last executing test programs: 5.947071356s ago: executing program 4 (id=1543): creat(&(0x7f0000000080)='./file0\x00', 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 5.658097765s ago: executing program 4 (id=1545): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) rmdir(0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3) mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1d4e, 0x103) 5.532607297s ago: executing program 4 (id=1546): socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000000)='cubic', 0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000140)=[0x253d, 0xe, 0x505, 0x7, 0x148a, 0x48]) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xe9) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28182, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a77aa4094225b4210a2010203010902240001000000000904000002923350000905f402ff030000000905ba3e"], 0x0) ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0xffffffffffffffb6) syz_usb_connect(0x2, 0x2d, &(0x7f0000000300)=ANY=[@ANYBLOB="23c82929d29e63879b17a0dee69cdef20ecb63609a101a03dad04f25a22ca2bc22c88e59910f7bb1fd33b57678aef6702549269c67e447972935c4f275e7fd3a7bcfa98c610a84d6230ac3e74b9f608c1f275b2809e1d74677e811be73fb1f77cadac2813eb093d04797be4b8781f96332f1fe493d1cfa24c5733a2956e25c949cd4b2620f47ebde989066d2b58563d9f4c5ccfbeaf1ffc40bc2bea2e5220de27b61f7b08b87719b9e853de33b8b61da9b9f053b60867d479a2299ce7e4ff87499a5a922fb0613d4852c8493f0c8f669c3606146ed1ec4a71c81974f13ef6a25b2461e2e71df12d04156a328982a1f7d2e", @ANYRESDEC], 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000001c0)={'bond_slave_1\x00', &(0x7f0000000180)=@ethtool_modinfo={0x42, 0x9, 0xe}}) r4 = fsopen(&(0x7f0000000000)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000100)='\\%)$*:\x00', 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r5, 0x0, 0x0) 4.157574022s ago: executing program 1 (id=1561): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x4, @sdr={0x32315559, 0x2}}) 4.025981705s ago: executing program 1 (id=1564): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f00000000c0)=@v={0x93, 0x7, 0xa0, 0xa, @MIDI_NOTEON=@special, 0x6, 0xfffc}) 3.76880005s ago: executing program 3 (id=1567): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.761105651s ago: executing program 1 (id=1568): memfd_create(&(0x7f0000000000)='\xfb\"a&\x8fe\x11\x8c\xd64\xf9 \x00\x00\x00\x00\x00\x12\x1a\'<\xf5\xbeV\x12\xaal\xfa\xf0o\xd8\xb1,\xbd>M\xe3\x98?\xd9\x96\xab\xc7\x06\xfd\x9b\xab\xc8\x1e\x89]\x13bZ\x8d /#k\x95\x9eLV(\x8a\x0e\x93\x93Vc]mP\xbativ\xce\xa4K\xfb\xf2\xe0\xbf\x9d\xa1\xa2\xcd\xb39\xb4\x17a9\x1c\x82\x1aLT\xd0\xb9\x1a\xafB\x95\xb4\xcf\x91X\x8c\x87\xc2\xa1\x1b\xfe\xe7\xbc\xf7\xeb\xdeL\x1d\x98Zq\xcc%\x98\xb0Yc\xec\xb7\xb5m(9\xde\xd3\xefB\xd4\xee\xb5\xee\xe0\xaa\xdd\x00\xb1jOB\xdas\xe3\xb47}%)\xb9\xbf{\xce\x94^\xec\xdf\xbcW\xe0I\x0e\xa4\x1e}\x06\vK\xed\x11\x880\x0e\x9c\xaeVU\x88\xb0\x842kgA]\x1e\x88\xecif\xee]\x8b\xc6\"\xcej\x84\x06\x8a\x99\x80\xd7\xcf\x96\xed\x89\x1e6\x93+\xec#\x1d2\xb8\x80Z\xf7\x06\xbe\xc9[L\xc5\xc9\xb5\xd6{\xee\xce\x17\x89\xa6r\xc5j\xec\x1b\xaa\x996\x14e\xcf\x8axQ\x8fXeT\'0.\x85\xa2\xc8\xb3c\t\xe8\x1a\x89\xecL\xcf\xd8\xb5\xfb\xbc\tX\x88\xbe\xf4@[\xb2\xd5\x8c\xb9\x0e\x17\x8b\xce\xd09\xd2\xfb\x9e\xef\xabR\x88\x17\x9et\xf7\x9c\x01\x91\xacH\xdb\xf9\xcb\x7fh\x83>\x8e\xe1=\xedR\xc9\xe68h\x19\xafLY\x94\x93\xebT\x15\x817\x9d#\xea\xd2\xa8\xfb^\x8c\x87#\x10', 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$kcm(0x11, 0x2, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000017, 0x3, 0x0, 0x2, 0x4ee59ce4, 0x1, 0xfffffffc}, 0x0) r2 = getpid() ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, 0x0) r3 = syz_pidfd_open(r2, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r4, r4, 0x0, 0x201f01) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000000)={'raw\x00'}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) r5 = io_uring_setup(0x1ddf, &(0x7f0000001080)={0x0, 0x48a5, 0x800, 0x2, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(0xffffffffffffffff, 0x40086432, 0x0) setns(r3, 0x8020000) mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0xf, 0x0, 0x100000}, 0x20) syz_open_dev$usbfs(0x0, 0x20000007b, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80043, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) 3.756030501s ago: executing program 0 (id=1569): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x6, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xd}, {0x1, 0xb}, {0x10, 0xc}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.6647777s ago: executing program 3 (id=1570): setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r0, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) 3.643054573s ago: executing program 0 (id=1571): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88203, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC(r2, 0x4068aea3, &(0x7f00000005c0)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.418849975s ago: executing program 1 (id=1572): openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket(0x10, 0x80000, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000480)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0xc, 0x3, @fd_index=0x5, 0x8, 0x0, 0x0, 0x7, 0x0, {0x0, r5}}) io_uring_enter(r2, 0x74d1, 0x4c3, 0x43, 0x0, 0xfffffffffffffd1d) recvmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x100, 0x0) syz_emit_ethernet(0xfc0, 0x0, 0x0) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_udp_int(r6, 0x11, 0x66, &(0x7f0000000e80), 0x4) accept$alg(0xffffffffffffffff, 0x0, 0x0) 3.15066936s ago: executing program 4 (id=1575): r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r0) 3.099190336s ago: executing program 4 (id=1576): r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x62081, 0x0) io_submit(0x0, 0x1, &(0x7f00000000c0)=[0x0]) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000080)={0x2812, 0x1}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(r4, 0x0, 0x0) r5 = open$dir(&(0x7f0000000240)='./file0\x00', 0x800, 0x100) openat$incfs(r5, &(0x7f0000000280)='.log\x00', 0x800, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r6, &(0x7f00000000c0)=""/4082, 0xff2, 0x7) r7 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r7, &(0x7f0000000740)=[{&(0x7f0000000300)=""/49, 0x31}], 0x1, 0x6, 0x0) ioctl$LOOP_CHANGE_FD(r6, 0x4c06, r0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r8, &(0x7f0000000200)=[{&(0x7f0000002780)=""/124, 0x7c}], 0x1, 0x10001, 0x7) 3.008766154s ago: executing program 2 (id=1577): r0 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000000)=0xffffffff, 0x4) 2.842565071s ago: executing program 2 (id=1578): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000004000000000fe8000000000000000000000000000aa4e2200004e2400000a0000608cd40000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000010feffffffffffffff000000400000000000000000000000001a000000000000000100000000000000feffffffffffffff7a0000000000000005000000000000000000000000000000ff7f000000000000080000000000000001"], 0xc4}}, 0x8044) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c) 2.74951307s ago: executing program 0 (id=1579): socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) 2.679740197s ago: executing program 3 (id=1580): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.679158587s ago: executing program 0 (id=1581): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x5, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x100, 0x6, 0x6361, 0x5, 0xfffffffd, 0x6}, [@TCA_NETEM_LATENCY64={0xc, 0xa, 0x7}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xd}, {0x1, 0xb}, {0x10, 0xc}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.599032755s ago: executing program 2 (id=1582): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x51, 0xb, @buffer={0x0, 0x0, &(0x7f00000004c0)=""/211}, &(0x7f0000000240)="ae8d7acda0", 0x0, 0xfffffff9, 0x0, 0x8, 0x0}) 2.473962987s ago: executing program 3 (id=1583): ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f00000001c0)={0x9, {0x2a, 0x6, 0x6fb9, 0x2, 0xff}}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000600)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x2}]}}}}}}}}, 0x0) 2.473311417s ago: executing program 0 (id=1584): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) setsockopt(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x8000, 0xffff0001) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900), 0x0, 0x0, 0x0, 0x0, r4}) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r3, 0xc01064ab, &(0x7f0000000240)={0x6, 0x0, r4}) syz_open_procfs(0x0, 0x0) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xe) ioctl$VHOST_SET_OWNER(r6, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000003380)) r7 = eventfd2(0x1, 0x1) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r7, 0xc0c89425, &(0x7f0000000200)={"2ea9698227f56e0a722c699b821a6f80", 0x0, 0x0, {0x4, 0x9}, {0x4, 0x8}, 0x8, [0x9, 0x0, 0x1, 0x93, 0x534b, 0x5, 0x2, 0xe, 0x7fff, 0x5, 0x1, 0x6, 0x8000000000000001, 0x0, 0x7, 0x9]}) ioctl$BTRFS_IOC_WAIT_SYNC(r6, 0x40089416, &(0x7f0000000040)=r8) r9 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0x40007, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7}, 0x1c) socket$inet6(0xa, 0x80002, 0x0) 2.447810459s ago: executing program 2 (id=1585): r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000105804105000000000000109022d00010700000009040005050300000009210002080122940309058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000008c0)={0x3, 0x100, 0x0, 0x4, 0x2, 0xfff}) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 2.320694042s ago: executing program 3 (id=1586): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="fc0000001900010029bd7000fbdbdf25ff010000060000800000000000000001fe8000000000000000000000000000bb00000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000004000000000000000000000000000000000000000000000000000000000000000200000000000000fdffffffffffffff000000000000000000000000000000000500000000000000000000000020000000000000000000000000000000000000010002000000000044000500fe800000000000000000000000000044000004d42b0000000a000000e00000010000000000000000000000000000000004"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r0, &(0x7f0000004d00), 0x7fffffffffffd33, 0x20000890) syz_usb_connect$cdc_ncm(0x6, 0x8f, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) io_uring_setup(0x3454, &(0x7f0000000080)) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 863.207435ms ago: executing program 4 (id=1587): openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1, 0x2}) 643.394037ms ago: executing program 1 (id=1588): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={r2, 0x1}, 0x8) 536.627728ms ago: executing program 1 (id=1589): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10) socket$kcm(0xa, 0x1, 0x106) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f00003e1000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000340)={[0x3ffffd, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x213f85fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x5, 0x7, 0x100000000], 0x3000, 0x280384}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r3, 0x0) socket$qrtr(0x2a, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4007, @fd_index=0x4, 0x0, 0x0, 0x0, 0x0, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 516.454109ms ago: executing program 0 (id=1590): setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) bind$alg(0xffffffffffffffff, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r0, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) 206.77103ms ago: executing program 3 (id=1591): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x88203, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x42, 0x0, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC(r2, 0x4068aea3, &(0x7f00000005c0)) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535e7976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fee30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac0b000000733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52ab50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472785521147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600000000000000000000000000000000000000000000000000000000000000000600"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.618459ms ago: executing program 2 (id=1592): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000300)=@ipv6_newrule={0x38, 0x20, 0x1, 0x70bd28, 0x0, {0xa, 0x0, 0x20, 0x64, 0x2, 0x0, 0x0, 0x7, 0x6}, [@FIB_RULE_POLICY=@FRA_SPORT_RANGE={0x8, 0x17, {0x4e20, 0x4e21}}, @FRA_SRC={0x14, 0x2, @private1}]}, 0x38}, 0x1, 0x0, 0x0, 0x24040804}, 0x0) 0s ago: executing program 2 (id=1593): socket$packet(0x11, 0x3, 0x300) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x24}}, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(0xffffffffffffffff, r1, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): 1): recovery complete [ 264.030489][ T5913] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 264.308887][ T5910] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.364: casefold flag without casefold feature [ 264.476058][ T5910] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.364: couldn't read orphan inode 15 (err -117) [ 264.558492][ T5910] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 266.355343][ T26] audit: type=1804 audit(1760822386.931:5): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.364" name="/newroot/64/file0/bus" dev="loop3" ino=18 res=1 errno=0 [ 266.405677][ T5930] loop1: detected capacity change from 0 to 512 [ 266.513459][ T5930] EXT4-fs error (device loop1): ext4_orphan_get:1427: comm syz.1.367: bad orphan inode 13 [ 266.534346][ T26] audit: type=1800 audit(1760822386.931:6): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.364" name="bus" dev="loop3" ino=18 res=0 errno=0 [ 266.534439][ T5932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.368'. [ 266.600969][ T5930] ext4_test_bit(bit=12, block=4) = 1 [ 266.622049][ T5930] is_bad_inode(inode)=0 [ 266.650339][ T5930] NEXT_ORPHAN(inode)=0 [ 266.684308][ T5930] max_ino=32 [ 266.687983][ T5930] i_nlink=1 [ 266.691182][ T5930] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 266.712107][ T5932] netlink: 20 bytes leftover after parsing attributes in process `syz.0.368'. [ 266.735708][ T5932] netlink: 20 bytes leftover after parsing attributes in process `syz.0.368'. [ 267.102472][ T5939] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.367: Unrecognised inode hash code 20 [ 267.114110][ T5939] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.367: Corrupt directory, running e2fsck is recommended [ 268.015673][ T5945] device syzkaller0 entered promiscuous mode [ 268.713782][ T26] audit: type=1326 audit(1760822390.031:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5959 comm="syz.0.376" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x0 [ 269.135621][ T5953] netlink: 44 bytes leftover after parsing attributes in process `syz.1.372'. [ 269.488110][ T5973] sg_write: data in/out 28/38 bytes for SCSI command 0x5d-- guessing data in; [ 269.488110][ T5973] program syz.4.380 not setting count and/or reply_len properly [ 269.691359][ T5981] netlink: 24 bytes leftover after parsing attributes in process `syz.4.384'. [ 269.839902][ T4832] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 270.094470][ T4832] usb 1-1: Using ep0 maxpacket: 16 [ 270.224412][ T4832] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.250955][ T4832] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.278842][ T4832] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 270.323958][ T4832] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.374361][ T5818] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 270.436140][ T4832] usb 1-1: config 0 descriptor?? [ 270.621427][ T26] audit: type=1804 audit(1760822391.941:8): pid=5993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.388" name="/newroot/84/file1" dev="fuse" ino=1 res=1 errno=0 [ 270.794573][ T5818] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 270.835116][ T5818] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 270.854315][ T5818] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 270.874162][ T5818] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.894068][ T5818] usb 3-1: config 0 descriptor?? [ 270.956630][ T5818] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 270.966374][ T5818] dvb-usb: bulk message failed: -22 (3/0) [ 270.973681][ T4832] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 270.998668][ T5818] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 271.074058][ T4832] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 271.074461][ T5818] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 271.103973][ T5818] usb 3-1: media controller created [ 271.110060][ T4832] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 271.113547][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 271.136795][ T5978] dvb-usb: bulk message failed: -22 (3/0) [ 271.143909][ T5818] dvb-usb: bulk message failed: -22 (6/0) [ 271.183805][ T4832] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 271.203295][ T5818] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 271.264616][ T4832] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 271.266992][ T5818] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5 [ 271.325220][ T4832] mcp2221 0003:04D8:00DD.0001: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 271.337918][ T5818] dvb-usb: schedule remote query interval to 150 msecs. [ 271.357620][ T5818] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 271.437032][ T5818] usb 3-1: USB disconnect, device number 12 [ 271.598586][ T5818] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 271.613562][ T4832] usb 1-1: USB disconnect, device number 14 [ 271.908393][ T6010] device bridge0 entered promiscuous mode [ 271.919982][ T6010] device bridge0 left promiscuous mode [ 272.034289][ T4321] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 272.434556][ T4321] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 272.443874][ T1108] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 272.464673][ T4321] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.504828][ T4321] usb 2-1: config 0 descriptor?? [ 272.556975][ T4321] usb 2-1: selecting invalid altsetting 3 [ 272.562970][ T4321] comedi comedi5: could not set alternate setting 3 in high speed [ 272.594391][ T4321] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 272.631488][ T4321] usbduxsigma: probe of 2-1:0.0 failed with error -22 [ 272.724355][ T4832] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 272.814516][ T1108] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 272.832664][ T1108] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 272.850710][ T6027] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 272.857734][ T6027] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 272.864722][ T1108] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 272.873830][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.886687][ T1108] usb 3-1: config 0 descriptor?? [ 272.909046][ T4321] usb 2-1: USB disconnect, device number 8 [ 272.938238][ T1108] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 273.054694][ T4832] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 273.144620][ T4238] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 273.165218][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.180078][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.199129][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.284607][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.299579][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.311027][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.394592][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.409225][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.420804][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.525931][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.544252][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.573362][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.684847][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.704464][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.731874][ T4238] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 273.746599][ T6038] tipc: Can't bind to reserved service type 1 [ 273.753347][ T4238] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.761582][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.768732][ T4238] usb 1-1: Product: syz [ 273.784974][ T4238] usb 1-1: Manufacturer: syz [ 273.802893][ T4238] usb 1-1: SerialNumber: syz [ 273.819530][ T4238] usb 1-1: config 0 descriptor?? [ 273.835424][ T6040] netlink: 40 bytes leftover after parsing attributes in process `syz.1.407'. [ 273.856370][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 273.868798][ T6042] tipc: Started in network mode [ 273.874055][ T6042] tipc: Node identity ce8d111c96a7, cluster identity 4711 [ 273.884318][ T4238] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 273.890575][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 273.902380][ T6042] tipc: Enabled bearer , priority 0 [ 273.930590][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 273.934869][ T6044] device syzkaller0 entered promiscuous mode [ 273.975203][ T6042] tipc: Resetting bearer [ 274.014576][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 274.035900][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 274.047577][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 274.055842][ T6041] tipc: Resetting bearer [ 274.073508][ T6041] tipc: Disabling bearer [ 274.104475][ T4238] gspca_sq905c: sq905c_command: usb_control_msg failed (-71) [ 274.111965][ T4238] sq905c 1-1:0.0: Get version command failed [ 274.134377][ T4238] sq905c: probe of 1-1:0.0 failed with error -71 [ 274.154739][ T4832] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 274.182698][ T4238] usb 1-1: USB disconnect, device number 15 [ 274.190673][ T4832] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 274.225771][ T4832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 274.437235][ T26] audit: type=1326 audit(1760822395.761:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.460053][ T4832] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 274.478709][ T4832] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 274.499582][ T4832] usb 4-1: Product: syz [ 274.514925][ T4832] usb 4-1: Manufacturer: syz [ 274.517082][ T26] audit: type=1326 audit(1760822395.761:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.525304][ T4832] usb 4-1: SerialNumber: syz [ 274.546743][ T26] audit: type=1326 audit(1760822395.761:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546786][ T26] audit: type=1326 audit(1760822395.761:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546822][ T26] audit: type=1326 audit(1760822395.761:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546857][ T26] audit: type=1326 audit(1760822395.761:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546892][ T26] audit: type=1326 audit(1760822395.761:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546928][ T26] audit: type=1326 audit(1760822395.761:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.546962][ T26] audit: type=1326 audit(1760822395.761:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.569154][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.636976][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.703835][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.715509][ T4832] usb 4-1: config 0 descriptor?? [ 274.757632][ T26] audit: type=1326 audit(1760822395.761:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6057 comm="syz.1.415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 274.803288][ T6061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.416'. [ 274.820387][ T4832] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 275.148350][ T4321] usb 3-1: USB disconnect, device number 13 [ 275.161549][ T4832] usb 4-1: USB disconnect, device number 6 [ 275.167572][ C0] usb 4-1: yurex_control_callback - control failed: -71 [ 275.217949][ T4832] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 275.227079][ T6083] netlink: 16 bytes leftover after parsing attributes in process `syz.1.425'. [ 275.365185][ T6090] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 275.762811][ T6111] loop6: detected capacity change from 0 to 7 [ 275.778880][ T6111] Dev loop6: unable to read RDB block 7 [ 275.798430][ T6111] loop6: AHDI p1 p2 p3 [ 275.803156][ T6111] loop6: partition table partially beyond EOD, truncated [ 275.815141][ T6111] loop6: p1 start 2664430726 is beyond EOD, truncated [ 275.834058][ T6111] loop6: p2 size 108 extends beyond EOD, truncated [ 276.010473][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 276.044487][ T4832] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 276.199779][ T6118] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4068521576 (4068521576 ns) > initial count (2794446801 ns). Using initial count to start timer. [ 276.304581][ T4832] usb 5-1: Using ep0 maxpacket: 32 [ 276.424480][ T4832] usb 5-1: config 0 has no interfaces? [ 276.430179][ T4832] usb 5-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 276.503562][ T4832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.534296][ T4321] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 276.556822][ T4832] usb 5-1: config 0 descriptor?? [ 276.833977][ T4832] usb 5-1: USB disconnect, device number 10 [ 276.954491][ T4321] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.981082][ T4321] usb 4-1: config 0 interface 0 has no altsetting 0 [ 277.035274][ T4321] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 277.060288][ T4321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.108852][ T4321] usb 4-1: config 0 descriptor?? [ 277.420356][ T6116] kvm [6115]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc2 data 0x9d00 [ 277.485984][ T6116] kvm [6115]: vcpu0, guest rIP: 0x9114 disabled perfctr wrmsr: 0xc1 data 0x9d00 [ 277.561884][ T6116] APIC base relocation is unsupported by KVM [ 277.754416][ T4321] usbhid 4-1:0.0: can't add hid device: -71 [ 277.775055][ T4321] usbhid: probe of 4-1:0.0 failed with error -71 [ 277.825471][ T4321] usb 4-1: USB disconnect, device number 7 [ 278.524379][ T4238] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 278.706080][ T6143] bridge0: port 2(bridge_slave_1) entered disabled state [ 278.804347][ T6147] netlink: 8 bytes leftover after parsing attributes in process `syz.1.452'. [ 278.945472][ T4238] usb 1-1: config 0 has no interfaces? [ 279.114561][ T4238] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.153368][ T4238] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.197137][ T4238] usb 1-1: Product: syz [ 279.203551][ T4238] usb 1-1: Manufacturer: syz [ 279.219811][ T4238] usb 1-1: SerialNumber: syz [ 279.268779][ T4238] usb 1-1: config 0 descriptor?? [ 279.668322][ T6167] netlink: 12 bytes leftover after parsing attributes in process `syz.0.445'. [ 279.684341][ T6167] 8021q: VLANs not supported on caif0 [ 281.078916][ T6148] delete_channel: no stack [ 281.319019][ T4238] usb 1-1: USB disconnect, device number 16 [ 281.371826][ T6198] kvm: pic: non byte write [ 282.712723][ T6225] loop6: detected capacity change from 0 to 7 [ 282.763186][ T4173] Dev loop6: unable to read RDB block 7 [ 282.772648][ T4173] loop6: unable to read partition table [ 282.798647][ T4173] loop6: partition table beyond EOD, truncated [ 282.833914][ T6225] Dev loop6: unable to read RDB block 7 [ 282.858149][ T6225] loop6: unable to read partition table [ 282.916012][ T6225] loop6: partition table beyond EOD, truncated [ 282.963169][ T6225] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 285.470416][ T6255] IPVS: nq: FWM 3 0x00000003 - no destination available [ 286.248642][ T26] kauditd_printk_skb: 33 callbacks suppressed [ 286.248657][ T26] audit: type=1326 audit(1760822407.571:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 286.381931][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 286.452082][ T26] audit: type=1326 audit(1760822407.601:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 286.517905][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 286.621176][ T26] audit: type=1326 audit(1760822407.611:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 286.678891][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 286.725874][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 286.734334][ T5818] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 286.777639][ T26] audit: type=1326 audit(1760822407.611:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 286.810384][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 286.890451][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 286.953642][ T6279] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 286.973829][ T26] audit: type=1326 audit(1760822407.611:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.129057][ T6277] sctp: sctp_transport_update_pmtu: Reported pmtu 68 too low, using default minimum of 512 [ 287.164488][ T5818] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 287.190611][ T26] audit: type=1326 audit(1760822407.611:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.224354][ T5818] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 287.272496][ T5818] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 287.343838][ T5818] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 287.354553][ T26] audit: type=1326 audit(1760822407.611:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.485974][ T26] audit: type=1326 audit(1760822407.611:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.554540][ T5818] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 287.563632][ T5818] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 287.584259][ T26] audit: type=1326 audit(1760822407.611:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.659721][ T5818] usb 1-1: Product: syz [ 287.663953][ T5818] usb 1-1: Manufacturer: syz [ 287.755577][ T26] audit: type=1326 audit(1760822407.621:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6273 comm="syz.0.490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fde783f5fc9 code=0x7ffc0000 [ 287.778725][ T6282] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 287.815656][ T5818] cdc_wdm 1-1:1.0: skipping garbage [ 287.820925][ T5818] cdc_wdm 1-1:1.0: skipping garbage [ 287.862031][ T5818] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 288.029196][ T4321] usb 1-1: USB disconnect, device number 17 [ 288.204268][ T5818] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 288.594725][ T5818] usb 5-1: config 0 has an invalid interface number: 33 but max is 0 [ 288.611083][ T5818] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 288.670065][ T5818] usb 5-1: config 0 has no interface number 0 [ 288.691589][ T6295] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 288.718096][ T5818] usb 5-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 288.767924][ T5818] usb 5-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 288.821142][ T5818] usb 5-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 289.014508][ T5818] usb 5-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 289.053700][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.092392][ T5818] usb 5-1: Product: syz [ 289.096997][ T5818] usb 5-1: Manufacturer: syz [ 289.103585][ T5818] usb 5-1: SerialNumber: syz [ 289.143967][ T5818] usb 5-1: config 0 descriptor?? [ 289.214520][ T6288] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 289.256427][ T5818] hdpvr 5-1:0.33: Could not find bulk-in endpoint [ 289.277148][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.0.501'. [ 289.306439][ T5818] hdpvr: probe of 5-1:0.33 failed with error -12 [ 290.635892][ T6320] udc-core: couldn't find an available UDC or it's busy [ 290.642896][ T6320] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 291.731929][ T4321] usb 5-1: USB disconnect, device number 11 [ 291.908293][ T4832] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 292.284499][ T4832] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 292.319943][ T4832] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 292.352284][ T4832] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 292.376395][ T4832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.405631][ T4832] usb 2-1: config 0 descriptor?? [ 292.456643][ T4832] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 292.888921][ T6348] netlink: 12 bytes leftover after parsing attributes in process `syz.3.511'. [ 292.978686][ T6348] device vlan2 entered promiscuous mode [ 292.996856][ T6348] device team0 entered promiscuous mode [ 293.028653][ T6348] device team_slave_0 entered promiscuous mode [ 293.042943][ T6348] device team_slave_1 entered promiscuous mode [ 293.727263][ T6359] binder: 6358:6359 ioctl c0306201 200000000080 returned -14 [ 293.847949][ T21] usb 2-1: USB disconnect, device number 9 [ 294.248211][ T6373] device bridge0 entered promiscuous mode [ 294.258056][ T6373] device macsec1 entered promiscuous mode [ 294.268172][ T6373] bridge0: port 3(macsec1) entered blocking state [ 294.277815][ T6373] bridge0: port 3(macsec1) entered disabled state [ 294.318549][ T6373] device bridge0 left promiscuous mode [ 294.356590][ T21] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 294.598846][ T6378] tipc: Started in network mode [ 294.603920][ T6378] tipc: Node identity eebf21b4007b, cluster identity 4711 [ 294.611288][ T21] usb 2-1: Using ep0 maxpacket: 16 [ 294.638751][ T6378] tipc: Enabled bearer , priority 0 [ 294.653177][ T6381] device syzkaller0 entered promiscuous mode [ 294.678912][ T6378] tipc: Resetting bearer [ 294.695136][ T6376] tipc: Resetting bearer [ 294.742190][ T6376] tipc: Disabling bearer [ 294.793799][ T6386] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 294.827443][ T6386] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 294.904602][ T21] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 294.945567][ T21] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 294.981964][ T21] usb 2-1: Product: syz [ 295.000779][ T21] usb 2-1: Manufacturer: syz [ 295.018787][ T21] usb 2-1: SerialNumber: syz [ 295.054597][ T21] usb 2-1: config 0 descriptor?? [ 295.332663][ T21] usb 2-1: USB disconnect, device number 10 [ 295.353671][ T5818] Bluetooth: hci3: command 0x2021 tx timeout [ 295.476227][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 295.666197][ T5818] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 296.084391][ T5818] usb 4-1: config 0 has no interfaces? [ 296.404485][ T5818] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 296.424355][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.474303][ T5818] usb 4-1: Product: syz [ 296.515099][ T5818] usb 4-1: Manufacturer: syz [ 296.534008][ T5818] usb 4-1: SerialNumber: syz [ 296.586856][ T5818] usb 4-1: config 0 descriptor?? [ 297.727207][ T6427] tipc: Enabled bearer , priority 0 [ 297.765424][ T6427] device syzkaller0 entered promiscuous mode [ 297.839882][ T6427] tipc: Resetting bearer [ 297.854259][ T6426] tipc: Resetting bearer [ 297.887661][ T6426] tipc: Disabling bearer [ 298.587457][ T6436] netlink: 24 bytes leftover after parsing attributes in process `syz.4.536'. [ 299.249454][ T4712] usb 4-1: USB disconnect, device number 8 [ 299.342973][ T6416] delete_channel: no stack [ 300.472406][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 300.472431][ T26] audit: type=1326 audit(1760822421.791:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 301.158422][ T26] audit: type=1326 audit(1760822422.481:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 301.363538][ T26] audit: type=1326 audit(1760822422.481:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 301.437931][ T26] audit: type=1326 audit(1760822422.481:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 301.501338][ T26] audit: type=1326 audit(1760822422.481:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 301.784597][ T26] audit: type=1326 audit(1760822422.481:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 302.016780][ T6494] tipc: Enabled bearer , priority 0 [ 302.034962][ T6494] device syzkaller0 entered promiscuous mode [ 302.061778][ T26] audit: type=1326 audit(1760822422.481:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 302.153543][ T26] audit: type=1326 audit(1760822422.481:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 302.191014][ T6494] tipc: Resetting bearer [ 302.231638][ T6493] tipc: Resetting bearer [ 302.277962][ T6493] tipc: Disabling bearer [ 302.324340][ T26] audit: type=1326 audit(1760822422.481:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 302.560480][ T26] audit: type=1326 audit(1760822422.481:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6479 comm="syz.2.548" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7fc00000 [ 304.019126][ T6539] usb usb8: usbfs: process 6539 (syz.2.563) did not claim interface 0 before use [ 304.075564][ T6543] usb usb8: usbfs: process 6543 (syz.2.563) did not claim interface 0 before use [ 307.020520][ T6605] netlink: 4 bytes leftover after parsing attributes in process `syz.0.585'. [ 307.775414][ T6619] syz.0.590 uses obsolete (PF_INET,SOCK_PACKET) [ 309.439166][ T6654] netlink: 52 bytes leftover after parsing attributes in process `syz.4.603'. [ 309.699218][ T6665] tipc: Enabled bearer , priority 0 [ 309.706923][ T6665] device syzkaller0 entered promiscuous mode [ 309.734150][ T6665] tipc: Resetting bearer [ 309.773433][ T6664] tipc: Resetting bearer [ 309.825828][ T6664] tipc: Disabling bearer [ 310.634526][ T6679] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 310.641488][ T6679] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 310.686723][ T6682] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(11) [ 310.686730][ T6679] vhci_hcd vhci_hcd.0: Device attached [ 310.693382][ T6682] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 310.712540][ T6682] vhci_hcd vhci_hcd.0: Device attached [ 310.748366][ T6686] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(10) [ 310.755009][ T6686] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 310.770403][ T6679] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 310.824220][ T6682] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 310.852328][ T6686] vhci_hcd vhci_hcd.0: Device attached [ 310.864453][ T4238] vhci_hcd: vhci_device speed not set [ 310.872258][ T6690] vhci_hcd: connection closed [ 310.872263][ T6692] vhci_hcd: connection closed [ 310.875905][ T6687] vhci_hcd: connection closed [ 310.887411][ T4402] vhci_hcd: stop threads [ 310.909276][ T4402] vhci_hcd: release socket [ 310.917875][ T4402] vhci_hcd: disconnect device [ 310.929200][ T4402] vhci_hcd: stop threads [ 310.933504][ T4402] vhci_hcd: release socket [ 310.939458][ T4402] vhci_hcd: disconnect device [ 310.947163][ T4402] vhci_hcd: stop threads [ 310.952675][ T4402] vhci_hcd: release socket [ 310.960487][ T4402] vhci_hcd: disconnect device [ 310.966911][ T4238] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 312.413101][ T6736] block device autoloading is deprecated and will be removed. [ 312.584417][ T5818] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 312.834406][ T5818] usb 4-1: Using ep0 maxpacket: 16 [ 312.954620][ T5818] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 313.184618][ T5818] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 313.202919][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.227228][ T5818] usb 4-1: Product: syz [ 313.235857][ T5818] usb 4-1: Manufacturer: syz [ 313.241072][ T5818] usb 4-1: SerialNumber: syz [ 313.260187][ T5818] usb 4-1: config 0 descriptor?? [ 313.494280][ T4832] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 313.764379][ T4832] usb 2-1: Using ep0 maxpacket: 8 [ 313.884490][ T4832] usb 2-1: config 0 has no interfaces? [ 314.044559][ T4832] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 314.063069][ T4832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.126696][ T4832] usb 2-1: Product: syz [ 314.131027][ T4832] usb 2-1: Manufacturer: syz [ 314.144125][ T4832] usb 2-1: SerialNumber: syz [ 314.194952][ T4832] usb 2-1: config 0 descriptor?? [ 314.457802][ T6752] loop6: detected capacity change from 0 to 7 [ 314.478651][ T4173] Dev loop6: unable to read RDB block 7 [ 314.484732][ T4173] loop6: unable to read partition table [ 314.505232][ T4173] loop6: partition table beyond EOD, truncated [ 314.524309][ T4712] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 314.572839][ T6752] Dev loop6: unable to read RDB block 7 [ 314.602857][ T6752] loop6: unable to read partition table [ 314.629743][ T6752] loop6: partition table beyond EOD, truncated [ 314.665804][ T6752] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 314.687746][ T1110] usb 2-1: USB disconnect, device number 11 [ 314.733253][ T5818] usb 4-1: USB disconnect, device number 9 [ 314.954814][ T4712] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 314.975934][ T4712] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 315.022854][ T4712] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 315.045449][ T4712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.222062][ T6799] netlink: 2 bytes leftover after parsing attributes in process `syz.2.649'. [ 315.751563][ T6815] tipc: Started in network mode [ 315.756835][ T6815] tipc: Node identity 0ef7394e21cf, cluster identity 4711 [ 315.774635][ T6815] tipc: Enabled bearer , priority 0 [ 315.791730][ T6815] device syzkaller0 entered promiscuous mode [ 315.823855][ T6815] tipc: Resetting bearer [ 315.854007][ T6814] tipc: Resetting bearer [ 315.920369][ T6814] tipc: Disabling bearer [ 316.074431][ T4238] vhci_hcd: vhci_device speed not set [ 316.234368][ T6822] binder_alloc: 6821: pid 6821 spamming oneway? 2 buffers allocated for a total size of 5120 [ 316.314498][ T6824] binder_alloc: 6821: pid 6821 spamming oneway? 3 buffers allocated for a total size of 5128 [ 316.851245][ T6840] netlink: 196 bytes leftover after parsing attributes in process `syz.2.661'. [ 317.109292][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.118734][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.439189][ T4238] usb 1-1: USB disconnect, device number 18 [ 317.751659][ T6860] netlink: 'syz.1.671': attribute type 4 has an invalid length. [ 317.811352][ T6862] netlink: 'syz.1.671': attribute type 4 has an invalid length. [ 318.224780][ T6873] tipc: Enabled bearer , priority 0 [ 318.252209][ T6873] device syzkaller0 entered promiscuous mode [ 318.335542][ T6873] tipc: Resetting bearer [ 318.352604][ T6871] tipc: Resetting bearer [ 318.385970][ T6871] tipc: Disabling bearer [ 318.573665][ T6879] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'. [ 319.665320][ T26] kauditd_printk_skb: 31 callbacks suppressed [ 319.665335][ T26] audit: type=1326 audit(1760822440.991:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 319.743442][ T26] audit: type=1326 audit(1760822440.991:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 319.812878][ T26] audit: type=1326 audit(1760822440.991:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 319.890373][ T26] audit: type=1326 audit(1760822440.991:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 319.974558][ T26] audit: type=1326 audit(1760822440.991:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 320.037892][ T26] audit: type=1326 audit(1760822440.991:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 320.100982][ T26] audit: type=1326 audit(1760822440.991:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 320.132948][ T26] audit: type=1326 audit(1760822440.991:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 320.186080][ T26] audit: type=1326 audit(1760822440.991:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 320.369461][ T26] audit: type=1326 audit(1760822440.991:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.4.677" exe="/root/syz-executor" sig=0 arch=40000003 syscall=244 compat=1 ip=0x200000000006 code=0x7ffc0000 [ 320.842603][ T6925] crypto_alloc_aead failed rc=-2 [ 321.865537][ T6984] netlink: 48 bytes leftover after parsing attributes in process `syz.2.705'. [ 321.948706][ T6984] device erspan0 entered promiscuous mode [ 322.158918][ T6978] sctp: failed to load transform for md5: -2 [ 323.148246][ T7031] netlink: 180 bytes leftover after parsing attributes in process `syz.0.717'. [ 323.185236][ T7031] netlink: 40 bytes leftover after parsing attributes in process `syz.0.717'. [ 323.185602][ T4712] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 323.636998][ T4712] usb 3-1: unable to get BOS descriptor or descriptor too short [ 323.744581][ T4712] usb 3-1: config 25 has an invalid interface number: 105 but max is 0 [ 323.764262][ T4712] usb 3-1: config 25 has no interface number 0 [ 323.770518][ T4712] usb 3-1: config 25 interface 105 has no altsetting 0 [ 323.969873][ T7074] netlink: 16 bytes leftover after parsing attributes in process `syz.0.728'. [ 324.044641][ T4712] usb 3-1: New USB device found, idVendor=1f4d, idProduct=a115, bcdDevice=c5.ca [ 324.061477][ T7075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.728'. [ 324.091332][ T4712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.151350][ T4712] usb 3-1: Product: syz [ 324.180089][ T4712] usb 3-1: Manufacturer: syz [ 324.200586][ T4712] usb 3-1: SerialNumber: syz [ 324.612504][ T4712] usb 3-1: USB disconnect, device number 14 [ 326.040851][ T7143] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 326.159622][ T4712] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 326.167330][ T4832] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 326.574539][ T4712] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 326.582886][ T4832] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 326.614512][ T4712] usb 2-1: config 0 has no interface number 0 [ 326.623400][ T4832] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 326.655898][ T4832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.677615][ T4832] usb 3-1: config 0 descriptor?? [ 326.694779][ T7140] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 326.786195][ T4712] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 326.804234][ T4712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.822624][ T4712] usb 2-1: Product: syz [ 326.828043][ T4712] usb 2-1: Manufacturer: syz [ 326.844250][ T4712] usb 2-1: SerialNumber: syz [ 326.871101][ T4712] usb 2-1: config 0 descriptor?? [ 326.908850][ T7166] netlink: 12 bytes leftover after parsing attributes in process `syz.3.752'. [ 327.144456][ T4712] dvb_usb_ec168: probe of 2-1:0.1 failed with error -71 [ 327.171591][ T4712] usb 2-1: USB disconnect, device number 12 [ 327.189548][ T4832] elan 0003:04F3:0755.0002: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 327.408977][ T4238] usb 3-1: USB disconnect, device number 15 [ 327.769371][ T7177] fido_id[7177]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 328.463746][ T7210] netlink: 48 bytes leftover after parsing attributes in process `syz.1.764'. [ 328.515594][ T7213] fuse: Unknown parameter 'group_id?00000000000000000000' [ 328.679050][ T7213] nvme_fabrics: missing parameter 'transport=%s' [ 328.696622][ T7213] nvme_fabrics: missing parameter 'nqn=%s' [ 329.103455][ T7223] device syzkaller0 entered promiscuous mode [ 329.854538][ T7245] netlink: 596 bytes leftover after parsing attributes in process `syz.2.775'. [ 330.068992][ T7251] loop6: detected capacity change from 0 to 7 [ 330.100407][ T7251] Dev loop6: unable to read RDB block 7 [ 330.118579][ T7251] loop6: unable to read partition table [ 330.165535][ T7251] loop6: partition table beyond EOD, truncated [ 330.199941][ T7251] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 330.227535][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 330.227549][ T26] audit: type=1326 audit(1760822451.551:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7254 comm="syz.2.780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7ffc0000 [ 330.347462][ T26] audit: type=1326 audit(1760822451.611:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7254 comm="syz.2.780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fb5bd67bfc9 code=0x7ffc0000 [ 330.524097][ T26] audit: type=1326 audit(1760822451.611:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7254 comm="syz.2.780" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5bd67bfc9 code=0x7ffc0000 [ 330.765409][ T21] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 331.154429][ T21] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 331.194304][ T21] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 331.263433][ T21] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 331.306497][ T21] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 331.349110][ T21] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 331.544427][ T21] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 331.553586][ T4225] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 331.584066][ T21] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 331.614297][ T21] usb 3-1: Product: syz [ 331.628787][ T21] usb 3-1: Manufacturer: syz [ 331.705059][ T21] cdc_wdm 3-1:1.0: skipping garbage [ 331.711237][ T21] cdc_wdm 3-1:1.0: skipping garbage [ 331.792283][ T21] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 331.828811][ T21] cdc_wdm 3-1:1.0: Unknown control protocol [ 331.948413][ T21] usb 3-1: USB disconnect, device number 16 [ 331.984560][ T4225] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 332.026785][ T4225] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 332.070474][ T4225] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 332.104326][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.135211][ T4225] usb 2-1: config 0 descriptor?? [ 332.186029][ T4225] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 332.947117][ T4238] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 333.324577][ T4238] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 333.363248][ T4238] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.396537][ T4238] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.410187][ T4238] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 333.538097][ T4238] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 333.560247][ T4238] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 333.586849][ T4238] usb 5-1: Manufacturer: syz [ 333.610782][ T4238] usb 5-1: config 0 descriptor?? [ 334.126125][ T4238] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 334.185681][ T4238] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 334.235483][ T4712] usb 2-1: USB disconnect, device number 13 [ 334.272766][ T4238] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 334.310018][ T7316] tipc: Enabled bearer , priority 0 [ 334.335078][ T7316] tipc: Resetting bearer [ 334.375262][ T7315] tipc: Disabling bearer [ 334.829128][ T7322] crypto_alloc_aead failed rc=-2 [ 334.916762][ T7334] device veth0_to_bridge entered promiscuous mode [ 335.441791][ T7327] input: syz1 as /devices/virtual/input/input9 [ 335.568270][ T7349] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 335.574751][ T7349] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 336.199920][ T4238] usb 5-1: USB disconnect, device number 12 [ 337.364598][ T7376] device syzkaller0 entered promiscuous mode [ 338.049351][ T7384] input: syz1 as /devices/virtual/input/input10 [ 338.684334][ T4712] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 339.064383][ T4712] usb 2-1: config 0 has an invalid interface number: 201 but max is 0 [ 339.103897][ T4712] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.154348][ T4712] usb 2-1: config 0 has no interface number 0 [ 339.170972][ T4712] usb 2-1: config 0 interface 201 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 339.265999][ T4712] usb 2-1: config 0 interface 201 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 339.494434][ T4712] usb 2-1: New USB device found, idVendor=04fc, idProduct=0235, bcdDevice=ef.15 [ 339.529299][ T4712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.584482][ T4712] usb 2-1: Product: syz [ 339.615227][ T4712] usb 2-1: Manufacturer: syz [ 339.651242][ T4712] usb 2-1: SerialNumber: syz [ 339.711471][ T4712] usb 2-1: config 0 descriptor?? [ 339.777777][ T4712] spcp8x5 2-1:0.201: required endpoints missing [ 340.770686][ T7429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.836'. [ 341.293492][ T7435] netlink: 68 bytes leftover after parsing attributes in process `syz.0.840'. [ 342.190323][ T4832] usb 2-1: USB disconnect, device number 14 [ 342.566916][ T26] audit: type=1326 audit(1760822463.891:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 342.951374][ T26] audit: type=1326 audit(1760822463.921:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 342.973603][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.294721][ T26] audit: type=1326 audit(1760822463.931:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 343.354258][ T26] audit: type=1326 audit(1760822463.931:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 343.376687][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.517477][ T26] audit: type=1326 audit(1760822463.931:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 343.539722][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.648341][ T26] audit: type=1326 audit(1760822463.931:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 343.754375][ T26] audit: type=1326 audit(1760822463.931:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 343.909705][ T26] audit: type=1326 audit(1760822463.931:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 344.074230][ T26] audit: type=1326 audit(1760822463.931:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 344.208507][ T26] audit: type=1326 audit(1760822463.941:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7457 comm="syz.1.849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 344.575058][ T7488] netlink: 'syz.0.860': attribute type 4 has an invalid length. [ 344.756818][ T7490] device syzkaller0 entered promiscuous mode [ 345.012232][ T7506] xt_TCPMSS: Only works on TCP SYN packets [ 345.204968][ T4321] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 345.216058][ T4832] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 345.224633][ T21] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 345.301409][ T7522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.875'. [ 345.490042][ T21] usb 4-1: Using ep0 maxpacket: 8 [ 345.604394][ T4321] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.615622][ T4321] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.625540][ T21] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 345.636970][ T4321] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 345.650083][ T21] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 345.660345][ T4694] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 345.668008][ T4321] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 345.677452][ T21] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 345.687580][ T4321] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.695972][ T21] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.709707][ T21] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 345.720155][ T4321] usb 2-1: config 0 descriptor?? [ 345.725434][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.744889][ T4832] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=a2.bf [ 345.760642][ T4832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.769159][ T4832] usb 1-1: Product: syz [ 345.773360][ T4832] usb 1-1: Manufacturer: syz [ 345.781889][ T4832] usb 1-1: SerialNumber: syz [ 345.790751][ T4832] usb 1-1: config 0 descriptor?? [ 345.836456][ T4832] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 345.944407][ T4694] usb 5-1: Using ep0 maxpacket: 16 [ 345.994658][ T21] usb 4-1: GET_CAPABILITIES returned 0 [ 346.000792][ T21] usbtmc 4-1:16.0: can't read capabilities [ 346.044682][ T4832] ssu100: probe of 1-1:0.0 failed with error -71 [ 346.060277][ T4832] usb 1-1: USB disconnect, device number 19 [ 346.208163][ T4321] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving [ 346.216257][ C1] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 346.229876][ T7503] usbtmc 4-1:16.0: Unable to send data, error -71 [ 346.243510][ T4225] usb 4-1: USB disconnect, device number 10 [ 346.253873][ T4321] plantronics 0003:047F:FFFF.0004: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 346.286566][ T4694] usb 5-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 346.304053][ T4694] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.313986][ T4694] usb 5-1: Product: syz [ 346.322624][ T4694] usb 5-1: Manufacturer: syz [ 346.330216][ T4694] usb 5-1: SerialNumber: syz [ 346.348102][ T4694] usb 5-1: config 0 descriptor?? [ 346.407922][ T4832] usb 2-1: USB disconnect, device number 15 [ 346.516479][ T7539] fido_id[7539]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 346.834459][ T4694] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 346.865267][ T4694] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 346.917209][ T4694] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 346.930395][ T4694] usb 5-1: media controller created [ 346.969617][ T4694] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 347.004443][ T4832] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 347.114706][ T4694] zl10353_read_register: readreg error (reg=127, ret==0) [ 347.130535][ T4694] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 347.154114][ T4694] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 347.374460][ T4832] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 347.408511][ T4832] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 347.467381][ T4832] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 347.529936][ T7559] netlink: 104 bytes leftover after parsing attributes in process `syz.2.888'. [ 347.743783][ T4238] usb 5-1: USB disconnect, device number 13 [ 347.750179][ T4832] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice=20.41 [ 347.773742][ T4832] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 347.829986][ T4832] usb 1-1: Product: syz [ 347.835795][ T4238] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 347.845160][ T4832] usb 1-1: Manufacturer: syz [ 347.859648][ T4832] usb 1-1: SerialNumber: syz [ 348.147019][ T4832] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 20 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 349.669234][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state [ 349.676592][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.653258][ T4238] usb 1-1: USB disconnect, device number 20 [ 350.693566][ T4238] usblp0: removed [ 350.968060][ T7594] syz.0.898 sent an empty control message without MSG_MORE. [ 351.228883][ T7570] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 351.249716][ T7570] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 351.249814][ T1110] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 351.664540][ T1110] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 351.674585][ T1110] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 351.687953][ T1110] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 351.697281][ T1110] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 351.818303][ T7570] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.827775][ T7570] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.838371][ T7570] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.847333][ T7570] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.984728][ T1110] usb 5-1: GET_CAPABILITIES returned 0 [ 351.990284][ T1110] usbtmc 5-1:16.0: can't read capabilities [ 352.192841][ T1110] usb 5-1: USB disconnect, device number 14 [ 355.465527][ T7679] loop6: detected capacity change from 0 to 7 [ 355.527380][ T7679] Dev loop6: unable to read RDB block 7 [ 355.533023][ T7679] loop6: AHDI p3 p4 [ 355.544457][ T7679] loop6: partition table partially beyond EOD, truncated [ 355.568221][ T7679] loop6: p3 start 9156352 is beyond EOD, truncated [ 355.748828][ T7694] netlink: 8 bytes leftover after parsing attributes in process `syz.4.929'. [ 355.753647][ T7695] loop6: detected capacity change from 0 to 7 [ 355.837401][ T4173] Dev loop6: unable to read RDB block 7 [ 355.843032][ T4173] loop6: AHDI p1 p2 p3 [ 355.850812][ T4173] loop6: partition table partially beyond EOD, truncated [ 355.891580][ T4173] loop6: p1 start 2664430726 is beyond EOD, truncated [ 355.931517][ T7701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.934'. [ 355.956201][ T4173] loop6: p2 size 108 extends beyond EOD, truncated [ 355.984390][ T7695] Dev loop6: unable to read RDB block 7 [ 356.003000][ T7695] loop6: AHDI p1 p2 p3 [ 356.015280][ T7695] loop6: partition table partially beyond EOD, truncated [ 356.039380][ T7695] loop6: p1 start 2664430726 is beyond EOD, truncated [ 356.066489][ T7695] loop6: p2 size 108 extends beyond EOD, truncated [ 356.171931][ T7713] netlink: 48 bytes leftover after parsing attributes in process `syz.4.938'. [ 356.384464][ T4224] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 356.429131][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 356.606274][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 356.644245][ T4224] usb 3-1: Using ep0 maxpacket: 8 [ 356.764432][ T4224] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 356.783592][ T4224] usb 3-1: config 0 has no interface number 0 [ 356.794432][ T1110] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 356.799988][ T4224] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 356.821258][ T4224] usb 3-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 