [ 96.936555][ T5890] as10x_usb: device has been detected [ 96.944729][ T5890] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 96.960917][ T5890] usb 4-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 96.981451][ T5890] as10x_usb: error during firmware upload part1 [ 96.988763][ T5890] Registered device Abilis Systems DVB-Titan [ 96.990844][ T5890] usb 4-1: USB disconnect, device number 5 [ 97.051246][ T5890] Unregistered device Abilis Systems DVB-Titan [ 97.054628][ T5890] as10x_usb: device has been disconnected [ 97.081015][ T48] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 97.319274][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.330315][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.358876][ T48] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 97.431400][ T48] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 97.487110][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.519549][ T48] usb 2-1: config 0 descriptor?? [ 97.936058][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 97.963462][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 97.984406][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 97.993619][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.035746][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.061348][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.095378][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.108164][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.125049][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.170822][ T48] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0 [ 98.201293][ T48] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 98.249411][ T48] usb 2-1: USB disconnect, device number 7 [ 98.482138][ T6311] IPVS: sync thread started: state = MASTER, mcast_ifn = gre0, syncid = 4, id = 0 [ 98.495379][ T6303] fido_id[6303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 98.527994][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 98.677954][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 98.691715][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.735045][ T24] usb 3-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e [ 98.763454][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.792975][ T24] usb 3-1: config 0 descriptor?? [ 98.831972][ T24] dvb-usb: found a 'TeVii S662' in warm state. [ 98.862241][ T24] dw2102: su3000_power_ctrl: 1, initialized 0 [ 98.881677][ T24] dvb-usb: bulk message failed: -22 (2/0) [ 98.900275][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 98.927045][ T24] dvbdev: DVB: registering new adapter (TeVii S662) [ 98.940692][ T24] usb 3-1: media controller created [ 98.955891][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 98.973074][ T24] dw2102: i2c transfer failed. [ 98.986399][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 98.998213][ T24] dw2102: i2c transfer failed. [ 99.031283][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 99.085930][ T24] dw2102: i2c transfer failed. [ 99.101110][ T6301] dvb-usb: bulk message failed: -22 (27/0) [ 99.107105][ T6301] dw2102: i2c transfer failed. [ 99.170185][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 99.175959][ T24] dw2102: i2c transfer failed. [ 99.278483][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 99.307924][ T24] dw2102: i2c transfer failed. [ 99.312746][ T24] dvb-usb: bulk message failed: -22 (6/0) [ 99.327933][ T24] dw2102: i2c transfer failed. [ 99.358097][ T24] dvb-usb: MAC address: 02:02:02:02:02:02 [ 99.437227][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 99.500256][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 99.506041][ T24] dw2102: command 0x0e transfer failed. [ 99.522807][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 99.538253][ T24] dw2102: command 0x0e transfer failed. [ 99.723223][ T6343] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 99.858997][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 99.864824][ T24] dw2102: command 0x0e transfer failed. [ 99.877011][ T24] dvb-usb: bulk message failed: -22 (3/0) [ 99.930767][ T24] dw2102: command 0x0e transfer failed. [ 99.943426][ T24] dvb-usb: bulk message failed: -22 (1/0) [ 99.964149][ T24] dw2102: command 0x51 transfer failed. [ 99.980101][ T24] dvb-usb: bulk message failed: -22 (5/0) [ 100.001977][ T24] dw2102: i2c probe for address 0x68 failed. [ 100.019168][ T24] dvb-usb: bulk message failed: -22 (5/0) [ 100.032952][ T24] dw2102: i2c probe for address 0x69 failed. [ 100.046957][ T24] dvb-usb: bulk message failed: -22 (5/0) [ 100.064069][ T24] dw2102: i2c probe for address 0x6a failed. [ 100.076912][ T24] dw2102: probing for demodulator failed. Is the external power switched on? [ 100.104337][ T24] dvb-usb: no frontend was attached by 'TeVii S662' [ 100.347889][ T24] rc_core: IR keymap rc-tt-1500 not found [ 100.377124][ T24] Registered IR keymap rc-empty [ 100.384676][ T24] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0 [ 100.396177][ T24] input: TeVii S662 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input7 [ 100.438687][ T24] dvb-usb: schedule remote query interval to 250 msecs. [ 100.450410][ T6356] sctp: [Deprecated]: syz.2.163 (pid 6356) Use of int in max_burst socket option. [ 100.450410][ T6356] Use struct sctp_assoc_value instead [ 100.474049][ T24] dw2102: su3000_power_ctrl: 0, initialized 1 [ 100.487888][ T24] dvb-usb: TeVii S662 successfully initialized and connected. [ 100.507611][ T24] usb 3-1: USB disconnect, device number 7 [ 100.691732][ T24] dvb-usb: TeVii S662 successfully deinitialized and disconnected. [ 100.723712][ T30] kauditd_printk_skb: 102 callbacks suppressed [ 100.723728][ T30] audit: type=1326 audit(1764537012.478:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6358 comm="syz.3.165" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7f47b8f749 code=0x0 [ 101.142965][ T6376] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.171' sets config #1956 [ 101.489268][ T5826] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 101.650514][ T5826] usb 3-1: Using ep0 maxpacket: 8 [ 101.680714][ T5826] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 101.698599][ T5826] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 101.709176][ T5826] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.720739][ T5826] usb 3-1: config 0 descriptor?? [ 101.934893][ T5826] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 102.158922][ T5908] usb 3-1: USB disconnect, device number 8 [ 102.417906][ T5826] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 102.569973][ T5826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.589374][ T5826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.614640][ T5826] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 102.637507][ T5826] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.750346][ T5826] usb 2-1: config 0 descriptor?? [ 102.977377][ T6405] kvm: pic: non byte read [ 102.986336][ T6405] kvm: pic: non byte read [ 103.405612][ T6405] kvm: pic: non byte read [ 103.415707][ T6405] kvm: pic: non byte read [ 103.433594][ T6405] kvm: pic: non byte read [ 103.595077][ T6405] kvm: pic: non byte read [ 103.602523][ T6405] kvm: pic: non byte read [ 103.607154][ T6405] kvm: pic: non byte read [ 103.608022][ T5826] usbhid 2-1:0.0: can't add hid device: -71 [ 103.612210][ T6405] kvm: pic: non byte read [ 103.626097][ T5826] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 103.639601][ T6405] kvm: pic: non byte read [ 103.675932][ T5826] usb 2-1: USB disconnect, device number 8 [ 104.147907][ T6422] netlink: 'syz.0.185': attribute type 10 has an invalid length. [ 104.681441][ T6429] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 106.927916][ T5908] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 107.079599][ T5908] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 107.088269][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.099590][ T5908] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 107.112089][ T5908] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 107.122383][ T5908] usb 1-1: Manufacturer: syz [ 107.135834][ T5908] usb 1-1: config 0 descriptor?? [ 107.151942][ T5826] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 107.357963][ T5826] usb 3-1: Using ep0 maxpacket: 16 [ 107.365517][ T5826] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 107.373768][ T5826] usb 3-1: config 0 has no interface number 0 [ 107.380042][ T5826] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.406498][ T5826] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 107.426753][ T5826] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 107.446888][ T5826] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 107.448393][ T5908] rc_core: IR keymap rc-hauppauge not found [ 107.468434][ T5826] usb 3-1: Product: syz [ 107.472638][ T5826] usb 3-1: SerialNumber: syz [ 107.490053][ T5908] Registered IR keymap rc-empty [ 107.493312][ T5826] usb 3-1: config 0 descriptor?? [ 107.503026][ T5908] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 107.531148][ T5908] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 107.535136][ T5826] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 107.564807][ T5826] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input9 [ 107.682250][ T6488] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 107.743813][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.752354][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.761150][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.768318][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.775863][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.783197][ T5826] usb 3-1: USB disconnect, device number 9 [ 107.788394][ T6468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 107.789115][ C0] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.804381][ C0] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 107.826160][ T6468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 107.841282][ C1] igorplugusb 1-1:0.0: Error: urb status = -32 [ 107.841787][ T5826] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 107.861368][ T5908] usb 1-1: USB disconnect, device number 3 [ 107.873258][ T6491] warning: `syz.1.210' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 108.958614][ T906] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 109.089124][ T6518] input: syz0 as /devices/virtual/input/input10 [ 109.172009][ T906] usb 3-1: config index 0 descriptor too short (expected 63186, got 210) [ 109.200149][ T906] usb 3-1: config 0 has an invalid interface number: 106 but max is 0 [ 109.227091][ T906] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.243923][ T906] usb 3-1: config 0 has no interface number 0 [ 109.250634][ T906] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 109.260833][ T906] usb 3-1: config 0 interface 106 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 