last executing test programs: 11.781694134s ago: executing program 0 (id=4152): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sysvipc/sem\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x2024) (async) lseek(r1, 0xfffffffffffffff5, 0x1) (async) ioctl$int_in(r0, 0x40000000af01, 0x0) (async) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000800)={0x1, 0x0, [{0x451cd73fe8defd65, 0x1000, &(0x7f0000001440)=""/4096}]}) (async) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000001c0)=0x304008000) (async) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f00000003c0)={0x1}) r2 = syz_usb_connect(0x4, 0x1cb, &(0x7f0000000480)=ANY=[@ANYRESHEX=r0, @ANYBLOB="501654fed5c14960c242a241d44fbe8b750d13684de1a437ae11e252b7537d5c7f4418a74a8ef927c4651713ba330d4e6dc78c74416bf03a7438cf705f253b9276ceeb40dd8b844f2a049f23893569930000000000000006165eb4b1ab8626d9c081ad83aa09fcb513fe3330cbbcc27773944296c5ba6c3319a0531a9b8c529444dd83506685e769831ae48d3d22c5ed7d8301034f88e731c37e5b4d1b69b4aaca54b65bfc15792aadd6abd8a776e7e20ec4631b0773032bd6f368c5218aa6c057ff77b2defd068c746d18adf4dbcfdcae13f977917b6bbc8c0698f92b9fb07bcc883e334b10ad1b56bf00"/246, @ANYRESOCT, @ANYRES32=r0, @ANYRESHEX=r0, @ANYRES64=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRESOCT=r0], 0x0) syz_usb_control_io(r2, 0x0, 0x0) (async) syz_usb_control_io$uac1(r2, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) (async) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async) r4 = accept4(r3, 0x0, 0x0, 0x80800) r5 = epoll_create1(0x80000) (async) sendmmsg$unix(r4, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}], 0x1, 0x400c880) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f00000002c0)={0x10000018}) (async) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32, @ANYBLOB="0000000002000100240012800b00010065727370616e0000140002800600020030000000080004"], 0x44}}, 0x0) (async) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) (async) syz_usb_control_io$hid(r2, 0x0, 0x0) (async) syz_usb_control_io$hid(r2, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="2016000000503e90905900"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 11.593088015s ago: executing program 0 (id=4153): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1, 0x0, 0x300}, 0x1f00) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x18, 0x1401, 0x1, 0x70bd29, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x800}, 0x40000) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x180, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000000080)=0x10) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000140)=0xff8) syz_clone3(&(0x7f0000000480)={0x42200280, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f0222000182830109022400010100000009040000020301020009210005000122000009058103"], 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x4, 0x0, 0x0, 0x7ffc0002}]}) sendmsg(r1, &(0x7f00000001c0)={&(0x7f0000000280)=@pptp={0x18, 0x2, {0x1, @private=0xa010102}}, 0x80, &(0x7f00000018c0)=[{&(0x7f0000000300)="7aacc1d9173f58841ead911f5c3d42a115066f4736757dfc66de2bbc71a80c672d79bbb115990f464f3b42712b05cddb59503e3a404ef530163be0c1286c5179591f93badf9909e694fb59906b89788417591fb90cfe89e7afcc568be8529ed6308c11461ba9", 0x66}, {&(0x7f0000000540)="fe417b8bc1b620653aa3e9a4bcfe9430154a6a5cef782a08d98982efd25ce6c04c966369ebcbf17d0267adfa0b8643e4a7aac01f89cbee81cc8493441b97ed08fd8db5fa7b45184d7f4a6d12fea7583f0ceadb81ca69281d16e884a05a445db6bb3a028a9cd85a1c89026f9f30ef3523f57efb3a89ee0e198ca2971fc847d597a659c26f3dcd0a4a3050f284caad28ca788caa36e036921ab2a499a6f5dfcae15697d8abcc196ac6fc024decc0851499587f7f4315a1778868e9f18501f756f68fbfae3903399fa25bd0b83f0dd51dba3b50d10cfed39dea76779159177e32112e2e37547994b4c263df6d57cfa152a83ea383c1d31da9673a12574380092801c5b7785a86745a28a50798af7655775d29962f6c04d258c486abc6353075bfdda058c78fcf114068d9c33f95b3047b482151941531814a4045b551106dd7f7e40187d676bd6a35e0ffb21562c6f2f0e90d3c6a422aaac55692e2c69cc7fab49964df94c8fbc100f4d1b597daf4afb8ad24e9119ca8128a7a8b33e85829c5524808f4685fc8c6a7e310ff57e4dccc54e6cdf60c6672cb5d048ff6c5daca5ae9f9bcf9acbedfd7ecf4a9686e57b81e0cc7740bb8a787b5f42aeefade41be09e749da0377d6de06b0d98a5bc650b694a91284735f7fc6865b3aca36c946bb56a269990056e29127fcab562d50cfe0e7c4f0297b757fcddf0f61843cf6acaf53c0ff3a5e00c1037532afd78149cdc07c70062c81282167eda2d3e4571d31bebca4b2a09bc1343adf2ba903c0ec152b618bfbbd628133e0486b5ffc94a2d89e9a9876a2b1bc1e8db699a45fffc14f9a5586c33b8d702914949ac2f246cdbfbd3c57ef2a88c82cf84b10fff97b87829a5c2acae3ce3c834126cad97d54a46a36db7004448753fc67998f8de1392ef4de6caafaf2c914f12ab7487368a444737cc9d4517383f087ab8b18dc4efd09c3822299f5e3977a772707f402dc2e09c99c16d4c80177955580e2d17d2c5d9a0f31f42cddc7d53d01c4ed203c7c227a8f988b2c4f6c46e39d4dd1d18c8abcba93f4e3211bf6443636182342ae4ff0d446afaac81b880126419837a50c64d229b732c4ed197fbaa115637bfd9b98c9064ac51673ffc5dbbb2c5a0790fda39c962b06dc76df0371a7c008d8c9a220941904935d72ba29f4b6fac8950bce3e69eb7279f043d71a2672903b361ed3b6b7424159c2564c7ab3e8f79d6fbc40ca8af54314349a808559f5ccff511096abc0b1b8f75a39cb23aa5e0b95818ea39dbce9586eb2249156d89c847db2dad542334a9ccbd551ac82c83fd15b609847267d070a666cb3e18edec61b3270e1abbf149ad1be37bbfed47760753828fcc5b77408fd7954c3f8b212133d670a5c5db114b6c3d4843c35d1303406c86cd0303cd406575bec71fa4578ac5568aad56183509684eedddddd14a202160d0418eb17be478d64bc713c2640a9aef68c6294074214e7c0190dc71cf790801b135587f65f19bddf6e29f773255b82b3b6415a346de35181a94610e0595438e7048320d07064f9eb574e9c359e7384dad7f68f0a35159bc53af07d361ae776056ee6f555008403bec9c882cea3d44fe54042a098e8bbb4ffb8e73a1b478e30ac2bfa135797d5dc198355f62ea4de3f5300e18b373f9487f30729c64313f6293b165639d40382e4f152998c39f3f15465f6228a8df33cc446bd5bdd6a560bbe674270da274796342de8019fcd11fba19b020279195cde3fd8e9590880050f7ad7f7983e97df0994307f7f2efee5215fbe10df38d4804783212f3ee57d360058e08187245f8c1319a787d3c1758e192a1e0206f5192187e4a3398472b3bc962a90c80a8ef2a15145dcedf6d59d59f9556d3b50d1a970eeb1490bbd963d56c2a8548442cc17ee00d735a2c43c5416906c5c29b3d210a4b613a4b372d69e5ce00cbc80e35a6133ec4760b3537037d82f4af103097fbe5b4b491a31c98e5e8ad02f56753de63d2e13c2917698ebacc207960875cd1aa8709c693a8c3d7eeae59fa6d45ece20f423b10e7836de43ecb6a3326059ea0df11744dca7479f144021ea8fc32237ed14833751f9e03de13760230b1077d81c9bd8ff8e8e66b4244a2b1c912329a69f3502b44df1fd7bb0e01c8a8d2db1ccda71e17bd46a822b01f73eb77dbf565806b5db8badf0d411ccc4435232c8c22c4738f95dd1506386a838d60352521ac8bd69221e013867323785c6fafe34ed26bba3a86526ca1823c806d260c2c13e6c8ca5b0c8499ebb05030feaac2b5329e6c51cad73eeb51380d8df562c9d707415cb9158321bcf15f09917480ad7991e14ea9d751bad616e7a6f68c7584b5e478bffded8192ab744293db4b90c83e597d071532180946bd786784500fbee9b8b959e8b0c6a87c18829731d5e69797ecaeed9550abf774869b4145ed42ca8a0464f3f0d751a02a56fca6db71570cfcf05c3cfd5d037370ae11b5928c690cf360a8b30b470b51911e35de3c9286a6f9105b5dedfca8aa8541ac3bec3d746c5a483eba1ddf4c56c27030f64f4e8921c74e2e1e6faf2a0d26a4bb27c23cf02b975399d538ecf2e8bba510253b934789e545593e1194861f7eb926fb23c9541d1f5cc2cbd9aac3d95a5494721ae28311ed2a176400dec34e979dca1833a10428dacdb4d45522fc71a7688d4f566f9814aa076692eec193cd5555488a356ad729ba0a4ad078ceebbf79a584418c9611cc687ae183470cc8a623675db6693776261082863e76054f8b6373014db8fd56c58184e5ea642421f0e3a335fc7cffd6b26fa6125500d41521f2a9cd9ecec8e1f1eaca9c60e9b59be35346ffe28f88845c7450dec01fee892c8ada2ccc71c2f5d9944042534a050daefa64f6248c868cf3ece5f25a90191d902df335eb0756609a71e8e91dcb822d06db3c6174f85df78553fabcff569314399b2a82deadc46da12314e55382c8d5dbdf26f764c7fd5c59bc8faf4c9e4ce9552f5664250cfc6226f83c2a79e9e1681a718d14b3e6065a5f1742ba72c1c989a24be8ba965c68c420b4fd822863eb001177dfd300dcc694bd4646834d3510b1a753d878b0d6a50aba689c65f51aff1158610bd204aea2924de04f33abee53916281d3c78ea5140a2b58aeeee8095d443aecab708f332bc73ddcc2d19efff755def242acd770fdad404450e4cc2c628eeb48da50b41b445d97d6537a9a4e6b48476795dacb3e1050b2b5f157f3f227f7dfea0341b12c7171ef825daa2b0400bd79b78cfc27fa732e24d09bd397ab4c009216b9347bc85a20faaee6ece9f51d32576dd7e34cf65f6af485b027aa5c5a0684e7ace0255b06d16111dbc7e09a9e2a66fa14f523f75e94557a17dd9d4946e76ea6db8250628168cc6f26e6385926482a9aa27354027f2821ad45511a11fbd6a04707007cc35c946b844ed2cb0566c3bbb698050e9424408a029f8494e1bb2030508ad3ac8a3ac22a173b584fafeec87bbcf57dfcf721c48f77f7b3448ab19239005bebfb2fa93cd4e91d83440af5cefb9369ead6fecb3071353365c06093c4bb243acce2324817675a8f315d8b18220890cd1bed5a3d10b602c7e6c1a717016baeb54c4402a43661353c3fddf941b35b52eb40fabe7346f36478481e5f2601a12cfd796927d1258dcaf2e0e46bc07e033be4580344ba4c0bb54b47c69f810085ae5dba62c57abbef5554703788e586916f047951e850e075a1642f01f5a83d24dbe03981aa8452814b7c627da656d71551dcb699a6c32bdab55844a1ca862d1366fc277bb1f9f47c1c5a34b7ad263561dad9d5be31310db77069925593db3292d2adfcccfbf08e0d19b1ec22e1db105f86c4bfe0a8fc51ba5631b5422117f949f8c1b963f35180dbd2226a751e0453ee11baf24853f3d9e1d27b35f72f1b0746db667ab7ad938876c7b880aad1123b2883aceba3974d028ff3b0844c5c9c60830462d1ba9fec8af1054673d5153879934f6643f1580ccf9f102424392b4d7c9ff6d37a741675b113c636174805b4f4f3e3d9c4fa56d52169eebfbf1d46faabb6ed9c9873479242226f2fe58631d7c8682b8928e883163d61d0ad48725f70c56094a0c595c36a3072c35b9f2312a311e4a1c81833f4d8a9231d1f040dc9b6e8fdde96588ee3d7cdcab1923239cefcdd8aeb4a491ddb2cfe7a3c34049111b3bb1d1ebaff20c512922f83384a3ce3be422cb7d7c1f42b9045f814e74f2569d949b73b1915126201b8c0e13c7a0e68793293fc6c15bbd32b732e11333c7c60e4b4aae52227b594e85f5e20a5363b5df2c6cdded0750eebee1d8b164c5d625601429ba3675965de696729cb5c00342b25182d88826fc8ec546bf2e8b88afe86b76189ef3b5173aa94e1b8ac93683f3efa391ff9e1ba694f56e6e6573bf677dbca60293eb0cc07327e3c7bf9101d3a2568f34c83f979e2a0585854ea55e18c9d3343672d67dd2b8cc97762ae008b41b402dc184bd59b74191a5d94eb0b69fe4924444ed22b2140051a5674160df36fce37ca24d226999d392fd383160968c1bacf828be8a5bd0e98870c43deac6b9d7698551a21880cd781a5884383b24a3fd520d31e1ce1597c787e1181647764f58c40feab93f1a2cbe58dec6e2925ee4484959c998013e7d7b5c7a79f8855eae9a296468f74bad068f692afcfc7c30ada169095a97bdbad70ff69eb273d027f3f4d7660d9506347f2523023cd6b709e314c246f10ef31e6631a6d303e15433d98f2ea958334e173b5777486c423e29a974a4631047664a957fcc7ddbe9ed7d6c79a16f2e3d62a54634444fe303c8d5c69d695fc07bf55b409df2b495d9b5e2b06c516d682dd715935385c688796d239a69f2092d2fbb659b1f9ca2e23cb02537fa34e283818a715881526844533d51b4a5a79fea7c17a99e13f8b5242b2fb8f9aa98337ae05019e4024c5e8dcf1271ecb1e4bf8e9cae72dd031b2185b9f12d55ce2f70584d625154e4521a13ea068852ebc653ecd31ec708693b358adf05b5fad31622087e3c931b2f4a441d3c38cf70c9d5da3553a63eb958b88b23308020ffe8868cd4d813dcfd9014552001e7c37d918872d9be27585ba041b0104f9d57f06aa8eb85b8d04fdb98e9d8b516141cf9e7da7857aa56ca708adc6d2a7796a1de89a11040fe4fb7385361a42f40afc4a3cd8eca2a65b2f8032ccbb7ec99c3cc1879efeb3749a1f2e906e4b2e3216264cb1ce3690c5be2ee4f3ca2a05152aff016890c8309cb4a62f9918e0b0755fc18a2f4a036756f8e4ae57f651927d55411f40b35dc672913b6d4a3987e04ca894882cddecfa6515d23d2b09ac3896ed7c78d2ddea5444cf566b36ea9f57035709112e813735e7a007652a58aba5c73ca3d85366768a10f3db79b9b677366ea7592d1a7cc3ee092da0d7ca39f0e820803f1a7da4f277c4ed474b6d3b03dc45e55241d51f6b86da3eeaba384722d6c6777361b42a0722b18d95316b37e0792a2ae81a039c4728487f64eca381362d03b75c3b7234c436fa3575d59dab4d969a7a843434792fca7fdb926c72ff21417ff67a3b87a339b603099311e272e078da3a3a6e0dbc0e0fa2b6708248fdae89338543bf4f9c63b9d5a731e45c7840fe38f7b5965baed1dcb7016dfe1c60e69f4f5d268914363cf73d714d47e2acf491df0aa1bae5d6af5575d855453c7582e58b9ac3ab4d33a47fc7d67f0775777233cf691723080360cd500b291864f118b31215ba78b46ca96f4e8ec59f8a40ece0d99c57fe22dd651e4b8b8dbca94", 0x1000}, {&(0x7f00000019c0)="95a26f3d69da471f31abbe0fc9022ddd947af0a28b99ddc32bc0b278d2f535f7b68cabf24cc24e06d0f5428ff69e851873f0ca21e1968c464ae0e1bd52e908e79858a855b65bccf0c11a117d147d309f090ae68c8cfd819716e111b51266d80ae9c7a72cc9d367d4bbdab6b7db841215fec2e53441ec0d5a8788f4d15fd73f572afb931189c74598cb7a43a10e688fffa8544e22cf711de6f324e4a8223442b669d523ca8b94652640886d2d1e4a8f27c1c4abfe619ca2383d87389dab2c8b1f3f78ecaaac1556285fe1de2f2224068cc3ba0884ccaa0191c187f888ee44e4b6f0bab01e6e38e43138033e26314106ae28619e06f1dd3a8e5847ee1025d4a80414e059df0af5fd7e648292bcb7e14bab2c64fd24486500b6db7f56b37c23d4f3b2f81db23e871bd44de9c016833b346ce0506c669603cf", 