last executing test programs: 2m48.667314472s ago: executing program 2 (id=7): ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000001300)="92", 0x2) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 2m46.991935976s ago: executing program 2 (id=14): syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="04060306c9"], 0x6) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000bc0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x18, &(0x7f00000004c0)={@fd={0x66642a85, 0x0, r0}, @fd, @flat=@weak_handle={0x77682a85, 0x1001}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000680)={0x8, 0x0, &(0x7f00000001c0)=[@decrefs={0x40046307, 0x1}], 0x1, 0x1000000000000, &(0x7f0000000340)="cb"}) 2m46.891908632s ago: executing program 2 (id=16): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) write$UHID_INPUT(r1, &(0x7f0000000980)={0x8, {"6d9b9278a362a4ae71746d11d9cb44ae6cf8cda9dc14fb8485af49e9bc01c93a31426f609167854a7dc4278094c1db7aa1de0e3c93887e74985095c603fc00b22fca2573042c76eb9b5f0fa79077c0a9ddc81468cb42626edb866ac3399a622a265377604678921fdd80e952a3f3be430c7369f744b92d9d8c7822749c4392293a76bf9492d660316f81a833224c1c43369ca8d47523485cb63266e074f8a9779f89b3d1fd7a15f161b2ace792a96ee75ab1f5c22a165daafce967d3f228ddb17d2a31b6e11995a7f16e74b71166aad5d36fc34fcc6d272b200db376d459c75ea4ea5aad5fd93725f7d2dac36874187360308c6f931fd34515ffedd14f64472538515482ce31a5692a8bdefb074ffbda60aca6e346f5f24eab876d63a6ca65ea485df4c9d6d31ed4a459321789b731ff00d04ad1d14747ecc5d066c41b398f6799a7ea851b0952d7131bd221a7878c723e68be038b556dd589b8c9300a2b9e8d99e0bc5e2f87e3ad72d415f1cecd7a9f64ef7af6c83c42ea904d246b5ed73c2edcb2c445e4f89e8131a4db3f25642ef78b5e464df97c1710e86031be666583ffc76b565f6c6617d4098f8a1d17ac25806fe00d69a1e3d8f3601a1620af728bde177676261dfed8c7f17bb14e3e2ea88ef4738e503596c92b62fcbbc721cc94523adaaed7b5e8b3cf101ef14c80befaadfe3a0e436ac85563189f76edd0ecd88be8c436fc0a6866835057fb43e40d9e9183b947d983952ebbd64146460749dcfb1799075c7a213eae30dfe284f109ecb7084269d26aac208260fe3107060683cf53c6e54e86941e1900ae27f22fb7ea44a83018614d7b21df22b69e438d5ae8f90dd1e061652f04de4af6caa3fc4fda0a85668a99732b0c685dbbbed1f39707ace1d34f0b5d4d87c0aeb8ceb82d3a52dd0deaee58cd626d36d2c66bde3c26165ec1b0d14a797068b36ff808c136260e60c7dbd422a2ced4f35b7352c4b779d64cd4e74154e13303b5734a6dba136db59851816dbae04a9c643f13ef4e92d058e304b408202695c739ad0a30de133d0fcaeee2af23fafe44690176ff66452a369937b20b0bbe80bab616c48708973ed3333cde8761136713626db82bed6bc1bf1cbcb56f29f3183d20294bf858acb21faf6adae9d3c9a24d5ebce356b6ddb86891a263f0c8aca1d117553ac1997c1f79e400df35796e59da3418ee7f765676dd2396fdb2e693f3e54b6a00b1a592883548a6b4b52757577eaf65b859716d613923687a30606c91ffb1c28fd348892597087d2ca52153a43a4c90157de9f2bca1eb84f7700a62203a8052a5e71366c89854c680b35ca0e745f16c392812edd4b4a741843a03aa857c46c87065209132183b3b4edd0a90241d940398b5cc924f9b914a15c751b37fcccd091b5315b2c1c8e3414a01029d3ea6b099dec99643973dd73545421c8a12d24df98c9316126baaa679451bacee96731bd12de4367a231ceba9b205a460ec2f04dd1f06691c1450b3904a05a4bfbd439f1ce51319244004598a19b29ebb7d715d7cae30d775d86667cbb0a65a910105e9b7cc28918554aa62a936dc3fe1d4dd2a8c13316383f50761dcded7357cc1aebc8cb146b9ef6f844de2ad102f499506ae8f473c4a7a5a194165d24d9a0c8c145faff497da4e0df5eace637b2bb672be3afbb808aca1dc014a1c9d59be8683ff5c36f0e8746e4fc2a626a7e1188ca4c590e836dd2461c8de390ecb1eae2eb6eed902864258b899dffa0e8b5a3a5718e4cc4cd151e206e42da87c396e95b420b69e9374fa903bc81f8a9413957b7205f116a8a2a0ffbd51f805b30a68e5ea5e052ec14b514b8fe9b77f8dbb9afddff24be7653fe7f8a330bb6d6d166de6eefc516f18cd6d993a75f85467996b2c3a87f6f1aa4dc42657340af33c3a3cad9cffe672d47b147501ab719e19d6bb64db4bb81bae3ed4c0cf5987e7403198f0a7f4364ae3b7019d254212c3164c07cb4ebae2d808850af26b0f1fef27cc81dad196f3c291e6fe1a03e3ebbba4569bf93cdea46a9a708d14f9c8f1f5ca03dce98590a6d6297a2e5f227fff9747ce84ecb16bce6a5ce8967afda398695adbce39700a542b4842a74a869aeb47b43f2c8a3f2e67b069d6cfcc7d4fa15d26b3acaddf926475e2cabb439ea8cfb2a0ed44d0b5eea008447a886059d41de60a47703562b8f75d4fd1b48ed371f93a89ed0e126a67a5cd9f266ce27ea824f2cd6ac52b22fd864e7f1a0c7a483fc2068334682065bac95a8a6ce21f5a02593a9f699b086be1378fd073e308be940c40397f56c6bf6f4de0ff689226e0ac51ebe43482aafb4e678a4993744fe3eb45319945d5f8dcd7f91469ea201eb275f6a30e1cf1c7889259febe1b9f2f337068a908da6a3c5743f47070c1bd74f26a4ab66c4bb12dfb42c85b36c3021368a32a9b2ca743bebd62bb33ea5bdeb2542ae1dc761f0401ae60285b1ca3a185e982f07a166a0b18ce76b8e473858d22a4a0dc511901da3917548d17a401b01ed9723a6fc1a1df63209dcc602dea765d209ff2eb50f9abca53b54bd7f82ceff6af1b7b438dec60fdda2848e0942cf61656b2ab0705a89b3cc95941a754e17f257b5ea2327d27a51d4307c9d320d0fd135e75e83f40f1c91d411b595dcf85fc1ee7798ded4e34e40d0e5cf7e0317073a05ab699bf4ba2644125c49d0e2c50b4220f972bdea77e32629c4636ccca308b18809f59b248072bc4f52d4611e1d7835a94aaca5e3c79492c4e7e83034b8242f6633e64a5e44587073c3eb6c9eb8437bf1f6409638c28b08c79b45e76990a83d16df08b6accc497ebb3f4ad9eeaecf903f567eef7297dea53bb903930e126960d95087118479745ddafc2384aca729f91058f5c81a7b4fb1618bbbe28883215a9e6ca6805729d8a64f3c774f6da5c4998dd20373abad4e65d362220a8bf8fa7ed994785d51e5c25d0072f5390223b777db142f95f463232db6b3009aa7e23adfc741dbbc9e62ad584afa87dab9ddc149cbb2e28882c84c17e0ce2239dd857e555f3045f9735be6a46c505ba47b2e6fe461253f023ac59b4cfa9ca923c35983333ca348af8496ca9555f2395b5e7d6abd35742a5dce6b028917fbf88d17dc3f6dd5dede569c7d781b40d860e53762f8a008b6f7e9e253b0c4676891eb5317dab186b714fed980fd3abdbe03ea70a0e5a66bdb22225b0a1bd74c2ac0817880b0aab79ec0afc141a4572e5158ff74c8055c97efdb279f2b1d49c20a332a90c88e692fb5046c8cd59e2f658e017f4eb8a467e4d116594acb65c48c7affa5f51b80f9ec3befcad59bfd594bd5e7d3c4b6115916f8ac29b402a75f446c013c716b05e1c1d8e931361206c4a30f948aeac2e42866faf8c7c6ac68df6227c08ab951339343cad1a7882d74e153457b91ccac74d95716e47ed8495bb446e0ee64e74a8fd55f9bd5bf6cb48967e28ea72e61eb4bdaf916d670720ee8aec5c29f6b586e4e909494081e5cdb0ce69acd81c57567ae2de56eadb339eace58f11056740c4ead0e4b7242eca408a7c310b14984a06e69fbbb09650f66cca7270f211ac09d89526db0516646a2cdb66b3a208beeaee0c659f56434b46755d4694f16818db798e76b907e2a397be7ab910dad66c1e2d434706f605b3d3f17ee55baab757b0ff6f5cb36fd97c325843a10f3d754ee54b4abc0405b1b5252b43139125f78f5e63e16eaa9ae0a20a33850724b67f0bde39b54164ac7a0f3bc85c378406ee21d0e1c1d82951d7b4ff1af52a81bd9672e207dfac175473e7d54d6835853754ff79ab72b5e7ddf6436649aa66c373c29f088aeb26ae97f31da229fe2401af3295f00accb132cc4d364d32f6733994dad593929a80a43771c9ae698f2edb4cd076f4af3ccfd5e2b68210f208f2ab95cb4c1926c230e237a848db23f55926fc9e51cee339196aef3a8f9963151fd29387c793df83697e1dabf34b1b546ce5722ad93cade5e9c38c3bad131ef712541bffbc8f0a038f01298681c8d2cac1309af98c9e9cd95cb37745f24be2c42ac03be95e62bf5ad61a6691fe2cd316b763bc468cd7f056f636f110aeca4071b6f8a6b4eedbdfb9aaeca84d5995bb082228c7e92817671f473db4f243dd94aa5390651de30d5b2740263ab76c60b5763df231b8f5c49b177d6fd55121419523fdf3e3b5904bdac1032471a0928490be9ead838789b5b8e908443c2b067fc3954854faf7e1411f4d5321e258caa013c0ec95b69c856aa7cccfbd5252ea4b85b8a5623306ed40bcfcd140432aa306a6ad4d61b97b1ac0c2231829a0939f1423b97382106e857082a0e8abd75642af88ed027cfb8a3d4d77c98cb2be9f90c1fbe9be19be8f8230b690c340ad676f4bbf03872359823f8079dbe846265850c2524ffccc44334392843c940c49c83c5f1655351cd2e7f236f7e535dc31cbfb2a083ac95a6c7a307be356f54d793c5623278705a761bf90676a5572b2cf4be4180f7519fcfe3407565bae263e4268c5345b7905fe47bccee37cb7dbafffb6e9c5a457867b677f9d400f581c82218a774d84a8b522ea7313f32c496b9d0514aac60998e2552d8e65c26afa4db4be4c66cfdbfb1a4e431bc7c203f776a5f99657e4953e42aa2b297f8d4954e323313a2738b4ba3ddcb6337f99b272e4af378791ecb10d71c1245884a5ace9d2b01dbe35c81347ba22b5a55f903c34d3b4f80da474a6fb279756d01ecfe8f86ec424874dfa512ac40bea3584326c8565a6f630786154b2ae1defa59c6643aabd20ef6f3473b8ac75f86b960126cb9ea68346d9629f743627c8a3997ad2ba606353872416167f75203c8446b7de60cd198189264f741b3adb20a61d4e9b6bf9579c395114b7e3d0a5b4f68ad3a32fb7629e8335b4a8f9853a41e8a61e8d3e52d14240fde2bddb5cbb43c1f3568d96068e0d92cf55b7be3ba05bd7d84ff2add73613ea5fa966ce2bc0aa3e55a6cce2b23802a70129fa7a2f8b7f6c262822ea431eb05c65f70d5bd331736221ee1ba4c7c4b874527bbc5bb1ad2191477e5a5ab6975550c90b22ab4fbaf548ad0d3d8eb42d0edb233df95e5c9cb41a96e77edd9055b50cc2aeb8349290dd33db3bc59bb7b6c0160fd3d3b3f68df811d775402f3ec6a9d099371f0fa21367980a665e8a5bd45eb38e84582d2b2f8667f00684c7b4497eda8989eb8d77b22352e1e6f29b461321f318e512003e8edecb07766d6e230dc7e9f8720e78a25e35a3e69dc87654407ef489136706df9deae7391d58dfc3c3ab66c094cafd2ea20c28dadc1672742e020d3c28ebf7a5b627bef16f3ae48c530849e9f37c3ec3e2011a6840b948208a055fcf77b9dbe828bfdf45ac017b08f07a6a6d368574802dd33c3a0aa5dac5f21d66462a9b65e14e98f3ff62fd73c049e543ec9f006410d49795a53baaa3c5549c6afa8f15ba8ea5e784ae707838dc69eb5a42f319f478abdfd0e158ea7653354e4c64a644f7763cbc06b368851a7edbe7fa3d47878ef1d2442b917028b213edfd306186e82c806337c01daf12475c0cf11ce95797a0e74ee42bc78143b89b68418c7efd2fe6b40e09f470b0cfeb090b37a94113363cc54979134f39e2f3d4c903f76259c7c027bf4eda3f4ce17234742fed28fdcb137cd80980e960e9f686470a84c960090125f646a5a3ad9677d6c7b5272353a86017e13a6d75cfcf07fe0ddd2e995e0fb71ae4891f6903acb29fbcc35673865b8a819c1e49b2e9dcb8dda774b01e152f0aafc115795ac749f7ac07331b490306", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fchown(r1, 0xee01, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x4, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000fc0), 0x0, 0x5) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000000c0)) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x7800, 0x8000, 0x1, 0x5, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0x0, 0x1, 0x4, 0x0, @local, @private=0x10000}}}}) r4 = socket(0x28, 0x801, 0x0) connect$vsock_stream(r4, &(0x7f0000000880)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r4, 0x1) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', r3, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @broadcast}}}}) 2m46.040165969s ago: executing program 2 (id=18): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0xb2168400, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) mount(0x0, &(0x7f0000000140)='.\x00', 0x0, 0x11020, 0x0) 2m45.738934113s ago: executing program 2 (id=20): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) 2m44.736356214s ago: executing program 2 (id=24): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) 2m29.688346816s ago: executing program 32 (id=24): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) openat$cgroup_procs(r0, 0x0, 0x2, 0x0) mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000200)=0x1, 0x12) 47.002731683s ago: executing program 0 (id=807): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x36) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) rt_sigqueueinfo(0x0, 0x3c, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/diskstats\x00', 0x0, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) sendfile(r3, r2, 0x0, 0x80000000000006) dup2(r2, r3) 45.142241688s ago: executing program 0 (id=817): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x2) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006840)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f00000042c0)="9ab1446569aa24b774753c9e994c09c24df9d42fa5a228e469b44cecf6f9f5ce5f77c93b1895aaac9cf34b37415f11fe22d6fa0162aa743b242e8fe0a8659e32fb543d7969d6513136a9f332a8074f8ee1e445277ddd5859eb5ac3321eb710be880a441031da9b31f791d54fb3c97cd8ee92b00cbf962be8eb5fd0b7cab207645f59cf87a8c41e2739dd8386b6bb84b627cbf5e09bac876ad4b215f0e510a853c5e8b9f7822b26771d72972290a1f9a6f0a46942be0d0eb7aa5145ff368863b14e9845926088f9f92d554e572926290dc6e6b574aea8c500fbe5697f881c0cec48282c6d07619248da0c3b9aa6f7c778525d1760051e4ba8ef31d3c8d3e1d4214ffa5261ce1fdbc12eba889968137f5c06fea233000296cf18df494b4e7b1bee7dc2f3751c37415d46f6d7ffb3d0f788f2100ee41266e6fba75b61af22e1d7b286507ff100cc34ed28d5a2c8be3231446874bbbde6f3c367ca802d64192ffcce1ea41b2cbc57f7500fc4f8f12fe02690c1c9785bbc35542b59d05600783cf4f4633b374101d8ed395303392b238d198f9f68c8ae928cbf3b558deec6d38ebaa526e749ac4e47dd5b838ec34f2820a1134252ae60159d4e030cf5e5d6f8de799a31e12ae57cfe5a1a3ded525c6e71271271d35a0056265362387a361f21ea0f4b6d46f6a83a8512687e43b31e11b1396d6e9e49cf42b693732e226b55d21a1203022f6be9f8ecccb68de3bf4ce99689514bd752f4e60bd2f8e376d7fae5b5fc8db0f53db8c52746671e361b9319419c1b3f3168b4797ebd2d118ee42dda4bc59dd0251236195c8cdafc0546354eeb28f4c7e71e8245a6ccaddfb858f61039c0ccf5acd924680aab38dd061fc7b123f24ac7f3d3c0cee43b61045bb1efea25af86088a0591f166e2f11ea4089860893b17ca5e3d99ec75131268e2e4e290c2bf15e4dde23284e4bdf6e549c096ce221d9c8a6c0fc78aa6a1c8b547c0e10738de2a1e8663e03ab0ce4594e244989f75b6672de1eee97ba7e6467a0da51c0e75d5866c405b03c4744d8d3fbb01eddba5a0361662269154c2f0e61a9433982eb904ff562896cbfa692eb1e6c644fcf6cbc103a76b712af706a47608d3e2f5d54d47d8e9906ab37ddf04004d32ce00200fc3c274666aeb618b27424d87b6a4b0262de4436b9e6f150bc798394c298b25a2c318fbe786185464057c0bcfcd1917230d78ee1a49eca12068fa676852c1099096c6cb98dfda27fedac41826516e42cc116f0cbb68f0f810418258dc5a65c0e1ada296176e17f8d762894c80542a79383cc1674a4f3d6520633ce80baba214c20628899f9ac826484c887713aed9c5caf13b40a598cb1e81f7b18dae39efc22dc99ff497e11f158edc2716ebe3bcd593691aa26523efc168e1394ab439c9a9270575ef34eeee9084b0a31b2d81d47c964ac61e600f75d9321d7474dde45bb8d0cc46510488ab68486d3ba6cc9c3ddb6f66f2e5d251ee285121e1645a2f5167fc5fb8ac4491c0d9d0423c7a8452efea2f5a30096a0fa47173f3a68500a5c755ea939c838d3be126a87ff6baa5a1fba638a5c64767d17f04201b935fcb1cb6afa175594f410f2ff773194c703e623876051e46bb0850a5016e65f8fa34b96bafdfe851a0756fe26fb63d52113c0935b0867f7dc8a94d887484b15e8f92b6a316a22c04a985cc94e432cd43f44001bcdbd48efcd463c402d3d181298e96db60fdb714b82e146567af5ae3fc0c3f9d241471b4d129f928d286f780facb1e84434610ab3379dfff0f64d57b4a1c2e96c98b693de952d26773d24e7a95eddbc450f79932d5332d27991c7bfbd3bc35bfeb9496fbebccb5e4c35c368e021dea643cb292d794d3d3bbcc960f989bef09763dc73d83cbf907485635265e81f87b712d958a66719230fc6466615a0e3bb998d48159e9e9c51959354a545966bcffa298c7673b4d32b991c886a997236642c0f104f6795feab9f48d0ffc74667f3f3e82473ac892ad25f4b13029b0b27fb1d86991ddc42bbc3fe584ed364e769f3bc72ed8749e7a654ec1a2ec7a01bd2d5caccdc6241a1b1ef2726db54d2c34ab47020b4c729b5994b43deb00ad959950e0051d2c0f27217397055e78f1dd3bd867a45e06c2134ae8981021aae881cc7b2049fe7c82d2127ec81d6430c8116355c8d0ab8b9291c688ed9b8dbb1ed6f1a99bb58a1be8d5737acbf9461b142c8982f52481195d35ef82aed4fa52385ea4ed00a739d01cad7af9f7c27d357748e24f28d22065ccb37300e8f5d8dae5ca79af7a50edc3e05184d1a2a6d59784d5ceeb1f1550a44ea03bee4dc5c27eb78f0032593c7d082e59211f83a8b91aa78bfb7e959328ee63af26a37b79ce5e5139eeebd12e28b2a26ad2fcbdca652524d036b324782d54247a48b9f8200b2d6d2c091c41366d677e3be6e136cec6c3080d608849135c6e3c7d695d2e226ae1ce999d730d7f79116ab85762e55a3e5a66a690ce0a4bb4fd1560c796e2797414b544ef78e29d55e4853fdbf3362085a65c46105f32c360a0a9867b984a5d0297fe0b06a45684ac801a8e66294cef6e5f3c48648884fbb2422fa00488df33a9a0ff1039c81f1939f2cd2f5fe8aa805af2d2332ac37244ed4a7b50265af8062752b0c16511e5f25e8aa2b60645675bc826557bb75474ca4787f6b584b2f83bc25192579104aa0baae79f396df0d31121f90db9acea9695ee0fe0c22df4db503ec8b2437b05f5d35a65722fa82eebd2aff4bcd3316a5cffc4b31913fd02f82130c77f320bf04bf8fa873d0e3f62122d6a5f87d3e908bedafed4a3cb6d9f73ff546f5a2b74a2493b1753e89b682352bb3166563518dcb190c7b3d9fd667c57978a670b192641a674dc92c2401d067b6767aa632ce32a401175c98200a52ab5d80dffa719746d0bff8a84bac4a56e0ab8124fc332b64ea662d01e1b73231a6638f01cf4d699448da228c16951149c8d3dab9a7e3be9a16c7d1ffb061818f8f9cb2b42739fae4a0d70c0701c8dceee785d36ef6413162de1917df01c693ef3e1f517e7fc46245209fee52f5c6a2f50ab3f56d67d1cd987282b24071d8ebb1bc5cd635957b2a7ad92d0650abd5bbc24b75885b6119592a3d715392718e52f9124c4ac95be3582abba4ac3a4049ee49fa8ceb9b59d4e1e2a069c9d482879fd8d27d5ac22ef870542453be22c2ec4ebf1472c19fbfb56aa0a3671297b020e3fe49d201a82a04420e90bda43691dacf92347bcbcae3742cc4abad4c8010c0afa15278795d4d76c482461ae78f30569e1dcf87b9b150d07a2bd81676ec6022422d490759ae1e861a6c4cd1f733bd772d60975a59356c385a4a390429f3d2131e7f616015261df6db3cc3ec261a53be10c4f197e71878984fee00e6d1069f79825194b7af434fb6bb86db18e11977f82928be35054543060cea94ebb4015d061f20f8454e056e7b6e4f9a1621ef2377d77659c20bf358c817519f1801be15ae3b5b42adfab367777a6789635a0dcdd1f2b97edecea0210768af67601d1b95a8850dddb6b1f4b0c2f52c835b0833d81966ad19e49ceb9dc9c729cd8334bc3ee5bb8c74186f5cc3e765b9fdd91d79baaab3d2ab64c15d655d1af7de9cf8d5d7c1baef24577843ce142331743b45b06104b6d0d4392e61ca8c07507ff5f831bbf720854db4debf64182aaebf899ba57626a48748fc2dcf016013d575595d24d383eef2da0ff0c9f6fe9c64b186cd4617e3f37635d7dacb58ec297f3ddb48ce4a5e00cc127267e18a1fdf209e098f2cb2e9c0630d15ec9b867b2b95ecf82ad2c0ba39df9c4d36d492bc9a55c4b767da966e4fd7f4d2fef5e91d0575177c05d240b50757031c76333d43bcc828ab2f0376e29d12d1261ce104a8ea488091326bc451c120c8c04d3e64835c893f55b312e248ad8fc1c32429d68e6b67bf45ab8a1cc3db22f9f01a2266b8349046d3d3e081eaa7f7020c73c0762d11a33b517b8f081da3c61ef63e1d40cd87d69c7ac7491fb61bb57c1fe2d218aff6d39b3e1fc847f0ed894e2f0b4d6a4ad03ba42e28bb1dfab645081f548e64ceb8ce15d2214bd66a14fe594aa447c3537eb493299fef0f9326236ea5dae44e23b34801fe06ee16c79545feaf2528421d6e7f9a256a7914d86bd053dc33c8c2043ba73714f5ff5f0507097a56c40b2190e77877d43be849ee2ac129e582930ced06d359eebb49eda4edb13819f91cecc449c9613d9659906179f8fefa34fecb7d21cdaf09a1ce8d094421da80796c97c02fc56171aaba53fd8a7f55de059044717df164f3571028f16995d51fc8829534cdf58dd134def1e43a34e4f5f372fa8e19d3b85881e99ecd45faa4fccfdb47e094ab06955f3960fac71294dd965f24a97cff36b9966cf1a4c3e96c3e14a3951dcc8a3e9371f7e1ae9df77ddb1a99172174adbee8ea57a0c9872a6d677c2875da88a6a7234bebf68a3cc0532a9809a4de4b4d419bff67b0ba825a7ae6e999087155378357ae67e2dd98697f1d10ffa4497dde6582571670456db995228b97d0ecb2fb30c2ba6c16038c40059815c56b35666cc1c5090f6c38e0f4c12abf79919951b85a2734d32dd12b239912d541f9163387a4aa0be0b7a12d9c6b56dbcf1e9aadcfd72e2664a84d6c5147c72bffe7c3560ccd8c447b748dcd26cc9ca2a85cded742a8dccdfd8e78c96e78d405a19faab9e57183b37583f94b3d416b2920c6b746427ed75c08dc3be02720c1edc4743229153c48f1239b222b9fe2e21c0ae28122bc44f9dc78a59f3485ac8057eb21f0857bcfea2d9ebbbcc197e7880d81515bb1cb7192d97c4258c09926d137e245977db40812b253f99a504bb68137d8d73ca4e7c808d50f1dcc600e6a6db90238ff44e075932fe668c066e6988a6a8b4a8485120c8e4d6511268a75d8f9b0f06689aac8cd621e90c62af1e59aa9efe928e9ea098661b408a2825c4f9aac1efd9d54d163a651054b9ab32719d2be3b176f6795ddad0f1310b9237181689f2f9dd34a41d4d4cd2d7569bf56e6a80bc24d90df3bdde0f9649e699f4ef70c4f3faf9553a231215416bba26c29f17861e0f265e9641b2307ed43d6fde23a378669f4ade874e54c20a5e902205dcaa79a3e8584a3f78a86e703451115a1717df882507c607297afac0a056a0f3509a57502fd2ffff6035d04b91f72f5e1a69ddafaf80f7b2f7a13f38c683988436585e6bc7fc2da328449675c234ec0acf5294ce06c72442beba15e65d6a3e1b5dc3c8f115e1005798383f79b0194f6b7d4b1b32371acbf22340af6e5ee3ea840f7ed451226daef3041fc194e051af2fb450022b394c774273b9575c974c324ecd7268435176ee28c54bb54c8e829232ca636f3bdef60ed460b5ff425936626dd16a3f436f08a863582a79f393378f60f6c8ecdd13d83073bfda2e9f8d0c74a841021cbb8c148e70bfc585627449cdd9fb3045db3ea08a96