109.272886][ T906] usb 3-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 109.297858][ T906] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 109.306929][ T906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.353961][ T906] usb 3-1: config 0 descriptor?? [ 109.382561][ T906] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 109.733707][ T6538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.775252][ T6538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 110.389445][ T13] usb 3-1: Failed to submit usb control message: -110 [ 110.413108][ T13] usb 3-1: unable to send the bmi data to the device: -110 [ 110.450398][ T13] usb 3-1: unable to get target info from device [ 110.476319][ T13] usb 3-1: could not get target info (-110) [ 110.496235][ T13] usb 3-1: could not probe fw (-110) [ 110.753637][ T6551] openvswitch: netlink: VXLAN extension 30 out of range max 1 [ 110.811568][ T30] audit: type=1326 audit(1764537022.568:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 110.853750][ T30] audit: type=1326 audit(1764537022.598:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 110.890830][ T6555] netlink: 12 bytes leftover after parsing attributes in process `syz.1.234'. [ 110.935877][ T30] audit: type=1326 audit(1764537022.638:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 110.993532][ T30] audit: type=1326 audit(1764537022.638:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.055087][ T30] audit: type=1326 audit(1764537022.638:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.117923][ T30] audit: type=1326 audit(1764537022.638:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.158024][ T30] audit: type=1326 audit(1764537022.638:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.212551][ T30] audit: type=1326 audit(1764537022.658:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.248745][ T30] audit: type=1326 audit(1764537022.658:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.275612][ T30] audit: type=1326 audit(1764537022.658:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6552 comm="syz.0.233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 111.988176][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 112.271042][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 112.282449][ T10] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 112.313319][ T10] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 112.357900][ T10] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 112.371288][ T5826] usb 3-1: USB disconnect, device number 10 [ 112.389034][ T10] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 112.448800][ T10] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 112.448830][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.448848][ T10] usb 4-1: Product: syz [ 112.448862][ T10] usb 4-1: Manufacturer: syz [ 112.448877][ T10] usb 4-1: SerialNumber: syz [ 112.476546][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 112.493365][ T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input11 [ 112.747877][ T10] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 112.747898][ T10] (id 0x00) [ 112.839917][ T10] rc_core: IR keymap rc-imon-pad not found [ 112.839969][ T10] Registered IR keymap rc-empty [ 112.841293][ T10] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 112.841318][ T10] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 112.953439][ T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 112.957480][ T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input12 [ 113.037552][ T10] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:6> initialized [ 114.136604][ T6599] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 114.136604][ T6599] The task syz.0.247 (6599) triggered the difference, watch for misbehavior. [ 114.335089][ T6608] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 115.221904][ T6368] usb 4-1: USB disconnect, device number 6 [ 116.282652][ T6661] input: syz1 as /devices/virtual/input/input13 [ 116.479669][ T6666] veth0_to_team: entered promiscuous mode [ 117.131745][ T6368] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 117.300037][ T6368] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 117.320904][ T6368] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 117.362904][ T6368] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 117.384867][ T6368] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 117.406104][ T6368] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 117.415601][ T6368] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 117.429792][ T6368] usb 2-1: Product: syz [ 117.436727][ T6368] usb 2-1: Manufacturer: syz [ 117.453199][ T6368] cdc_wdm 2-1:1.0: skipping garbage [ 117.467959][ T6368] cdc_wdm 2-1:1.0: skipping garbage [ 117.486399][ T6368] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 117.503001][ T6368] cdc_wdm 2-1:1.0: Unknown control protocol [ 117.983900][ C1] cdc_wdm 2-1:1.0: Unexpected error -71 [ 117.990163][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 