0x137}, {&(0x7f0000001940)="315ae206cb2d1c1b284f33426a242d7ab93da9a4b97536200e8d3426d018014ae1bce35b574b986a5e55bdf8506e5b38793c50ba1e7856983d46a3df6cb72d19f8c875ece6a8fb3d0340d81f62ab22145a18e12e39fd9b2c7d3f058333d1d95dbe35a361aab98a17093d7bf8f8ffffffffffffffdd253c1c3880987c54", 0x7d}, {&(0x7f0000001680)="8d8b9bb55c071d8131de2ab992732022c7666b67479e9305c021c9064747e819b0faf9e3b07501884a379b83017c7d24c54ff25c2b2a4f22f53c5ecace97b51c23ff38a2fab1c0dcb47acf6b8b98e4654f2a375f0ee5f92281410ac2667e3a2909f17a8d35dd27d4b3182633db9fa8506769e205ac9ccdd5fb4bcd8f19447cb47039ca756b0b716e13e1c13e517ebf5dfc9e562ebd74a27402732bd542ef7e2557823c104772ef69bb", 0xa9}, {&(0x7f0000001740)="57ef3f2f516e5f86879d9f547e43cda60174fe35200c74a4f513711cd4dba117fdb27eb228dc57f1454c63e95bcfb1eeff4371307e4f0db497cb41fefbf0161a57b2fca8a7dc254e7d5917f40d609b014dc254d7916a0f026292f9766434feff6dcbd5e6ccc9822c278d87548d06dedc4b18c332aef987c60fd2e45d9cb50ab55f3fecf6e8be94be6293a3d7da2ff0545fcc10ceb064e595cb68932a69146d0a89de61b8490194b2939d3d59b977a6901e046ada9b47e1c30b0031bc7187110005f674d9ae21646a5856bfbd61fa", 0xce}, {&(0x7f00000000c0)="98f191594e013aae025328a1eb0de7a09659f9e40f", 0x15}, {&(0x7f0000001840)="f8986ef0aaf8a24f0690253506881ed6e93e76dcd72e058bf9cb02386c80fff67bb3dc7615f546c3294e166fa8995b1a9826669a170e47eaa28367c520b5c9f218e3e33abacfc5fba5d5b361af55884c28522f1677ead93d3286dc", 0x5b}], 0x8}, 0x20000092) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xbd9cc44e00b45a3a) syz_open_dev$mouse(&(0x7f0000000200), 0x1, 0x0) 11.209629132s ago: executing program 3 (id=4154): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x0, 0x2, {0x4, 0x1}, 0x3, 0x800}) statx(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x20, &(0x7f0000000140)) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r2, r1, &(0x7f00000000c0)=0x58, 0x5) r3 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) rmdir(&(0x7f0000000040)='./cgroup/../file0/file0\x00') ioctl$FS_IOC_GETVERSION(r4, 0x40045b0a, &(0x7f0000000040)) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4, &(0x7f0000000040)=0x1, 0x4) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha384\x00'}, 0x58) socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r5, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'bond0\x00', &(0x7f0000000640)=@ethtool_per_queue_op={0x4b, 0x1d, [0x4, 0x1, 0xfffffff1, 0x8, 0x0, 0x1, 0x3e9, 0x5, 0x9, 0x6, 0x5, 0xe, 0x7ff, 0x4, 0x9, 0x3ff, 0x4, 0x8, 0x2, 0x4, 0x9, 0x4, 0x8, 0x1, 0xfffffa0c, 0x7, 0x736, 0x9be, 0x3, 0x7, 0x6, 0x14dc, 0x147, 0x9, 0x1, 0x3, 0x1, 0x0, 0x9, 0x6, 0x7, 0x4, 0x4, 0xfffffffb, 0x8, 0x80000004, 0x5, 0x2000100, 0x5, 0x19dd, 0x7, 0x3ff, 0x586, 0x6, 0xf667, 0xfffffffc, 0x7, 0x8, 0xfffffff4, 0x5, 0xc8, 0x0, 0x0, 0x4, 0x4, 0xc, 0xffffffa8, 0x1, 0x9, 0x1, 0x1, 0x83, 0xe39, 0xcf, 0x10, 0x401, 0xb00f, 0x7, 0x2a, 0x71c9, 0x4, 0x321, 0xfffffeff, 0x7f, 0x66, 0x1c24, 0xff, 0x9, 0x4, 0x2, 0x3, 0xff, 0x100, 0x126, 0x6, 0x8, 0xceaac57, 0xc, 0x4, 0x8, 0xffffffc0, 0x4, 0x10001, 0x5, 0x74a000, 0x4e27, 0x3ff, 0x0, 0x8356, 0x0, 0x6, 0x9b7, 0x1, 0x80000001, 0x7f, 0xea, 0x6, 0x80000000, 0xff, 0x7, 0x4da8e6f3, 0x5, 0x10001, 0x8, 0x69e4, 0x80000001, 0xfffffff4, 0x100]}}) fsetxattr$system_posix_acl(r7, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000740)=ANY=[@ANYBLOB="02"], 0xfe44, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000000c0)=0x100000001, 0x4) r8 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r8, 0x0, 0x0) syz_usb_control_io$printer(r8, 0x0, 0x0) syz_usb_control_io$printer(r8, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r8, 0x0, 0x0) 8.041015777s ago: executing program 0 (id=4160): socket$kcm(0xa, 0x2, 0x0) socket(0x2, 0x80805, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0x5) socket$inet6(0xa, 0x5, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x17) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c00000003080102000000074441980000000000050003"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) ioctl$VHOST_SET_VRING_CALL(r2, 0x4008af21, &(0x7f00000000c0)={0x2, r3}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = openat$cgroup_ro(r1, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) socket$unix(0x1, 0x2, 0x0) getsockname$unix(r3, &(0x7f0000000480)=@abs, &(0x7f0000000040)=0x6e) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r6, @ANYBLOB="ff83cb442aedb94ab59d", @ANYRES8=r0], 0x4}, 0x1, 0x0, 0x0, 0x4040}, 0x0) sendfile(r5, r4, 0x0, 0x100000002) r7 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5014, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x410, 0x7, 0x5, 0x40}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8, 0x2010, r3, 0xb4dec000) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000400)={0x1, &(0x7f00000003c0)=[{0x0}]}) ioctl$DRM_IOCTL_UNLOCK(0xffffffffffffffff, 0x4008642b, &(0x7f0000000440)={r8}) syz_usb_control_io(r7, &(0x7f00000001c0)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0007080000009dfb301bdaab4a3b1209e264a073"], 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r3, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18, r4, {0x4}}, './file0\x00'}) symlinkat(&(0x7f0000000200)='./file0\x00', r9, &(0x7f0000000380)='./file0\x00') socket(0x5, 0x3, 0xb) 7.761768684s ago: executing program 3 (id=4162): syz_open_dev$vim2m(0x0, 0x8, 0x2) r0 = io_uring_setup(0x46a8, &(0x7f0000000080)={0x0, 0x5d50, 0x0, 0x0, 0x3c1}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000002000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect(0x2, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201100153a42908f00a717291880102030109022461ba7fb10000090402000affffff0009"], 0x0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000002180)=r3) close_range(r0, 0xffffffffffffffff, 0x0) 5.691921958s ago: executing program 3 (id=4177): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000980)=ANY=[@ANYBLOB="28ff10000201010200000000000000000a0009e0b2a58df039fb0100000400000800020001140000"], 0x28}, 0x1, 0x0, 0x0, 0x91}, 0x4000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x85, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e23, 0x4, @mcast1, 0x3}}, 0x0, 0xfffc}, 0x90) r2 = socket$alg(0x26, 0x5, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="20000000eeff0001f6d6000002000000000000004cefc7803ac45ad09922e14807401b1c782f5af23933ab98eae882fc1353192738e99ce19e7fab9b4d9ad3bc569a82525cc3a15d914f4eeef135c18b7f4bda56696cbac9c9031818e7c3e92861073cde1fb9e6c5155406326abd505acff7b99c324fac000000", @ANYRES32=0x0, @ANYBLOB="2112000000000000"], 0x20}}, 0x0) syz_usb_connect(0x0, 0x35, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ca9bd410991100b098a8010203050902120001000010000904"], 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8) bind$alg(r2, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x9) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x40000) recvmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000600)=""/229, 0xe5}], 0x1}, 0x5}], 0x2, 0x60, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1532, 0x10d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x8}}}}}]}}]}}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r4, 0x0, 0x0, &(0x7f0000000b40), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, 0x0, 0x0) madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r6 = getpid() sched_setaffinity(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2) socket$inet6_sctp(0xa, 0x1, 0x84) 5.433808768s ago: executing program 1 (id=4178): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) openat$ppp(0xffffffffffffff9c, 0x0, 0x1980, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000040) getsockname$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0xfc, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SPLICE={0x1e, 0x48, 0x0, @fd, 0x3, {}, 0xa6, 0x3}) r6 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x6842, 0x80, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r6, 0x11, &(0x7f0000000d40)="01", 0x1) io_uring_enter(r3, 0x47f9, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="009609d8033cc518ce2205cd401edf7c220098c1822a6571603d416b0f146273a906ae4663a10502c86b7cfd0588e9b7c19af3f8c19bd80237cae9b3b9292a4b226f85baf032c087677a63011759fd3e3c241dc599f78c625838e7ae915dd8cc9a4eab9a1b058b308e4afd4bb0d318196cc9777672a59adab36301b08b45fa24a81f592ecd35a60af0ffb9"], 0x0}, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 4.741998045s ago: executing program 0 (id=4181): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6}]}, 0x10) getsockopt$sock_buf(r0, 0x1, 0x1a, &(0x7f0000001340)=""/4096, &(0x7f0000000340)=0x1000) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8001, &(0x7f00000049c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000880)=@generic={&(0x7f0000000840)='./file0\x00'}, 0x18) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000400)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@call={0x85, 0x0, 0x0, 0x7d}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b130000000000002c0012800b00010062726964676500001c00aea70c002000000000eaff0000000c001f00feffffffffffffff"], 0x4c}}, 0x0) 4.500400953s ago: executing program 2 (id=4184): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b60000009500000000e90000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20041804) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x4000050, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000240)={0x3, 0x97d9, 0x3, 0x2, 0x2}) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="fc030000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fbdbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400"], 0xfc}, 0x1, 0x0, 0x0, 0x8000}, 0x4008800) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x82, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x37f, 0xaef3, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x8, 0x13, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x3, 0x3, 0x40000000000002}], 0x9}) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r1, &(0x7f0000000040), &(0x7f000009de80), 0x0) 3.965924292s ago: executing program 1 (id=4185): io_submit(0x0, 0x1, &(0x7f0000000940)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x8, 0xffffffffffffffff, 0x0}]) syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00000000002000", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 3.802005892s ago: executing program 1 (id=4186): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0xfffffc}, 0x10) write(r1, &(0x7f0000000480)="1c0000001a005f0214f9f4070009010000000000fe03000100000000", 0x1c) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x3, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000001140)={@multicast2, @local}, 0x8) 3.800853011s ago: executing program 2 (id=4187): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='/proc/1/\x00\x82q\xee\xe5\xa0\xbd\xc2\x98#Y?0W\xb3W\xd2\xbfP\xee'}, 0x30) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x88}, @exit], &(0x7f00000002c0)='syzkaller\x00', 0x6}, 0x94) (async) rmdir(&(0x7f0000000000)='./file0\x00') (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) (async) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x1eb182, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) (async) r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregset(0x4205, r4, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f1821a4e4cbec8438c571a70e7ca7b0451a6cc55c", 0x98}) ptrace$setregset(0x4205, r4, 0x1, &(0x7f00000001c0)={&(0x7f0000000000)="c945b941eb6a3f6dedf11f1508685636", 0xfffffffffffffda4}) (async) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r5) (async) ptrace$setregset(0x4205, r5, 