108b52ee8a4f5048a5d910355789f4bb85c1362955e267e719581c38a2648eaa0b516db6277d2ee3c6e1e1090df3f53a31b747d99887e337dadddab16a297d9e56797007a3d18ce333311c70bb1bf45bdae517ffc589419af643773bb30a1fbff7ecd4a8ae7456a608fe73547c2eda4f070d57dc70b65d867526c946a435ea581497da18646ce569eaf6ccf3474cd6e7aa3d6d4732836ff4167c9153757ce58a34864be6d479f7b4ea1d6480b9ac16c5bff346a74e74133234744df867e16b3d2f1f7db4b21b89019b520917ef863e60f52999d6946b9e09cb60054f49d8a255f02e4b62fff6e6adb9a167ea70a177d00b26f56e29b63138a2ebc30b956161a4ab25d5da1c207c3f762714f651341ae771e17d84fa1c86685f2fcb0a128c2e1208d1930e7ff0d8d55299154112af574b881be8b69cc1721d548ad4dc02632e184c47f9b394bf4a834e60fbead8c8bfbf5087f8454513b0b086ac97bbbb9aa342af9def758fe88f1e4570e65f93fd4a9868665d08fac0cf6ebde786995c433504ca01cdf83311aaae20cc76f819a4344a8ee4e26c1094cb00d2c8a67c733fffcd89e97534cacb08a64d75e8594fa31f0dcfcafb0d1bc184c7067fec6a48ddefd580d4d9a4128d8f70f6fc6562da683904766e982ecd0286064db6844131bb7962a0a497f7b97fefad88a0b128bdf8cca774b1c32cb4af259bfebccda036e7e4ea8962838dbb5c04ffab0a2f1481848a27f06171645daf5246a2e563f3ed60097a9d7023d6ba5c8a58d39f733b12baf0863d82c427460f51cf9e3f77281a42221725b7bb75c2116ab31f704661f090d3eeddd2aa6efc619946b4933c398b635fd04ba3758294965c568997e1ef44b0562804e6c64558f6cfa87662a988c321a856ead51c848528a4954f9ff1948d517d67bc11db66801648848bfb7ee12296428bc3ffec863e9c77ff31ee386197679adab2a0e93bbe0c66ffe9c4b09b636f6216faa373aa8271678cc57ad46898222df7e2d8b14a5b70130596c0430997c4c04d9b5187fd9bb26b71fd19aacc8e08a3239f0eebca7b2873062a19f327a4a282012ebf9898a5ab6310b8623c864d4dada3ded00ad201ce8f3973f90396f5edc1ba466e16247fe6b0ee98acfd53792cc0fea33647b841596655b8d9efbc14b50fe0b588e4c41e2cbd0a700529e7ca91122d3d1b26e52bf44a0c9fe37cdbc352357f13b2adc68e78a00f6dc88a8e6ea54bd0b2c8276f9e1bfebc8655a1f47b72c25ffa97f4463630cc21428ca3bb381a6d3171d28bb946f746f820247bf3f7bb69caaeb5c47026ca9997e586e657a9e1569312bb443299ef4cfeacc9aaf4fc3aaa4a77a21579234d2aab6fd0234398ae07ca7c57ac6d6a51e025744b1430abce27f7f9b0d0e45c051e34d20db95cadcc0e4e327dbd979166b33e39a3951d0b8dd62c0d1542b69583cfc07b127243cac4b052cb29ccb3592972698fa4cd84633d222d78b8741d5f903f8636d95cddfe2ef13829df9ce32705edfda51ded2f0ef38f60a33a2e00373107eef56a01acb5e05d849279b5987343c8bbc73ea660ceaf7c9b90c0a8e1412ff3f517cef8fe604d7a26e085170a76e1bf43f5d1bb77ee771fe841d59fe2cc2874d25bf991b4af6bf9ffe1bfbf3a5587006b60bab5bdfd5a3192e82d474ecab0ab656967856c84cba9469c5823c1d1bf104d2a21c071bb08b2a137883dd9c8f545d6958db8efa45263ae303de76e70f2f6a10e1858e6654004f2a099dc31950ee730c465e0a1822935e309d41650fba489aa3050eedbf3f058d24d1f04fc340966e42d72052d84a66789ccf75000c3fc83b8842badd6b22ddaaaf53ed34e25c1b638e3630d66a7903405052902cf8e7395d54679e2f4a2bf7c8c89b0dc38969376ea164fe97b37b1172e6e8f05a929aa373108e891a64e38e18b432a115a44d754811e03c4f4ae7c525a6b9b92aab0d16967ee1a64eeeb2207c094f6aa96f126d058eff22435a4ae76c31f888ee13b327d2cab4ab5a56abf4cae88c583dd67129271708aa17f4f10886ead0e12734314bd4a49e64349beba4abdf94a1fb23a72cf7e16b5af2f1706d9646a5ff7dbf5c7b1cb2c3781346167b15d4625841d9f3d14392db1d39101d37175c42c522229db0708544058d75cebf3e399cd443d1b943c6f3017a898bd49836a8d92519deb810712aed76602682ef0df2be270734eeda7f289a76f4684baf75702a1ac3da005e62b83f794b934cf882db5d50e5ed4aca868e300d690c0b10daf0a47486e9f49d1b08eac6cf5090ddd2443b1459b2df86ab3447b2b5c6afe8aadb410de6a84b640e326eb882832d1a9cb12e0b8f13aef579f404af8631cdd5a30a031dad19cdf247575dd223229330f19fe4d88c51242217397acf66b86c743de283d5df7212fce59af17eb702eccab192f56f054a33709d41841e4a39638e02b4210559593f9b5c44fd22d9da637ef1a3a0a41c40469990dc4beec30a05b67931c0560d9a59fa875f3e26fd1eb32655aa30c7a1cd3d541716fdaacdda206328f3cbc8f16fc2be26690f18963a16febbaf2cb6c199330579ca067c60b54cbdd211c1350e066448fb50ae28ed58788ac98f0ded3414c8735ab90639916e26ab29102cc2609035e56d9b9d2dbc98118835bcf0e437c77052efe2293d9f19b7197aa1b94b10997b0b1efdef251de8945a97fec885f032c3bee2447335230b866d7aef515b04664d0c59e18233f9a229969e3e17d69716413ca3bc55f5959e340627ea803f7b26f4a74295b295344a3685287093998a1ce75b1ed5d730c9aec812617b4c200a0250c9ef8ef7d2fcfc59ef97422eca746bc6451a5b77307d14c1cfa0ea2c8eb7cf7819644577a6456efec0af058a0e3c8ec371019009462bfe174a11368b57fbe3090208a57b2236b97edc32cda5c6fc988cbaaf91c4020a06a7ad45519eaa761e045fc84d3219b287206282347a031ef1e7b7dbc67de738fa8f9fe71c44201fd1d548f8aebe93bf502d64d4b5f470a419e3fcd87f0616b9813048311ed20ac2efd7f18dcd6889542208b50c28c8c0700f73fa33a964e38d699819cab2098c6ff081266721cdced87ff41948c84037485f30d38a99eeeb3ff4c3049742a29eb09bb35c358e732546267c165a62fee9e25abdafdb8a48785bd432d160797e7a41d580f59d7d8e59b3e6b954d39f86db33b8f7cabde43e8e04cac1fcf9aa6fdbe4326e0d9c782d9a630055b36f85c2b8efebf18f42ef14ee5eb1d33ca322db69704f8bb90bf30eb05908b8d8ed169580923f53a6539cc3b55baa47718053d2ff103c23d90f9cb49ddc7d759950f605bafabcb7953c042c0523b84da994529a87ad68fc6f0709fd7af5fc20e53a17d3f5fd4d25fc5ff6598c6ddfc34668a08ee5e066d81a65e7979c50c08febf76dc5a3a405f551bb8449d94ea0dfdad6dd6dd6d6e4486f4ae1d2523c05f46198d8af4da12873ebdf7d6b5f2d0f1b2d29759ab0d78e34ae6f17b7ab83518cf8b18836ea5630ee934e5ecc123f0d3fe6b803ae1f735d65dcadcaaf6660e02ecad0290f6ead0594733a10b2b1654a44244424fa8b3180b551ac401828203e61603b017106e2256f01b9f26db33897167d9defb54ddfe49334150574493895370bad46cc658667aa9a8ed333c86f112b2a542936af92e2f933254b6fb0b1a599eec3bf2e476ae6714e2486dd31b29e4d26838d84bd7a62c62beab3ba71642278ecaf2e50d70670d9fdff105019791d36321bc57fdfd8f65f2ea1cb188035ecabf6140e777b7e6d2177ac29e9a1a2f87dd54d96184bb1a855bd9efdadfc606f13621f40e07cd8be9c2435c8c90b4ccba5eb7ddcf8cf1f76617c9a9e011abf4a63ffe31df63ecacb8b1d2d653e613cb399ce079392f9ca2e226c60b6e8103447c24c1f80d42e1ee747997602ae3ccff8f9f98ce9b56f6f3e3c0ba507df8b2169539cfc946c42da72644feb9b3b582ce332f8b2eda02192958194903d17b3e9b4bd60d08cd9a7989d946ece6d8dc01d6b66a7851bb11e4b075d38081d3ce7bf1875fec9daf47a589abdb72763c9747b83a28389238b0279c8e41db6521130420851acac463664a97be2190aff921923475f2c1f8a87d1169229e5f10dd0a92221e61358b156020f2c9ca2cb6580743a8d5e3c59e6fd97a7a246211450c7c62f1891cedb434102f8794d81c1caf2c1b4ae18b7c4b9c88de5c51da33e3343cef76da0d00341c2e60c4562c162e41a7efa8290cc9061f3d6a592d5f104c5018f31bcaf912bdd37370fbf8fedf0aa9026c1142299197d67ab026756927b5864ea42c45a82c23c275697d31a1b7900670c9a3c967d12974543c11f20c367a336bea9b9ebe480f9c806528138dff35c5f56b1199b75748e9c5cf50e6a32397dc3eeb04c3636c0848a5e13df8a9758bacea231f34cba13b466360b0dec69f74f8bf9a2dcf3dd94fa3a7d27e8caae00240559d75875ef9c619416593ca0072e7f38caae5a530c62dbe00e38c12cb8b924d63fca4d5c3a4c8f50e8f4f86fc1fe2b163219c46c21eb783e587e18e07ab7e1927a646c4f154c5000cb65ce9528457c3c66f43d9ab7d61580df0ecfb31cb38e4cbcdc3dafcca57311abec6b74048c8b74505ba678a4db07ed7243c70a821aee66a487bf91fd273418f8ef657d1eeb9ea6f095d47641e9f9fa30599e8b9c6b4453a1a5e8afd86fcafb46dd095fa4a98a2b26470e2c799b08c6000f5c3c4e28961463724377f37813f3922484fda986eb7c93ae8365baf648acbb344ca7e044d7ba93e7ba35c31085f3f99c5fdb2f9f2845f00b8590395e8ff730b86f5dd7f52297b8ecd5d5a6bb452bcd12b98d6adb27e7ef0e84b9567c66093ca3edab7e64ac4f56360501d81823ea2b1595f934c5f61c8558304c16154109a983a2af8725c7af91b5bc57e555768aa8115236a6ccc921d472b608eb6b82c4ba3747d79027d7856fae5369aa325df6a76138a5b41a94377eeeb251087e0b8510d8890e3f7a0cffaeddb9d2c29bc89f952489f82ee2e2b485cd297e6d30683701623cf73ee9ee606baeae9c3afba287eff57731b9cfaf034b1f56c8b31a32a1078c4fcab298c3f925a8e7cacceb9edf7ba2e54d31033a25462021e4a3c0bf5af341b462ee4417024da7c12c7f385de3af129aef1338a9c1fd68323d07ff47ec8bcca66b44300624d02c9202a2d093c3c85fd922b57b3bd14162c8ca5690734b7e4e4b8980b73a8e9908a9fa3dd508b30e3b1e1fd4ec388affa27c4bc26ca2820e0a902d51ff94984e8894fa5fca7b8704b7600ca6d6b1b1527ea999fcdf8fe3b290ec0036cad222f92cf8a5a54d0fa91de6e74ef61f60a233c9f15fdc86226c3f688de15ed8f0c3f1bc3afcad87cee47a19384afc6a804f197339ebce4aca211dbe0504a000755d18f20c4ecacd4123acdff7653cbb26456499495662508c8186afb883f5481c6bdf88cf137e263bde9d62f054573e0d1454cc119c95d4d9011332bd77682f79debcf5c21f0be7e9a83a58cec34e7cfb17a8122e030669228e4d3d9e274a678c5b77e6180aacc2fa8eb9952c5b04de6b2c7bee591badab96a3c3248c275b5b8faf5394eacc427a840570033be5006c33ce2d2c6e54f08681c3f74ad2fe54bca6dc62a9d84f6c58509c1e5dd5cfcc7a358493d428de48dfc1bc3f74154801c97e6aae38445045320b4cf66c1e56eb6ea2c1218de65f120b463c5cfb9255b3a25eb6e848cbd977f0605d71c561c2a754f5761c31f84101ee8178782cc8cf70b41a2204c5cb2f3134d572327fe4bbc1792249dfcf0ae7ba5d81fb5ae4a7978d044085f3b7f2e398c05733e2bf456cae898f8b5a81e9c79179bb5ca716713fce643dabe21eaee4386e646e25ad3adc5a4ad40f9bd6743f5f742efb1a674ffdbd2ced56c646ae590eb8f10283b47f57e6f96ad76adebecb24df74020b096fdee3c8d780d563a915f73c8b0246b861cd3a8580d5cf75798e8cf1c5875724661a39277e7165fe48ed8d5e6a20d68239f626fe8ea434a4e6e03ea434ec68c4b92a0fc2af15a135d6cbaeeca39a0c1896dab33daac", 0x2000, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000600)={0x50, 0x0, r1, {0x7, 0x2b, 0x10, 0x1c20040, 0x0, 0x0, 0x1, 0x1}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0xfffffffffffffff5, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x8, 0x80002, 0x5, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x4, 0x0, 0x6000, 0xd, 0x0, 0x0, 0x800000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x405a1913, {0x5, 0x0, 0xd04, 0xfffffffffffffffc, 0x0, 0x100000, {0x0, 0x8, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x4, 0x4, 0x4, 0x2000, 0x101, r2, r3, 0xf0f2, 0xffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = open(&(0x7f00000001c0)='./file0/file0\x00', 0x1802, 0x40) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, 0x0) 44.918826941s ago: executing program 0 (id=819): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x108) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x4, {0x3, 0x2, 0xfffffffffffffffe, 0xb3b, 0x0, 0x0, {0x40, 0x3, 0x0, 0xffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x120, 0x2000, 0x0, 0x0, 0x0, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x14c0348, 0x40, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50) r2 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000340)=0x7) 44.530562429s ago: executing program 0 (id=824): ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, &(0x7f0000001300)="92", 0x2) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 42.54956843s ago: executing program 0 (id=836): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) 41.619302007s ago: executing program 0 (id=846): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) writev(r0, &(0x7f0000001680)=[{&(0x7f0000000080)="d8", 0x1}], 0x14) timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) 26.529193451s ago: executing program 33 (id=846): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) writev(r0, &(0x7f0000001680)=[{&(0x7f0000000080)="d8", 0x1}], 0x14) timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) 2.587785415s ago: executing program 3 (id=1219): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 2.41605246s ago: executing program 3 (id=1223): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x10, 0x3, "709c897c82b1095a67232d63"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0x9, 0x1, 'mark\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8917}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 2.241798925s ago: executing program 3 (id=1228): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 1.769722244s ago: executing program 4 (id=1239): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) 1.682202375s ago: executing program 4 (id=1241): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 1.423311791s ago: executing program 1 (id=1246): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000380)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x10}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0xc2, 0xffffffff}) 1.311980362s ago: executing program 1 (id=1248): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000b40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_MATCH_INFO={0x10, 0x3, "709c897c82b1095a67232d63"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_MATCH_NAME={0x9, 0x1, 'mark\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_COMPAT={0x14, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8917}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 1.305002515s ago: executing program 3 (id=1249): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000140)={0x1000, 0x11b000}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000240)={0x1000, 0x315000}) 1.25726198s ago: executing program 1 (id=1251): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) 1.120355479s ago: executing program 1 (id=1252): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r1, &(0x7f0000000500), 0x0, 0x240080a0) sendmmsg$inet(r1, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12) 1.046704971s ago: executing program 1 (id=1254): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)={0x2c, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) 954.112493ms ago: executing program 3 (id=1256): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x5) accept4(r0, &(0x7f0000000000)=@generic, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000100)="ea", 0xff82, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 895.208536ms ago: executing program 1 (id=1257): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(0xffffffffffffffff, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 763.816212ms ago: executing program 4 (id=1260): syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000400)={r3, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={r4}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f00000001c0)) 708.90872ms ago: executing program 5 (id=1261): sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) 702.979074ms ago: executing program 4 (id=1262): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @empty, @remote}}}], 0x20}}], 0x1, 0x240080a0) sendmmsg$inet(r2, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12) 632.732182ms ago: executing program 5 (id=1263): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) r1 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="832a0a65bd", 0x5) 561.096165ms ago: executing program 4 (id=1264): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000140)={0x1000, 0x11b000}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x10, 0x0, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000240)={0x1000, 0x315000}) 560.219481ms ago: executing program 5 (id=1265): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)={0x2c, 0xb, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4800) 483.434549ms ago: executing program 5 (id=1266): syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000280)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000400)={r4, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x0, 0xf], [0x1000], [0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000180)) 403.985673ms ago: executing program 5 (id=1267): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000380)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x10}) ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0xc2, 0xffffffff}) 324.95223ms ago: executing program 5 (id=1268): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x90004) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) ppoll(&(0x7f00000000c0)=[{r0, 0x60}], 0x1, 0x0, 0x0, 0x0) 324.086906ms ago: executing program 4 (id=1269): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000) sendmsg$NFT_BATCH(r0, 0x0, 0x24000840) 0s ago: executing program 3 (id=1270): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[], 0x84}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) r4 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r3, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): [ 95.608818][ T5950] loop9: partition table beyond EOD, truncated [ 95.615358][ T5950] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 95.615358][ T5950] ) failed (rc=-5) [ 95.620834][ T24] usb 2-1: USB disconnect, device number 2 [ 95.684155][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 95.696619][ T24] usblp1: removed [ 95.710098][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 95.747758][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 95.778767][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 95.803245][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.817642][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 95.829089][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.884431][ T5956] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 96.048589][ T9] usb 1-1: GET_CAPABILITIES returned 0 [ 96.054544][ T9] usbtmc 1-1:16.0: can't read capabilities [ 96.081388][ T5959] sp0: Synchronizing with TNC [ 96.093858][ T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 96.270445][ T5821] usb 1-1: USB disconnect, device number 2 [ 96.277057][ T5843] Bluetooth: hci2: command tx timeout [ 96.289684][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 96.301328][ T24] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 96.317398][ T24] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 96.330288][ T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 96.339652][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 96.349836][ T5843] Bluetooth: hci3: command tx timeout [ 96.358758][ T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 96.369769][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 96.383126][ T24] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 96.392363][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.406493][ T24] usb 2-1: config 0 descriptor?? [ 96.422498][ T5843] Bluetooth: hci1: command tx timeout [ 96.427984][ T5829] Bluetooth: hci0: command tx timeout [ 96.464525][ T5967] process 'syz.3.15' launched '/dev/fd/10' with NULL argv: empty string added [ 96.604552][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.614773][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.623920][ T24] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 97.197415][ C0] usblp0: nonzero read bulk status received: -71 [ 97.208869][ T5924] usb 2-1: USB disconnect, device number 3 [ 97.233907][ T5924] usblp0: removed syzkaller syzkaller login: [ 97.490818][ T5982] ======================================================= [ 97.490818][ T5982] WARNING: The mand mount option has been deprecated and [ 97.490818][ T5982] and is ignored by this kernel. Remove the mand [ 97.490818][ T5982] option from the mount to silence this warning. [ 97.490818][ T5982] ======================================================= [ 97.918352][ T5987] syz.0.21 uses obsolete (PF_INET,SOCK_PACKET) [ 97.993044][ T5990] fuse: Unknown parameter 'group_id00000000000000000000' [ 98.043223][ T5992] 9pnet_virtio: no channels available for device syz [ 98.495661][ T6006] kvm: kvm [6005]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x6 [ 99.595345][ T6036] capability: warning: `syz.1.27' uses deprecated v2 capabilities in a way that may be insecure [ 99.616978][ T6036] capability: warning: `syz.1.27' uses 32-bit capabilities (legacy support in use) [ 100.228778][ T5843] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 100.239143][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: kworker/u9:8 Not tainted syzkaller #0 PREEMPT(full) [ 100.239172][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 100.239186][ T5843] Workqueue: hci3 hci_rx_work [ 100.239225][ T5843] Call Trace: [ 100.239237][ T5843] [ 100.239246][ T5843] dump_stack_lvl+0x189/0x250 [ 100.239274][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.239296][ T5843] ? __pfx__printk+0x10/0x10 [ 100.239322][ T5843] ? kernfs_path_from_node+0x250/0x290 [ 100.239353][ T5843] ? kernfs_path_from_node+0x2f/0x290 [ 100.239389][ T5843] sysfs_create_dir_ns+0x259/0x280 [ 100.239422][ T5843] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 100.239456][ T5843] ? do_raw_spin_unlock+0x122/0x240 [ 100.239482][ T5843] kobject_add_internal+0x59f/0xb40 [ 100.239520][ T5843] kobject_add+0x155/0x220 [ 100.239559][ T5843] ? __pfx_kobject_add+0x10/0x10 [ 100.239587][ T5843] ? _raw_spin_unlock+0x28/0x50 [ 100.239610][ T5843] ? get_device_parent+0x366/0x3a0 [ 100.239640][ T5843] device_add+0x408/0xb50 [ 100.239669][ T5843] hci_conn_add_sysfs+0xd5/0x1e0 [ 100.239705][ T5843] le_conn_complete_evt+0xf39/0x1500 [ 100.239746][ T5843] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 100.239774][ T5843] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 100.239797][ T5843] ? __asan_memcpy+0x40/0x70 [ 100.239822][ T5843] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 100.239846][ T5843] ? skb_pull_data+0xfb/0x200 [ 100.239878][ T5843] hci_le_conn_complete_evt+0x187/0x450 [ 100.239912][ T5843] hci_event_packet+0x78f/0x1200 [ 100.239936][ T5843] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 100.239964][ T5843] ? __pfx_hci_event_packet+0x10/0x10 [ 100.239995][ T5843] ? kcov_remote_start+0x4d3/0x7f0 [ 100.240020][ T5843] ? local_clock_noinstr+0xe0/0xe0 [ 100.240047][ T5843] ? hci_send_to_monitor+0xe2/0x570 [ 100.240078][ T5843] hci_rx_work+0x46a/0xe80 [ 100.240108][ T5843] ? process_scheduled_works+0x9ef/0x17b0 [ 100.240139][ T5843] process_scheduled_works+0xae1/0x17b0 [ 100.240201][ T5843] ? __pfx_process_scheduled_works+0x10/0x10 [ 100.240249][ T5843] worker_thread+0x8a0/0xda0 [ 100.240281][ T5843] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 100.240312][ T5843] ? __kthread_parkme+0x7b/0x200 [ 100.240353][ T5843] kthread+0x711/0x8a0 [ 100.240378][ T5843] ? __pfx_worker_thread+0x10/0x10 [ 100.240406][ T5843] ? __pfx_kthread+0x10/0x10 [ 100.240429][ T5843] ? _raw_spin_unlock_irq+0x23/0x50 [ 100.240448][ T5843] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.240469][ T5843] ? __pfx_kthread+0x10/0x10 [ 100.240490][ T5843] ret_from_fork+0x4bc/0x870 [ 100.240521][ T5843] ? __pfx_ret_from_fork+0x10/0x10 [ 100.240557][ T5843] ? __switch_to_asm+0x39/0x70 [ 100.240579][ T5843] ? __switch_to_asm+0x33/0x70 [ 100.240600][ T5843] ? __pfx_kthread+0x10/0x10 [ 100.240622][ T5843] ret_from_fork_asm+0x1a/0x30 [ 100.240666][ T5843] [ 100.240699][ T5843] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 100.538587][ T5843] Bluetooth: hci3: failed to register connection device [ 102.176816][ T6072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.249770][ T6072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.282319][ T6072] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.313710][ T6072] netlink: 4 bytes leftover after parsing attributes in process `syz.3.39'. [ 102.342953][ T5149] Bluetooth: hci1: command 0x0406 tx timeout [ 102.931554][ T6085] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 103.115339][ T6088] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 103.192690][ T6088] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 103.643148][ T6106] dvmrp0: entered allmulticast mode [ 104.573446][ T6126] netlink: 'syz.0.60': attribute type 1 has an invalid length. [ 104.581533][ T6126] netlink: 228 bytes leftover after parsing attributes in process `syz.0.60'. [ 104.792211][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 104.941998][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 104.949446][ T9] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 104.979205][ T9] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 104.994343][ T9] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 105.006917][ T9] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 105.024150][ T9] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 105.042041][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.050112][ T9] usb 2-1: Product: syz [ 105.062022][ T9] usb 2-1: Manufacturer: syz [ 105.066866][ T9] usb 2-1: SerialNumber: syz [ 105.087010][ C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 105.107938][ T9] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input6 [ 105.302096][ T9] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 105.316090][ T9] (id 0x00) [ 105.372154][ T9] rc_core: IR keymap rc-imon-pad not found [ 105.378124][ T9] Registered IR keymap rc-empty [ 105.383568][ T9] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 105.394009][ T9] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 105.503364][ T9] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0 [ 105.517053][ T9] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/rc/rc0/input7 [ 105.533806][ T9] imon 2-1:155.0: iMON device (15c2:ffdc, intf0) on usb<2:4> initialized [ 105.699613][ T5821] usb 2-1: USB disconnect, device number 4 [ 106.342096][ T5821] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 106.492072][ T5821] usb 1-1: Using ep0 maxpacket: 32 [ 106.499481][ T5821] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 106.507853][ T5821] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 106.519046][ T5821] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 106.530628][ T5821] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 106.544700][ T5821] usb 1-1: config 0 interface 0 has no altsetting 0 [ 106.555836][ T5821] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 106.565239][ T5821] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 106.574371][ T5821] usb 1-1: Product: syz [ 106.578595][ T5821] usb 1-1: Manufacturer: syz [ 106.583326][ T5821] usb 1-1: SerialNumber: syz [ 106.590193][ T5821] usb 1-1: config 0 descriptor?? [ 106.598572][ T5821] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 106.609595][ T5821] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 106.702076][ T24] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 106.742632][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 106.852780][ T24] usb 2-1: too many configurations: 13, using maximum allowed: 8 [ 106.863224][ T24] usb 2-1: config 0 has no interfaces? [ 106.869987][ T24] usb 2-1: config 0 has no interfaces? [ 106.876638][ T24] usb 2-1: config 0 has no interfaces? [ 106.883492][ T24] usb 2-1: config 0 has no interfaces? [ 106.890301][ T24] usb 2-1: config 0 has no interfaces? [ 106.897339][ T24] usb 2-1: config 0 has no interfaces? [ 106.905713][ T24] usb 2-1: config 0 has no interfaces? [ 106.913014][ T24] usb 2-1: config 0 has no interfaces? [ 106.922362][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.931514][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.941534][ T24] usb 2-1: Product: syz [ 106.947907][ T24] usb 2-1: Manufacturer: syz [ 106.952651][ T24] usb 2-1: SerialNumber: syz [ 106.978249][ T24] usb 2-1: config 0 descriptor?? [ 107.159894][ T30] audit: type=1326 audit(1760132058.414:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6146 comm="syz.3.69" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58eec9 code=0x0 [ 107.188868][ T24] usb 2-1: USB disconnect, device number 5 [ 107.316439][ C1] ldusb 1-1:0.0: usb_submit_urb failed (-19) [ 107.323879][ T44] usb 1-1: USB disconnect, device number 3 [ 107.330692][ T6138] ldusb 1-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 107.340969][ T6141] ldusb 1-1:0.0: Couldn't submit HID_REQ_SET_REPORT -19 [ 107.383743][ T44] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 107.844089][ T44] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 107.864783][ T6165] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.882216][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 107.970280][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.002504][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 108.029136][ T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 108.071968][ T44] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 108.072660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.095923][ T44] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 108.106521][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 108.151602][ T44] usb 2-1: Product: syz [ 108.175064][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.199351][ T44] usb 2-1: Manufacturer: syz [ 108.217630][ T44] usb 2-1: SerialNumber: syz [ 108.277510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.346171][ T44] usb 2-1: config 0 descriptor?? [ 108.395951][ T6140] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 108.431975][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 108.642427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 108.998158][ T44] usb 2-1: USB disconnect, device number 6 [ 109.346440][ T30] audit: type=1326 audit(1760132060.604:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31c658eec9 code=0x7ffc0000 [ 109.369908][ T30] audit: type=1326 audit(1760132060.604:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31c658eec9 code=0x7ffc0000 [ 109.401601][ T30] audit: type=1326 audit(1760132060.604:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f31c658eec9 code=0x7ffc0000 [ 109.426251][ T30] audit: type=1326 audit(1760132060.604:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6183 comm="syz.0.84" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31c658eec9 code=0x7ffc0000 [ 109.521085][ T6189] tipc: Started in network mode [ 109.530569][ T6189] tipc: Node identity 3a5ab5917ff6, cluster identity 4711 [ 109.538246][ T6189] tipc: Enabled bearer , priority 0 [ 109.548361][ T6189] syzkaller0: MTU too low for tipc bearer [ 109.555167][ T6189] tipc: Disabling bearer VOZ[ 109.772338][ T6197] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 52 [ 110.473715][ T6210] binder: 6209:6210 unknown command 0 [ 110.479305][ T6210] binder: 6209:6210 ioctl c0306201 200000004a40 returned -22 [ 111.690231][ T6241] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3093053321 (395910825088 ns) > initial count (247409990272 ns). Using initial count to start timer. [ 111.856551][ T6243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.111'. [ 111.875394][ T6243] Zero length message leads to an empty skb [ 111.901188][ T6247] 9pnet_virtio: no channels available for device syz [ 112.082054][ T5924] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 112.232006][ T5924] usb 2-1: Using ep0 maxpacket: 8 [ 112.244085][ T5924] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 112.260306][ T5924] usb 2-1: config 0 has no interface number 0 [ 112.267831][ T5924] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 112.281312][ T5924] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 112.291282][ T5924] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 112.300834][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.316940][ T5924] usb 2-1: config 0 descriptor?? [ 112.330706][ T5924] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 112.533752][ T6245] iowarrior 2-1:0.1: Error -90 while submitting URB [ 112.541562][ T5821] usb 2-1: USB disconnect, device number 7 [ 112.802029][ T6259] 9pnet_virtio: no channels available for device syz [ 112.876548][ T6261] netlink: 'syz.3.119': attribute type 1 has an invalid length. [ 112.884675][ T6261] netlink: 14436 bytes leftover after parsing attributes in process `syz.3.119'. [ 113.683267][ T6279] netlink: 'syz.1.125': attribute type 4 has an invalid length. [ 113.691070][ T6279] netlink: 152 bytes leftover after parsing attributes in process `syz.1.125'. [ 113.753296][ T6279] : renamed from bond0 (while UP) [ 114.172031][ T5924] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 114.337053][ T5924] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.357622][ T5924] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 114.381989][ T5924] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 114.404237][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.439079][ T5924] usb 1-1: config 0 descriptor?? [ 114.456465][ T5924] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 114.490065][ T5924] dvb-usb: bulk message failed: -22 (3/0) [ 114.536881][ T5924] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 114.592398][ T5924] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 114.621159][ T5924] usb 1-1: media controller created [ 114.636601][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 114.680241][ T5924] dvb-usb: bulk message failed: -22 (6/0) [ 114.697904][ T5924] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 114.712122][ T5149] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 114.715305][ T5924] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input8 [ 114.755356][ T5149] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 114.763489][ T5149] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 114.773223][ T5924] dvb-usb: schedule remote query interval to 150 msecs. [ 114.784108][ T5149] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 114.789087][ T5924] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 114.803884][ T5149] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 114.810261][ T5924] usb 1-1: USB disconnect, device number 4 [ 114.930371][ T6031] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.109512][ T5924] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 115.157132][ T6031] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.181340][ T6031] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.305747][ T6031] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.433481][ T6320] [U] [ 116.436400][ T6320] [U] [ 116.439132][ T6320] [U] [ 116.441855][ T6320] [U] [ 116.497299][ T6320] [U] [ 116.500084][ T6320] [U] [ 116.502814][ T6320] [U] [ 116.505594][ T6320] [U] [ 116.523308][ T6320] [U] [ 116.526353][ T6320] [U] [ 116.529638][ T6320] [U] [ 116.532386][ T6320] [U] [ 116.562088][ T6320] [U] [ 116.564901][ T6320] [U] [ 116.567640][ T6320] [U] [ 116.570379][ T6320] [U] [ 116.592340][ T6320] [U] [ 116.595145][ T6320] [U] [ 116.597882][ T6320] [U] [ 116.600616][ T6320] [U] [ 116.642435][ T6320] [U] [ 116.645214][ T6320] [U] [ 116.647958][ T6320] [U] [ 116.650696][ T6320] [U] [ 116.681520][ T6320] [U] [ 116.684311][ T6320] [U] [ 116.687046][ T6320] [U] [ 116.689778][ T6320] [U] [ 116.735200][ T6320] [U] [ 116.738001][ T6320] [U] [ 116.740739][ T6320] [U] [ 116.743473][ T6320] [U] [ 116.753484][ T6320] [U] [ 116.756300][ T6320] [U] [ 116.759049][ T6320] [U] [ 116.761783][ T6320] [U] [ 116.764990][ T6031] bridge_slave_1: left allmulticast mode [ 116.770919][ T6031] bridge_slave_1: left promiscuous mode [ 116.780511][ T6031] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.793463][ T6320] [U] [ 116.796249][ T6320] [U] [ 116.798985][ T6320] [U] [ 116.801719][ T6320] [U] [ 116.808494][ T6031] bridge_slave_0: left allmulticast mode [ 116.814411][ T6031] bridge_slave_0: left promiscuous mode [ 116.820207][ T6320] [U] [ 116.822951][ T6320] [U] [ 116.825696][ T6320] [U] [ 116.828521][ T6320] [U] [ 116.831803][ T6031] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.843526][ T6320] [U] [ 116.846308][ T6320] [U] [ 116.849044][ T6320] [U] [ 116.851787][ T6320] [U] [ 116.856326][ T6320] [U] [ 116.859074][ T6320] [U] [ 116.861800][ T6320] [U] [ 116.864523][ T6320] [U] [ 116.892632][ T6320] [U] [ 116.895428][ T6320] [U] [ 116.898180][ T6320] [U] [ 116.900912][ T6320] [U] [ 116.922729][ T6320] [U] [ 116.925499][ T6320] [U] [ 116.928228][ T6320] [U] [ 116.930957][ T6320] [U] [ 116.952144][ T6320] [U] [ 116.954935][ T6320] [U] [ 116.957684][ T6320] [U] [ 116.960415][ T6320] [U] [ 116.975440][ T6320] [U] [ 116.978449][ T6320] [U] [ 116.983458][ T6320] [U] [ 116.986199][ T6320] [U] [ 116.992673][ T5149] Bluetooth: hci1: command tx timeout [ 116.999228][ T6320] [U] [ 117.002081][ T6320] [U] [ 117.004833][ T6320] [U] [ 117.007576][ T6320] [U] [ 117.025030][ T6320] [U] [ 117.027810][ T6320] [U] [ 117.030550][ T6320] [U] [ 117.033292][ T6320] [U] [ 117.050488][ T6320] [U] [ 117.053273][ T6320] [U] [ 117.056013][ T6320] [U] [ 117.058829][ T6320] [U] [ 117.079344][ T6320] [U] [ 117.082175][ T6320] [U] [ 117.084917][ T6320] [U] [ 117.087657][ T6320] [U] [ 117.113630][ T6320] [U] [ 117.116415][ T6320] [U] [ 117.119150][ T6320] [U] [ 117.121879][ T6320] [U] [ 117.139075][ T6320] [U] [ 117.141857][ T6320] [U] [ 117.144594][ T6320] [U] [ 117.147332][ T6320] [U] [ 117.164389][ T6320] [U] [ 117.167172][ T6320] [U] [ 117.169915][ T6320] [U] [ 117.172645][ T6320] [U] [ 117.209181][ T6320] [U] [ 117.211963][ T6320] [U] [ 117.214687][ T6320] [U] [ 117.217405][ T6320] [U] [ 117.265212][ T6320] [U] [ 117.722059][ T24] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 117.732670][ T6031] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 117.756043][ T6031] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.776465][ T6031] bond0 (unregistering): Released all slaves [ 117.862156][ T6296] chnl_net:caif_netlink_parms(): no params data found [ 117.893248][ T24] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 117.915645][ T24] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 117.952536][ T24] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 117.978933][ T24] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 118.017661][ T24] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 118.062759][ T24] usb 2-1: config 0 interface 0 has no altsetting 0 [ 118.073398][ T24] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 118.092041][ T24] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 118.107170][ T24] usb 2-1: Product: syz [ 118.116541][ T24] usb 2-1: Manufacturer: syz [ 118.133149][ T24] usb 2-1: SerialNumber: syz [ 118.140899][ T24] usb 2-1: config 0 descriptor?? [ 118.168776][ T6339] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 118.204807][ T24] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 118.221587][ T24] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 118.315881][ T6362] 9pnet_virtio: no channels available for device syz [ 118.637709][ T5895] usb 2-1: USB disconnect, device number 8 [ 118.647845][ T6296] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.657644][ T6296] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.663638][ T5895] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 118.666286][ T6296] bridge_slave_0: entered allmulticast mode [ 118.696862][ T6296] bridge_slave_0: entered promiscuous mode [ 118.714406][ T6296] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.732839][ T6296] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.747779][ T6296] bridge_slave_1: entered allmulticast mode [ 118.767354][ T6296] bridge_slave_1: entered promiscuous mode [ 118.813180][ T6031] hsr_slave_0: left promiscuous mode [ 118.826300][ T6031] hsr_slave_1: left promiscuous mode [ 118.843593][ T6031] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 118.854259][ T6031] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 118.867657][ T6031] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 118.875279][ T6031] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 118.905547][ T6031] veth1_macvtap: left promiscuous mode [ 118.911590][ T6031] veth0_macvtap: left promiscuous mode [ 118.918037][ T6031] veth1_vlan: left promiscuous mode [ 118.925710][ T6031] veth0_vlan: left promiscuous mode [ 119.068656][ T5149] Bluetooth: hci1: command tx timeout [ 119.572183][ T6031] team0 (unregistering): Port device team_slave_1 removed [ 119.592362][ T5895] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 119.615358][ T6031] team0 (unregistering): Port device team_slave_0 removed [ 119.802263][ T5895] usb 2-1: Using ep0 maxpacket: 16 [ 119.817779][ T5895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 119.887316][ T5895] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 119.908192][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.920405][ T5895] usb 2-1: Product: syz [ 119.926779][ T5895] usb 2-1: Manufacturer: syz [ 119.931803][ T5895] usb 2-1: SerialNumber: syz [ 120.027558][ T5895] usb 2-1: config 0 descriptor?? [ 120.047691][ T5895] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 120.067014][ T5895] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 120.313330][ T5895] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 120.380944][ T5895] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 120.394876][ T5895] em28xx 2-1:0.0: board has no eeprom [ 120.515283][ T5895] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 120.538445][ T5895] em28xx 2-1:0.0: dvb set to bulk mode. [ 120.576932][ T24] em28xx 2-1:0.0: Binding DVB extension [ 120.851759][ T5895] usb 2-1: USB disconnect, device number 9 [ 120.915230][ T5895] em28xx 2-1:0.0: Disconnecting em28xx [ 121.007431][ T24] em28xx 2-1:0.0: Registering input extension [ 121.042408][ T5895] em28xx 2-1:0.0: Closing input extension [ 121.130819][ T5895] em28xx 2-1:0.0: Freeing device [ 121.142303][ T5149] Bluetooth: hci1: command tx timeout [ 121.482567][ T6296] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.618418][ T6296] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.961057][ T6296] team0: Port device team_slave_0 added [ 122.073516][ T6296] team0: Port device team_slave_1 added [ 122.211037][ T6296] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 122.223442][ T6296] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.332028][ T6296] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 122.417233][ T6296] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 122.425276][ T6296] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 122.507483][ T6296] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.512249][ T13] Bluetooth: (null): Invalid header checksum [ 122.542268][ T13] Bluetooth: (null): Invalid header checksum [ 122.810577][ T6296] hsr_slave_0: entered promiscuous mode [ 122.850562][ T6296] hsr_slave_1: entered promiscuous mode [ 122.866920][ T6296] debugfs: 'hsr0' already exists in 'hsr' [ 122.902848][ T6296] Cannot create hsr debugfs directory [ 123.222139][ T5149] Bluetooth: hci1: command tx timeout [ 123.479795][ T6296] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 123.499019][ T6296] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 123.535988][ T6296] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 123.586729][ T6296] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 123.628249][ T30] audit: type=1326 audit(1760132074.884:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe22a58eec9 code=0x7ffc0000 [ 123.679975][ T30] audit: type=1326 audit(1760132074.884:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 123.730397][ T30] audit: type=1326 audit(1760132074.884:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 123.783951][ T30] audit: type=1326 audit(1760132074.894:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 123.836615][ T30] audit: type=1326 audit(1760132074.894:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 123.888597][ T6296] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.912483][ T30] audit: type=1326 audit(1760132074.894:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 123.994976][ T6296] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.012381][ T30] audit: type=1326 audit(1760132074.894:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 124.050413][ T6031] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.057760][ T6031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.066337][ T30] audit: type=1326 audit(1760132074.894:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 124.459079][ T2997] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.466382][ T2997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 124.524950][ T30] audit: type=1326 audit(1760132074.894:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 124.553434][ T30] audit: type=1326 audit(1760132074.894:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.181" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe22a52af79 code=0x7ffc0000 [ 126.159320][ T6296] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 126.920338][ T6296] veth0_vlan: entered promiscuous mode [ 126.953171][ T6296] veth1_vlan: entered promiscuous mode [ 127.049330][ T6296] veth0_macvtap: entered promiscuous mode [ 127.095491][ T6296] veth1_macvtap: entered promiscuous mode [ 127.557240][ T6296] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 127.603761][ T6296] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 127.665364][ T2997] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.687220][ T2997] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.709602][ T2997] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.770710][ T2997] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 127.887152][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 127.906807][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.275707][ T6555] 9pnet_virtio: no channels available for device syz [ 128.433197][ T3002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 128.442392][ T3002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 128.634312][ T30] kauditd_printk_skb: 4500 callbacks suppressed [ 128.634330][ T30] audit: type=1326 audit(1760132079.894:4517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 128.732653][ T30] audit: type=1326 audit(1760132079.924:4518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 128.826407][ T30] audit: type=1326 audit(1760132079.924:4519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 128.986977][ T30] audit: type=1326 audit(1760132079.924:4520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.234079][ T30] audit: type=1326 audit(1760132079.924:4521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.471025][ T30] audit: type=1326 audit(1760132079.924:4522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.680187][ T30] audit: type=1326 audit(1760132079.924:4523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.709962][ T30] audit: type=1326 audit(1760132079.924:4524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.732702][ T30] audit: type=1326 audit(1760132079.924:4525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 129.772359][ T30] audit: type=1326 audit(1760132079.934:4527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.187" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f31c652af79 code=0x7ffc0000 [ 130.366241][ T6585] netlink: 'syz.4.208': attribute type 4 has an invalid length. [ 130.374503][ T6585] netlink: 152 bytes leftover after parsing attributes in process `syz.4.208'. [ 130.504458][ T6585] : renamed from bond0 (while UP) [ 130.888096][ T6598] netlink: 'syz.4.212': attribute type 1 has an invalid length. [ 130.915562][ T6598] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 130.925074][ T6600] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 130.934888][ T6600] overlayfs: failed to clone lowerpath [ 131.190144][ T6609] 9pnet_virtio: no channels available for device syz [ 131.412330][ T6619] 9pnet_virtio: no channels available for device syz [ 132.083235][ T6631] netlink: 80 bytes leftover after parsing attributes in process `syz.1.226'. [ 132.458877][ T6639] kvm: MWAIT instruction emulated as NOP! [ 132.519697][ T44] IPVS: starting estimator thread 0... [ 132.622271][ T6646] IPVS: using max 25 ests per chain, 60000 per kthread [ 133.342010][ T5895] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 134.204068][ T5895] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 134.229936][ T5895] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 134.254994][ T5895] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 134.272405][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 134.289733][ T5895] usb 1-1: Product: syz [ 134.298017][ T5895] usb 1-1: Manufacturer: syz [ 134.304113][ T5895] usb 1-1: SerialNumber: syz [ 134.312589][ T5895] usb 1-1: config 0 descriptor?? [ 134.364498][ T5895] IPVS: starting estimator thread 0... [ 134.452067][ T6693] IPVS: using max 24 ests per chain, 57600 per kthread [ 134.691635][ T5835] usb 1-1: USB disconnect, device number 5 [ 134.947825][ T5149] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 134.958730][ T5149] CPU: 1 UID: 0 PID: 5149 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 134.958751][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 134.958761][ T5149] Workqueue: hci3 hci_rx_work [ 134.958787][ T5149] Call Trace: [ 134.958796][ T5149] [ 134.958805][ T5149] dump_stack_lvl+0x189/0x250 [ 134.958835][ T5149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 134.958857][ T5149] ? __pfx__printk+0x10/0x10 [ 134.958884][ T5149] ? kernfs_path_from_node+0x250/0x290 [ 134.958907][ T5149] ? kernfs_path_from_node+0x2f/0x290 [ 134.958934][ T5149] sysfs_create_dir_ns+0x259/0x280 [ 134.958958][ T5149] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 134.958983][ T5149] ? do_raw_spin_unlock+0x122/0x240 [ 134.959002][ T5149] kobject_add_internal+0x59f/0xb40 [ 134.959029][ T5149] kobject_add+0x155/0x220 [ 134.959052][ T5149] ? __pfx_kobject_add+0x10/0x10 [ 134.959078][ T5149] ? _raw_spin_unlock+0x28/0x50 [ 134.959095][ T5149] ? get_device_parent+0x366/0x3a0 [ 134.959117][ T5149] device_add+0x408/0xb50 [ 134.959138][ T5149] hci_conn_add_sysfs+0xd5/0x1e0 [ 134.959163][ T5149] le_conn_complete_evt+0xf39/0x1500 [ 134.959192][ T5149] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 134.959212][ T5149] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 134.959229][ T5149] ? __asan_memcpy+0x40/0x70 [ 134.959246][ T5149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 134.959263][ T5149] ? skb_pull_data+0xfb/0x200 [ 134.959285][ T5149] hci_le_conn_complete_evt+0x187/0x450 [ 134.959309][ T5149] hci_event_packet+0x78f/0x1200 [ 134.959326][ T5149] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 134.959345][ T5149] ? __pfx_hci_event_packet+0x10/0x10 [ 134.959361][ T5149] ? kcov_remote_start+0x4d3/0x7f0 [ 134.959379][ T5149] ? local_clock_noinstr+0xe0/0xe0 [ 134.959398][ T5149] ? hci_send_to_monitor+0xe2/0x570 [ 134.959420][ T5149] hci_rx_work+0x46a/0xe80 [ 134.959441][ T5149] ? process_scheduled_works+0x9ef/0x17b0 [ 134.959463][ T5149] process_scheduled_works+0xae1/0x17b0 [ 134.959505][ T5149] ? __pfx_process_scheduled_works+0x10/0x10 [ 134.959538][ T5149] worker_thread+0x8a0/0xda0 [ 134.959561][ T5149] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 134.959582][ T5149] ? __kthread_parkme+0x7b/0x200 [ 134.959611][ T5149] kthread+0x711/0x8a0 [ 134.959628][ T5149] ? __pfx_worker_thread+0x10/0x10 [ 134.959648][ T5149] ? __pfx_kthread+0x10/0x10 [ 134.959664][ T5149] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.959678][ T5149] ? lockdep_hardirqs_on+0x9c/0x150 [ 134.959693][ T5149] ? __pfx_kthread+0x10/0x10 [ 134.959708][ T5149] ret_from_fork+0x4bc/0x870 [ 134.959730][ T5149] ? __pfx_ret_from_fork+0x10/0x10 [ 134.959755][ T5149] ? __switch_to_asm+0x39/0x70 [ 134.959770][ T5149] ? __switch_to_asm+0x33/0x70 [ 134.959786][ T5149] ? __pfx_kthread+0x10/0x10 [ 134.959801][ T5149] ret_from_fork_asm+0x1a/0x30 [ 134.959833][ T5149] [ 134.959855][ T5149] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 135.254792][ T5149] Bluetooth: hci3: failed to register connection device [ 135.443213][ T6717] netlink: 72 bytes leftover after parsing attributes in process `syz.3.258'. [ 137.426678][ T6727] input: syz1 as /devices/virtual/input/input10 [ 138.242602][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.667132][ T6739] 9pnet_virtio: no channels available for device syz [ 138.896125][ T6742] netlink: 24 bytes leftover after parsing attributes in process `syz.4.269'. [ 139.177215][ T6745] kvm: emulating exchange as write [ 139.408160][ T6759] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 139.476941][ T6758] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 140.273614][ T6764] kvm: pic: single mode not supported [ 140.275127][ T6764] kvm: pic: non byte write [ 140.292762][ T6764] kvm: pic: non byte write [ 140.297495][ T6764] kvm: pic: non byte read [ 140.302137][ T6764] kvm: pic: non byte write [ 140.309613][ T6764] kvm: pic: non byte write [ 140.544978][ T6764] kvm: pic: level sensitive irq not supported [ 140.545206][ T6764] kvm: pic: non byte write [ 140.614672][ T6764] kvm: pic: non byte write [ 141.282054][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 141.442647][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 141.452407][ T9] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 141.472183][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.501778][ T9] usb 1-1: config 0 descriptor?? [ 141.527549][ T9] as10x_usb: device has been detected [ 141.553016][ T9] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 141.636213][ T9] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 141.731806][ T9] as10x_usb: error during firmware upload part1 [ 141.755305][ T9] Registered device nBox DVB-T Dongle [ 141.758561][ T9] usb 1-1: USB disconnect, device number 6 [ 141.839361][ T9] Unregistered device nBox DVB-T Dongle [ 141.841308][ T9] as10x_usb: device has been disconnected [ 141.868012][ T6817] vxcan0: tx address claim with dest, not broadcast [ 142.408706][ T30] kauditd_printk_skb: 55 callbacks suppressed [ 142.408726][ T30] audit: type=1326 audit(1760132093.664:4582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 142.482115][ T30] audit: type=1326 audit(1760132093.674:4583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 142.542143][ T30] audit: type=1326 audit(1760132093.674:4584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 142.631819][ T30] audit: type=1326 audit(1760132093.674:4585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 142.741055][ T30] audit: type=1326 audit(1760132093.674:4586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6834 comm="syz.1.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 142.799045][ T6846] input: syz1 as /devices/virtual/input/input11 [ 143.080981][ T6854] netlink: 'syz.3.300': attribute type 1 has an invalid length. [ 143.140986][ T6854] netlink: 14436 bytes leftover after parsing attributes in process `syz.3.300'. [ 143.351744][ T6863] netlink: 40 bytes leftover after parsing attributes in process `syz.0.302'. [ 143.368026][ T30] audit: type=1326 audit(1760132094.624:4587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.4.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8d218eec9 code=0x7ffc0000 [ 143.442030][ T30] audit: type=1326 audit(1760132094.624:4588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.4.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe8d212af79 code=0x7ffc0000 [ 143.541158][ T30] audit: type=1326 audit(1760132094.624:4589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.4.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8d218eec9 code=0x7ffc0000 [ 143.648265][ T30] audit: type=1326 audit(1760132094.624:4590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.4.