117.996845][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.003102][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.009680][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.016015][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.022783][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.029049][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.035639][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.041883][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.048475][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.054707][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.061280][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.067509][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.074102][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.083102][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.089711][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.096782][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.103389][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.109660][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 118.116259][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 118.123378][ T6368] usb 2-1: USB disconnect, device number 9 [ 118.127955][ T5826] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 118.129278][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 118.347865][ T5826] usb 4-1: config 252 has an invalid interface number: 95 but max is 0 [ 118.359731][ T5826] usb 4-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config [ 118.373345][ T5826] usb 4-1: config 252 has no interface number 0 [ 118.505500][ T5826] usb 4-1: config 252 interface 95 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 118.526845][ T5826] usb 4-1: config 252 interface 95 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 118.606782][ T5826] usb 4-1: config 252 interface 95 altsetting 4 endpoint 0xD has invalid wMaxPacketSize 0 [ 118.623737][ T5826] usb 4-1: config 252 interface 95 altsetting 4 has 4 endpoint descriptors, different from the interface descriptor's value: 5 [ 118.657512][ T5826] usb 4-1: config 252 interface 95 has no altsetting 0 [ 118.697880][ T5826] usb 4-1: New USB device found, idVendor=07b0, idProduct=0006, bcdDevice=c6.10 [ 118.706962][ T5826] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.716389][ T5826] usb 4-1: Product: syz [ 118.720827][ T5826] usb 4-1: Manufacturer: syz [ 118.727556][ T5826] usb 4-1: SerialNumber: syz [ 118.740461][ T6686] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 118.749306][ T6686] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 118.965568][ T6686] binder: 6683:6686 ioctl c0306201 0 returned -14 [ 118.975805][ T6686] binder: 6683:6686 ioctl c0585611 0 returned -22 [ 118.983372][ T6686] binder: 6683:6686 ioctl c0189371 0 returned -22 [ 119.016554][ T30] kauditd_printk_skb: 905 callbacks suppressed [ 119.016572][ T30] audit: type=1326 audit(1764537030.758:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 119.062902][ T30] audit: type=1326 audit(1764537030.758:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 119.168777][ T30] audit: type=1326 audit(1764537030.758:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 119.220605][ T30] audit: type=1326 audit(1764537030.758:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 119.329043][ T30] audit: type=1326 audit(1764537030.758:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 119.396752][ T30] audit: type=1326 audit(1764537030.758:1035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6683 comm="syz.3.281" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f47b8f749 code=0x7ffc0000 [ 120.664627][ T5826] HFC-S_USB 4-1:252.95: probe with driver HFC-S_USB failed with error -5 [ 120.712681][ T5826] usb 4-1: USB disconnect, device number 7 [ 121.227912][ T6368] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 121.398163][ T6368] usb 4-1: Using ep0 maxpacket: 8 [ 121.406149][ T6368] usb 4-1: config index 0 descriptor too short (expected 28277, got 36) [ 121.415627][ T6368] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 121.426062][ T6368] usb 4-1: config 0 has no interfaces? [ 121.433401][ T6368] usb 4-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 121.442773][ T6368] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.458150][ T6368] usb 4-1: config 0 descriptor?? [ 121.518861][ T6759] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 121.638194][ T6759] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 121.703893][ T6759] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 121.731244][ T6759] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 121.782514][ T6759] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 121.804205][ T6759] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 122.661448][ T6759] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 122.673729][ T6759] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 122.710074][ T6759] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 122.746516][ T6759] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 122.773967][ T6759] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 122.810248][ T6759] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 123.001033][ T5829] usb 4-1: USB disconnect, device number 8 [ 123.107901][ T5826] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 123.268691][ T5826] usb 3-1: Using ep0 maxpacket: 8 [ 123.276639][ T5826] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 123.328663][ T5826] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 123.340715][ T5826] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.351124][ T5826] usb 3-1: Product: syz [ 123.355318][ T5826] usb 3-1: Manufacturer: syz [ 123.361162][ T5826] usb 3-1: SerialNumber: syz [ 123.376369][ T5826] usb 3-1: config 0 descriptor?? [ 123.389598][ T5826] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 