0x1, &(0x7f00000001c0)={0x0}) (async) syz_open_procfs(r5, 0x0) r6 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r6, &(0x7f0000000040)={0xffffffffffffffff, r2, 0x3}) sendfile(r2, r3, 0x0, 0x20fffe82) 3.7255538s ago: executing program 0 (id=4188): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) symlink(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') readlink(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000001200)=""/4096, 0x1000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) (async) mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100007ce7c810d804300a47ce0102030109022400010000000009040000020de67a0009050402ecffffffff08058102"], 0x0) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x85, 0x3, 0x200, 0x2, 0x5, 0x1}}]}}]}}]}}, 0x0) socket$inet6(0xa, 0x3, 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) (async) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$kcm(0x2, 0x5, 0x84) (async) r2 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000280), 0x4) (async) setsockopt$sock_attach_bpf(r2, 0x84, 0x1e, &(0x7f0000000280), 0x4) r3 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0xbdded000) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') (async) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') getdents64(r4, &(0x7f0000002f40)=""/4089, 0xff9) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1, 0x5}, {}, {0x7}}}, 0x24}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) sched_setattr(r5, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x100}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r6 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r6, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200008c0) (async) sendmsg$kcm(r6, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @loopback}}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x200008c0) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x3f, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) (async) sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x3f, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) 3.681110973s ago: executing program 4 (id=4189): socket$netlink(0x10, 0x3, 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) r0 = syz_open_dev$loop(&(0x7f0000000280), 0xa4f, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) write$FUSE_BMAP(r1, &(0x7f00000000c0)={0x18, 0xfffffffffffffff5, 0x0, {0x8000000000000001}}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1, 0x0, 0xfffffffffffffffb}, 0x18) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000000000000000000000c9ff00", "2809e8dbe108598948224ad54afac11d875397bdb22d00009520a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bc0007008019000000000000000000000000af1e4ccfb7b3cad80004010400", [0x1, 0x2000000000001]}}) 3.668584968s ago: executing program 1 (id=4190): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f00000003c0)="e8", 0x1}], 0x3}], 0x1, 0x40800) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x1b8, 0x1b8, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0x288, 0xe8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) (fail_nth: 4) 3.269445373s ago: executing program 1 (id=4191): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) poll(&(0x7f0000000000), 0x0, 0x7981) r2 = syz_open_pts(r1, 0x0) ioctl$TCFLSH(r2, 0x540b, 0x2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x3}, {}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_HH_FLOWS_LIMIT={0x8, 0x3, 0x9}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000001}, 0x4040000) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$VIDIOC_S_OUTPUT(r7, 0xc004562f, &(0x7f00000000c0)=0x200004) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r7, 0x110, 0x5, &(0x7f0000000080), 0x2) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r2, 0xf501, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000bd3000/0x2000)=nil}) r9 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet_opts(r9, 0x0, 0x6, &(0x7f0000000380)='\a', 0x1) setsockopt$SO_TIMESTAMPING(r9, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r9, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000840)=@newlink={0x30, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @gre={{0x8}, {0x4}}}]}, 0x30}}, 0x0) sendmmsg$inet6(r9, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x0) recvmmsg(r9, &(0x7f0000000800), 0x62, 0x12141, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r10, 0x4048aecb, &(0x7f00000000c0)) r11 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r11, 0x0, 0x0) 3.24949775s ago: executing program 2 (id=4192): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x2000}, 0x0) 3.09740079s ago: executing program 4 (id=4193): socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8054) ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) io_uring_setup(0xaae, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) ptrace(0x10, r2) ptrace$setregs(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$setregs(0xd, r2, 0x0, &(0x7f00000003c0)) r3 = socket$kcm(0x2, 0x3, 0x2) socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8916, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = dup(r4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000500)={0x0, 0x2, 0x10}, 0xc) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c0000006800e97800000000000000000a00000000db200fe8fd8ebd00000004000800"], 0x1c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) 2.925594729s ago: executing program 2 (id=4194): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff) (async) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5fb, @value=0x3}) (async) r0 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5dfc7fbbbc5b58c2", 0x9, 0xfffffffffffffffe) (async) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = fsmount(0xffffffffffffffff, 0x0, 0x2) openat$cgroup_freezer_state(r2, &(0x7f0000000280), 0x2, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x443, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) (async) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000240)={0x7, 0x3222, 0x3ff, 0x1, 0x8, "ab06e07420619eb4253b82ed9677db4725cbe5"}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.930080203s ago: executing program 2 (id=4195): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22fff6) openat$ppp(0xffffffffffffff9c, 0x0, 0x1980, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000040) getsockname$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000100)={0x4c, 0xfc, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) r3 = syz_io_uring_setup(0x10d, &(0x7f0000000140), &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_SPLICE={0x1e, 0x48, 0x0, @fd, 0x3, {}, 0xa6, 0x3}) r6 = io_uring_setup(0x2ed8, &(0x7f0000000280)={0x0, 0x6842, 0x80, 0x2, 0x12}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r6, 0x11, &(0x7f0000000d40)="01", 0x1) io_uring_enter(r3, 0x47f9, 0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="009609d8033cc518ce2205cd401edf7c220098c1822a6571603d416b0f146273a906ae4663a10502c86b7cfd0588e9b7c19af3f8c19bd80237cae9b3b9292a4b226f85baf032c087677a63011759fd3e3c241dc599f78c625838e7ae915dd8cc9a4eab9a1b058b308e4afd4bb0d318196cc9777672a59adab36301b08b45fa24a81f592ecd35a60af0ffb9"], 0x0}, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 1.84041139s ago: executing program 3 (id=4196): r0 = add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000004c0)=ANY=[@ANYRES16=r1, @ANYRES8=r0, @ANYRESDEC=r2, @ANYRESOCT=r2, @ANYBLOB="761304d6ae8d3d1d231b915f43cd66566f826c59cbb4185132628db6aca424496a4bfed23403c13cd6fec66baedc54f4319547a76a2fea6bbb840dbb0c0c06df715f35256f800c637ab1fd5cfd9eb53d3194c45db86189fcb2cc94d57b551af94728d15a9273b92dbfdb925deb00ed97c2016a302b0bdb1cde8ad19d7f5c5441ab61af7f611f5ed97b3e143208d3ca2b04d36a2fff025f2ec74d7b283b6658d658d229be8cad791ce98813b8d9ac73f3ed9a3b338d48ba4756ae1d8645a00e4040a6cec859590d9f99aa7562410177d91f249d99034737e3", @ANYBLOB="0bc7ef849ea570e45f27cb673f91f3b981d8c25596bffb802cd30f33c760bed229a1514e1ecc2faec88c053380126f92b931b4c759fdb98668101d9d4e43bb62dce791a368288e3c2a116cdc5b48989a988699dc93664415211b91f5ae677f5600b1010c9fb5740e50ddd1df186fd33bf177b9a89b6c3716ee52c72de49e4af218f6bfcf33ccb81501e7518f790143fad4e288add844b0ec89bc09fca8e3110ff5ec17889cc55651f82d0081474a9ecbc56785d391b61756860d3cc6dab276c13f2b31649bd3fb6090520fd01f602b"], 0x1df) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d9600010000000000000000000000000000004b53445200", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1.301939718s ago: executing program 3 (id=4197): io_submit(0x0, 0x1, &(0x7f0000000940)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x8, 0xffffffffffffffff, 0x0}]) syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00000000002200", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}}) 1.203911606s ago: executing program 4 (id=4198): socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x10, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000100000000000000010000b7080000000000007b8af8ff00000000b7080000001000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000b60000009500000000e90000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20041804) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x4000050, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000140)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x2}}, './file0\x00'}) ioctl$FS_IOC_FSGETXATTR(r2, 0x801c581f, &(0x7f0000000240)={0x3, 0x97d9, 0x3, 0x2, 0x2}) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$DEVLINK_CMD_TRAP_GET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="fc030000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fbdbdf253d0000000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c74696361737400080001007063690011000200303030303a30303a31302e30000000001c008200736f757263655f6d61635f69735f6d756c746963617374000e0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d61635f69735f6d756c74696361737400"], 0xfc}, 0x1, 0x0, 0x0, 0x8000}, 0x4008800) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x82, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x37f, 0xaef3, 0x0, 0x8, 0x4, 0x1, 0x8, 0x3, 0x8, 0x13, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0xfb, 0x4, 0x15, 0x3, 0x3, 0x40000000000002}], 0x9}) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) cachestat(r1, &(0x7f0000000040), &(0x7f000009de80), 0x0) 1.133663019s ago: executing program 3 (id=4199): r0 = socket(0x40000000015, 0x5, 0x0) unshare(0x2c020400) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @rand_addr=0x64010101}, 0xb) syz_usbip_server_init(0x4) syz_usb_connect(0x0, 0x34, &(0x7f00000000c0)=ANY=[], 0x0) 784.301274ms ago: executing program 4 (id=4200): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000421f04c8012bbd700000000000017c00000c007f0000010c00018035e12502507ca2fe04000280b302f8d51d2ac757416ea472a9d29ad0e69e4a6b588be2ded8c9d78b55b8606513eb9f1368fb4e2553f55e9b4d31b69754c1ed1b16c3c7e05647d43c77bb5c712086cfdef6a9ff356a35945e2c3f43d7356dad340ff570f3cef62beb89fdc7b17fcdbc8a8169ed"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc020) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000"], 0x70}, 0x1, 0x0, 0x0, 0x4000854}, 0x20000040) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000421f04c8012bbd700000000000017c00000c007f0000010c00018035e12502507ca2fe04000280b302f8d51d2ac757416ea472a9d29ad0e69e4a6b588be2ded8c9d78b55b8606513eb9f1368fb4e2553f55e9b4d31b69754c1ed1b16c3c7e05647d43c77bb5c712086cfdef6a9ff356a35945e2c3f43d7356dad340ff570f3cef62beb89fdc7b17fcdbc8a8169ed"], 0x30}, 0x1, 0x0, 0x0, 0x48815}, 0xc020) (async) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000"], 0x70}, 0x1, 0x0, 0x0, 0x4000854}, 0x20000040) (async) socket$inet_udp(0x2, 0x2, 