356.832178][ T4224] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 356.849594][ T4224] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 356.859302][ T4224] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.882443][ T7733] netlink: 12 bytes leftover after parsing attributes in process `syz.1.946'. [ 356.915002][ T4224] usb 3-1: config 0 descriptor?? [ 356.955710][ T4224] ldusb 3-1:0.55: Interrupt in endpoint not found [ 357.029600][ T7738] netlink: 24 bytes leftover after parsing attributes in process `syz.1.947'. [ 357.075981][ T7739] tipc: Enabled bearer , priority 0 [ 357.132248][ T7739] tipc: Resetting bearer [ 357.165037][ T7712] udc-core: couldn't find an available UDC or it's busy [ 357.179000][ T7712] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 357.195792][ T7737] tipc: Disabling bearer [ 357.214705][ T1110] usb 5-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 357.234722][ T1110] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.267742][ T1110] usb 5-1: config 0 descriptor?? [ 357.275070][ T7742] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.329659][ T1110] usb 5-1: selecting invalid altsetting 3 [ 357.338589][ T1110] comedi comedi5: could not set alternate setting 3 in high speed [ 357.353831][ T1110] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 357.398040][ T1110] usbduxsigma: probe of 5-1:0.0 failed with error -22 [ 357.465674][ T7746] netlink: 8 bytes leftover after parsing attributes in process `syz.3.949'. [ 357.598871][ T1110] usb 5-1: USB disconnect, device number 15 [ 357.699782][ T4224] usb 3-1: USB disconnect, device number 17 [ 357.852528][ T7759] loop6: detected capacity change from 0 to 7 [ 357.870755][ T7759] Dev loop6: unable to read RDB block 7 [ 357.893288][ T7759] loop6: AHDI p1 p2 p3 [ 357.899305][ T7759] loop6: partition table partially beyond EOD, truncated [ 357.911108][ T7759] loop6: p1 start 2664430726 is beyond EOD, truncated [ 357.918464][ T7759] loop6: p2 size 108 extends beyond EOD, truncated [ 358.069839][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 358.236661][ T7774] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 358.434302][ T4224] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 358.834461][ T4224] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 358.859499][ T7798] tipc: Started in network mode [ 358.871270][ T7798] tipc: Node identity 961a6a6b0a03, cluster identity 4711 [ 358.878752][ T4224] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping [ 358.945702][ T7798] tipc: Enabled bearer , priority 0 [ 358.972121][ T7798] tipc: Resetting bearer [ 358.992420][ T7797] tipc: Disabling bearer [ 359.054447][ T4224] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 359.090347][ T4224] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 359.136797][ T26] kauditd_printk_skb: 39 callbacks suppressed [ 359.136842][ T26] audit: type=1326 audit(1760822480.461:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.209951][ T4224] usb 1-1: Product: syz [ 359.221498][ T26] audit: type=1326 audit(1760822480.491:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb82b846810 code=0x7ffc0000 [ 359.274985][ T4224] usb 1-1: Manufacturer: syz [ 359.293632][ T26] audit: type=1326 audit(1760822480.491:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb82b846810 code=0x7ffc0000 [ 359.353036][ T4224] usb 1-1: SerialNumber: syz [ 359.353039][ T26] audit: type=1326 audit(1760822480.491:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.353080][ T26] audit: type=1326 audit(1760822480.491:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.483062][ T4224] usb 1-1: config 0 descriptor?? [ 359.531333][ T26] audit: type=1326 audit(1760822480.491:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.554466][ T7765] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 359.575639][ T7765] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 359.593457][ T7819] xt_recent: hitcount (262143) is larger than allowed maximum (255) [ 359.643494][ T26] audit: type=1326 audit(1760822480.491:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.668765][ T4224] usb 1-1: ucan: probing device on interface #0 [ 359.680132][ T4224] usb 1-1: ucan: invalid EP count (1) [ 359.700785][ T4224] usb 1-1: ucan: probe failed; try to update the device firmware [ 359.791819][ T26] audit: type=1400 audit(1760822480.491:195): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7801 comm="syz.3.973" [ 359.814725][ T26] audit: type=1326 audit(1760822480.501:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 359.842371][ T26] audit: type=1326 audit(1760822480.501:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7801 comm="syz.3.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb82b847fc9 code=0x7ffc0000 [ 361.760769][ T1108] usb 1-1: USB disconnect, device number 21 [ 361.832085][ T7845] tipc: Started in network mode [ 361.843662][ T7845] tipc: Node identity 080211000001, cluster identity 3 [ 361.863945][ T7845] tipc: Enabled bearer , priority 0 [ 361.895048][ T7845] tipc: Resetting bearer [ 362.926775][ T4224] tipc: Node number set to 134418688 [ 363.436133][ T7871] could not allocate digest TFM handle ghash-clmulni [ 363.538411][ T7881] tipc: Enabling of bearer rejected, already enabled [ 364.310618][ T7904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1009'. [ 364.543316][ T7909] tipc: Enabled bearer , priority 0 [ 364.568987][ T7910] loop6: detected capacity change from 0 to 7 [ 364.583525][ T7910] Dev loop6: unable to read RDB block 7 [ 364.585323][ T7909] tipc: Resetting bearer [ 364.595098][ T7910] loop6: unable to read partition table [ 364.631500][ T7910] loop6: partition table beyond EOD, truncated [ 364.670179][ T7910] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 364.720549][ T7906] tipc: Disabling bearer [ 365.248487][ T7925] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 365.324402][ T4224] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 365.604319][ T4224] usb 2-1: Using ep0 maxpacket: 16 [ 365.724266][ T1108] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 365.734764][ T4224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.756222][ T4224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 365.777735][ T4224] usb 2-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 365.787528][ T4224] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.799612][ T4224] usb 2-1: config 0 descriptor?? [ 365.811209][ T7940] tipc: Enabling of bearer rejected, failed to enable media [ 366.086506][ T1108] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 366.110978][ T1108] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 366.140703][ T1108] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 366.153855][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.167289][ T7954] loop6: detected capacity change from 0 to 7 [ 366.184109][ T7954] Dev loop6: unable to read RDB block 7 [ 366.190076][ T7954] loop6: unable to read partition table [ 366.201816][ T7954] loop6: partition table beyond EOD, truncated [ 366.214556][ T7936] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 366.236102][ T7954] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 366.377251][ T7959] syz.3.1030 (7959) used obsolete PPPIOCDETACH ioctl [ 366.405785][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'. [ 366.429941][ T7962] netlink: 'syz.2.1031': attribute type 19 has an invalid length. [ 366.499435][ T1108] usb 1-1: USB disconnect, device number 22 [ 366.504487][ T7962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1031'. [ 366.541714][ T7962] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.551029][ T7962] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.559867][ T7962] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.568688][ T7962] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 366.623167][ T7962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1031'. [ 366.669943][ T7962] netlink: 'syz.2.1031': attribute type 19 has an invalid length. [ 366.680557][ T7962] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1031'. [ 367.134288][ T4225] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 367.304433][ T7977] tipc: Enabling of bearer rejected, already enabled [ 367.335464][ T7977] device syzkaller0 entered promiscuous mode [ 367.385581][ T4225] usb 3-1: Using ep0 maxpacket: 16 [ 367.506501][ T4225] usb 3-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 367.531300][ T4225] usb 3-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 367.578722][ T4225] usb 3-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 367.634695][ T4225] usb 3-1: config 1 interface 0 has no altsetting 0 [ 367.794528][ T4225] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 367.829505][ T4225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.847004][ T4225] usb 3-1: Product: syz [ 367.860548][ T4225] usb 3-1: Manufacturer: syz [ 367.867150][ T4225] usb 3-1: SerialNumber: syz [ 368.032147][ T7996] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 368.045138][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 368.064488][ T4224] usbhid 2-1:0.0: can't add hid device: -71 [ 368.073314][ T4224] usbhid: probe of 2-1:0.0 failed with error -71 [ 368.103781][ T4224] usb 2-1: USB disconnect, device number 16 [ 368.151086][ T4225] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 368.420791][ T4238] usb 3-1: USB disconnect, device number 18 [ 368.430435][ T4238] usblp0: removed [ 368.501851][ T8005] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 368.517550][ T8005] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 368.920837][ T8022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1051'. [ 370.481356][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1055'. [ 370.911496][ T8065] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1063'. [ 370.940820][ T8065] device vlan0 entered promiscuous mode [ 370.947448][ T8065] device team0 entered promiscuous mode [ 370.953124][ T8065] device team_slave_0 entered promiscuous mode [ 370.962268][ T8065] device team_slave_1 entered promiscuous mode [ 371.204302][ T4225] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 371.387710][ T8078] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1070'. [ 371.584502][ T4225] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 371.624246][ T4225] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.668280][ T4225] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.701516][ T4225] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 371.824520][ T4225] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 371.843994][ T4225] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 371.904808][ T4225] usb 1-1: Manufacturer: syz [ 371.924852][ T4225] usb 1-1: config 0 descriptor?? [ 372.419391][ T4225] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 372.456276][ T4225] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 372.484523][ T4225] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 372.687042][ T4224] usb 1-1: USB disconnect, device number 23 [ 373.011423][ T8099] fido_id[8099]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 373.044318][ T4225] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 373.414426][ T4225] usb 3-1: config 0 has no interfaces? [ 373.584518][ T4225] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 373.604383][ T1110] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 373.604503][ T4225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.662844][ T4225] usb 3-1: Product: syz [ 373.683171][ T4225] usb 3-1: Manufacturer: syz [ 373.703322][ T4225] usb 3-1: SerialNumber: syz [ 373.733712][ T4225] usb 3-1: config 0 descriptor?? [ 373.884309][ T1110] usb 1-1: Using ep0 maxpacket: 16 [ 374.214468][ T1110] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 374.233620][ T26] audit: type=1326 audit(1760822495.551:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.256085][ T1110] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 374.319678][ T1110] usb 1-1: Product: syz [ 374.350695][ T1110] usb 1-1: Manufacturer: syz [ 374.376618][ T26] audit: type=1326 audit(1760822495.561:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.399473][ T4225] Bluetooth: hci2: command 0x2021 tx timeout [ 374.414729][ T26] audit: type=1326 audit(1760822495.561:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.417300][ T1110] usb 1-1: SerialNumber: syz [ 374.511699][ T1110] usb 1-1: config 0 descriptor?? [ 374.548027][ T26] audit: type=1326 audit(1760822495.561:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.661625][ T26] audit: type=1326 audit(1760822495.571:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.808548][ T26] audit: type=1326 audit(1760822495.571:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 374.830841][ C0] vkms_vblank_simulate: vblank timer overrun [ 374.934842][ T4225] usb 1-1: USB disconnect, device number 24 [ 374.983015][ T26] audit: type=1326 audit(1760822495.571:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 375.122090][ T26] audit: type=1326 audit(1760822495.571:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 375.208318][ T26] audit: type=1326 audit(1760822495.571:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 375.277491][ T26] audit: type=1326 audit(1760822495.571:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8111 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 375.377054][ T8119] tipc: Enabling of bearer rejected, failed to enable media [ 375.470484][ T8121] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1084'. [ 375.502106][ T8121] device vlan3 entered promiscuous mode [ 375.514278][ T8121] device team0 entered promiscuous mode [ 375.533828][ T8121] device team_slave_0 entered promiscuous mode [ 375.552152][ T8121] device team_slave_1 entered promiscuous mode [ 375.963756][ T8136] tipc: Enabling of bearer rejected, failed to enable media [ 375.969801][ T4246] usb 3-1: USB disconnect, device number 19 [ 376.200570][ T8146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1087'. [ 376.724291][ T1110] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 376.731962][ T4246] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 377.104661][ T4246] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 377.113035][ T1110] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 377.124352][ T4246] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 377.134460][ T1110] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 377.144427][ T4246] usb 1-1: config 0 interface 0 has no altsetting 0 [ 377.154443][ T1110] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 377.212363][ T1110] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.259203][ T8154] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 377.354562][ T4246] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 377.433314][ T4246] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 377.480878][ T4246] usb 1-1: Product: syz [ 377.504395][ T4246] usb 1-1: Manufacturer: syz [ 377.511269][ T4246] usb 1-1: SerialNumber: syz [ 377.525233][ T4246] usb 1-1: config 0 descriptor?? [ 377.585524][ T4246] hub 1-1:0.0: bad descriptor, ignoring hub [ 377.591671][ T4246] hub: probe of 1-1:0.0 failed with error -5 [ 377.629052][ T4246] usb 1-1: selecting invalid altsetting 0 [ 377.697587][ T1110] usb 5-1: USB disconnect, device number 16 [ 377.914990][ T4694] usb 1-1: USB disconnect, device number 25 [ 377.994578][ T1108] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 378.080011][ T8184] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1102'. [ 378.112611][ T8186] tipc: Enabling of bearer rejected, failed to enable media [ 378.276192][ T1108] usb 3-1: Using ep0 maxpacket: 16 [ 378.414409][ T4694] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 378.558413][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.565080][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.594470][ T1108] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 378.651706][ T1108] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 378.774526][ T4694] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 378.793189][ T1108] usb 3-1: Product: syz [ 378.804468][ T4694] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 378.840248][ T1108] usb 3-1: Manufacturer: syz [ 378.876481][ T1108] usb 3-1: SerialNumber: syz [ 378.891806][ T4694] usb 1-1: config 0 interface 0 has no altsetting 0 [ 378.925760][ T1108] usb 3-1: config 0 descriptor?? [ 379.104516][ T4694] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 379.137401][ T4694] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 379.162159][ T4694] usb 1-1: Product: syz [ 379.184371][ T4694] usb 1-1: Manufacturer: syz [ 379.206339][ T4694] usb 1-1: SerialNumber: syz [ 379.244489][ T1108] usb 3-1: USB disconnect, device number 20 [ 379.264982][ T4694] usb 1-1: config 0 descriptor?? [ 379.365317][ T4694] usb 1-1: can't set config #0, error -71 [ 379.377848][ T4694] usb 1-1: USB disconnect, device number 26 [ 380.512531][ T8224] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 380.534244][ T8224] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 380.751656][ T8234] tipc: Enabling of bearer rejected, already enabled [ 381.294378][ T1110] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 381.504502][ T4694] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 381.704437][ T1110] usb 2-1: config 0 has an invalid interface number: 33 but max is 0 [ 381.716862][ T1110] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 381.751227][ T1110] usb 2-1: config 0 has no interface number 0 [ 381.764215][ T4694] usb 4-1: Using ep0 maxpacket: 16 [ 381.773149][ T1110] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 381.829940][ T1110] usb 2-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 381.847658][ T1110] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 382.035643][ T1110] usb 2-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 382.044669][ T4694] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 382.058975][ T4694] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 382.087664][ T4694] usb 4-1: Product: syz [ 382.087662][ T1110] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.087689][ T1110] usb 2-1: Product: syz [ 382.104396][ T4694] usb 4-1: Manufacturer: syz [ 382.110643][ T4694] usb 4-1: SerialNumber: syz [ 382.147287][ T4694] usb 4-1: config 0 descriptor?? [ 382.194464][ T1110] usb 2-1: Manufacturer: syz [ 382.223148][ T1110] usb 2-1: SerialNumber: syz [ 382.268437][ T1110] usb 2-1: config 0 descriptor?? [ 382.324973][ T8246] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 382.358546][ T1110] hdpvr 2-1:0.33: Could not find bulk-in endpoint [ 382.382355][ T1110] hdpvr: probe of 2-1:0.33 failed with error -12 [ 382.469431][ T4225] usb 4-1: USB disconnect, device number 11 [ 383.371031][ T8277] usb usb8: usbfs: process 8277 (syz.3.1130) did not claim interface 0 before use [ 383.388083][ T8277] usb usb8: usbfs: process 8277 (syz.3.1130) did not claim interface 0 before use [ 383.456855][ T8281] udc-core: couldn't find an available UDC or it's busy [ 383.464007][ T8281] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 384.673476][ T4246] usb 2-1: USB disconnect, device number 17 [ 384.747642][ T8296] device veth0 entered promiscuous mode [ 384.788730][ T8296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1138'. [ 385.440187][ T8315] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 386.634264][ T4224] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 387.025913][ T4224] usb 4-1: config 0 has an invalid interface number: 33 but max is 0 [ 387.047712][ T4224] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 387.081553][ T4224] usb 4-1: config 0 has no interface number 0 [ 387.117578][ T4224] usb 4-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 387.227003][ T4224] usb 4-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 387.283330][ T4224] usb 4-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 387.474354][ T4224] usb 4-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 387.497910][ T4224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.586504][ T4224] usb 4-1: Product: syz [ 387.590835][ T4224] usb 4-1: Manufacturer: syz [ 387.604382][ T4224] usb 4-1: SerialNumber: syz [ 387.644107][ T4224] usb 4-1: config 0 descriptor?? [ 387.678421][ T8333] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 387.716666][ T4224] hdpvr 4-1:0.33: Could not find bulk-in endpoint [ 387.744073][ T4224] hdpvr: probe of 4-1:0.33 failed with error -12 [ 388.839540][ T8333] udc-core: couldn't find an available UDC or it's busy [ 388.846705][ T8333] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 389.892373][ T4224] usb 4-1: USB disconnect, device number 12 [ 392.109349][ T8450] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 392.574888][ T8469] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1188'. [ 393.025012][ T4694] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 393.311556][ T8502] device syzkaller0 entered promiscuous mode [ 393.394373][ T4694] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 393.411816][ T4694] usb 2-1: config 0 has no interfaces? [ 393.563301][ T8506] device syzkaller1 entered promiscuous mode [ 393.614484][ T4694] usb 2-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 393.634803][ T4694] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.688030][ T4694] usb 2-1: Product: syz [ 393.707389][ T4694] usb 2-1: Manufacturer: syz [ 393.725577][ T4694] usb 2-1: SerialNumber: syz [ 393.757497][ T4694] usb 2-1: config 0 descriptor?? [ 394.097832][ T8516] binder_alloc: 8514: pid 8514 spamming oneway? 2 buffers allocated for a total size of 5120 [ 394.222076][ T8521] binder_alloc: 8519: pid 8519 spamming oneway? 2 buffers allocated for a total size of 5120 [ 394.257267][ T8521] binder_alloc: 8519: pid 8519 spamming oneway? 3 buffers allocated for a total size of 5128 [ 394.287767][ T8518] binder_alloc: 8514: pid 8514 spamming oneway? 3 buffers allocated for a total size of 5128 [ 395.199691][ T8534] device syzkaller0 entered promiscuous mode [ 395.501641][ T8538] netlink: 'syz.3.1214': attribute type 30 has an invalid length. [ 395.762289][ T4694] usb 2-1: USB disconnect, device number 18 [ 396.824281][ T4238] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 397.194322][ T4238] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 397.254192][ T4238] usb 4-1: config 0 interface 0 has no altsetting 0 [ 397.444509][ T4238] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 397.461509][ T4238] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 397.509842][ T4238] usb 4-1: Product: syz [ 397.529784][ T4238] usb 4-1: Manufacturer: syz [ 397.549873][ T4238] usb 4-1: SerialNumber: syz [ 397.585524][ T4238] usb 4-1: config 0 descriptor?? [ 397.648523][ T4238] usb 4-1: selecting invalid altsetting 0 [ 399.571924][ T8619] crypto_alloc_aead failed rc=-2 [ 399.807024][ T4239] usb 4-1: USB disconnect, device number 13 [ 400.304889][ T4239] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 400.674654][ T4239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 400.710006][ T4239] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 400.735672][ T4239] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 400.796386][ T4239] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.831654][ T4239] usb 4-1: config 0 descriptor?? [ 401.336414][ T4239] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 401.372952][ T4239] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 401.544470][ T4239] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE [ 401.878363][ T8653] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 402.400853][ T4239] usb 4-1: USB disconnect, device number 14 [ 402.571096][ T8664] fido_id[8664]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 403.071594][ T8684] netlink: 180 bytes leftover after parsing attributes in process `syz.3.1265'. [ 403.114002][ T8684] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1265'. [ 403.757952][ T8698] tipc: Enabled bearer , priority 0 [ 403.845920][ T8700] device syzkaller0 entered promiscuous mode [ 403.906821][ T8698] tipc: Resetting bearer [ 403.946241][ T8697] tipc: Resetting bearer [ 403.981364][ T8697] tipc: Disabling bearer [ 406.084258][ T1108] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 406.484475][ T1108] usb 2-1: config 0 has an invalid interface number: 33 but max is 0 [ 406.504829][ T1108] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 406.555325][ T1108] usb 2-1: config 0 has no interface number 0 [ 406.571787][ T1108] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 406.601112][ T1108] usb 2-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 406.614247][ T1108] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 406.640209][ T8739] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 406.649651][ T8739] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1284'. [ 406.784840][ T1108] usb 2-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 406.802305][ T1108] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.871912][ T1108] usb 2-1: Product: syz [ 406.899818][ T1108] usb 2-1: Manufacturer: syz [ 406.946085][ T1108] usb 2-1: SerialNumber: syz [ 406.986705][ T1108] usb 2-1: config 0 descriptor?? [ 407.044502][ T8723] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 407.076575][ T1108] hdpvr 2-1:0.33: Could not find bulk-in endpoint [ 407.094547][ T1108] hdpvr: probe of 2-1:0.33 failed with error -12 [ 407.157965][ T8750] netlink: 'syz.4.1287': attribute type 4 has an invalid length. [ 407.309436][ T8752] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1289'. [ 407.343735][ T8752] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1289'. [ 407.498921][ T8757] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1291'. [ 408.752489][ T8758] input: syz1 as /devices/virtual/input/input17 [ 408.874272][ T4239] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 409.284420][ T4239] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 409.323979][ T4239] usb 4-1: config 0 has no interface number 0 [ 409.528512][ T4225] usb 2-1: USB disconnect, device number 19 [ 409.534632][ T4239] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 409.534693][ T4239] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.586711][ T8784] binder: BINDER_SET_CONTEXT_MGR already set [ 409.602618][ T4239] usb 4-1: Product: syz [ 409.605973][ T8784] binder: 8783:8784 ioctl 4018620d 200000000040 returned -16 [ 409.622964][ T4239] usb 4-1: Manufacturer: syz [ 409.640100][ T4239] usb 4-1: SerialNumber: syz [ 409.685945][ T4239] usb 4-1: config 0 descriptor?? [ 409.912206][ T8793] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 409.964326][ T4239] dvb_usb_ec168: probe of 4-1:0.1 failed with error -71 [ 409.994491][ T4239] usb 4-1: USB disconnect, device number 15 [ 410.424273][ T1110] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 410.694415][ T1110] usb 2-1: Using ep0 maxpacket: 16 [ 411.020349][ T8813] input: syz1 as /devices/virtual/input/input18 [ 411.024617][ T1110] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 411.066520][ T1110] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.123578][ T1110] usb 2-1: Product: syz [ 411.144371][ T1110] usb 2-1: Manufacturer: syz [ 411.168908][ T1110] usb 2-1: SerialNumber: syz [ 411.217978][ T1110] usb 2-1: config 0 descriptor?? [ 411.270920][ T8815] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1310'. [ 411.297158][ T8815] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1310'. [ 411.341273][ T8815] device dummy0 entered promiscuous mode [ 411.370833][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 411.636393][ T8826] device syzkaller0 entered promiscuous mode [ 411.734397][ T1110] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 411.768960][ T1110] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 411.788092][ T8828] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 411.820666][ T1110] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 411.829198][ T4832] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 411.837104][ T1110] usb 2-1: media controller created [ 411.854477][ T4238] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 411.865465][ T1110] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 411.984330][ T1110] zl10353_read_register: readreg error (reg=127, ret==0) [ 411.993085][ T1110] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 412.001095][ T1110] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 412.234387][ T4238] usb 5-1: config 0 has an invalid interface number: 33 but max is 0 [ 412.246403][ T4832] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 412.259993][ T4238] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 412.273185][ T4832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.288969][ T4238] usb 5-1: config 0 has no interface number 0 [ 412.295700][ T4832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.311132][ T4238] usb 5-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 412.322413][ T4832] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 412.339561][ T4238] usb 5-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 412.350922][ T4238] usb 5-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 412.444604][ T4832] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 412.457502][ T4832] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 412.467119][ T4832] usb 4-1: Manufacturer: syz [ 412.484604][ T4832] usb 4-1: config 0 descriptor?? [ 412.524374][ T4238] usb 5-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 412.560239][ T4238] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.569166][ T4238] usb 5-1: Product: syz [ 412.573946][ T4238] usb 5-1: Manufacturer: syz [ 412.589135][ T4238] usb 5-1: SerialNumber: syz [ 412.613339][ T4238] usb 5-1: config 0 descriptor?? [ 412.630735][ T1110] usb 2-1: USB disconnect, device number 20 [ 412.644485][ T8824] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 412.668244][ T4238] hdpvr 5-1:0.33: Could not find bulk-in endpoint [ 412.680716][ T4238] hdpvr: probe of 5-1:0.33 failed with error -12 [ 412.699244][ T1110] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 412.966946][ T4832] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 412.979987][ T4832] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 413.034959][ T4832] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 413.559819][ T1108] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 413.824467][ T1108] usb 2-1: Using ep0 maxpacket: 32 [ 413.969068][ T1108] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 413.980088][ T1108] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 414.005636][ T1108] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 414.064348][ T8857] binder: BINDER_SET_CONTEXT_MGR already set [ 414.084257][ T8857] binder: 8856:8857 