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8d218eec9 code=0x7ffc0000 [ 143.705526][ T30] audit: type=1326 audit(1760132094.624:4591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.4.286" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8d218eec9 code=0x7ffc0000 [ 144.409794][ T6894] 9pnet_virtio: no channels available for device syz [ 144.488010][ T6900] binder: 6898:6900 ioctl c0306201 200000000280 returned -14 [ 146.179813][ T6947] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 146.312011][ T5835] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 146.341402][ T5149] Bluetooth: hci3: unexpected event for opcode 0x1408 [ 146.392002][ T5895] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 146.468362][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.500188][ T5835] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00 [ 146.530596][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.564133][ T5895] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 146.572900][ T5835] usb 1-1: config 0 descriptor?? [ 146.578670][ T5895] usb 4-1: config 0 has no interface number 0 [ 146.595646][ T5895] usb 4-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice=af.03 [ 146.612544][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.644690][ T5895] usb 4-1: Product: syz [ 146.649197][ T5895] usb 4-1: Manufacturer: syz [ 146.662145][ T5895] usb 4-1: SerialNumber: syz [ 146.678384][ T5895] usb 4-1: config 0 descriptor?? [ 146.924212][ T5895] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.107/input/input12 [ 146.950781][ T5184] bcm5974 4-1:0.107: could not read from device [ 146.984665][ T5895] usb 4-1: USB disconnect, device number 2 [ 147.042894][ T6955] mmap: syz.4.323 (6955) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 147.076270][ T5835] corsair-psu 0003:1B1C:1C07.0001: item fetching failed at offset 0/3 [ 147.113571][ T5835] corsair-psu 0003:1B1C:1C07.0001: probe with driver corsair-psu failed with error -22 [ 147.243206][ T5835] usb 1-1: USB disconnect, device number 7 [ 149.081985][ T1224] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 149.121479][ T6991] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 149.419252][ T1224] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 149.430752][ T1224] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 149.446974][ T1224] usb 5-1: New USB device found, idVendor=0403, idProduct=97c1, bcdDevice= 0.00 [ 149.463619][ T1224] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.522439][ T1224] usb 5-1: config 0 descriptor?? [ 149.531384][ T6985] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 149.826284][ T6997] mkiss: ax0: crc mode is auto. [ 150.344460][ T5149] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 150.354741][ T5149] Bluetooth: hci3: Injecting HCI hardware error event [ 150.370656][ T5829] Bluetooth: hci3: hardware error 0x00 [ 150.386620][ T1224] hid-retrode 0003:0403:97C1.0002: invalid report_size -1332412401 [ 150.416267][ T1224] hid-retrode 0003:0403:97C1.0002: item 0 4 1 7 parsing failed [ 150.437199][ T1224] hid-retrode 0003:0403:97C1.0002: probe with driver hid-retrode failed with error -22 [ 150.547931][ T1224] usb 5-1: USB disconnect, device number 2 [ 151.271998][ T5895] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 151.442953][ T5895] usb 5-1: Using ep0 maxpacket: 32 [ 151.454187][ T5895] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 151.471983][ T5895] usb 5-1: config 0 has no interface number 0 [ 151.502082][ T5895] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 151.522059][ T5895] usb 5-1: config 0 interface 85 has no altsetting 0 [ 151.545446][ T5895] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 151.554879][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.581983][ T5895] usb 5-1: Product: syz [ 151.589900][ T5895] usb 5-1: Manufacturer: syz [ 151.595657][ T5895] usb 5-1: SerialNumber: syz [ 151.608091][ T7055] netlink: 24 bytes leftover after parsing attributes in process `syz.0.359'. [ 151.618893][ T5895] usb 5-1: config 0 descriptor?? [ 152.382012][ T5924] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 152.502612][ T5829] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 152.520496][ T5895] appletouch 5-1:0.85: Geyser mode initialized. [ 152.531847][ T5895] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.85/input/input13 [ 152.548320][ C0] appletouch 5-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 152.561734][ T5924] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32 [ 152.571131][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.597979][ T5924] usb 1-1: config 0 descriptor?? [ 152.633919][ T5924] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 152.760576][ T9] usb 5-1: USB disconnect, device number 3 [ 152.791388][ T9] appletouch 5-1:0.85: input: appletouch disconnected [ 152.823216][ T5924] gp8psk: usb in 128 operation failed. [ 152.978377][ T7089] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 153.033330][ T5924] gp8psk: FW Version = 190.161.15 (0xbea10f) Build 2022/178/202 [ 153.283436][ T5924] gp8psk: usb in 149 operation failed. [ 153.702062][ T5924] gp8psk: failed to get FPGA version [ 153.721799][ T5924] gp8psk: usb in 138 operation failed. [ 153.829382][ T5924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 154.017790][ T5924] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver) [ 154.051559][ T5924] usb 1-1: media controller created [ 154.340957][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 154.454439][ T7100] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 154.512177][ T7102] [U]  [ 154.528336][ T7102] [U] K{ [ 154.531854][ T5924] gp8psk_fe: Frontend attached [ 154.536819][ T5924] usb 1-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 154.546216][ T7102] [U] T 1ŠFFˊ`GJǘGO/MC [ 154.560349][ T5924] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 154.610532][ T7102] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 154.654471][ T7102] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 154.677646][ T7102] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 154.732399][ T5924] gp8psk: usb in 138 operation failed. [ 154.737979][ T5924] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected. [ 154.782249][ T5924] gp8psk: found Genpix USB device pID = 203 (hex) [ 154.817435][ T7102] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 154.852290][ T7102] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 154.872517][ T5924] usb 1-1: USB disconnect, device number 8 [ 154.892454][ T7102] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 154.926232][ T7102] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 155.143100][ T7102] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 155.163820][ T7102] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 155.182150][ T7102] [U] 22Ʃ۩X?0;3U [ 155.215472][ T7102] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 155.262281][ T7102] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 155.292283][ T5924] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected. [ 155.309554][ T7102] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 155.319805][ T7102] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 155.327835][ T7102] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 155.343341][ T7102] [U] EC [ 155.351173][ T7102] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 155.370581][ T7102] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 156.251784][ T7135] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 156.368731][ T5924] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 156.653886][ T5924] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 156.705729][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.827953][ T5924] usb 1-1: Product: syz [ 156.837653][ T5924] usb 1-1: Manufacturer: syz [ 156.846480][ T5924] usb 1-1: SerialNumber: syz [ 157.080756][ T5924] usb 1-1: config 0 descriptor?? [ 157.096441][ T5924] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 157.108650][ T5924] usb 1-1: Detected FT232H [ 157.249488][ T7139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.391'. [ 157.258599][ T7139] netlink: 8 bytes leftover after parsing attributes in process `syz.1.391'. [ 157.648410][ T5835] IPVS: starting estimator thread 0... [ 157.797407][ T5924] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 157.809284][ T5924] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 157.818020][ T5924] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 157.829655][ T5924] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 157.850574][ T5924] usb 1-1: USB disconnect, device number 9 [ 157.862060][ T5924] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 157.896444][ T5924] ftdi_sio 1-1:0.0: device disconnected [ 158.297245][ T7140] IPVS: using max 24 ests per chain, 57600 per kthread [ 160.165571][ T5835] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 160.432017][ T5835] usb 1-1: Using ep0 maxpacket: 32 [ 160.452253][ T5835] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 160.478503][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.500883][ T5835] usb 1-1: config 0 descriptor?? [ 160.559923][ T7175] [U]  [ 160.566214][ T7175] [U] K{ [ 160.586435][ T7175] [U] T 1ŠFFˊ`GJǘGO/MC [ 160.606287][ T7175] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 160.637219][ T7175] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 160.686136][ T7175] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 160.745538][ T7175] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 160.770972][ T7175] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 160.802252][ T5835] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 160.823348][ T7175] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 160.836101][ T7175] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 161.052788][ T5835] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 161.060895][ T5835] usb 1-1: media controller created [ 161.061469][ T7175] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 161.147843][ T7175] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 161.162653][ T5835] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 161.173697][ T7175] [U] 22Ʃ۩X?0;3U [ 161.220212][ T5835] az6027: usb out operation failed. (-71) [ 161.233100][ T7175] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 161.263056][ T5835] az6027: usb out operation failed. (-71) [ 161.269176][ T7175] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 161.280049][ T5835] stb0899_attach: Driver disabled by Kconfig [ 161.290212][ T5835] az6027: no front-end attached [ 161.290212][ T5835] [ 161.300749][ T5835] az6027: usb out operation failed. (-71) [ 161.308434][ T7175] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 161.321648][ T7175] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 161.327996][ T5835] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 161.344242][ T5835] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input14 [ 161.375194][ T7175] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 161.394241][ T5835] dvb-usb: schedule remote query interval to 400 msecs. [ 161.412405][ T5835] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 161.434507][ T7175] [U] EC [ 161.438798][ T5835] usb 1-1: USB disconnect, device number 10 [ 161.457424][ T7175] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 161.490126][ T7175] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 161.578587][ T5835] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 162.006575][ T30] kauditd_printk_skb: 127 callbacks suppressed [ 162.006597][ T30] audit: type=1326 audit(1760132113.264:4719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7207 comm="syz.1.419" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f736518eec9 code=0x0 [ 162.730272][ T7212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 162.813117][ T7216] syzkaller1: entered promiscuous mode [ 162.818893][ T7216] syzkaller1: entered allmulticast mode [ 163.792702][ T44] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 163.939836][ T7249] netlink: 8 bytes leftover after parsing attributes in process `syz.0.436'. [ 163.954162][ T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.955180][ T7249] netlink: 48 bytes leftover after parsing attributes in process `syz.0.436'. [ 163.973632][ T44] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 163.986312][ T7249] netlink: 16 bytes leftover after parsing attributes in process `syz.0.436'. [ 163.995984][ T7249] netlink: 48 bytes leftover after parsing attributes in process `syz.0.436'. [ 163.996907][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.024055][ T44] usb 5-1: config 0 descriptor?? [ 164.040991][ T44] hdpvr 5-1:0.0: Could not find bulk-in endpoint [ 164.048010][ T44] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12 [ 164.239125][ T44] usb 5-1: USB disconnect, device number 4 [ 165.230637][ T7271] syz.0.441 (7271) used greatest stack depth: 16648 bytes left [ 165.525391][ T7286] netlink: 8 bytes leftover after parsing attributes in process `syz.3.453'. [ 167.012038][ T5918] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 167.032026][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 167.192001][ T5918] usb 5-1: Using ep0 maxpacket: 16 [ 167.200263][ T5918] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.211401][ T5918] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.231975][ T5918] usb 5-1: config 0 interface 0 has no altsetting 0 [ 167.232594][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.248909][ T5918] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 167.262811][ T5918] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.263074][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 167.293253][ T5918] usb 5-1: config 0 descriptor?? [ 167.314577][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.342878][ T24] usb 1-1: config 0 descriptor?? [ 167.572089][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 167.718058][ T5918] hid (null): unknown global tag 0xd [ 167.724004][ T5918] hid (null): invalid report_size 1285344853 [ 167.731611][ T9] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 167.741236][ T5918] hid (null): unknown global tag 0xe [ 167.751518][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.760021][ T5918] hid (null): report_id 239428730 is invalid [ 167.775213][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.784189][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.792407][ T9] usb 4-1: config 0 descriptor?? [ 167.800660][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.811617][ T24] lenovo 0003:17EF:6047.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.0-1/input0 [ 167.816646][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.840115][ T9] gspca_main: spca508-2.14.0 probing 8086:0110 [ 167.850608][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.863540][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.870660][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.882905][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.889994][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.898350][ T5918] cougar 0003:060B:500A.0004: unknown main item tag 0x0 [ 167.914965][ T5918] cougar 0003:060B:500A.0004: unexpected long global item [ 167.923704][ T5918] cougar 0003:060B:500A.0004: parse failed [ 167.929721][ T5918] cougar 0003:060B:500A.0004: probe with driver cougar failed with error -22 [ 167.956588][ T5918] usb 5-1: USB disconnect, device number 5 [ 168.042627][ T9] gspca_spca508: reg_read err -32 [ 168.347665][ T9] gspca_spca508: reg_read err -71 [ 168.359887][ T9] gspca_spca508: reg_read err -71 [ 168.366307][ T9] gspca_spca508: reg_read err -71 [ 168.371755][ T9] gspca_spca508: reg write: error -71 [ 168.377320][ T9] spca508 4-1:0.0: probe with driver spca508 failed with error -71 [ 168.389555][ T9] usb 4-1: USB disconnect, device number 3 [ 169.177186][ T24] usb 1-1: USB disconnect, device number 11 [ 169.732561][ T7356] input: syz0 as /devices/virtual/input/input15 [ 170.372168][ T5924] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 170.542042][ T5924] usb 1-1: Using ep0 maxpacket: 32 [ 170.618585][ T5924] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 170.640119][ T5924] usb 1-1: config 0 has no interface number 0 [ 170.656989][ T5924] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 10 [ 170.681731][ T5924] usb 1-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 170.707826][ T5924] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 170.726154][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.734858][ T5924] usb 1-1: Product: syz [ 170.739059][ T5924] usb 1-1: Manufacturer: syz [ 170.750981][ T5924] usb 1-1: SerialNumber: syz [ 170.772604][ T5924] usb 1-1: config 0 descriptor?? [ 170.892437][ T7380] netlink: 'syz.4.491': attribute type 10 has an invalid length. [ 170.943396][ T7380] wlan1: mtu less than device minimum [ 170.949553][ T7380] : (slave wlan1): Error -22 calling dev_set_mtu [ 171.194624][ T5924] radio-si470x 1-1:0.35: DeviceID=0x9242 ChipID=0x0000 [ 171.208787][ T5924] radio-si470x 1-1:0.35: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 171.272192][ T7393] netlink: 20 bytes leftover after parsing attributes in process `syz.4.496'. [ 171.395467][ T5924] radio-si470x 1-1:0.35: software version 146, hardware version 66 [ 171.418077][ T5924] radio-si470x 1-1:0.35: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 171.597151][ T5924] radio-si470x 1-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 171.614327][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.621142][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.628182][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.634991][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.641744][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.648528][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.655254][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.661985][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.669168][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.677046][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.683991][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.690910][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.698044][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.705068][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.712020][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.718775][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.725627][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.732463][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.739227][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.746213][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.753449][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.760324][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.767477][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.774537][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.781345][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.788285][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.795052][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.801791][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.808571][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.815281][ T5924] radio-si470x 1-1:0.35: si470x_set_report: usb_control_msg returned -71 [ 171.815399][ C0] radio-si470x 1-1:0.35: non-zero urb status (-71) [ 171.832943][ T5924] radio-si470x 1-1:0.35: probe with driver radio-si470x failed with error -22 [ 171.872326][ T5924] radio-raremono 1-1:0.35: this is not Thanko's Raremono. [ 171.898655][ T5924] usb 1-1: USB disconnect, device number 12 [ 172.417067][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.509'. [ 172.625873][ T7426] block nbd0: shutting down sockets [ 173.415138][ T7450] overlayfs: failed to clone upperpath [ 173.512261][ T5924] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 173.602626][ T5835] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 173.672261][ T5924] usb 4-1: Using ep0 maxpacket: 8 [ 173.691003][ T5924] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 173.701629][ T5924] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 173.714597][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 173.726208][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 173.737523][ T5924] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 173.757054][ T5924] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 173.766723][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 173.775506][ T5924] usb 4-1: Product: syz [ 173.779886][ T5924] usb 4-1: Manufacturer: syz [ 173.781961][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 173.785413][ T5924] usb 4-1: SerialNumber: syz [ 173.796081][ T5835] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 173.806006][ T5924] usb 4-1: config 0 descriptor?? [ 173.811127][ T5835] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 173.821148][ T5835] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 173.830938][ T5835] usb 5-1: config 250 has no interface number 0 [ 173.837946][ T5835] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 173.851038][ T5835] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 173.865210][ T5835] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 173.881316][ T5835] usb 5-1: config 250 interface 228 has no altsetting 0 [ 173.903818][ T5835] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 173.922295][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 173.930617][ T5835] usb 5-1: Product: syz [ 173.935291][ T5835] usb 5-1: SerialNumber: syz [ 173.951424][ T5835] hub 5-1:250.228: bad descriptor, ignoring hub [ 173.958906][ T5835] hub 5-1:250.228: probe with driver hub failed with error -5 [ 174.020502][ T5924] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 174.028507][ T5924] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 174.232134][ T5924] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 174.241980][ T5924] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 174.262094][ T5924] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 174.432765][ T5924] radio-si470x 4-1:0.0: submitting int urb failed (-90) [ 174.449779][ T5835] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 174.625031][ T5835] usb 5-1: device firmware changed [ 174.639100][ T5835] usb 5-1: USB disconnect, device number 6 [ 175.091033][ T5835] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 175.465928][ T5924] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 175.569225][ T5924] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71 [ 175.681642][ T5924] usb 4-1: USB disconnect, device number 4 [ 175.742354][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 175.759477][ T5835] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 175.772319][ T5835] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 175.780812][ T5835] usb 5-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 175.814729][ T5835] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 175.832711][ T5835] usb 5-1: config 250 has no interface number 0 [ 175.839060][ T5835] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 175.859718][ T7479] netlink: 'syz.1.531': attribute type 1 has an invalid length. [ 175.868763][ T7479] netlink: 4 bytes leftover after parsing attributes in process `syz.1.531'. [ 175.963263][ T5835] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 175.974832][ T5835] usb 5-1: config 250 interface 228 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 175.992989][ T5835] usb 5-1: config 250 interface 228 has no altsetting 0 [ 176.002266][ T5835] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 176.011436][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 176.031955][ T5835] usb 5-1: Product: syz [ 176.036190][ T5835] usb 5-1: SerialNumber: syz [ 176.054990][ T5835] hub 5-1:250.228: bad descriptor, ignoring hub [ 176.061393][ T5835] hub 5-1:250.228: probe with driver hub failed with error -5 [ 176.262124][ T7491] kvm: apic: phys broadcast and lowest prio [ 176.268646][ T7494] netlink: 12 bytes leftover after parsing attributes in process `syz.3.538'. [ 176.362238][ T44] usb 5-1: USB disconnect, device number 7 [ 176.468363][ T7502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.540'. [ 178.498085][ T7530] loop2: detected capacity change from 0 to 7 [ 178.517423][ T7530] loop2: [POWERTEC] p1 p2 [ 178.517969][ T7532] overlayfs: failed to clone upperpath [ 178.525153][ T7530] loop2: p1 start 1764718181 is beyond EOD, truncated [ 178.534394][ T7530] loop2: p2 size 786432 extends beyond EOD, truncated [ 178.872921][ T5832] udevd[5832]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 179.392378][ T3002] syzkaller0: tun_net_xmit 76 [ 179.398168][ T3002] syzkaller0: tun_net_xmit 48 [ 179.400875][ T7549] syzkaller0: create flow: hash 2531156300 index 1 [ 179.412165][ T9] syzkaller0: tun_net_xmit 76 [ 179.548435][ T9] syzkaller0: tun_net_xmit 76 [ 179.637472][ T7547] syzkaller0: delete flow: hash 2531156300 index 1 [ 183.087097][ T7579] openvswitch: netlink: Key 5 has unexpected len 4 expected 2 [ 184.103434][ T30] audit: type=1326 audit(1760132135.364:4720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7595 comm="syz.4.573" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe8d218eec9 code=0x0 [ 186.031009][ T7635] input: syz0 as /devices/virtual/input/input17 [ 186.402093][ T30] audit: type=1326 audit(1760132137.654:4721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.458404][ T30] audit: type=1326 audit(1760132137.704:4722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.519091][ T30] audit: type=1326 audit(1760132137.704:4723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.586815][ T30] audit: type=1326 audit(1760132137.704:4724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.653329][ T30] audit: type=1326 audit(1760132137.704:4725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.705628][ T30] audit: type=1326 audit(1760132137.714:4726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.730341][ T30] audit: type=1326 audit(1760132137.714:4727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.784218][ T30] audit: type=1326 audit(1760132137.714:4728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.838034][ T30] audit: type=1326 audit(1760132137.714:4729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7649 comm="syz.1.593" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f736518eec9 code=0x7ffc0000 [ 186.931983][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 187.092063][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 187.103617][ T9] usb 5-1: config 1 has an invalid interface number: 191 but max is 0 [ 187.113633][ T9] usb 5-1: config 1 has no interface number 0 [ 187.119760][ T9] usb 5-1: config 1 interface 191 has no altsetting 0 [ 187.129897][ T9] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=63.76 [ 187.139250][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.147696][ T9] usb 5-1: Product: syz [ 187.152536][ T9] usb 5-1: Manufacturer: syz [ 187.157220][ T9] usb 5-1: SerialNumber: syz [ 187.272046][ T44] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 187.386881][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 187.414869][ T9] snd-usb-audio 5-1:1.191: probe with driver snd-usb-audio failed with error -2 [ 187.422120][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 187.426711][ T9] usb 5-1: USB disconnect, device number 8 [ 187.441170][ T44] usb 4-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 187.457841][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.191/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 187.458183][ T44] usb 4-1: config 1 interface 0 has no altsetting 0 [ 187.495166][ T44] usb 4-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.40 [ 187.504758][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.512958][ T44] usb 4-1: Product: syz [ 187.517255][ T44] usb 4-1: SerialNumber: syz [ 187.771385][ T44] usbhid 4-1:1.0: can't add hid device: -71 [ 187.791124][ T44] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 187.803747][ T44] usb 4-1: USB disconnect, device number 5 [ 188.282940][ T44] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 188.442030][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 188.454243][ T44] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 188.465902][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.474087][ T44] usb 1-1: Product: syz [ 188.478491][ T44] usb 1-1: Manufacturer: syz [ 188.484820][ T44] usb 1-1: SerialNumber: syz [ 188.505792][ T44] usb 1-1: config 0 descriptor?? [ 188.616291][ T7713] netlink: 20 bytes leftover after parsing attributes in process `syz.1.621'. [ 188.934334][ T44] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 188.941977][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 188.956799][ T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 188.969971][ T44] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 188.991960][ T44] usb 1-1: media controller created [ 189.027658][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 189.097707][ T7734] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 189.108509][ T9] usb 5-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 189.109925][ T7734] block device autoloading is deprecated and will be removed. [ 189.127058][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.138321][ T44] zl10353_read_register: readreg error (reg=127, ret==0) [ 189.147953][ T9] usb 5-1: Product: syz [ 189.152491][ T44] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 189.154095][ T9] usb 5-1: Manufacturer: syz [ 189.165575][ T9] usb 5-1: SerialNumber: syz [ 189.172144][ T44] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 189.183837][ T9] usb 5-1: config 0 descriptor?? [ 189.201491][ T44] usb 1-1: USB disconnect, device number 13 [ 189.338493][ T44] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 189.409591][ T9] peak_usb 5-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 189.610394][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 189.617634][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 189.625134][ T9] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 189.697280][ T9] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 189.816646][ T9] usb 5-1: USB disconnect, device number 9 [ 191.342924][ T7789] netlink: 12 bytes leftover after parsing attributes in process `syz.3.652'. [ 191.450297][ T7792] netlink: 372 bytes leftover after parsing attributes in process `syz.1.653'. [ 191.558434][ T7795] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 192.217885][ T7826] netlink: 16 bytes leftover after parsing attributes in process `syz.3.669'. [ 192.280404][ T7830] hfsplus: unable to find HFS+ superblock [ 192.455769][ T7840] warning: `syz.1.677' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 192.634393][ T7834] block nbd0: server does not support multiple connections per device. [ 192.661738][ T7834] block nbd0: shutting down sockets [ 192.810043][ T7847] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0) [ 196.742536][ T5924] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 196.923731][ T5924] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 196.952119][ T5924] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 196.964205][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.994967][ T5924] usb 1-1: config 0 descriptor?? [ 197.014132][ T5924] pwc: Askey VC010 type 2 USB webcam detected. [ 197.061637][ T7905] netlink: 4 bytes leftover after parsing attributes in process `syz.3.700'. [ 197.431005][ T5924] pwc: recv_control_msg error -32 req 02 val 2b00 [ 197.452406][ T5924] pwc: recv_control_msg error -32 req 02 val 2700 [ 197.469684][ T5924] pwc: recv_control_msg error -32 req 02 val 2c00 [ 197.477226][ T5924] pwc: recv_control_msg error -32 req 04 val 1000 [ 197.486961][ T5924] pwc: recv_control_msg error -32 req 04 val 1300 [ 197.504609][ T5924] pwc: recv_control_msg error -32 req 04 val 1400 [ 197.512395][ T5924] pwc: recv_control_msg error -32 req 02 val 2000 [ 197.520203][ T5924] pwc: recv_control_msg error -32 req 02 val 2100 [ 197.528555][ T5924] pwc: recv_control_msg error -32 req 04 val 1500 [ 197.546046][ T5924] pwc: recv_control_msg error -32 req 02 val 2500 [ 197.553869][ T5924] pwc: recv_control_msg error -32 req 02 val 2400 [ 197.642576][ T44] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 197.824960][ T44] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 197.880535][ T44] usb 4-1: config 0 has no interface number 0 [ 197.997952][ T44] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 198.023705][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.033168][ T5924] pwc: recv_control_msg error -71 req 02 val 2900 [ 198.046417][ T44] usb 4-1: Product: syz [ 198.062162][ T44] usb 4-1: Manufacturer: syz [ 198.078053][ T44] usb 4-1: SerialNumber: syz [ 198.176166][ T44] usb 4-1: config 0 descriptor?? [ 198.731589][ T44] usb 4-1: Firmware: major: 68, minor: 215, hardware type: UNKNOWN (239) [ 198.954952][ T44] usb 4-1: no permanent extended address found, random address set [ 199.000364][ T44] usb 4-1: atusb_probe: initialization failed, error = -524 [ 199.085512][ T44] atusb 4-1:0.128: probe with driver atusb failed with error -524 [ 199.320095][ T5924] pwc: recv_control_msg error -71 req 02 val 2800 [ 199.332043][ T5924] pwc: recv_control_msg error -71 req 04 val 1100 [ 199.340482][ T5924] pwc: recv_control_msg error -71 req 04 val 1200 [ 199.349963][ T44] usb 4-1: USB disconnect, device number 6 [ 199.356600][ T5924] pwc: Registered as video103. [ 199.398424][ T5924] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input19 [ 199.416705][ T5924] usb 1-1: USB disconnect, device number 14 [ 199.629187][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.242043][ T44] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 200.862396][ T44] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 200.871512][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.884696][ T44] usb 5-1: config 0 descriptor?? [ 200.904003][ T44] cp210x 5-1:0.0: cp210x converter detected [ 201.577972][ T44] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 201.586436][ T44] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 201.598425][ T44] usb 5-1: cp210x converter now attached to ttyUSB0 [ 201.608902][ T44] usb 5-1: USB disconnect, device number 10 [ 201.626379][ T44] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 201.642612][ T44] cp210x 5-1:0.0: device disconnected [ 202.752569][ T44] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 202.934088][ T44] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 203.122063][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.133687][ T44] usb 4-1: config 0 descriptor?? [ 203.873933][ T8008] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 203.946033][ T44] ath6kl: Failed to read usb control message: -71 [ 203.952655][ T44] ath6kl: Unable to read the bmi data from the device: -71 [ 203.959935][ T44] ath6kl: unable to read target info byte count: -71 [ 203.980277][ T44] ath6kl: Failed to init ath6kl core: -71 [ 203.993651][ T44] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 204.022272][ T44] usb 4-1: USB disconnect, device number 7 [ 204.150175][ T8013] tipc: Started in network mode [ 204.162380][ T8013] tipc: Node identity fffffffa, cluster identity 4711 [ 204.177371][ T8013] tipc: Node number set to 4294967290 [ 205.240405][ T8031] netlink: 4 bytes leftover after parsing attributes in process `syz.0.751'. [ 205.292012][ T5821] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 205.826092][ T8040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.755'. [ 205.826127][ T8040] netlink: 40 bytes leftover after parsing attributes in process `syz.0.755'. [ 205.826138][ T8040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.755'. [ 205.826150][ T8040] netlink: 40 bytes leftover after parsing attributes in process `syz.0.755'. [ 205.854555][ T5821] usb 5-1: not running at top speed; connect to a high speed hub [ 205.855567][ T5821] usb 5-1: config 1 interface 0 altsetting 43 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 205.855600][ T5821] usb 5-1: config 1 interface 0 altsetting 43 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 205.855629][ T5821] usb 5-1: config 1 interface 0 has no altsetting 0 [ 205.869660][ T5821] usb 5-1: New USB device found, idVendor=03eb, idProduct=2118, bcdDevice= 0.40 [ 205.869695][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.869717][ T5821] usb 5-1: Product: syz [ 205.869733][ T5821] usb 5-1: Manufacturer: syz [ 205.869749][ T5821] usb 5-1: SerialNumber: syz [ 205.893640][ T8024] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 206.360298][ T5821] usbhid 5-1:1.0: can't add hid device: -71 [ 206.360378][ T5821] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 206.363282][ T5821] usb 5-1: USB disconnect, device number 11 [ 208.452329][ T5835] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 208.601962][ T5835] usb 5-1: Using ep0 maxpacket: 32 [ 208.610441][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.630512][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.641511][ T5835] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 208.650775][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.676603][ T5835] usb 5-1: config 0 descriptor?? [ 208.698045][ T5835] hub 5-1:0.0: USB hub found [ 208.722278][ T5821] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 208.904108][ T5835] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 208.921278][ T5821] usb 4-1: unable to get BOS descriptor or descriptor too short [ 209.042141][ T5821] usb 4-1: not running at top speed; connect to a high speed hub [ 209.085824][ T5821] usb 4-1: config 6 has an invalid interface number: 200 but max is 0 [ 209.107442][ T5821] usb 4-1: config 6 has no interface number 0 [ 209.125880][ T5821] usb 4-1: config 6 interface 200 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 10 [ 209.137416][ T5821] usb 4-1: config 6 interface 200 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0 [ 209.148301][ T5821] usb 4-1: config 6 interface 200 has no altsetting 0 [ 209.158251][ T5821] usb 4-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 209.168293][ T5821] usb 4-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 209.187312][ T5821] usb 4-1: Product: syz [ 209.192608][ T5821] usb 4-1: Manufacturer: syz [ 209.197551][ T5821] usb 4-1: SerialNumber: syz [ 209.344371][ T5835] hid-generic 0003:046D:C31C.0005: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0 [ 209.439642][ T5821] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 209.461100][ T5821] dvb-usb: bulk message failed: -90 (3/0) [ 209.480526][ T5821] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 209.500129][ T5821] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 209.518239][ T5821] usb 4-1: media controller created [ 209.547308][ T5821] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 209.566517][ T5821] dvb-usb: bulk message failed: -90 (6/0) [ 209.573782][ T5821] dvb-usb: bulk message failed: -90 (6/0) [ 209.579927][ T5821] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 209.617609][ T5821] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20 [ 209.632403][ T5918] usb 5-1: USB disconnect, device number 12 [ 209.659264][ T5821] dvb-usb: schedule remote query interval to 150 msecs. [ 209.683457][ T5821] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 209.720705][ T5821] usb 4-1: USB disconnect, device number 8 [ 209.801287][ T5821] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 212.267823][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 212.267838][ T5843] Bluetooth: hci0: command 0x0406 tx timeout [ 212.935594][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 213.091932][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 213.105097][ T10] usb 1-1: config 8 has an invalid interface number: 219 but max is 0 [ 213.117106][ T10] usb 1-1: config 8 has no interface number 0 [ 213.124009][ T10] usb 1-1: config 8 interface 219 has no altsetting 0 [ 213.278072][ T10] usb 1-1: New USB device found, idVendor=0af0, idProduct=6971, bcdDevice=a0.d0 [ 213.288044][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.297062][ T10] usb 1-1: Product: syz [ 213.301564][ T10] usb 1-1: Manufacturer: syz [ 213.306836][ T10] usb 1-1: SerialNumber: syz [ 214.093122][ T10] usb 1-1: USB disconnect, device number 15 [ 214.412032][ T44] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 214.562048][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 214.569535][ T44] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 214.577724][ T44] usb 4-1: config 0 has no interface number 0 [ 214.583939][ T44] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 214.595055][ T5821] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 214.602725][ T44] usb 4-1: config 0 interface 85 has no altsetting 0 [ 214.615480][ T44] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 214.624635][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.632983][ T44] usb 4-1: Product: syz [ 214.637181][ T44] usb 4-1: Manufacturer: syz [ 214.641802][ T44] usb 4-1: SerialNumber: syz [ 214.653019][ T44] usb 4-1: config 0 descriptor?? [ 214.732159][ T5835] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 214.759397][ T5821] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 214.768775][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.777701][ T5821] usb 5-1: Product: syz [ 214.782634][ T5821] usb 5-1: Manufacturer: syz [ 214.787385][ T5821] usb 5-1: SerialNumber: syz [ 214.799025][ T5821] usb 5-1: config 0 descriptor?? [ 214.884272][ T5835] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 214.894612][ T5835] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 214.906404][ T5835] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 214.915840][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.924615][ T5835] usb 1-1: Product: syz [ 214.928887][ T5835] usb 1-1: Manufacturer: syz [ 214.934159][ T5835] usb 1-1: SerialNumber: syz [ 215.018424][ T5821] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 215.274727][ T44] appletouch 4-1:0.85: Geyser mode initialized. [ 215.289416][ T44] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input21 [ 215.377259][ T5835] usb 1-1: cannot find UAC_HEADER [ 215.412737][ T5835] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 215.441722][ T5832] udevd[5832]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 215.485528][ T5918] usb 4-1: USB disconnect, device number 9 [ 215.503663][ T5918] appletouch 4-1:0.85: input: appletouch disconnected [ 215.580113][ T10] usb 1-1: USB disconnect, device number 16 [ 217.130660][ T5821] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 217.403133][ T8180] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.432651][ T5821] usb 5-1: USB disconnect, device number 13 [ 217.566796][ T8193] syzkaller1: entered promiscuous mode [ 217.576068][ T8193] syzkaller1: entered allmulticast mode [ 217.950797][ T8203] loop9: detected capacity change from 0 to 7 [ 217.959435][ T5832] buffer_io_error: 9 callbacks suppressed [ 217.959447][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 217.992295][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.002100][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.019794][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.030332][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.040710][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.072973][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.081022][ T5832] ldm_validate_partition_table(): Disk read failed. [ 218.088801][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.098227][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.107651][ T5832] Buffer I/O error on dev loop9, logical block 0, async page read [ 218.115797][ T5832] Dev loop9: unable to read RDB block 0 [ 218.121721][ T5832] loop9: unable to read partition table [ 218.128130][ T5832] loop9: partition table beyond EOD, truncated [ 218.130491][ T8208] device ioctl magic numbers don't match! Did you rebuild pvfs2-client-core/libpvfs2? [cmd c0184800, magic 48 != 6b] [ 218.151038][ T8203] ldm_validate_partition_table(): Disk read failed. [ 218.158635][ T8203] Dev loop9: unable to read RDB block 0 [ 218.164898][ T8203] loop9: unable to read partition table [ 218.170788][ T8203] loop9: partition table beyond EOD, truncated [ 218.177518][ T8203] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 218.177518][ T8203] ) failed (rc=-5) [ 218.411743][ T8219] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 218.439120][ T8217] sp0: Synchronizing with TNC [ 218.514668][ T5821] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 218.682125][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 218.699369][ T5821] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 218.720240][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 218.740567][ T5821] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 218.751438][ T5821] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 218.770974][ T5821] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 218.782548][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.891967][ T5895] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 219.027940][ T5821] usb 4-1: GET_CAPABILITIES returned 0 [ 219.037575][ T5821] usbtmc 4-1:16.0: can't read capabilities [ 219.047739][ T5895] usb 1-1: Using ep0 maxpacket: 8 [ 219.094362][ T5895] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 219.113650][ T5895] usb 1-1: config 0 has no interface number 0 [ 219.131018][ T5895] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 219.187133][ T5895] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 219.225639][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.241726][ T5821] usb 4-1: USB disconnect, device number 10 [ 219.311195][ T5895] usb 1-1: config 0 descriptor?? [ 219.345953][ T5895] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 syzkaller syzkaller login: [ 220.034179][ T9] usb 1-1: USB disconnect, device number 17 [ 220.304964][ T8250] overlayfs: failed to clone upperpath [ 220.402120][ T5821] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 220.552057][ T5821] usb 4-1: Using ep0 maxpacket: 32 [ 220.566417][ T5821] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 220.581927][ T5821] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 220.590604][ T5821] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 220.605004][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 220.621914][ T5821] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 220.631687][ T5821] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 220.651973][ T5821] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 220.663730][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.683041][ T5821] usb 4-1: config 0 descriptor?? [ 220.898605][ T5821] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 220.933589][ T5821] usb 4-1: USB disconnect, device number 11 [ 220.947897][ T5821] usblp0: removed [ 221.267453][ T8271] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 221.411981][ T5821] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 221.572009][ T5821] usb 4-1: Using ep0 maxpacket: 32 [ 221.587626][ T5821] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 221.608203][ T5821] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 221.631302][ T5821] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 221.641747][ T5821] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 221.659334][ T5821] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 221.670828][ T5821] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 221.687543][ T5821] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 221.697187][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.709817][ T8291] 9pnet_virtio: no channels available for device syz [ 221.723838][ T5821] usb 4-1: config 0 descriptor?? [ 221.950983][ T5821] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 12 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 222.506809][ T5918] usb 4-1: USB disconnect, device number 12 [ 222.549758][ T5918] usblp0: removed [ 223.026235][ T8327] kvm: kvm [8326]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x6 [ 223.400807][ T5149] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 223.410692][ T5149] CPU: 0 UID: 0 PID: 5149 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT(full) [ 223.410720][ T5149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 223.410736][ T5149] Workqueue: hci2 hci_rx_work [ 223.410773][ T5149] Call Trace: [ 223.410782][ T5149] [ 223.410792][ T5149] dump_stack_lvl+0x189/0x250 [ 223.410820][ T5149] ? __pfx_dump_stack_lvl+0x10/0x10 [ 223.410841][ T5149] ? __pfx__printk+0x10/0x10 [ 223.410868][ T5149] ? kernfs_path_from_node+0x250/0x290 [ 223.410899][ T5149] ? kernfs_path_from_node+0x2f/0x290 [ 223.410935][ T5149] sysfs_create_dir_ns+0x259/0x280 [ 223.410969][ T5149] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 223.411002][ T5149] ? do_raw_spin_unlock+0x122/0x240 [ 223.411029][ T5149] kobject_add_internal+0x59f/0xb40 [ 223.411068][ T5149] kobject_add+0x155/0x220 [ 223.411100][ T5149] ? __pfx_kobject_add+0x10/0x10 [ 223.411128][ T5149] ? _raw_spin_unlock+0x28/0x50 [ 223.411152][ T5149] ? get_device_parent+0x366/0x3a0 [ 223.411182][ T5149] device_add+0x408/0xb50 [ 223.411219][ T5149] hci_conn_add_sysfs+0xd5/0x1e0 [ 223.411256][ T5149] le_conn_complete_evt+0xf39/0x1500 [ 223.411299][ T5149] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 223.411326][ T5149] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 223.411350][ T5149] ? __asan_memcpy+0x40/0x70 [ 223.411375][ T5149] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 223.411398][ T5149] ? skb_pull_data+0xfb/0x200 [ 223.411431][ T5149] hci_le_conn_complete_evt+0x187/0x450 [ 223.411464][ T5149] hci_event_packet+0x78f/0x1200 [ 223.411490][ T5149] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 223.411517][ T5149] ? __pfx_hci_event_packet+0x10/0x10 [ 223.411541][ T5149] ? kcov_remote_start+0x4d3/0x7f0 [ 223.411567][ T5149] ? local_clock_noinstr+0xe0/0xe0 [ 223.411592][ T5149] ? hci_send_to_monitor+0xe2/0x570 [ 223.411624][ T5149] hci_rx_work+0x46a/0xe80 [ 223.411654][ T5149] ? process_scheduled_works+0x9ef/0x17b0 [ 223.411685][ T5149] process_scheduled_works+0xae1/0x17b0 [ 223.411746][ T5149] ? __pfx_process_scheduled_works+0x10/0x10 [ 223.411795][ T5149] worker_thread+0x8a0/0xda0 [ 223.411827][ T5149] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 223.411862][ T5149] ? __kthread_parkme+0x7b/0x200 [ 223.411902][ T5149] kthread+0x711/0x8a0 [ 223.411926][ T5149] ? __pfx_worker_thread+0x10/0x10 [ 223.411952][ T5149] ? __pfx_kthread+0x10/0x10 [ 223.411976][ T5149] ? _raw_spin_unlock_irq+0x23/0x50 [ 223.411996][ T5149] ? lockdep_hardirqs_on+0x9c/0x150 [ 223.412016][ T5149] ? __pfx_kthread+0x10/0x10 [ 223.412038][ T5149] ret_from_fork+0x4bc/0x870 [ 223.412069][ T5149] ? __pfx_ret_from_fork+0x10/0x10 [ 223.412106][ T5149] ? __switch_to_asm+0x39/0x70 [ 223.412128][ T5149] ? __switch_to_asm+0x33/0x70 [ 223.412150][ T5149] ? __pfx_kthread+0x10/0x10 [ 223.412172][ T5149] ret_from_fork_asm+0x1a/0x30 [ 223.412224][ T5149] [ 223.688078][ T5149] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 223.702322][ T5149] Bluetooth: hci2: failed to register connection device [ 224.183878][ T5149] Bluetooth: hci2: command 0x0406 tx timeout [ 224.930936][ T8360] 9pnet_virtio: no channels available for device syz [ 225.604923][ T8387] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 226.084059][ T8401] fuse: Unknown parameter 'group_id00000000000000000000' [ 230.022129][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 231.302259][ T5829] Bluetooth: hci1: command 0x0406 tx timeout [ 237.171060][ T8443] genirq: Flags mismatch irq 7. 00200080 (ttyS3) vs. 00200000 (das16m1) [ 237.328468][ T5833] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 237.337993][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 237.348068][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 237.356729][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 237.364827][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 237.542126][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 237.773297][ T8448] chnl_net:caif_netlink_parms(): no params data found [ 238.112373][ T8448] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.118596][ T8477] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.119856][ T8448] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.138118][ T8448] bridge_slave_0: entered allmulticast mode [ 238.146679][ T8448] bridge_slave_0: entered promiscuous mode [ 238.158073][ T8448] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.165820][ T8448] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.174082][ T8448] bridge_slave_1: entered allmulticast mode [ 238.182695][ T8448] bridge_slave_1: entered promiscuous mode [ 238.224409][ T8448] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 238.238216][ T8448] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 238.249858][ T8480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.282125][ T8477] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.308367][ T8477] netlink: 4 bytes leftover after parsing attributes in process `syz.1.900'. [ 238.328980][ T8448] team0: Port device team_slave_0 added [ 238.351746][ T8448] team0: Port device team_slave_1 added [ 238.629866][ T8487] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 238.679193][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 238.686409][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 238.712358][ C0] vkms_vblank_simulate: vblank timer overrun [ 238.719950][ T8448] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 238.738971][ T8448] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 238.746449][ T8448] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 238.772954][ T8448] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.879820][ T8448] hsr_slave_0: entered promiscuous mode [ 238.897490][ T8448] hsr_slave_1: entered promiscuous mode [ 238.904740][ T8448] debugfs: 'hsr0' already exists in 'hsr' [ 238.910533][ T8448] Cannot create hsr debugfs directory [ 239.171476][ T8448] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 239.188471][ T8448] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 239.206252][ T8448] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 239.237039][ T8448] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 239.367856][ T8506] dvmrp0: entered allmulticast mode [ 239.454768][ T8448] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.467994][ T5833] Bluetooth: hci0: command tx timeout [ 239.550135][ T8448] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.595355][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.602660][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.645016][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.652295][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.910024][ T8448] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.237816][ T8448] veth0_vlan: entered promiscuous mode [ 240.254421][ T8448] veth1_vlan: entered promiscuous mode [ 240.305038][ T8448] veth0_macvtap: entered promiscuous mode [ 240.319791][ T8448] veth1_macvtap: entered promiscuous mode [ 240.347624][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.372867][ T8448] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.388849][ T3002] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.400911][ T3002] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.414853][ T3002] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.426273][ T3002] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.507861][ T3002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.517171][ T3002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.566982][ T2967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.576240][ T2967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.794079][ T8530] 9pnet_virtio: no channels available for device syz [ 241.542353][ T5833] Bluetooth: hci0: command tx timeout [ 241.785464][ T5833] Bluetooth: hci2: unexpected event for opcode 0x0419 [ 241.869704][ T8551] dvmrp0: entered allmulticast mode [ 242.282381][ T5833] Bluetooth: hci2: unexpected event for opcode 0x0c5b [ 243.036848][ T8585] netlink: 'syz.3.931': attribute type 1 has an invalid length. [ 243.050189][ T8585] netlink: 228 bytes leftover after parsing attributes in process `syz.3.931'. [ 243.157955][ T8593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.222680][ T8593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.243534][ T8593] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.283797][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.4.934'. [ 243.622198][ T5833] Bluetooth: hci0: command tx timeout [ 244.091974][ T5895] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 244.272479][ T5895] usb 6-1: Using ep0 maxpacket: 32 [ 244.283696][ T5895] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 244.300873][ T5895] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 244.331920][ T5895] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 244.352256][ T5895] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 244.374565][ T5895] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 244.384569][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.401961][ T5895] usb 6-1: Product: syz [ 244.406816][ T5895] usb 6-1: Manufacturer: syz [ 244.411608][ T5895] usb 6-1: SerialNumber: syz [ 244.443497][ C1] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 244.467082][ T5895] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/input/input23 [ 244.665752][ T5895] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 244.675225][ T5895] (id 0x00) [ 244.732047][ T5895] rc_core: IR keymap rc-imon-pad