123.409035][ T5826] usb 3-1: setting power ON [ 123.413678][ T5826] dvb-usb: bulk message failed: -22 (2/0) [ 123.428319][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 123.462101][ T5826] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 123.520580][ T5826] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 123.551673][ T5826] usb 3-1: media controller created [ 123.611440][ T6785] dvb-usb: bulk message failed: -22 (3/0) [ 123.617311][ T6785] dvb-usb: bulk message failed: -22 (3/0) [ 123.641826][ T5826] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 123.723702][ T5826] usb 3-1: selecting invalid altsetting 6 [ 123.747425][ T5826] usb 3-1: digital interface selection failed (-22) [ 123.754236][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 123.787192][ T5826] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 123.797928][ T5826] usb 3-1: setting power OFF [ 123.802865][ T5826] dvb-usb: bulk message failed: -22 (2/0) [ 123.824978][ T5826] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 123.847448][ T5826] (NULL device *): no alternate interface [ 123.930877][ T5826] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 123.990818][ T5826] usb 3-1: USB disconnect, device number 11 [ 124.417962][ T6368] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.599627][ T6368] usb 1-1: Using ep0 maxpacket: 8 [ 124.606402][ T6368] usb 1-1: config index 0 descriptor too short (expected 28277, got 36) [ 124.619070][ T6368] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 124.778815][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 124.792172][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 124.862030][ T6368] usb 1-1: config 0 has no interfaces? [ 124.868406][ T6368] usb 1-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 124.880515][ T6368] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.897147][ T6368] usb 1-1: config 0 descriptor?? [ 125.538057][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 125.680414][ T6861] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvtap0, syncid = 5, id = 0 [ 125.691710][ T6860] IPVS: stopping backup sync thread 6861 ... [ 125.829217][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 126.564695][ T5877] usb 1-1: USB disconnect, device number 4 [ 126.788118][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 126.868231][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 127.588061][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 127.908026][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.017364][ T6915] Zero length message leads to an empty skb [ 128.657925][ T6368] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 128.838678][ T6368] usb 3-1: Using ep0 maxpacket: 8 [ 128.852915][ T6368] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 128.870287][ T5837] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.870985][ T6368] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.907956][ T24] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 128.937865][ T6368] usb 3-1: config 0 has no interfaces? [ 128.949724][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 129.035255][ T6368] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 129.044901][ T6368] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.056186][ T6368] usb 3-1: config 0 descriptor?? [ 129.100650][ T24] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 129.110472][ T24] usb 4-1: config 0 has no interface number 0 [ 129.151524][ T24] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 129.162532][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.171521][ T24] usb 4-1: Product: syz [ 129.175715][ T24] usb 4-1: Manufacturer: syz [ 129.180772][ T24] usb 4-1: SerialNumber: syz [ 129.188717][ T24] usb 4-1: config 0 descriptor?? [ 129.686152][ T24] usb 4-1: Firmware: major: 225, minor: 107, hardware type: RZUSB (3) [ 129.711231][ T6368] usb 3-1: USB disconnect, device number 12 [ 129.901539][ T24] usb 4-1: failed to fetch extended address, random address set [ 129.976316][ T24] usb 4-1: USB disconnect, device number 9 [ 130.002982][ T30] audit: type=1326 audit(1764537041.758:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.0.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 130.117328][ T30] audit: type=1326 audit(1764537041.758:1037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.0.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 130.150681][ T30] audit: type=1326 audit(1764537041.758:1038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.0.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=30 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 130.174926][ T30] audit: type=1326 audit(1764537041.758:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6967 comm="syz.0.