0x0) (async) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) (async) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) (async) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) (async) 661.65472ms ago: executing program 4 (id=4201): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f00000003c0)="e8", 0x1}], 0x3}], 0x1, 0x40800) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x1b8, 0x1b8, 0xe8, 0xffffffff, 0xffffffff, 0xe8, 0x288, 0xe8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) (fail_nth: 5) 583.273473ms ago: executing program 4 (id=4202): syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000540)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0xce, 0x40, 0x8, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x7f, {{0x5}, {0x5, 0x24, 0x0, 0xf8af}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x40, 0x6, 0xb}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x448, 0x1, 0x7f, 0x24}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x6, 0x10, 0xde}}}}}]}}]}}, &(0x7f0000000880)={0x0, 0x0, 0xc, &(0x7f0000000bc0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x2, 0x3, 0x0, 0x1}]}}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) mknod$loop(&(0x7f0000001b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001d00010000000000000000000a00100009"], 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0xfffffffffffffef3, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a300000000070000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d2c001280280001800e000100636f6e6e6c69df22f4bb658dd4d1faa2618d14aee58b0aabd0aff3c916b9fcca47bd844a41c5113b4b891d238eea22b9f3ee70dd72cf8b05d550df5ba1573da82acb60f41675d979e0bc6f05949bb379fb4975ed41ec76cfab122d0047f23fd25c636956f0346b4dee035f4f1b15f222cc374f88d6d761386d29b58132043cb93cb0e5b99d365174dfd7ce42a2c0ea5a0247df6d5caf48ec15f861b826e709e1bd2c8075163061631d517a2bf6b3910e5ffd"], 0xb8}}, 0x54800) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r2 = socket$packet(0x11, 0x3, 0x300) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) write(r2, &(0x7f0000000100)="dab618cc0ebcda4d3a28d02dd32ada93ee0efca671e521d8e7a782395b53ec02fc09af88f862cb0a2e", 0x29) ioctl$TIOCSIG(r3, 0x40045436, 0x2) setsockopt$packet_rx_ring(r2, 0x107, 0x18, &(0x7f00000003c0)=@req={0x0, 0x8003, 0x5, 0x5}, 0x10) 485.546378ms ago: executing program 0 (id=4203): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x0, 'vlan0\x00', 0x2}, 0x18) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f0000000900)=[{{&(0x7f0000000380)=@phonet, 0x80, &(0x7f0000000280)}, 0x9}], 0x1, 0x102, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r4 = socket$xdp(0x2c, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000480)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = gettid() timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=0x0) timer_settime(r8, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) mkdir(0x0, 0x101) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x312000, 0x800, 0x0, 0x5}, 0x20) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x20001) r9 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x200540) ioctl$SG_GET_SCSI_ID(r9, 0x2276, &(0x7f0000000100)) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0) syz_io_uring_setup(0x8000049a, &(0x7f00000002c0)={0x0, 0x79af, 0x400, 0x4, 0x303, 0x0, r10}, &(0x7f0000000180)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r11, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r11, r12, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4007, @fd=r10, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) 3.202556ms ago: executing program 1 (id=4204): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff000000000000000000ffefffff00", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080000000c547d03d8a0f4bd00", [0x0, 0x6]}}) 0s ago: executing program 2 (id=4205): r0 = socket(0xa, 0x3, 0xff) setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f00000000c0)=0x85, 0x4) syz_emit_ethernet(0x4e, &(0x7f00000020c0)=ANY=[], 0x0) recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/92, 0x5c}, {&(0x7f0000000200)=""/48, 0x30}, {&(0x7f0000000440)=""/9, 0x9}, {&(0x7f0000002100)=""/4096, 0x1000}], 0x4, &(0x7f0000000540)=""/143, 0x8f}, 0x80000000}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000680)=""/146, 0x92}], 0x1}, 0x8000}], 0x2, 0x40010142, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r2, 0xc0d05640, &(0x7f0000000040)={0x2, @pix={0x5, 0xffffffff, 0x19041e1b, 0xe, 0x7, 0x9, 0x3, 0x7, 0x0, 0x4, 0x0, 0x3}}) r3 = dup(r1) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x200, 0x0) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000040)={@host}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r5, 0x7ab, &(0x7f0000000000)={&(0x7f0000000540)={{@host=0x10, 0xffffffff}, {@host=0x10, 0x1}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a64dbd7b398bd4e7a247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b08933865e3e154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227d17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d43843236b571c8d3237408c266e08d0699ebd30e0820362664ab323b15d3ae9896d6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce8622eab1cfdf82a364209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc986a2dbf6199977e9b446691bf9f95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def48f8b3583a53a0941fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c128fdacc545263ce458bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc9030"}, 0x418, 0x2001}) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r5, 0x7ac, &(0x7f0000000380)={0x0, 0xfffffffffffffdf2, 0x4}) ioctl$TUNSETIFF(r4, 0x400454ca, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(r6, 0x0, 0x800) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r7 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x5a93, 0x10100, 0xfffffffd, 0x307, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r7, 0x708, 0x41e3, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x100101) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 0410] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.3734'. [ 1082.825271][T20410] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.3734'. [ 1082.874196][T20410] netlink: 640 bytes leftover after parsing attributes in process `syz.0.3734'. [ 1083.155519][T20418] loop6: detected capacity change from 0 to 7 [ 1083.176778][T20418] Dev loop6: unable to read RDB block 7 [ 1083.195771][T16823] usbhid 5-1:0.0: can't add hid device: -71 [ 1083.201967][T16823] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1083.224798][T16823] usb 5-1: USB disconnect, device number 37 [ 1083.274345][T20418] loop6: AHDI p1 p2 p3 [ 1083.350501][T20418] loop6: partition table partially beyond EOD, truncated [ 1083.365031][T20418] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1083.372096][T20418] loop6: p2 size 108 extends beyond EOD, truncated [ 1083.680705][T16511] udevd[16511]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1084.276592][T20432] veth3: entered promiscuous mode [ 1084.283907][T20432] veth3: entered allmulticast mode [ 1085.080404][ T855] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1085.219137][T16731] bridge_slave_1: left allmulticast mode [ 1085.230523][T16731] bridge_slave_1: left promiscuous mode [ 1085.403111][ T855] usb 3-1: config 0 has no interfaces? [ 1085.413524][ T855] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1085.423071][ T855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.426983][T16731] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.490991][ T855] usb 3-1: Product: syz [ 1085.495211][ T855] usb 3-1: Manufacturer: syz [ 1085.521142][T16731] bridge_slave_0: left allmulticast mode [ 1085.527151][T16731] bridge_slave_0: left promiscuous mode [ 1085.560226][ T855] usb 3-1: SerialNumber: syz [ 1085.583478][ T855] usb 3-1: config 0 descriptor?? [ 1085.588775][T16731] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.809152][T20442] loop2: detected capacity change from 0 to 7 [ 1085.848728][T20442] Dev loop2: unable to read RDB block 7 [ 1085.917165][T20442] loop2: AHDI p1 p2 p3 [ 1086.055220][T20442] loop2: partition table partially beyond EOD, truncated [ 1086.116114][T20428] GUP no longer grows the stack in syz.1.3741 (20428): 200000005000-200000008000 (200000004000) [ 1086.138885][T20428] CPU: 0 UID: 0 PID: 20428 Comm: syz.1.3741 Not tainted syzkaller #0 PREEMPT(full) [ 1086.138904][T20428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1086.138911][T20428] Call Trace: [ 1086.138915][T20428] [ 1086.138922][T20428] dump_stack_lvl+0x189/0x250 [ 1086.138945][T20428] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1086.138960][T20428] ? __pfx__printk+0x10/0x10 [ 1086.138970][T20428] ? find_vma+0xe7/0x160 [ 1086.138991][T20428] __get_user_pages+0x2470/0x2a00 [ 1086.139026][T20428] ? __gup_longterm_locked+0xc63/0x1660 [ 1086.139039][T20428] ? down_read_killable+0x1d1/0x350 [ 1086.139057][T20428] __gup_longterm_locked+0xde4/0x1660 [ 1086.139081][T20428] ? gup_fast_fallback+0x1b86/0x22d0 [ 1086.139096][T20428] gup_fast_fallback+0x1d65/0x22d0 [ 1086.139126][T20428] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1086.139143][T20428] ? __lock_acquire+0xab9/0xd20 [ 1086.139154][T20428] ? is_valid_gup_args+0x11f/0x200 [ 1086.139168][T20428] ? get_user_pages_fast+0x4d/0xb0 [ 1086.139182][T20428] get_futex_key+0x938/0x1660 [ 1086.139202][T20428] ? __pfx_get_futex_key+0x10/0x10 [ 1086.139221][T20428] futex_wait_setup+0x4f/0x590 [ 1086.139234][T20428] ? __futex_wait+0xb3/0x3d0 [ 1086.139247][T20428] __futex_wait+0x148/0x3d0 [ 1086.139261][T20428] ? __pfx___futex_wait+0x10/0x10 [ 1086.139273][T20428] ? __pfx_futex_wake_mark+0x10/0x10 [ 1086.139287][T20428] ? __pfx_fpu__restore_sig+0x10/0x10 [ 1086.139307][T20428] futex_wait+0x104/0x360 [ 1086.139319][T20428] ? __pfx_futex_wait+0x10/0x10 [ 1086.139334][T20428] ? __ia32_sys_rt_sigreturn+0x743/0x860 [ 1086.139352][T20428] do_futex+0x333/0x420 [ 1086.139365][T20428] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 1086.139382][T20428] ? __pfx_do_futex+0x10/0x10 [ 1086.139400][T20428] __se_sys_futex+0x36f/0x400 [ 1086.139417][T20428] ? __pfx___se_sys_futex+0x10/0x10 [ 1086.139430][T20428] ? __task_pid_nr_ns+0x28/0x490 [ 1086.139445][T20428] ? __x64_sys_futex+0x21/0xf0 [ 1086.139460][T20428] do_syscall_64+0xfa/0xfa0 [ 1086.139473][T20428] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.139482][T20428] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1086.139491][T20428] ? clear_bhb_loop+0x60/0xb0 [ 1086.139502][T20428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.139512][T20428] RIP: 0033:0x7f070858efc9 [ 1086.139523][T20428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1086.139532][T20428] RSP: 002b:00007f0709465038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1086.139544][T20428] RAX: ffffffffffffffda RBX: 00007f07087e5fa0 RCX: 00007f070858efc9 [ 1086.139552][T20428] RDX: 00000000fffffffd RSI: 0000000000000000 RDI: 0000200000004000 [ 1086.139558][T20428] RBP: 00007f0708611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1086.139564][T20428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1086.139570][T20428] R13: 00007f07087e6038 R14: 00007f07087e5fa0 R15: 00007f070890fa28 [ 1086.139587][T20428] [ 1086.850538][T20442] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1086.904011][T20442] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1087.230455][T20448] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3746'. [ 1087.254749][T20448] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3746'. [ 1087.454105][T20457] loop6: detected capacity change from 0 to 7 [ 1087.477139][T20457] Dev loop6: unable to read RDB block 7 [ 1087.496137][T20457] loop6: AHDI p1 p2 p3 [ 1087.500796][T20457] loop6: partition table partially beyond