ioctl 4018620d 200000000040 returned -16 [ 414.090901][ T1108] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 414.120985][ T1108] usb 2-1: config 0 interface 0 has no altsetting 0 [ 414.305286][ T1108] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 414.314567][ T1108] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 414.325378][ T1108] usb 2-1: Product: syz [ 414.329614][ T1108] usb 2-1: Manufacturer: syz [ 414.334284][ T1108] usb 2-1: SerialNumber: syz [ 414.341024][ T1108] usb 2-1: config 0 descriptor?? [ 414.388120][ T1108] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 414.401027][ T1108] ldusb 2-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 414.655907][ T4238] usb 2-1: USB disconnect, device number 21 [ 414.665151][ T4238] ldusb 2-1:0.0: LD USB Device #1 now disconnected [ 414.713681][ T4246] usb 5-1: USB disconnect, device number 17 [ 415.166949][ T1110] usb 4-1: USB disconnect, device number 16 [ 415.359455][ T8884] loop2: detected capacity change from 0 to 7 [ 415.369690][ T4173] Dev loop2: unable to read RDB block 7 [ 415.376449][ T4173] loop2: unable to read partition table [ 415.382281][ T4173] loop2: partition table beyond EOD, truncated [ 415.402827][ T8884] Dev loop2: unable to read RDB block 7 [ 415.413820][ T8884] loop2: unable to read partition table [ 415.429543][ T8884] loop2: partition table beyond EOD, truncated [ 415.437176][ T8866] bridge0: port 2(bridge_slave_1) entered disabled state [ 415.444441][ T8884] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 415.444639][ T8866] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.663928][ T8866] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 416.771569][ T8866] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 417.122959][ T8866] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.132716][ T8866] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.143438][ T8866] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.152768][ T8866] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.385906][ T8887] device syzkaller0 entered promiscuous mode [ 417.816954][ T8946] raw_sendmsg: syz.4.1354 forgot to set AF_INET. Fix it! [ 418.434271][ T4321] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 418.663186][ T8973] device syzkaller0 entered promiscuous mode [ 419.026555][ T4321] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 419.056921][ T4321] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 419.124352][ T4321] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 419.158601][ T4321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.298060][ T8964] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 419.466535][ T8987] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1371'. [ 419.973800][ T26] kauditd_printk_skb: 33 callbacks suppressed [ 419.973815][ T26] audit: type=1326 audit(1760822541.291:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.037644][ T9006] input: syz1 as /devices/virtual/input/input19 [ 420.114876][ T26] audit: type=1326 audit(1760822541.311:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.246747][ T26] audit: type=1326 audit(1760822541.311:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.389733][ T26] audit: type=1326 audit(1760822541.311:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.507799][ T26] audit: type=1326 audit(1760822541.311:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.671015][ T26] audit: type=1326 audit(1760822541.311:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.801924][ T26] audit: type=1326 audit(1760822541.311:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 420.945254][ T26] audit: type=1326 audit(1760822541.311:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 421.024322][ T4832] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 421.056321][ T26] audit: type=1326 audit(1760822541.311:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 421.154386][ T26] audit: type=1326 audit(1760822541.311:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8998 comm="syz.1.1375" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa16de16fc9 code=0x7ffc0000 [ 421.404460][ T4832] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 421.447514][ T4832] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 421.516174][ T4832] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 421.581768][ T4832] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 421.622272][ T5818] usb 1-1: USB disconnect, device number 27 [ 421.744675][ T4832] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 421.774849][ T4832] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 421.783710][ T9039] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 421.859283][ T4832] usb 2-1: Manufacturer: syz [ 421.899308][ T4832] usb 2-1: config 0 descriptor?? [ 422.117888][ T9045] binder: 9044:9045 unknown command 1074553619 [ 422.150952][ T9045] binder: 9044:9045 ioctl c0306201 200000000040 returned -22 [ 422.181619][ T9046] binder: 9044:9046 unknown command 1074553620 [ 422.209737][ T9046] binder: 9044:9046 ioctl c0306201 200000000640 returned -22 [ 422.416021][ T4832] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 422.461794][ T4832] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 422.501556][ T9048] device syzkaller0 entered promiscuous mode [ 422.544978][ T4832] appleir 0003:05AC:8243.0008: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 422.878057][ T9055] device syzkaller0 entered promiscuous mode [ 423.257265][ T9061] netlink: 'syz.4.1393': attribute type 1 has an invalid length. [ 424.545767][ T4832] usb 2-1: USB disconnect, device number 22 [ 425.333432][ T9102] tipc: Enabled bearer , priority 0 [ 425.442968][ T9103] device syzkaller0 entered promiscuous mode [ 425.501989][ T9102] tipc: Resetting bearer [ 425.539615][ T9100] tipc: Resetting bearer [ 425.584233][ T5818] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 425.615085][ T9100] tipc: Disabling bearer [ 425.988054][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1409'. [ 426.037752][ T5818] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 426.072727][ T5818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.100695][ T5818] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.131164][ T5818] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 426.254996][ T5818] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 426.275432][ T5818] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 426.299017][ T5818] usb 5-1: Manufacturer: syz [ 426.325107][ T5818] usb 5-1: config 0 descriptor?? [ 426.825645][ T5818] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 426.842981][ T5818] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 426.870102][ T5818] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 427.847939][ T4321] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 428.104231][ T4321] usb 4-1: Using ep0 maxpacket: 8 [ 428.104293][ T1110] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 428.198953][ T9149] binder_alloc: 9148: binder_alloc_buf, no vma [ 428.234395][ T4321] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 428.279022][ T9151] binder_alloc: 9150: binder_alloc_buf, no vma [ 428.285810][ T4321] usb 4-1: config 0 has no interface number 0 [ 428.353271][ T4321] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 428.363985][ T4321] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 428.375338][ T4321] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 428.388429][ T4321] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 428.397633][ T4321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.408096][ T4321] usb 4-1: config 0 descriptor?? [ 428.468486][ T4321] ldusb 4-1:0.55: Interrupt in endpoint not found [ 428.474520][ T1110] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 428.497803][ T1110] usb 1-1: config 0 interface 0 has no altsetting 0 [ 428.714581][ T1110] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 428.754332][ T1110] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 428.764909][ T1110] usb 1-1: Product: syz [ 428.778201][ T1110] usb 1-1: Manufacturer: syz [ 428.786049][ T1110] usb 1-1: SerialNumber: syz [ 428.818465][ T1110] usb 1-1: config 0 descriptor?? [ 428.819327][ T9160] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 428.876717][ T1110] usb 1-1: selecting invalid altsetting 0 [ 428.897637][ T4321] usb 4-1: USB disconnect, device number 17 [ 428.981828][ T4832] usb 5-1: USB disconnect, device number 18 [ 429.097059][ T9165] netlink: 71 bytes leftover after parsing attributes in process `syz.1.1426'. [ 429.504327][ T9181] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'. [ 429.536803][ T9181] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1427'. [ 429.589208][ T9181] device dummy0 entered promiscuous mode [ 429.612431][ T9181] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 429.634827][ T9181] Cannot create hsr debugfs directory [ 429.664570][ T4295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 430.578554][ T4832] usb 1-1: USB disconnect, device number 28 [ 430.644761][ T9210] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 430.676372][ T9211] binder_alloc: 9209: binder_alloc_buf, no vma [ 430.930919][ T9221] fuse: Unknown parameter 'group_i00000000000000000000' [ 431.581192][ T9237] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1443'. [ 431.909855][ T9243] device syzkaller0 entered promiscuous mode [ 432.274480][ T9249] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 432.514942][ T9257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1451'. [ 432.835813][ T9265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1454'. [ 433.032428][ T9271] binder: BINDER_SET_CONTEXT_MGR already set [ 433.047962][ T9271] binder: 9269:9271 ioctl 4018620d 200000000040 returned -16 [ 433.354760][ T9277] device syzkaller0 entered promiscuous mode [ 434.207009][ T9294] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1467'. [ 434.313820][ T9296] binder: BINDER_SET_CONTEXT_MGR already set [ 434.332086][ T9296] binder: 9295:9296 ioctl 4018620d 200000000040 returned -16 [ 434.688484][ T9314] fuse: Unknown parameter 'group_i00000000000000000000' [ 434.944295][ T1110] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 435.305322][ T9332] binder: BINDER_SET_CONTEXT_MGR already set [ 435.321383][ T9332] binder: 9331:9332 ioctl 4018620d 200000000040 returned -16 [ 435.330381][ T1110] usb 2-1: config 0 has an invalid interface number: 33 but max is 0 [ 435.348491][ T1110] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 435.387644][ T1110] usb 2-1: config 0 has no interface number 0 [ 435.411047][ T1110] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1023 [ 435.441905][ T1110] usb 2-1: config 0 interface 33 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 435.470181][ T1110] usb 2-1: config 0 interface 33 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 435.674461][ T1110] usb 2-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=68.64 [ 435.714319][ T1110] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.864218][ T1110] usb 2-1: Product: syz [ 435.884252][ T1110] usb 2-1: Manufacturer: syz [ 435.951506][ T1110] usb 2-1: SerialNumber: syz [ 436.060851][ T1110] usb 2-1: config 0 descriptor?? [ 436.164589][ T9313] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 436.188607][ T1110] hdpvr 2-1:0.33: Could not find bulk-in endpoint [ 436.313652][ T1110] hdpvr: probe of 2-1:0.33 failed with error -12 [ 436.428767][ T1110] usb 2-1: USB disconnect, device number 23 [ 437.422839][ T9362] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1489'. [ 437.486746][ T9367] device syzkaller0 entered promiscuous mode [ 437.599824][ T9364] kvm: vcpu 2: requested 148514 ns lapic timer period limited to 200000 ns [ 437.624332][ T9364] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer. [ 437.924446][ T9376] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1494'. [ 437.969550][ T9376] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1494'. [ 438.630799][ T9383] nvme_fabrics: missing parameter 'transport=%s' [ 438.640841][ T9383] nvme_fabrics: missing parameter 'nqn=%s' [ 439.234288][ T4832] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 439.664508][ T4832] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 439.701914][ T4832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.844708][ T4832] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 439.919618][ T4832] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 439.987502][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.993872][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.026645][ T4832] usb 5-1: Manufacturer: syz [ 440.115011][ T4832] usb 5-1: config 0 descriptor?? [ 440.464450][ T4832] rc_core: IR keymap rc-hauppauge not found [ 440.470712][ T4832] Registered IR keymap rc-empty [ 440.504664][ T4832] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 440.572423][ T4832] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input20 [ 440.658511][ T4832] usb 5-1: USB disconnect, device number 19 [ 443.146068][ T9460] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1522'. [ 443.512748][ T9464] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 443.775042][ T9473] binder: BINDER_SET_CONTEXT_MGR already set [ 443.781058][ T9473] binder: 9472:9473 ioctl 4018620d 200000000040 returned -16 [ 444.000305][ T9479] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1529'. [ 445.397244][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 445.397261][ T26] audit: type=1326 audit(1760822566.721:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.4.