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f534038f749 code=0x7ffc0000 [ 131.307996][ T5826] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 131.488857][ T5826] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.516816][ T5826] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 131.532055][ T5826] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a [ 131.551366][ T5826] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.569366][ T5826] usb 1-1: config 0 descriptor?? [ 131.844845][ T6368] usb 1-1: USB disconnect, device number 5 [ 131.948123][ T906] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 132.102509][ T7022] netlink: 16 bytes leftover after parsing attributes in process `syz.1.408'. [ 132.112971][ T906] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 132.123427][ T906] usb 4-1: config 0 interface 0 has no altsetting 0 [ 132.132072][ T906] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 132.141357][ T906] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 132.149761][ T906] usb 4-1: Product: syz [ 132.153936][ T906] usb 4-1: Manufacturer: syz [ 132.159036][ T906] usb 4-1: SerialNumber: syz [ 132.168750][ T906] usb 4-1: config 0 descriptor?? [ 132.181746][ T906] usb 4-1: selecting invalid altsetting 0 [ 132.183011][ T7024] veth1_to_bond: entered promiscuous mode [ 132.200524][ T7024] veth1_to_bond: left promiscuous mode [ 132.618475][ T5826] usb 4-1: USB disconnect, device number 10 [ 132.972595][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.979267][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.363098][ T24] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 133.533107][ T24] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 133.543680][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.552667][ T24] usb 2-1: Product: syz [ 133.560303][ T24] usb 2-1: Manufacturer: syz [ 133.568157][ T24] usb 2-1: SerialNumber: syz [ 133.602562][ T24] usb 2-1: config 0 descriptor?? [ 133.615065][ T24] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 133.626772][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 133.683315][ T24] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 133.790413][ T24] usb 2-1: media controller created [ 133.814450][ T7054] digitv: more than 2 i2c messages at a time is not handled yet. TODO. [ 133.870207][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 134.131750][ T24] DVB: Unable to find symbol mt352_attach() [ 134.202606][ T24] DVB: Unable to find symbol nxt6000_attach() [ 134.215939][ T24] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 134.245100][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input14 [ 134.271552][ T24] dvb-usb: schedule remote query interval to 1000 msecs. [ 134.284921][ T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 134.303846][ T24] dvb-usb: bulk message failed: -22 (7/0) [ 134.323726][ T24] dvb-usb: bulk message failed: -22 (7/0) [ 134.356591][ T24] usb 2-1: USB disconnect, device number 10 [ 134.459167][ T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 134.897915][ T5826] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 135.060393][ T5826] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 135.077982][ T5826] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 135.087591][ T5826] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.095889][ T5826] usb 2-1: Product: syz [ 135.100284][ T5826] usb 2-1: Manufacturer: syz [ 135.104886][ T5826] usb 2-1: SerialNumber: syz [ 135.128966][ T5826] usb 2-1: config 0 descriptor?? [ 137.560292][ T5826] usb 2-1: USB disconnect, device number 11 [ 137.614718][ T7092] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 137.621352][ T7092] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 137.635173][ T7092] vhci_hcd vhci_hcd.0: Device attached [ 137.642902][ T7093] vhci_hcd: connection closed [ 137.644579][ T1149] vhci_hcd vhci_hcd.1: stop threads [ 137.655590][ T1149] vhci_hcd vhci_hcd.1: release socket [ 137.661120][ T1149] vhci_hcd vhci_hcd.1: disconnect device [ 138.340805][ T5826] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 138.802908][ T5826] usb 4-1: Using ep0 maxpacket: 16 [ 138.813447][ T5826] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 138.834659][ T5826] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 138.850173][ T5826] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 138.861206][ T5826] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 138.873460][ T5826] usb 4-1: Manufacturer: syz [ 138.888522][ T5826] usb 4-1: config 0 descriptor?? [ 139.107958][ T5936] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 139.258601][ T5936] usb 1-1: Using ep0 maxpacket: 16 [ 139.265793][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.282803][ T5936] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.293154][ T5936] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 139.307358][ T5936] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 139.337376][ T5936] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.351719][ T5936] usb 1-1: config 0 descriptor?? [ 139.462181][ T7120] Leaked locks on dev=0x0:0x27 ino=0x37da: [ 139.476014][ T7120] LEASE: fl_owner=ffff88807ee63dc0 fl_flags=0x20 fl_type=0x0 fl_pid=7102 [ 139.780155][ T5936] HID 045e:07da: Invalid code 65791 type 1 [ 139.790062][ T5936] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0004/input/input15 [ 139.809330][ T5936] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 139.992500][ T5936] usb 1-1: USB disconnect, device number 6 [ 141.112640][ T7103] ================================================================== [ 141.120740][ T7103] BUG: KASAN: slab-use-after-free in _raw_spin_lock+0x2e/0x40 [ 141.128189][ T7103] Read of size 1 at addr ffff8881442f9458 by task syz.3.435/7103 [ 141.135888][ T7103] [ 141.138214][ T7103] CPU: 0 UID: 0 PID: 7103 Comm: syz.3.435 Not tainted syzkaller #0 PREEMPT(full) [ 141.138227][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 141.138240][ T7103] Call Trace: [ 141.138246][ T7103] [ 141.138251][ T7103] dump_stack_lvl+0x189/0x250 [ 141.138264][ T7103] ? __virt_addr_valid+0x1c8/0x5c0 [ 141.138275][ T7103] ? rcu_is_watching+0x15/0xb0 [ 141.138284][ T7103] ? __kasan_check_byte+0x12/0x40 [ 141.138298][ T7103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.138306][ T7103] ? rcu_is_watching+0x15/0xb0 [ 141.138317][ T7103] ? lock_release+0x4b/0x3b0 [ 141.138331][ T7103] ? __virt_addr_valid+0x1c8/0x5c0 [ 141.138340][ T7103] ? __virt_addr_valid+0x4a5/0x5c0 [ 141.138350][ T7103] print_report+0xca/0x240 [ 141.138360][ T7103] ? _raw_spin_lock+0x2e/0x40 [ 141.138372][ T7103] kasan_report+0x118/0x150 [ 141.138381][ T7103] ? _raw_spin_lock+0x2e/0x40 [ 141.138393][ T7103] ? mqueue_flush_file+0x49/0x270 [ 141.138403][ T7103] __kasan_check_byte+0x2a/0x40 [ 141.138416][ T7103] lock_acquire+0x84/0x340 [ 141.138429][ T7103] ? __pfx_mqueue_flush_file+0x10/0x10 [ 141.138438][ T7103] _raw_spin_lock+0x2e/0x40 [ 141.138449][ T7103] ? mqueue_flush_file+0x49/0x270 [ 141.138457][ T7103] mqueue_flush_file+0x49/0x270 [ 141.138466][ T7103] ? filp_flush+0xae/0x190 [ 141.138477][ T7103] ? __pfx_mqueue_flush_file+0x10/0x10 [ 141.138485][ T7103] filp_flush+0xbd/0x190 [ 141.138495][ T7103] filp_close+0x1d/0x40 [ 141.138505][ T7103] put_files_struct+0x1ba/0x350 [ 141.138516][ T7103] do_exit+0x6b0/0x2310 [ 141.138527][ T7103] ? do_raw_spin_lock+0x121/0x290 [ 141.138538][ T7103] ? __pfx_do_exit+0x10/0x10 [ 141.138547][ T7103] ? raw_ioctl+0x21ff/0x40d0 [ 141.138559][ T7103] do_group_exit+0x21c/0x2d0 [ 141.138569][ T7103] ? lockdep_hardirqs_on+0x98/0x140 [ 141.138583][ T7103] get_signal+0x1285/0x1340 [ 141.138599][ T7103] arch_do_signal_or_restart+0x9a/0x7a0 [ 141.138611][ T7103] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 141.138625][ T7103] ? exit_to_user_mode_loop+0x55/0x4f0 [ 141.138638][ T7103] exit_to_user_mode_loop+0x87/0x4f0 [ 141.138650][ T7103] ? rcu_is_watching+0x15/0xb0 [ 141.138660][ T7103] do_syscall_64+0x2e3/0xf80 [ 141.138673][ T7103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.138682][ T7103] ? clear_bhb_loop+0x60/0xb0 [ 141.138692][ T7103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.138702][ T7103] RIP: 0033:0x7f7f47b8f34b [ 141.138715][ T7103] Code: Unable to access opcode bytes at 0x7f7f47b8f321. [ 141.138720][ T7103] RSP: 002b:00007f7f48a06f60 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.138731][ T7103] RAX: fffffffffffffffc RBX: 0000000000000009 RCX: 00007f7f47b8f34b [ 141.138740][ T7103] RDX: 00007f7f48a07ff0 RSI: 0000000080085502 RDI: 0000000000000009 [ 141.138750][ T7103] RBP: 00007f7f47c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 141.138760][ T7103] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 141.138770][ T7103] R13: 00002000000001c0 R14: 00007f7f47de5fa0 R15: 00007ffec828ef88 [ 141.138798][ T7103] [ 141.138804][ T7103] [ 141.428534][ T7103] Allocated by task 7120: [ 141.432852][ T7103] kasan_save_track+0x3e/0x80 [ 141.437519][ T7103] __kasan_slab_alloc+0x6c/0x80 [ 141.442357][ T7103] kmem_cache_alloc_lru_noprof+0x36c/0x6e0 [ 141.448149][ T7103] mqueue_alloc_inode+0x28/0x40 [ 141.452984][ T7103] alloc_inode+0x6a/0x1b0 [ 141.457380][ T7103] new_inode+0x22/0x170 [ 141.461524][ T7103] mqueue_get_inode+0x27/0xb50 [ 141.466266][ T7103] mqueue_create_attr+0x1ac/0x2e0 [ 141.471270][ T7103] vfs_mkobj+0xcf/0x290 [ 141.475428][ T7103] do_mq_open+0x60d/0x7c0 [ 141.479734][ T7103] __x64_sys_mq_open+0x16a/0x1c0 [ 141.485103][ T7103] do_syscall_64+0xfa/0xf80 [ 141.489604][ T7103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.495478][ T7103] [ 141.497783][ T7103] Freed by task 0: [ 141.501488][ T7103] kasan_save_track+0x3e/0x80 [ 141.506157][ T7103] kasan_save_free_info+0x46/0x50 [ 141.511176][ T7103] __kasan_slab_free+0x5c/0x80 [ 141.515925][ T7103] kmem_cache_free+0x197/0x620 [ 141.520677][ T7103] rcu_core+0xd70/0x1870 [ 141.524912][ T7103] handle_softirqs+0x27d/0x850 [ 141.529660][ T7103] __irq_exit_rcu+0xca/0x1f0 [ 141.534233][ T7103] irq_exit_rcu+0x9/0x30 [ 141.538458][ T7103] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 141.544079][ T7103] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 141.550050][ T7103] [ 141.552352][ T7103] Last potentially related work creation: [ 141.558087][ T7103] kasan_save_stack+0x3e/0x60 [ 141.562746][ T7103] kasan_record_aux_stack+0xbd/0xd0 [ 141.567925][ T7103] call_rcu+0x157/0x9c0 [ 141.572094][ T7103] evict+0x931/0xae0 [ 141.575963][ T7103] __se_sys_mq_unlink+0x2c5/0x360 [ 141.580965][ T7103] do_syscall_64+0xfa/0xf80 [ 141.585449][ T7103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.591314][ T7103] [ 141.593619][ T7103] The buggy address belongs to the object at ffff8881442f9440 [ 141.593619][ T7103] which belongs to the cache mqueue_inode_cache of size 1576 [ 141.608599][ T7103] The buggy address is located 24 bytes inside of [ 141.608599][ T7103] freed 1576-byte region [ffff8881442f9440, ffff8881442f9a68) [ 141.622372][ T7103] [ 141.624688][ T7103] The buggy address belongs to the physical page: [ 141.631109][ T7103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1442f8 [ 141.639932][ T7103] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 141.648421][ T7103] memcg:ffff888145361501 [ 141.652637][ T7103] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 141.660249][ T7103] page_type: f5(slab) [ 141.664207][ T7103] raw: 057ff00000000040 ffff8881456ce140 dead000000000122 0000000000000000 [ 141.672765][ T7103] raw: 0000000000000000 0000000080120012 00000000f5000000 ffff888145361501 [ 141.681323][ T7103] head: 057ff00000000040 ffff8881456ce140 dead000000000122 0000000000000000 [ 