EOD, truncated [ 1087.539063][T20457] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1087.557754][T20457] loop6: p2 size 108 extends beyond EOD, truncated [ 1087.616185][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1087.812705][T16731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1087.834177][T16731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1087.849331][T16731] bond0 (unregistering): Released all slaves [ 1088.028300][T20450] tipc: Enabled bearer , priority 0 [ 1088.035464][T20453] syzkaller0: entered promiscuous mode [ 1088.041140][T20453] syzkaller0: entered allmulticast mode [ 1088.049722][T20460] tipc: Resetting bearer [ 1088.082708][T20460] tipc: Disabling bearer [ 1088.096972][T16731] tipc: Left network mode [ 1088.377689][T20477] loop3: detected capacity change from 0 to 7 [ 1088.415876][T16516] Dev loop3: unable to read RDB block 7 [ 1088.422463][T16516] loop3: unable to read partition table [ 1088.428608][T16516] loop3: partition table beyond EOD, truncated [ 1088.437994][T20477] Dev loop3: unable to read RDB block 7 [ 1088.444145][T20477] loop3: unable to read partition table [ 1088.452260][T20477] loop3: partition table beyond EOD, truncated [ 1088.459994][T16731] hsr_slave_0: left promiscuous mode [ 1088.494463][T20477] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1088.504705][T16731] hsr_slave_1: left promiscuous mode [ 1088.511251][T16731] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1088.546492][T16731] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1088.576207][T16731] dummy0: left allmulticast mode [ 1088.707281][T16731] batadv4 (unregistering): left promiscuous mode [ 1088.726904][T16731] team0 (unregistering): Port device batadv4 removed [ 1088.751401][T20484] loop2: detected capacity change from 0 to 7 [ 1088.768326][T16516] Dev loop2: unable to read RDB block 7 [ 1088.774242][T16516] loop2: AHDI p1 p2 p3 [ 1088.795410][T16516] loop2: partition table partially beyond EOD, truncated [ 1088.804175][T16516] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1088.813559][T16731] batadv2 (unregistering): left promiscuous mode [ 1088.820578][T16516] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1088.830144][T20484] Dev loop2: unable to read RDB block 7 [ 1088.844993][T20484] loop2: AHDI p1 p2 p3 [ 1088.848087][T16731] team0 (unregistering): Port device batadv2 removed [ 1088.868481][T20484] loop2: partition table partially beyond EOD, truncated [ 1088.876852][T20484] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1088.884462][T20484] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1088.974544][T16731] batadv1 (unregistering): left promiscuous mode [ 1088.999662][T16731] team0 (unregistering): Port device batadv1 removed [ 1089.087574][T20487] netlink: 'syz.3.3757': attribute type 10 has an invalid length. [ 1089.153616][T17675] usb 3-1: USB disconnect, device number 26 [ 1089.193803][T20490] netlink: 'syz.3.3757': attribute type 10 has an invalid length. [ 1090.201750][ T30] audit: type=1326 audit(1761128165.910:2682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.381473][ T30] audit: type=1326 audit(1761128165.910:2683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.406226][ T30] audit: type=1326 audit(1761128165.910:2684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.530496][ T30] audit: type=1326 audit(1761128165.910:2685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.559042][ T30] audit: type=1326 audit(1761128165.910:2686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.590358][ T30] audit: type=1326 audit(1761128165.910:2687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.637549][ T30] audit: type=1326 audit(1761128165.940:2688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.728233][ T30] audit: type=1326 audit(1761128165.940:2689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.790950][ T30] audit: type=1326 audit(1761128165.960:2690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.861299][ T30] audit: type=1326 audit(1761128166.100:2691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20504 comm="syz.2.3762" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1090.925903][T16731] team_slave_1 (unregistering): left promiscuous mode [ 1090.934700][T16731] team0 (unregistering): Port device team_slave_1 removed [ 1090.942011][T13938] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1091.078976][T16731] team_slave_0 (unregistering): left promiscuous mode [ 1091.099800][T16731] team0 (unregistering): Port device team_slave_0 removed [ 1091.100421][T13938] usb 3-1: Using ep0 maxpacket: 8 [ 1091.122575][T13938] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1091.132995][T13938] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1091.150469][T13938] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1091.174609][T13938] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1091.200471][T13938] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1091.219967][T13938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1091.462703][T13938] usb 3-1: GET_CAPABILITIES returned 0 [ 1091.488036][T13938] usbtmc 3-1:16.0: can't read capabilities [ 1091.856935][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.866159][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.875452][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.884636][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.893745][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.902912][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.912054][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.931731][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.940897][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.951776][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.961193][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.970582][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.981602][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1091.991534][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1092.000651][ C1] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1092.011298][ C0] usbtmc 3-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1092.059651][T13938] usb 3-1: USB disconnect, device number 27 [ 1092.300565][T20487] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1092.316334][T20487] team0: Port device netdevsim0 added [ 1092.324183][T20490] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 1092.343343][T20490] team0: Port device netdevsim0 removed [ 1092.355318][T20490] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1092.712553][T13938] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1092.845248][T20529] loop2: detected capacity change from 0 to 7 [ 1092.852935][T20529] Dev loop2: unable to read RDB block 7 [ 1092.865708][T20529] loop2: AHDI p1 p2 p3 [ 1092.870701][T13938] usb 3-1: Using ep0 maxpacket: 8 [ 1093.189421][T20529] loop2: partition table partially beyond EOD, truncated [ 1093.220674][T13938] usb 3-1: config 0 has an invalid interface number: 246 but max is 0 [ 1093.230431][T13938] usb 3-1: config 0 has no interface number 0 [ 1093.246966][T20529] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1093.254627][T13938] usb 3-1: config 0 interface 246 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1093.267194][T20529] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1093.316196][T13938] usb 3-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1093.329332][T13938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=7 [ 1093.340106][T13938] usb 3-1: Product: syz [ 1093.344481][T13938] usb 3-1: Manufacturer: syz [ 1093.350019][T13938] usb 3-1: SerialNumber: syz [ 1093.400526][T13938] usb 3-1: config 0 descriptor?? [ 1094.083967][T13938] usb 3-1: can't set config #0, error -71 [ 1094.181484][T13938] usb 3-1: USB disconnect, device number 28 [ 1094.562290][T16731] IPVS: stop unused estimator thread 0... [ 1094.620408][T13938] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1094.772949][T13938] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1094.796735][T13938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1094.841725][T13938] usb 3-1: config 0 descriptor?? [ 1094.866010][T13938] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1094.882518][T20551] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3774'. [ 1094.904826][T20551] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3774'. [ 1094.921104][T20551] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3774'. [ 1094.941248][T20551] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3774'. [ 1094.970591][T20551] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3774'. [ 1095.040457][T17675] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 1095.253420][T17675] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1095.263152][T17675] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.280369][T17675] usb 4-1: Product: syz [ 1095.286425][T20556] veth5: entered promiscuous mode [ 1095.290382][T17675] usb 4-1: Manufacturer: syz [ 1095.296172][T20556] veth5: entered allmulticast mode [ 1095.340722][T17675] usb 4-1: SerialNumber: syz [ 1095.356573][T17675] usb 4-1: config 0 descriptor?? [ 1095.573315][T17675] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1097.532505][T20580] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3779'. [ 1097.586988][T20580] sit1: entered promiscuous mode [ 1098.385224][T13938] usb 3-1: USB disconnect, device number 29 [ 1098.457457][T17675] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1098.594897][T17675] usb 4-1: USB disconnect, device number 22 [ 1101.121158][ T5889] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1101.260400][ T855] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1101.282461][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 1101.316506][ T5889] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1101.558443][ T5889] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1101.690463][ T855] usb 4-1: Using ep0 maxpacket: 16 [ 1101.702298][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.760614][ T5889] usb 3-1: Product: syz [ 1101.764848][ T5889] usb 3-1: Manufacturer: syz [ 1101.770727][ T855] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1101.778460][ T855] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1101.790962][ T855] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1101.809332][ T855] usb 4-1: can't read configurations, error -61 [ 1101.865950][ T5889] usb 3-1: SerialNumber: syz [ 1101.914193][ T5889] usb 3-1: config 0 descriptor?? [ 1101.991587][ T855] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1102.212180][ T855] usb 4-1: Using ep0 maxpacket: 16 [ 1102.223567][ T855] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1102.256892][ T855] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1102.314072][ T855] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1102.329983][ T5889] gs_usb 3-1:0.0: Couldn't get device config: (err=-121) [ 1102.337763][ T5889] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -121 [ 1102.352284][ T855] usb 4-1: can't read configurations, error -61 [ 1102.378129][ T855] usb usb4-port1: attempt power cycle [ 1102.730406][ T855] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1102.730406][T17675] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 1102.753563][ T855] usb 4-1: Using ep0 maxpacket: 16 [ 1102.778778][ T855] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1102.787065][ T855] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1102.797621][ T855] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1102.808983][ T855] usb 4-1: can't read configurations, error -61 [ 