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 445.574234][ T26] audit: type=1326 audit(1760822566.751:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9495 comm="syz.4.1533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df7e7fc9 code=0x7ffc0000 [ 446.630961][ T9507] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 446.721511][ T9513] binder: BINDER_SET_CONTEXT_MGR already set [ 446.747529][ T9513] binder: 9511:9513 ioctl 4018620d 200000000040 returned -16 [ 446.972625][ T9501] loop6: detected capacity change from 0 to 7 [ 447.026645][ T9523] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1543'. [ 447.048113][ T9523] device vlan3 entered promiscuous mode [ 447.054592][ T9501] Dev loop6: unable to read RDB block 7 [ 447.062001][ T9523] device syz_tun entered promiscuous mode [ 447.068459][ T9501] loop6: AHDI p2 [ 447.078939][ T9501] loop6: partition table partially beyond EOD, truncated [ 447.177769][ T9525] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 447.246200][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1544'. [ 447.842235][ T9544] binder: BINDER_SET_CONTEXT_MGR already set [ 447.882941][ T9544] binder: 9541:9544 ioctl 4018620d 200000000040 returned -16 [ 447.894252][ T4321] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 447.934072][ T9552] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1555'. [ 448.024207][ T5818] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 448.058616][ T9557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1556'. [ 448.113628][ T9557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1556'. [ 448.152414][ T9557] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1556'. [ 448.304201][ T5818] usb 3-1: Using ep0 maxpacket: 16 [ 448.324368][ T4321] usb 5-1: config 0 has no interfaces? [ 448.539615][ T4321] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 448.550573][ T4321] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.564885][ T4321] usb 5-1: Product: syz [ 448.569686][ T4321] usb 5-1: Manufacturer: syz [ 448.578796][ T4321] usb 5-1: SerialNumber: syz [ 448.600841][ T4321] usb 5-1: config 0 descriptor?? [ 448.639351][ T5818] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 448.649594][ T5818] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 448.672793][ T5818] usb 3-1: Product: syz [ 448.678293][ T5818] usb 3-1: Manufacturer: syz [ 448.683190][ T5818] usb 3-1: SerialNumber: syz [ 448.694197][ T5818] usb 3-1: config 0 descriptor?? [ 448.862203][ T9539] udc-core: couldn't find an available UDC or it's busy [ 448.882293][ T9572] kernel read not supported for file /eth0 (pid: 9572 comm: syz.0.1562) [ 448.891652][ T9539] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 448.934399][ T26] audit: type=1800 audit(1760822570.241:262): pid=9572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1562" name="eth0" dev="mqueue" ino=55196 res=0 errno=0 [ 449.016521][ T5818] usb 3-1: USB disconnect, device number 21 [ 449.251135][ T9588] tipc: Enabling of bearer rejected, failed to enable media [ 449.782579][ T5818] usb 5-1: USB disconnect, device number 20 [ 449.792030][ T9606] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1574'. [ 450.241088][ T9618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1578'. [ 450.307994][ T9625] tipc: Enabling of bearer rejected, failed to enable media [ 450.383720][ C1] sd 0:0:1:0: tag#5862 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 450.393711][ C1] sd 0:0:1:0: tag#5862 CDB: Write and verify(12) [ 450.400190][ C1] sd 0:0:1:0: tag#5862 CDB[00]: ae 8d 7a cd a0 00 00 00 00 00 00 00 00 00 00 00 [ 450.409243][ C1] sd 0:0:1:0: tag#5862 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 450.418294][ C1] sd 0:0:1:0: tag#5862 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 450.427351][ C1] sd 0:0:1:0: tag#5862 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 450.436492][ C1] sd 0:0:1:0: tag#5862 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 450.445529][ C1] sd 0:0:1:0: tag#5862 CDB[50]: 00 [ 450.824310][ T5818] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 451.074253][ T5818] usb 3-1: Using ep0 maxpacket: 16 [ 451.194283][ T5818] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 451.230739][ T5818] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.303821][ T5818] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.339290][ T5818] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 451.438483][ T5818] usb 3-1: config 7 interface 0 has no altsetting 0 [ 451.491068][ T5818] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 451.551540][ T5818] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.150413][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.214777][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.237035][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.264256][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.284382][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.298766][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.324593][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.351728][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.402504][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.430334][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.443053][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.450274][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.462948][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.482269][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.504960][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.513113][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.525146][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.532273][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.543034][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.552204][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.563463][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.571838][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.581912][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.589582][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.599693][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.607435][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.619321][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.627880][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.638201][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.648310][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.658140][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.665905][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.672608][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.682642][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.690914][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.700935][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.711063][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.724959][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.732049][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.751495][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.763848][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.771655][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.781568][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.789551][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.807885][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.818500][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.828519][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.839172][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.859881][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.860487][ T9652] kvm: vcpu 2: requested 148514 ns lapic timer period limited to 200000 ns [ 452.875786][ T9652] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer. [ 452.883049][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.910534][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.920538][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.930646][ T9654] ------------[ cut here ]------------ [ 452.940174][ T9654] WARNING: CPU: 1 PID: 9654 at arch/x86/kvm/x86.c:10363 kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 452.953057][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.965811][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.972791][ T9654] Modules linked in: [ 452.980570][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 452.990405][ T9654] CPU: 1 PID: 9654 Comm: syz.3.1591 Not tainted syzkaller #0 [ 452.994894][ T9658] binder: BINDER_SET_CONTEXT_MGR already set [ 453.002211][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.005012][ T9658] binder: 9657:9658 ioctl 4018620d 200000000040 returned -16 [ 453.020949][ T9654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 453.032778][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.040052][ T9654] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 453.047032][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.053838][ T9654] Code: e8 71 42 ad 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 56 42 ad 00 e9 c8 ed ff ff e8 6c da 68 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c [ 453.074295][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.081137][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.088457][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.095570][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.096093][ T9654] RSP: 0018:ffffc900043bfc30 EFLAGS: 00010283 [ 453.102489][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.102524][ T9654] [ 453.109518][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.123247][ T9654] RAX: ffffffff810eefe4 RBX: ffff888061eb4000 RCX: 0000000000080000 [ 453.125352][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.132787][ T9654] RDX: ffffc9000e0ba000 RSI: 0000000000000515 RDI: 0000000000000516 [ 453.140076][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.154277][ T9654] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad32b6 [ 453.155200][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.162666][ T9654] R10: fffffbfff1ad32b6 R11: 1ffffffff1ad32b5 R12: ffff888076a53001 [ 453.177694][ T9654] R13: 1ffff1100c3d681e R14: ffff888061eb40f0 R15: ffff888076a53000 [ 453.178284][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.185847][ T9654] FS: 00007fb829a8e6c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 453.185873][ T9654] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 453.185889][ T9654] CR2: 00007fb5bd89e2f8 CR3: 000000002303d000 CR4: 00000000003526f0 [ 453.185910][ T9654] Call Trace: [ 453.185919][ T9654] [ 453.185932][ T9654] ? __lock_acquire+0x7c60/0x7c60 [ 453.185986][ T9654] kvm_vcpu_ioctl+0x887/0xb80 [ 453.201202][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.203805][ T9654] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 453.249294][ T9654] ? bpf_lsm_file_ioctl+0x5/0x10 [ 453.250888][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.256074][ T9654] ? security_file_ioctl+0x7c/0xa0 [ 453.263281][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.274977][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.277883][ T9654] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 453.281792][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.290179][ T9654] __se_sys_ioctl+0xfa/0x170 [ 453.296054][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.302952][ T9654] do_syscall_64+0x4c/0xa0 [ 453.306401][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.318084][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.318107][ T9654] ? clear_bhb_loop+0x30/0x80 [ 453.325173][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.332179][ T9654] ? clear_bhb_loop+0x30/0x80 [ 453.336866][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.348439][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.353172][ T9654] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 453.355587][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.367375][ T9654] RIP: 0033:0x7fb82b847fc9 [ 453.368662][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.372658][ T9654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.382378][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.399376][ T9654] RSP: 002b:00007fb829a8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.413369][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.415457][ T9654] RAX: ffffffffffffffda RBX: 00007fb82ba9f090 RCX: 00007fb82b847fc9 [ 453.421791][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.430533][ T9654] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 453.442836][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.444439][ T9654] RBP: 00007fb82b8caf91 R08: 0000000000000000 R09: 0000000000000000 [ 453.451513][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.459548][ T9654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.472573][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.474891][ T9654] R13: 00007fb82ba9f128 R14: 00007fb82ba9f090 R15: 00007ffc95bb18e8 [ 453.481434][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.489860][ T9654] [ 453.499703][ T9654] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 453.502457][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.506994][ T9654] CPU: 0 PID: 9654 Comm: syz.3.1591 Not tainted syzkaller #0 [ 453.507015][ T9654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 453.507028][ T9654] Call Trace: [ 453.507035][ T9654] [ 453.507043][ T9654] dump_stack_lvl+0x168/0x230 [ 453.507075][ T9654] ? show_regs_print_info+0x20/0x20 [ 453.513768][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.521111][ T9654] ? load_image+0x3b0/0x3b0 [ 453.521150][ T9654] panic+0x2c9/0x7f0 [ 453.531254][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.534505][ T9654] ? bpf_jit_dump+0xd0/0xd0 [ 453.537473][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.542138][ T9654] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 453.547361][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.553988][ T9654] __warn+0x248/0x2b0 [ 453.564644][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.569139][ T9654] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 453.573663][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.580401][ T9654] report_bug+0x1b7/0x2e0 [ 453.580432][ T9654] handle_bug+0x3a/0x70 [ 453.586297][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.592927][ T9654] exc_invalid_op+0x16/0x40 [ 453.597077][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.603713][ T9654] asm_exc_invalid_op+0x16/0x20 [ 453.619744][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.620527][ T9654] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 453.625075][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.631350][ T9654] Code: e8 71 42 ad 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 56 42 ad 00 e9 c8 ed ff ff e8 6c da 68 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c [ 453.636240][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.642528][ T9654] RSP: 0018:ffffc900043bfc30 EFLAGS: 00010283 [ 453.647680][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.654082][ T9654] [ 453.654090][ T9654] RAX: ffffffff810eefe4 RBX: ffff888061eb4000 RCX: 0000000000080000 [ 453.654108][ T9654] RDX: ffffc9000e0ba000 RSI: 0000000000000515 RDI: 0000000000000516 [ 453.654122][ T9654] RBP: 0000000000000000 R08: dffffc0000000000 R09: fffffbfff1ad32b6 [ 453.654137][ T9654] R10: fffffbfff1ad32b6 R11: 1ffffffff1ad32b5 R12: ffff888076a53001 [ 453.654153][ T9654] R13: 1ffff1100c3d681e R14: ffff888061eb40f0 R15: ffff888076a53000 [ 453.654183][ T9654] ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40 [ 453.654221][ T9654] ? __lock_acquire+0x7c60/0x7c60 [ 453.654261][ T9654] kvm_vcpu_ioctl+0x887/0xb80 [ 453.654292][ T9654] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 453.654342][ T9654] ? bpf_lsm_file_ioctl+0x5/0x10 [ 453.654363][ T9654] ? security_file_ioctl+0x7c/0xa0 [ 453.654387][ T9654] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 453.667431][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.667512][ T9654] __se_sys_ioctl+0xfa/0x170 [ 453.689291][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.693815][ T9654] do_syscall_64+0x4c/0xa0 [ 453.700258][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.706546][ T9654] ? clear_bhb_loop+0x30/0x80 [ 453.706570][ T9654] ? clear_bhb_loop+0x30/0x80 [ 453.706594][ T9654] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 453.709543][ T5818] kye 0003:0458:5010.000A: unknown main item tag 0x0 [ 453.716884][ T9654] RIP: 0033:0x7fb82b847fc9 [ 453.716906][ T9654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.716924][ T9654] RSP: 002b:00007fb829a8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.716948][ T9654] RAX: ffffffffffffffda RBX: 00007fb82ba9f090 RCX: 00007fb82b847fc9 [ 453.716968][ T9654] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 453.716981][ T9654] RBP: 00007fb82b8caf91 R08: 0000000000000000 R09: 0000000000000000 [ 453.716993][ T9654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 453.717006][ T9654] R13: 00007fb82ba9f128 R14: 00007fb82ba9f090 R15: 00007ffc95bb18e8 [ 453.717036][ T9654] [ 453.717466][ T9654] Kernel Offset: disabled [ 453.916592][ T9654] Rebooting in 86400 seconds..