not found [ 244.737951][ T5895] Registered IR keymap rc-empty [ 244.743095][ T5895] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 244.753969][ T5895] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 244.863281][ T5895] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0 [ 244.876572][ T5895] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0/input24 [ 244.891967][ T5895] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:2> initialized [ 245.066455][ T5924] usb 6-1: USB disconnect, device number 2 [ 245.704336][ T5833] Bluetooth: hci0: command tx timeout [ 246.078477][ T8655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.115145][ T5924] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 246.125696][ T5924] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 246.171764][ T2967] wlan1: authenticated [ 246.172309][ T8661] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.184997][ T2967] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 246.222726][ T2967] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 246.226679][ T8655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.243752][ T2967] wlan1: associated [ 246.259901][ T8655] netlink: 4 bytes leftover after parsing attributes in process `syz.5.959'. [ 246.279783][ T8655] wlan1: deauthenticating from 08:02:11:00:00:00 by local choice (Reason: 3=DEAUTH_LEAVING) [ 248.839363][ T8770] binder: 8768:8770 unknown command 0 [ 248.857044][ T8770] binder: 8768:8770 ioctl c0306201 200000004a40 returned -22 [ 249.458050][ T8799] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 249.622679][ T8801] tipc: Started in network mode [ 249.627862][ T8801] tipc: Node identity 0685988506b1, cluster identity 4711 [ 249.637050][ T8801] tipc: Enabled bearer , priority 0 [ 249.653891][ T8801] syzkaller0: MTU too low for tipc bearer [ 249.682313][ T8801] tipc: Disabling bearer [ 250.300256][ T8819] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3093053321 (395910825088 ns) > initial count (247409990272 ns). Using initial count to start timer. [ 251.145066][ T8860] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 254.572373][ T9001] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1107'. [ 255.133437][ T9030] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1118'. [ 255.361349][ T9036] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 255.370805][ T9036] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 255.484952][ T12] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 255.601960][ T12] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 255.712921][ T12] wlan1: authentication with 08:02:11:00:00:00 timed out [ 255.950845][ T9053] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1128'. [ 256.084913][ T5833] Bluetooth: hci2: unexpected event for opcode 0x0402 [ 256.702406][ T5895] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 256.863674][ T5895] usb 5-1: config index 0 descriptor too short (expected 156, got 27) [ 256.872062][ T5895] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 256.883233][ T5895] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 256.894839][ T5895] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 256.906008][ T5895] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 256.919376][ T5895] usb 5-1: config 0 interface 0 has no altsetting 0 [ 256.928622][ T5895] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 256.937960][ T5895] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 256.946484][ T5895] usb 5-1: Product: syz [ 256.950708][ T5895] usb 5-1: Manufacturer: syz [ 256.955465][ T5895] usb 5-1: SerialNumber: syz [ 256.963307][ T5895] usb 5-1: config 0 descriptor?? [ 256.969031][ T9080] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 256.984503][ T5895] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 256.997053][ T5895] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 257.079071][ T9093] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 257.436424][ T9] usb 5-1: USB disconnect, device number 14 [ 257.448107][ T9] ldusb 5-1:0.0: LD USB Device #0 now disconnected [ 258.115514][ T9140] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 258.593045][ T9160] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 259.180756][ T5833] Bluetooth: hci1: unexpected event for opcode 0x2024 [ 261.068432][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.848859][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 262.859161][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 262.859192][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 262.859206][ T5833] Workqueue: hci0 hci_rx_work [ 262.859234][ T5833] Call Trace: [ 262.859242][ T5833] [ 262.859251][ T5833] dump_stack_lvl+0x189/0x250 [ 262.859281][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 262.859303][ T5833] ? __pfx__printk+0x10/0x10 [ 262.859331][ T5833] ? kernfs_path_from_node+0x250/0x290 [ 262.859363][ T5833] ? kernfs_path_from_node+0x2f/0x290 [ 262.859399][ T5833] sysfs_create_dir_ns+0x259/0x280 [ 262.859434][ T5833] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 262.859467][ T5833] ? do_raw_spin_unlock+0x122/0x240 [ 262.859495][ T5833] kobject_add_internal+0x59f/0xb40 [ 262.859532][ T5833] kobject_add+0x155/0x220 [ 262.859566][ T5833] ? __pfx_kobject_add+0x10/0x10 [ 262.859593][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 262.859618][ T5833] ? get_device_parent+0x366/0x3a0 [ 262.859648][ T5833] device_add+0x408/0xb50 [ 262.859677][ T5833] hci_conn_add_sysfs+0xd5/0x1e0 [ 262.859714][ T5833] le_conn_complete_evt+0xf39/0x1500 [ 262.859755][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 262.859783][ T5833] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 262.859806][ T5833] ? __asan_memcpy+0x40/0x70 [ 262.859831][ T5833] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 262.859854][ T5833] ? skb_pull_data+0xfb/0x200 [ 262.859885][ T5833] hci_le_conn_complete_evt+0x187/0x450 [ 262.859918][ T5833] hci_event_packet+0x78f/0x1200 [ 262.859943][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 262.859970][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 262.859993][ T5833] ? kcov_remote_start+0x4d3/0x7f0 [ 262.860027][ T5833] ? local_clock_noinstr+0xe0/0xe0 [ 262.860055][ T5833] ? hci_send_to_monitor+0xe2/0x570 [ 262.860087][ T5833] hci_rx_work+0x46a/0xe80 [ 262.860118][ T5833] ? process_scheduled_works+0x9ef/0x17b0 [ 262.860149][ T5833] process_scheduled_works+0xae1/0x17b0 [ 262.860210][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 262.860259][ T5833] worker_thread+0x8a0/0xda0 [ 262.860319][ T5833] kthread+0x711/0x8a0 [ 262.860344][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 262.860373][ T5833] ? __pfx_kthread+0x10/0x10 [ 262.860396][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 262.860416][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 262.860437][ T5833] ? __pfx_kthread+0x10/0x10 [ 262.860459][ T5833] ret_from_fork+0x4bc/0x870 [ 262.860490][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 262.860527][ T5833] ? __switch_to_asm+0x39/0x70 [ 262.860550][ T5833] ? __switch_to_asm+0x33/0x70 [ 262.860572][ T5833] ? __pfx_kthread+0x10/0x10 [ 262.860594][ T5833] ret_from_fork_asm+0x1a/0x30 [ 262.860638][ T5833] [ 262.860668][ T5833] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 263.141236][ T5833] Bluetooth: hci0: failed to register connection device [ 263.157404][ T5833] ================================================================== [ 263.165522][ T5833] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040 [ 263.173572][ T5833] Read of size 8 at addr ffff88807db3d480 by task kworker/u9:3/5833 [ 263.181593][ T5833] [ 263.184445][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 263.184467][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 263.184481][ T5833] Workqueue: hci0 hci_rx_work [ 263.184502][ T5833] Call Trace: [ 263.184511][ T5833] [ 263.184519][ T5833] dump_stack_lvl+0x189/0x250 [ 263.184538][ T5833] ? __kasan_check_byte+0x12/0x40 [ 263.184561][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.184577][ T5833] ? lock_release+0x4b/0x3e0 [ 263.184602][ T5833] ? __virt_addr_valid+0x4a5/0x5c0 [ 263.184621][ T5833] print_report+0xca/0x240 [ 263.184640][ T5833] ? l2cap_connect_cfm+0x6e4/0x1040 [ 263.184661][ T5833] kasan_report+0x118/0x150 [ 263.184681][ T5833] ? l2cap_connect_cfm+0x6e4/0x1040 [ 263.184706][ T5833] l2cap_connect_cfm+0x6e4/0x1040 [ 263.184732][ T5833] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 263.184762][ T5833] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 263.184785][ T5833] hci_connect_cfm+0x95/0x140 [ 263.184804][ T5833] le_conn_complete_evt+0xfb8/0x1500 [ 263.184830][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 263.184851][ T5833] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 263.184870][ T5833] ? __asan_memcpy+0x40/0x70 [ 263.184886][ T5833] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 263.184905][ T5833] ? skb_pull_data+0xfb/0x200 [ 263.184928][ T5833] hci_le_conn_complete_evt+0x187/0x450 [ 263.184951][ T5833] hci_event_packet+0x78f/0x1200 [ 263.184968][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 263.184987][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 263.185004][ T5833] ? kcov_remote_start+0x4d3/0x7f0 [ 263.185026][ T5833] ? local_clock_noinstr+0xe0/0xe0 [ 263.185044][ T5833] ? hci_send_to_monitor+0xe2/0x570 [ 263.185066][ T5833] hci_rx_work+0x46a/0xe80 [ 263.185085][ T5833] ? process_scheduled_works+0x9ef/0x17b0 [ 263.185108][ T5833] process_scheduled_works+0xae1/0x17b0 [ 263.185142][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 263.185170][ T5833] worker_thread+0x8a0/0xda0 [ 263.185203][ T5833] kthread+0x711/0x8a0 [ 263.185220][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 263.185242][ T5833] ? __pfx_kthread+0x10/0x10 [ 263.185257][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 263.185273][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.185290][ T5833] ? __pfx_kthread+0x10/0x10 [ 263.185305][ T5833] ret_from_fork+0x4bc/0x870 [ 263.185327][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 263.185351][ T5833] ? __switch_to_asm+0x39/0x70 [ 263.185368][ T5833] ? __switch_to_asm+0x33/0x70 [ 263.185385][ T5833] ? __pfx_kthread+0x10/0x10 [ 263.185401][ T5833] ret_from_fork_asm+0x1a/0x30 [ 263.185426][ T5833] [ 263.185432][ T5833] [ 263.437701][ T5833] Allocated by task 5833: [ 263.442040][ T5833] kasan_save_track+0x3e/0x80 [ 263.446733][ T5833] __kasan_kmalloc+0x93/0xb0 [ 263.451417][ T5833] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 263.456793][ T5833] l2cap_chan_create+0x50/0x760 [ 263.461659][ T5833] l2cap_sock_new_connection_cb+0x182/0x2b0 [ 263.467566][ T5833] l2cap_connect_cfm+0x37a/0x1040 [ 263.472619][ T5833] hci_connect_cfm+0x95/0x140 [ 263.477303][ T5833] le_conn_complete_evt+0xfb8/0x1500 [ 263.482685][ T5833] hci_le_conn_complete_evt+0x187/0x450 [ 263.488244][ T5833] hci_event_packet+0x78f/0x1200 [ 263.493275][ T5833] hci_rx_work+0x46a/0xe80 [ 263.497718][ T5833] process_scheduled_works+0xae1/0x17b0 [ 263.503276][ T5833] worker_thread+0x8a0/0xda0 [ 263.507879][ T5833] kthread+0x711/0x8a0 [ 263.511950][ T5833] ret_from_fork+0x4bc/0x870 [ 263.516582][ T5833] ret_from_fork_asm+0x1a/0x30 [ 263.521356][ T5833] [ 263.523682][ T5833] Freed by task 9362: [ 263.527669][ T5833] kasan_save_track+0x3e/0x80 [ 263.532355][ T5833] __kasan_save_free_info+0x46/0x50 [ 263.537567][ T5833] __kasan_slab_free+0x5c/0x80 [ 263.542341][ T5833] kfree+0x19a/0x6d0 [ 263.546254][ T5833] l2cap_sock_cleanup_listen+0xea/0x3e0 [ 263.551813][ T5833] l2cap_sock_release+0x6a/0x210 [ 263.556855][ T5833] sock_close+0xc3/0x240 [ 263.561105][ T5833] __fput+0x44c/0xa70 [ 263.565094][ T5833] task_work_run+0x1d4/0x260 [ 263.569688][ T5833] exit_to_user_mode_loop+0xe9/0x130 [ 263.575077][ T5833] do_syscall_64+0x2bd/0xfa0 [ 263.579725][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.585730][ T5833] [ 263.588056][ T5833] The buggy address belongs to the object at ffff88807db3d000 [ 263.588056][ T5833] which belongs to the cache kmalloc-2k of size 2048 [ 263.602113][ T5833] The buggy address is located 1152 bytes inside of [ 263.602113][ T5833] freed 2048-byte region [ffff88807db3d000, ffff88807db3d800) [ 263.616104][ T5833] [ 263.618435][ T5833] The buggy address belongs to the physical page: [ 263.624865][ T5833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7db38 [ 263.633644][ T5833] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 263.642243][ T5833] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 263.649981][ T5833] page_type: f5(slab) [ 263.653984][ T5833] raw: 00fff00000000040 ffff88813fe27000 ffffea0001e33000 dead000000000002 [ 263.662577][ T5833] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 263.671207][ T5833] head: 00fff00000000040 ffff88813fe27000 ffffea0001e33000 dead000000000002 [ 263.679884][ T5833] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 263.688561][ T5833] head: 00fff00000000003 ffffea0001f6ce01 00000000ffffffff 00000000ffffffff [ 263.697365][ T5833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 263.706141][ T5833] page dumped because: kasan: bad access detected [ 263.712588][ T5833] page_owner tracks the page as allocated [ 263.718341][ T5833] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5830, tgid 5830 (syz-executor), ts 92574239703, free_ts 92471120755 [ 263.739729][ T5833] post_alloc_hook+0x240/0x2a0 [ 263.744609][ T5833] get_page_from_freelist+0x2365/0x2440 [ 263.750166][ T5833] __alloc_frozen_pages_noprof+0x181/0x370 [ 263.756068][ T5833] alloc_pages_mpol+0x232/0x4a0 [ 263.760929][ T5833] allocate_slab+0x96/0x3a0 [ 263.765466][ T5833] ___slab_alloc+0xe94/0x18a0 [ 263.770183][ T5833] __slab_alloc+0x65/0x100 [ 263.774606][ T5833] __kmalloc_cache_noprof+0x411/0x6f0 [ 263.779989][ T5833] rtnl_newlink+0xfb/0x1c80 [ 263.784506][ T5833] rtnetlink_rcv_msg+0x7cf/0xb70 [ 263.789469][ T5833] netlink_rcv_skb+0x208/0x470 [ 263.794258][ T5833] netlink_unicast+0x82f/0x9e0 [ 263.799037][ T5833] netlink_sendmsg+0x805/0xb30 [ 263.803803][ T5833] __sock_sendmsg+0x21c/0x270 [ 263.808499][ T5833] __sys_sendto+0x3bd/0x520 [ 263.813028][ T5833] __x64_sys_sendto+0xde/0x100 [ 263.817808][ T5833] page last free pid 5910 tgid 5910 stack trace: [ 263.824152][ T5833] __free_frozen_pages+0xbc4/0xd30 [ 263.829294][ T5833] __slab_free+0x2e7/0x390 [ 263.833723][ T5833] qlist_free_all+0x97/0x140 [ 263.838317][ T5833] kasan_quarantine_reduce+0x148/0x160 [ 263.843779][ T5833] __kasan_slab_alloc+0x22/0x80 [ 263.848636][ T5833] kmem_cache_alloc_noprof+0x367/0x6e0 [ 263.854100][ T5833] getname_flags+0xb8/0x540 [ 263.858613][ T5833] user_path_at+0x24/0x60 [ 263.862958][ T5833] __se_sys_chdir+0x91/0x280 [ 263.867559][ T5833] do_syscall_64+0xfa/0xfa0 [ 263.872106][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.878005][ T5833] [ 263.880331][ T5833] Memory state around the buggy address: [ 263.885981][ T5833] ffff88807db3d380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.894045][ T5833] ffff88807db3d400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.902110][ T5833] >ffff88807db3d480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.910516][ T5833] ^ [ 263.914692][ T5833] ffff88807db3d500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.922778][ T5833] ffff88807db3d580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 263.930852][ T5833] ================================================================== [ 263.939006][ C0] vkms_vblank_simulate: vblank timer overrun [ 263.958935][ T5833] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 263.966199][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) [ 263.975876][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 263.986402][ T5833] Workqueue: hci0 hci_rx_work [ 263.991104][ T5833] Call Trace: [ 263.994410][ T5833] [ 263.997353][ T5833] dump_stack_lvl+0x99/0x250 [ 264.001957][ T5833] ? __asan_memcpy+0x40/0x70 [ 264.006564][ T5833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.011766][ T5833] ? __pfx__printk+0x10/0x10 [ 264.016364][ T5833] vpanic+0x237/0x6d0 [ 264.020363][ T5833] ? __pfx_vpanic+0x10/0x10 [ 264.024882][ T5833] ? preempt_schedule+0xae/0xc0 [ 264.029764][ T5833] ? __pfx_preempt_schedule+0x10/0x10 [ 264.035176][ T5833] panic+0xb9/0xc0 [ 264.038915][ T5833] ? __pfx_panic+0x10/0x10 [ 264.043351][ T5833] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 264.049260][ T5833] ? l2cap_connect_cfm+0x6e4/0x1040 [ 264.054477][ T5833] check_panic_on_warn+0x89/0xb0 [ 264.059459][ T5833] ? l2cap_connect_cfm+0x6e4/0x1040 [ 264.064684][ T5833] end_report+0x78/0x160 [ 264.068945][ T5833] kasan_report+0x129/0x150 [ 264.073546][ T5833] ? l2cap_connect_cfm+0x6e4/0x1040 [ 264.078763][ T5833] l2cap_connect_cfm+0x6e4/0x1040 [ 264.083923][ T5833] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 264.089925][ T5833] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 264.095400][ T5833] hci_connect_cfm+0x95/0x140 [ 264.100088][ T5833] le_conn_complete_evt+0xfb8/0x1500 [ 264.105408][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 264.111173][ T5833] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 264.116836][ T5833] ? __asan_memcpy+0x40/0x70 [ 264.121438][ T5833] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 264.127439][ T5833] ? skb_pull_data+0xfb/0x200 [ 264.132137][ T5833] hci_le_conn_complete_evt+0x187/0x450 [ 264.137704][ T5833] hci_event_packet+0x78f/0x1200 [ 264.142655][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 264.147957][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 264.153336][ T5833] ? kcov_remote_start+0x4d3/0x7f0 [ 264.158462][ T5833] ? local_clock_noinstr+0xe0/0xe0 [ 264.163582][ T5833] ? hci_send_to_monitor+0xe2/0x570 [ 264.168793][ T5833] hci_rx_work+0x46a/0xe80 [ 264.173307][ T5833] ? process_scheduled_works+0x9ef/0x17b0 [ 264.179043][ T5833] process_scheduled_works+0xae1/0x17b0 [ 264.184610][ T5833] ? __pfx_process_scheduled_works+0x10/0x10 [ 264.190612][ T5833] worker_thread+0x8a0/0xda0 [ 264.195227][ T5833] kthread+0x711/0x8a0 [ 264.199303][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 264.204426][ T5833] ? __pfx_kthread+0x10/0x10 [ 264.209033][ T5833] ? _raw_spin_unlock_irq+0x23/0x50 [ 264.214244][ T5833] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.219465][ T5833] ? __pfx_kthread+0x10/0x10 [ 264.224059][ T5833] ret_from_fork+0x4bc/0x870 [ 264.228661][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 264.233797][ T5833] ? __switch_to_asm+0x39/0x70 [ 264.238582][ T5833] ? __switch_to_asm+0x33/0x70 [ 264.243361][ T5833] ? __pfx_kthread+0x10/0x10 [ 264.248023][ T5833] ret_from_fork_asm+0x1a/0x30 [ 264.252807][ T5833] [ 264.256119][ T5833] Kernel Offset: disabled [ 264.260445][ T5833] Rebooting in 86400 seconds..