1102.950435][T20659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1102.959597][T20659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1102.960248][T17675] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1102.980696][T17675] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1102.992447][T17675] usb 2-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 1103.000832][ T855] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1103.022895][T17675] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1103.042058][ T855] usb 4-1: Using ep0 maxpacket: 16 [ 1103.048907][T17675] usb 2-1: config 0 descriptor?? [ 1103.058767][ T855] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1103.070190][ T855] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 1103.086761][ T855] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1103.097464][ T855] usb 4-1: can't read configurations, error -61 [ 1103.104700][ T855] usb usb4-port1: unable to enumerate USB device [ 1103.716991][T17675] hid_mf 0003:0079:1846.0031: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.1-1/input0 [ 1103.761278][T17675] hid_mf 0003:0079:1846.0031: Force feedback for HJZ Mayflash game controller adapters by Marcel Hasler [ 1103.916847][T20661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1103.961475][T20661] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1104.012907][ T5889] usb 3-1: USB disconnect, device number 30 [ 1105.656300][ T855] usb 2-1: USB disconnect, device number 55 [ 1106.852859][T20703] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3807'. [ 1108.223665][ T5889] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1108.415660][ T5889] usb 3-1: config index 0 descriptor too short (expected 39, got 27) [ 1108.436473][ T5889] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1108.478928][ T5889] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1108.549140][ T5889] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1108.574004][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1108.607731][ T5889] usb 3-1: Product: syz [ 1108.636642][ T5889] usb 3-1: Manufacturer: syz [ 1108.646622][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 1108.646643][ T30] audit: type=1800 audit(1761128184.360:2750): pid=20733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3814" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0 [ 1108.651998][ T5889] usb 3-1: SerialNumber: syz [ 1108.905780][ T5889] usb 3-1: config 0 descriptor?? [ 1109.043137][ T5889] hub 3-1:0.0: bad descriptor, ignoring hub [ 1109.056010][ T5889] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1109.150858][ T5889] usb 3-1: selecting invalid altsetting 0 [ 1110.584524][T20754] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 1110.598454][T20754] batadv3: entered promiscuous mode [ 1110.613290][T20754] team0: Port device batadv3 added [ 1111.306507][T16823] usb 3-1: USB disconnect, device number 31 [ 1111.359965][T20768] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 1112.430253][T16823] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1113.388500][T16823] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1113.401874][T16823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1113.441024][T16823] usb 2-1: config 0 descriptor?? [ 1113.466401][T16823] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1113.736618][T20803] loop9: detected capacity change from 0 to 7 [ 1113.747185][T16516] Dev loop9: unable to read RDB block 7 [ 1114.006797][T16516] loop9: unable to read partition table [ 1114.013271][T16516] loop9: partition table beyond EOD, truncated [ 1114.027111][T20803] Dev loop9: unable to read RDB block 7 [ 1114.040475][T20803] loop9: unable to read partition table [ 1114.046714][T20803] loop9: partition table beyond EOD, truncated [ 1114.063667][T20803] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1115.786715][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.794883][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.918915][T20821] kvm: apic: phys broadcast and lowest prio [ 1116.390400][T16807] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1116.590858][T16823] usb 2-1: USB disconnect, device number 56 [ 1116.632255][T16807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1116.642968][T16807] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 1116.672184][T16807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1116.706246][T16807] usb 5-1: config 0 descriptor?? [ 1117.085434][ T30] audit: type=1326 audit(1761128192.800:2751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1117.595425][T16807] lenovo 0003:17EF:6047.0032: item fetching failed at offset 2/5 [ 1117.600453][ T30] audit: type=1326 audit(1761128192.820:2752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1117.676321][T16807] lenovo 0003:17EF:6047.0032: hid_parse failed [ 1117.709449][ T30] audit: type=1326 audit(1761128192.820:2753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1117.750705][ T30] audit: type=1326 audit(1761128192.820:2754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1117.782909][ T30] audit: type=1326 audit(1761128192.820:2755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1117.833083][ T30] audit: type=1326 audit(1761128192.830:2756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1118.020470][T16807] lenovo 0003:17EF:6047.0032: probe with driver lenovo failed with error -22 [ 1118.039579][ T30] audit: type=1326 audit(1761128192.870:2757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1118.108576][T16807] usb 5-1: USB disconnect, device number 38 [ 1118.126449][ T30] audit: type=1326 audit(1761128192.870:2758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1118.250562][ T30] audit: type=1326 audit(1761128192.870:2759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1118.300394][ T30] audit: type=1326 audit(1761128192.870:2760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20833 comm="syz.2.3843" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f966dd8efc9 code=0x7ffc0000 [ 1118.912974][T20860] netlink: 156 bytes leftover after parsing attributes in process `syz.0.3848'. [ 1120.157263][T20879] ipip0: entered promiscuous mode [ 1120.187898][T20879] ipip0: entered allmulticast mode [ 1120.371657][T20886] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1120.469539][T16807] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 1120.520726][T20889] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.3855'. [ 1120.530185][T20889] netlink: 5128 bytes leftover after parsing attributes in process `syz.2.3855'. [ 1120.549696][T20889] netlink: 640 bytes leftover after parsing attributes in process `syz.2.3855'. [ 1120.783659][T16807] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1120.794220][T16807] usb 2-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 1120.815970][T20894] bridge0: port 3(gretap0) entered blocking state [ 1120.825882][T20894] bridge0: port 3(gretap0) entered disabled state [ 1120.833256][T20894] gretap0: entered allmulticast mode [ 1120.839773][T20894] gretap0: entered promiscuous mode [ 1120.849749][T16807] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1120.864897][T20894] bridge0: port 3(gretap0) entered blocking state [ 1120.872009][T20894] bridge0: port 3(gretap0) entered forwarding state [ 1120.881921][T20896] gretap0: left allmulticast mode [ 1120.887572][T20896] gretap0: left promiscuous mode [ 1120.892772][T20896] bridge0: port 3(gretap0) entered disabled state [ 1121.009658][T16807] usb 2-1: config 0 descriptor?? [ 1121.034631][T20897] tipc: Enabling of bearer rejected, failed to enable media [ 1121.450460][T17675] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1121.505313][T20882] netlink: 'syz.1.3854': attribute type 63 has an invalid length. [ 1121.648282][T20904] netlink: 'syz.1.3854': attribute type 63 has an invalid length. [ 1121.710372][T17675] usb 3-1: device descriptor read/64, error -71 [ 1121.948745][T16807] razer 0003:1532:010E.0033: hidraw0: USB HID v0.00 Device [HID 1532:010e] on usb-dummy_hcd.1-1/input0 [ 1122.000417][T17675] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1122.147833][T16807] usb 2-1: USB disconnect, device number 57 [ 1122.162697][T17675] usb 3-1: device descriptor read/64, error -71 [ 1122.281742][T17675] usb usb3-port1: attempt power cycle [ 1122.654602][T17675] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1122.776162][T17675] usb 3-1: device descriptor read/8, error -71 [ 1122.893742][T20927] dns_resolver: Unsupported server list version (0) [ 1123.121829][T17675] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1123.124331][T16807] usb 2-1: new full-speed USB device number 58 using dummy_hcd [ 1123.200548][T17675] usb 3-1: device descriptor read/8, error -71 [ 1123.310860][T17675] usb usb3-port1: unable to enumerate USB device [ 1123.332708][T16807] usb 2-1: config 0 has an invalid interface number: 160 but max is 0 [ 1123.347754][T16807] usb 2-1: config 0 has no interface number 0 [ 1123.358002][T16807] usb 2-1: config 0 interface 160 has no altsetting 0 [ 1123.389668][T20936] loop6: detected capacity change from 0 to 7 [ 1123.412354][T16807] usb 2-1: New USB device found, idVendor=a6da, idProduct=1e78, bcdDevice=56.e4 [ 1123.421579][T16807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1123.431215][T20936] Dev loop6: unable to read RDB block 7 [ 1123.439394][T16807] usb 2-1: Product: syz [ 1123.443693][T16807] usb 2-1: Manufacturer: syz [ 1123.448553][T20936] loop6: AHDI p1 p2 p3 [ 1123.453036][T16823] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 1123.460941][T16807] usb 2-1: SerialNumber: syz [ 1123.466135][T20936] loop6: partition table partially beyond EOD, truncated [ 1123.477595][T16807] usb 2-1: config 0 descriptor?? [ 1123.485532][T20936] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1123.493022][T20936] loop6: p2 size 108 extends beyond EOD, truncated [ 1123.494337][T16807] usb-storage 2-1:0.160: USB Mass Storage device detected [ 1123.613368][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1123.626449][T16823] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1123.645499][T16823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1123.709578][T16823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 1123.740412][T16823] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1123.758301][T16823] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1123.766708][T20942] netlink: zone id is out of range [ 1123.773264][T16823] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1123.776212][T20942] netlink: zone id is out of range [ 1123.790238][T16823] usb 5-1: Manufacturer: syz [ 1123.822574][T16823] usb 5-1: config 0 descriptor?? [ 1123.843798][T20942] netlink: zone id is out of range [ 1123.864996][T20942] netlink: zone id is out of range [ 1123.914141][T20942] netlink: zone id is out of range [ 1123.924372][T20942] netlink: zone id is out of range [ 1123.953155][T20942] netlink: zone id is out of range [ 1123.964407][T20942] netlink: zone id is out of range [ 1123.971019][T20942] netlink: zone id is out of range [ 1123.976360][T20942] netlink: zone id is out of range [ 1123.987001][ T30] kauditd_printk_skb: 42 callbacks suppressed [ 1123.987050][ T30] audit: type=1326 audit(1761128199.700:2803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.016965][ T30] audit: type=1326 audit(1761128199.700:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.056427][T20931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1124.074414][T20931] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1124.087931][ T30] audit: type=1326 audit(1761128199.700:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.111029][T16807] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 1124.118146][ T30] audit: type=1326 audit(1761128199.700:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.159605][ T30] audit: type=1326 