141.689972][ T7103] head: 0000000000000000 0000000080120012 00000000f5000000 ffff888145361501 [ 141.698615][ T7103] head: 057ff00000000003 ffffea000510be01 00000000ffffffff 00000000ffffffff [ 141.707268][ T7103] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 141.715915][ T7103] page dumped because: kasan: bad access detected [ 141.722309][ T7103] page_owner tracks the page as allocated [ 141.728027][ T7103] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 6429498127, free_ts 0 [ 141.747645][ T7103] post_alloc_hook+0x234/0x290 [ 141.752398][ T7103] get_page_from_freelist+0x2365/0x2440 [ 141.757930][ T7103] __alloc_frozen_pages_noprof+0x181/0x370 [ 141.763712][ T7103] alloc_pages_mpol+0x232/0x4a0 [ 141.768542][ T7103] allocate_slab+0x86/0x3b0 [ 141.773022][ T7103] ___slab_alloc+0xf2b/0x1960 [ 141.777683][ T7103] __slab_alloc+0x65/0x100 [ 141.782073][ T7103] kmem_cache_alloc_lru_noprof+0x3fe/0x6e0 [ 141.787859][ T7103] mqueue_alloc_inode+0x28/0x40 [ 141.792686][ T7103] alloc_inode+0x6a/0x1b0 [ 141.797003][ T7103] new_inode+0x22/0x170 [ 141.801158][ T7103] mqueue_fill_super+0xdc/0x380 [ 141.805983][ T7103] get_tree_nodev+0xbb/0x150 [ 141.810553][ T7103] vfs_get_tree+0x92/0x2a0 [ 141.814948][ T7103] fc_mount_longterm+0x1c/0x100 [ 141.819773][ T7103] mq_init_ns+0x275/0x360 [ 141.824088][ T7103] page_owner free stack trace missing [ 141.829430][ T7103] [ 141.831734][ T7103] Memory state around the buggy address: [ 141.837337][ T7103] ffff8881442f9300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 141.845370][ T7103] ffff8881442f9380: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 141.853669][ T7103] >ffff8881442f9400: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 141.861710][ T7103] ^ [ 141.868626][ T7103] ffff8881442f9480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 141.876685][ T7103] ffff8881442f9500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 141.884723][ T7103] ================================================================== [ 141.894412][ T7103] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 141.901632][ T7103] CPU: 0 UID: 0 PID: 7103 Comm: syz.3.435 Not tainted syzkaller #0 PREEMPT(full) [ 141.910860][ T7103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 141.920906][ T7103] Call Trace: [ 141.924173][ T7103] [ 141.927088][ T7103] dump_stack_lvl+0x99/0x250 [ 141.931863][ T7103] ? __asan_memcpy+0x40/0x70 [ 141.936451][ T7103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.941637][ T7103] ? __pfx__printk+0x10/0x10 [ 141.946305][ T7103] vpanic+0x237/0x6d0 [ 141.950273][ T7103] ? __pfx_vpanic+0x10/0x10 [ 141.954767][ T7103] ? irqentry_exit+0x5dd/0x660 [ 141.959540][ T7103] ? trace_irq_disable+0x37/0x100 [ 141.964555][ T7103] panic+0xb9/0xc0 [ 141.968273][ T7103] ? __pfx_panic+0x10/0x10 [ 141.972693][ T7103] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 141.978567][ T7103] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 141.984876][ T7103] ? _raw_spin_lock+0x2e/0x40 [ 141.989531][ T7103] check_panic_on_warn+0x89/0xb0 [ 141.994458][ T7103] ? _raw_spin_lock+0x2e/0x40 [ 141.999113][ T7103] end_report+0x6f/0x140 [ 142.003335][ T7103] kasan_report+0x129/0x150 [ 142.007832][ T7103] ? _raw_spin_lock+0x2e/0x40 [ 142.012522][ T7103] ? mqueue_flush_file+0x49/0x270 [ 142.017541][ T7103] __kasan_check_byte+0x2a/0x40 [ 142.022377][ T7103] lock_acquire+0x84/0x340 [ 142.026782][ T7103] ? __pfx_mqueue_flush_file+0x10/0x10 [ 142.032231][ T7103] _raw_spin_lock+0x2e/0x40 [ 142.036724][ T7103] ? mqueue_flush_file+0x49/0x270 [ 142.041739][ T7103] mqueue_flush_file+0x49/0x270 [ 142.046567][ T7103] ? filp_flush+0xae/0x190 [ 142.050966][ T7103] ? __pfx_mqueue_flush_file+0x10/0x10 [ 142.056407][ T7103] filp_flush+0xbd/0x190 [ 142.060636][ T7103] filp_close+0x1d/0x40 [ 142.064773][ T7103] put_files_struct+0x1ba/0x350 [ 142.069602][ T7103] do_exit+0x6b0/0x2310 [ 142.073735][ T7103] ? do_raw_spin_lock+0x121/0x290 [ 142.078740][ T7103] ? __pfx_do_exit+0x10/0x10 [ 142.083306][ T7103] ? raw_ioctl+0x21ff/0x40d0 [ 142.087875][ T7103] do_group_exit+0x21c/0x2d0 [ 142.092444][ T7103] ? lockdep_hardirqs_on+0x98/0x140 [ 142.097622][ T7103] get_signal+0x1285/0x1340 [ 142.102107][ T7103] arch_do_signal_or_restart+0x9a/0x7a0 [ 142.107637][ T7103] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 142.113769][ T7103] ? exit_to_user_mode_loop+0x55/0x4f0 [ 142.119299][ T7103] exit_to_user_mode_loop+0x87/0x4f0 [ 142.124565][ T7103] ? rcu_is_watching+0x15/0xb0 [ 142.129307][ T7103] do_syscall_64+0x2e3/0xf80 [ 142.133880][ T7103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.139922][ T7103] ? clear_bhb_loop+0x60/0xb0 [ 142.144582][ T7103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.150449][ T7103] RIP: 0033:0x7f7f47b8f34b [ 142.154890][ T7103] Code: Unable to access opcode bytes at 0x7f7f47b8f321. [ 142.161892][ T7103] RSP: 002b:00007f7f48a06f60 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.170290][ T7103] RAX: fffffffffffffffc RBX: 0000000000000009 RCX: 00007f7f47b8f34b [ 142.178241][ T7103] RDX: 00007f7f48a07ff0 RSI: 0000000080085502 RDI: 0000000000000009 [ 142.186190][ T7103] RBP: 00007f7f47c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 142.194146][ T7103] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000 [ 142.202109][ T7103] R13: 00002000000001c0 R14: 00007f7f47de5fa0 R15: 00007ffec828ef88 [ 142.210063][ T7103] [ 142.213463][ T7103] Kernel Offset: disabled [ 142.217769][ T7103] Rebooting in 86400 seconds..