audit(1761128199.700:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.192224][T16823] rc_core: IR keymap rc-hauppauge not found [ 1124.198356][T16823] Registered IR keymap rc-empty [ 1124.205697][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1124.225606][ T30] audit: type=1326 audit(1761128199.740:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.232729][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1124.281655][T16807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1124.293796][T16823] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1124.305483][T16807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1124.755672][T16807] usb 4-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00 [ 1124.768202][T16823] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input64 [ 1124.780681][T16807] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 1124.788650][T16807] usb 4-1: Manufacturer: syz [ 1124.798652][ T30] audit: type=1326 audit(1761128199.740:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.822259][T16807] usb 4-1: config 0 descriptor?? [ 1124.835548][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1124.847325][ T30] audit: type=1326 audit(1761128199.740:2810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.879613][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1124.897923][ T30] audit: type=1326 audit(1761128199.740:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1124.921251][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1124.928124][ T30] audit: type=1326 audit(1761128199.740:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20948 comm="syz.0.3874" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1125.004456][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.039315][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.065927][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.090632][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.110619][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.130626][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.160847][T16823] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 1125.193044][T16823] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1125.208092][T16823] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1125.240442][T17675] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1125.252494][T16823] usb 5-1: USB disconnect, device number 39 [ 1125.400389][T17675] usb 3-1: Using ep0 maxpacket: 32 [ 1125.407892][T17675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1125.419332][T17675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1125.429611][T17675] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1125.442678][T17675] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.461165][T17675] usb 3-1: config 0 descriptor?? [ 1125.461361][T16807] usbhid 4-1:0.0: can't add hid device: -71 [ 1125.489314][T16807] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1125.498459][T17675] hub 3-1:0.0: USB hub found [ 1125.508077][T16807] usb 4-1: USB disconnect, device number 27 [ 1125.669728][T17675] hub 3-1:0.0: 1 port detected [ 1125.797005][T16823] usb 2-1: USB disconnect, device number 58 [ 1125.908643][T20972] loop6: detected capacity change from 0 to 7 [ 1125.916037][T20972] Dev loop6: unable to read RDB block 7 [ 1125.921702][T20972] loop6: AHDI p1 p2 p3 [ 1125.925965][T20972] loop6: partition table partially beyond EOD, truncated [ 1125.934240][T20972] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1125.942042][T20972] loop6: p2 size 108 extends beyond EOD, truncated [ 1125.982373][T17675] hub 3-1:0.0: activate --> -90 [ 1126.004739][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1126.081125][ T5889] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1126.196303][T17675] hub 3-1:0.0: hub_ext_port_status failed (err = -32) [ 1126.250392][ T5889] usb 5-1: Using ep0 maxpacket: 8 [ 1126.264697][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1126.279180][ T5889] usb 5-1: config 0 has an invalid interface number: 165 but max is 0 [ 1126.302834][ T5889] usb 5-1: config 0 has no interface number 0 [ 1126.326532][ T5889] usb 5-1: config 0 interface 165 altsetting 129 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1126.352344][ T5889] usb 5-1: config 0 interface 165 has no altsetting 0 [ 1126.362221][ T5889] usb 5-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=9b.2e [ 1126.372249][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1126.380596][ T5889] usb 5-1: Product: syz [ 1126.384965][ T5889] usb 5-1: Manufacturer: syz [ 1126.389598][ T5889] usb 5-1: SerialNumber: syz [ 1126.410938][ T5889] usb 5-1: config 0 descriptor?? [ 1128.220728][T13938] usb 3-1: USB disconnect, device number 36 [ 1128.241263][T21009] sctp: [Deprecated]: syz.2.3889 (pid 21009) Use of int in maxseg socket option. [ 1128.241263][T21009] Use struct sctp_assoc_value instead [ 1128.421384][T21012] fuse: Bad value for 'fd' [ 1128.433024][T21012] netlink: 'syz.2.3890': attribute type 3 has an invalid length. [ 1128.447461][T21012] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1128.810303][T21015] loop6: detected capacity change from 0 to 7 [ 1128.832936][T21015] Dev loop6: unable to read RDB block 7 [ 1128.842730][T21015] loop6: AHDI p1 p2 p3 [ 1128.847489][T21015] loop6: partition table partially beyond EOD, truncated [ 1128.859392][T21015] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1128.866787][T21015] loop6: p2 size 108 extends beyond EOD, truncated [ 1128.947593][ T5889] comedi comedi5: Wrong number of endpoints [ 1128.968455][ T5889] ni6501 5-1:0.165: driver 'ni6501' failed to auto-configure device. [ 1128.989663][ T5889] usb 5-1: USB disconnect, device number 40 [ 1129.008574][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1129.610490][T16823] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1129.660420][ T5889] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1129.770334][T16823] usb 2-1: Using ep0 maxpacket: 32 [ 1129.828454][T16823] usb 2-1: config 0 has an invalid interface number: 219 but max is 0 [ 1129.842043][ T5889] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1129.853540][T16823] usb 2-1: config 0 has no interface number 0 [ 1129.874045][ T5889] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1129.893266][ T5889] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1129.893409][T16823] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 1129.918073][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1129.933911][T16823] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 1129.955023][T16823] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1129.983053][T21036] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 1129.990436][T16823] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1130.001098][T16823] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1130.015206][ T5889] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1130.026568][T16823] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9 [ 1130.037205][T16823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1130.052483][T16823] usb 2-1: Product: syz [ 1130.056937][T16823] usb 2-1: Manufacturer: syz [ 1130.062805][T16823] usb 2-1: SerialNumber: syz [ 1130.153640][T16823] usb 2-1: config 0 descriptor?? [ 1130.169515][T21032] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1130.221338][T21036] fuse: Unknown parameter 'rootmod' [ 1130.414513][T16823] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz) [ 1130.437860][T16823] etas_es58x 2-1:0.219: could not retrieve the product info string [ 1130.536173][T16823] usb 2-1: USB disconnect, device number 59 [ 1130.555029][T16823] etas_es58x 2-1:0.219: Disconnecting syz syz [ 1131.804147][T21064] netlink: 136 bytes leftover after parsing attributes in process `syz.1.3906'. [ 1131.830503][T21064] net_ratelimit: 7 callbacks suppressed [ 1131.832315][T21064] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 1132.098387][T16807] usb 3-1: USB disconnect, device number 37 [ 1132.320484][ T5889] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 1132.624061][T21080] veth11: entered promiscuous mode [ 1132.639305][T21080] veth11: entered allmulticast mode [ 1132.654584][ T5889] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1132.667354][ T5889] usb 4-1: not running at top speed; connect to a high speed hub [ 1132.680108][ T5889] usb 4-1: config 17 has an invalid interface number: 8 but max is 1 [ 1132.688793][ T5889] usb 4-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 1132.736779][ T5889] usb 4-1: config 17 has no interface number 0 [ 1132.745355][ T5889] usb 4-1: config 17 interface 8 altsetting 6 endpoint 0x3 has an invalid bInterval 0, changing to 4 [ 1132.758290][ T5889] usb 4-1: config 17 interface 8 has no altsetting 0 [ 1132.769496][ T5889] usb 4-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 1132.780100][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1132.789007][ T5889] usb 4-1: Product: syz [ 1132.793533][ T5889] usb 4-1: Manufacturer: syz [ 1132.798390][ T5889] usb 4-1: SerialNumber: syz [ 1133.025632][ T5889] usb 4-1: selecting invalid altsetting 0 [ 1133.031641][ T5889] usb 4-1: 8:6 : no UAC_FORMAT_TYPE desc [ 1133.037730][ T5889] usb 4-1: selecting invalid altsetting 0 [ 1133.065800][ T5889] usb 4-1: USB disconnect, device number 28 [ 1133.123638][T16516] udevd[16516]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1133.540627][ T5889] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1133.800763][ T5889] usb 3-1: Using ep0 maxpacket: 8 [ 1133.808702][ T5889] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1133.831496][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1133.853944][T21098] loop2: detected capacity change from 0 to 7 [ 1133.864114][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1133.873696][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1133.874694][T21098] Dev loop2: unable to read RDB block 7 [ 1133.882648][ T5889] usb 3-1: Product: syz [ 1133.895471][ T5889] usb 3-1: Manufacturer: syz [ 1133.907864][ T5889] usb 3-1: SerialNumber: syz [ 1133.929567][T21098] loop2: AHDI p1 p2 p3 [ 1133.945068][T21098] loop2: partition table partially beyond EOD, truncated [ 1133.970691][T21098] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1134.005652][T21098] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1135.486478][T21105] loop6: detected capacity change from 0 to 7 [ 1135.516971][T21105] Dev loop6: unable to read RDB block 7 [ 1135.522991][T21105] loop6: AHDI p1 p2 p3 [ 1135.530491][T21105] loop6: partition table partially beyond EOD, truncated [ 1135.541163][T21105] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1135.570732][T21105] loop6: p2 size 108 extends beyond EOD, truncated [ 1135.727458][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1135.912975][ T5889] usb 3-1: 0:2 : does not exist [ 1135.997465][ T5889] usb 3-1: USB disconnect, device number 38 [ 1136.057606][T21118] loop9: detected capacity change from 0 to 7 [ 1136.071722][T16516] udevd[16516]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1136.083539][T21118] Dev loop9: unable to read RDB block 7 [ 1136.123071][T21118] loop9: unable to read partition table [ 1136.139765][T21118] loop9: partition table beyond EOD, truncated [ 1136.183737][T21118] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1136.293380][T21123] veth3: entered promiscuous mode [ 1136.320581][T21123] veth3: entered allmulticast mode [ 1136.329614][T21125] netlink: 'syz.3.3924': attribute type 1 has an invalid length. [ 1136.435151][T21127] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1136.478717][T21127] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3925'. [ 1136.841990][T21134] macvlan1: entered promiscuous mode [ 1136.916880][T21134] macvlan1: left promiscuous mode [ 1137.031997][T21137] loop2: detected capacity change from 0 to 7 [ 1137.043500][T21137] Dev loop2: unable to read RDB block 7 [ 1137.055633][T21137] loop2: AHDI p1 p2 p3 [ 1137.093707][T21137] loop2: partition table partially beyond EOD, truncated [ 1137.106854][T21137] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1137.224209][T21137] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1137.366653][T21141] loop6: detected capacity change from 0 to 7 [ 1137.398601][T21141] Dev loop6: unable to read RDB block 7 [ 1137.418755][T21141] loop6: AHDI p1 p2 p3 [ 1137.441244][T21141] loop6: partition table partially beyond EOD, truncated [ 1137.463199][T21141] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1137.490426][T21141] loop6: p2 size 108 extends beyond EOD, truncated [ 1137.581657][T21149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3932'. [ 1137.608874][T21149] vlan0: entered promiscuous mode [ 1137.615026][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1137.645212][T21149] gretap0: entered promiscuous mode [ 1138.035225][T21167] dummy0: left promiscuous mode [ 1138.585418][T21167] team0: Port device dummy0 removed [ 1138.598172][T21167] bridge_slave_0: left allmulticast mode [ 1138.610521][T21167] bridge_slave_0: left promiscuous mode [ 1138.620666][T21167] bridge0: port 1(bridge_slave_0) entered disabled state [ 1138.731629][ T5889] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1138.759291][T21167] bridge_slave_1: left allmulticast mode [ 1138.807678][T21167] bridge_slave_1: left promiscuous mode [ 1138.820963][T21167] bridge0: port 2(bridge_slave_1) entered disabled state [ 1138.937703][T21167] bond0: (slave bond_slave_0): Releasing backup interface [ 1138.947659][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 1138.958183][ T5889] usb 3-1: config 0 has an invalid interface number: 238 but max is 3 [ 1138.967663][ T5889] usb 3-1: config 0 has an invalid interface number: 242 but max is 3 [ 1138.978396][ T5889] usb 3-1: config 0 has an invalid interface number: 148 but max is 3 [ 1138.995723][T21167] bond0: (slave bond_slave_1): Releasing backup interface [ 1139.010687][ T5889] usb 3-1: config 0 has an invalid interface number: 94 but max is 3 [ 1139.027039][ T5889] usb 3-1: config 0 has an invalid interface number: 184 but max is 3 [ 1139.046310][ T5889] usb 3-1: config 0 has 5 interfaces, different from the descriptor's value: 4 [ 1139.068833][ T5889] usb 3-1: config 0 has no interface number 0 [ 1139.085333][ T5889] usb 3-1: config 0 has no interface number 1 [ 1139.101727][T21167] team_slave_0: left promiscuous mode [ 1139.116171][ T5889] usb 3-1: config 0 has no interface number 2 [ 1139.128419][T21167] team0: Port device team_slave_0 removed [ 1139.141155][ T5889] usb 3-1: config 0 has no interface number 3 [ 1139.159282][T21167] team_slave_1: left promiscuous mode [ 1139.171110][T17675] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1139.183548][ T5889] usb 3-1: config 0 has no interface number 4 [ 1139.207989][ T5889] usb 3-1: config 0 interface 242 altsetting 255 endpoint 0x6 has invalid maxpacket 1024, setting to 64 [ 1139.226914][T21167] team0: Port device team_slave_1 removed [ 1139.242165][T21167] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1139.253821][ T5889] usb 3-1: config 0 interface 242 altsetting 255 endpoint 0x5 has invalid maxpacket 512, setting to 64 [ 1139.271148][T21167] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1139.295862][ T5889] usb 3-1: config 0 interface 242 altsetting 255 endpoint 0xF has an invalid bInterval 34, changing to 7 [ 1139.339852][T21167] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1139.356987][ T5889] usb 3-1: config 0 interface 242 altsetting 255 has a duplicate endpoint with address 0xB, skipping [ 1139.368392][T17675] usb 5-1: Using ep0 maxpacket: 16 [ 1139.383206][T17675] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1139.398779][ T5889] usb 3-1: config 0 interface 242 altsetting 255 has 7 endpoint descriptors, different from the interface descriptor's value: 8 [ 1139.412443][T17675] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1139.447274][ T5889] usb 3-1: too many endpoints for config 0 interface 148 altsetting 133: 155, using maximum allowed: 30 [ 1139.471758][T17675] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1139.491476][T17675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.523692][ T5889] usb 3-1: config 0 interface 148 altsetting 133 has 1 endpoint descriptor, different from the interface descriptor's value: 155 [ 1139.549729][T17675] usb 5-1: Product: syz [ 1139.568818][T17675] usb 5-1: Manufacturer: syz [ 1139.580103][T17675] usb 5-1: SerialNumber: syz [ 1139.588110][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 1139.630232][T17675] usb 5-1: config 0 descriptor?? [ 1139.640559][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x3, skipping [ 1139.652599][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x3, skipping [ 1139.657178][T17675] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1139.678832][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 1139.690830][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has an endpoint descriptor with address 0x16, changing to 0x6 [ 1139.707038][T17675] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 1139.715479][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 1139.750575][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 1139.762056][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0xF, skipping [ 1139.773683][ T5889] usb 3-1: config 0 interface 94 altsetting 4 endpoint 0xC has an invalid bInterval 209, changing to 7 [ 1139.858053][ T5889] usb 3-1: config 0 interface 94 altsetting 4 endpoint 0xC has invalid wMaxPacketSize 0 [ 1139.901489][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0xC, skipping [ 1139.912941][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 1139.924465][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0xB, skipping [ 1139.935962][ T5889] usb 3-1: config 0 interface 94 altsetting 4 has a duplicate endpoint with address 0x5, skipping [ 1140.001246][ T5889] usb 3-1: config 0 interface 184 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 1140.020874][ T5889] usb 3-1: config 0 interface 184 altsetting 5 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 1140.050617][ T5889] usb 3-1: config 0 interface 184 altsetting 5 has a duplicate endpoint with address 0x5, skipping [ 1140.065205][ T5889] usb 3-1: config 0 interface 238 has no altsetting 0 [ 1140.073765][ T5889] usb 3-1: config 0 interface 242 has no altsetting 0 [ 1140.084395][ T5889] usb 3-1: config 0 interface 148 has no altsetting 0 [ 1140.093643][ T5889] usb 3-1: config 0 interface 94 has no altsetting 0 [ 1140.101328][ T5889] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1140.114800][ T5889] usb 3-1: New USB device found, idVendor=07cf, idProduct=2001, bcdDevice=8d.0f [ 1140.125082][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.133719][ T5889] usb 3-1: Product: syz [ 1140.135923][T21197] loop6: detected capacity change from 0 to 7 [ 1140.141581][ T5889] usb 3-1: Manufacturer: syz [ 1140.145924][T16807] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1140.156685][ T5889] usb 3-1: SerialNumber: syz [ 1140.166394][ T5889] usb 3-1: config 0 descriptor?? [ 1140.167420][T21197] Dev loop6: unable to read RDB block 7 [ 1140.184611][T21197] loop6: AHDI p1 p2 p3 [ 1140.189856][T21197] loop6: partition table partially beyond EOD, truncated [ 1140.199122][T21197] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1140.206014][T21197] loop6: p2 size 108 extends beyond EOD, truncated [ 1140.285164][T16511] udevd[16511]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1140.298093][T17675] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 1140.319904][T17675] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 1140.330382][T16807] usb 2-1: Using ep0 maxpacket: 32 [ 1140.337903][T16807] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1140.370200][T16807] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1140.379665][T16807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.394689][T16807] usb 2-1: Product: syz [ 1140.399001][T16807] usb 2-1: Manufacturer: syz [ 1140.404436][T16807] usb 2-1: SerialNumber: syz [ 1140.425341][T16807] usb 2-1: config 0 descriptor?? [ 1140.447016][T16807] gs_usb 2-1:0.0: Required endpoints not found [ 1140.454925][T21201] loop3: detected capacity change from 0 to 7 [ 1140.479354][T16511] Dev loop3: unable to read RDB block 7 [ 1140.486848][ T5889] usb 3-1: USB disconnect, device number 39 [ 1140.504330][T16511] loop3: unable to read partition table [ 1140.512080][T16511] loop3: partition table beyond EOD, truncated [ 1140.533447][T21201] Dev loop3: unable to read RDB block 7 [ 1140.539109][T21201] loop3: unable to read partition table [ 1140.545998][T21201] loop3: partition table beyond EOD, truncated [ 1140.555564][T21201] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1140.638959][T21205] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3947'. [ 1140.649242][T16807] usb 2-1: USB disconnect, device number 60 [ 1140.650565][T21205] netlink: 5128 bytes leftover after parsing attributes in process `syz.3.3947'. [ 1140.955298][T21212] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1141.103462][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop2, 10) failed: No such file or directory [ 1141.394990][T17675] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 1141.415275][T17675] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 1141.453636][T17675] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 1141.460771][T17675] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 1141.472986][T17675] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 1142.255883][T17675] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 1142.398684][T17675] usb 5-1: USB disconnect, device number 41 [ 1142.780956][T16807] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1142.930679][T16807] usb 2-1: device descriptor read/64, error -71 [ 1143.117339][T21236] loop6: detected capacity change from 0 to 7 [ 1143.127618][T16516] Dev loop6: unable to read RDB block 7 [ 1143.138383][T16516] loop6: AHDI p1 p2 p3 [ 1143.143152][T16516] loop6: partition table partially beyond EOD, truncated [ 1143.151552][T16516] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1143.158462][T16516] loop6: p2 size 108 extends beyond EOD, truncated [ 1143.172018][T21236] Dev loop6: unable to read RDB block 7 [ 1143.182318][T21236] loop6: AHDI p1 p2 p3 [ 1143.187203][T21236] loop6: partition table partially beyond EOD, truncated [ 1143.194690][T16807] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1143.197640][T21236] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1143.213888][T21236] loop6: p2 size 108 extends beyond EOD, truncated [ 1143.264930][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1143.326382][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1143.350488][T16807] usb 2-1: device descriptor read/64, error -71 [ 1143.430709][T17675] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1143.463808][T16807] usb usb2-port1: attempt power cycle [ 1143.610445][T17675] usb 3-1: Using ep0 maxpacket: 16 [ 1143.618659][T17675] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1143.630656][T17675] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1143.810901][T17675] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1143.827577][T17675] usb 3-1: config 0 descriptor?? [ 1143.862521][T16807] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1143.891511][T16807] usb 2-1: device descriptor read/8, error -71 [ 1144.180555][T16807] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1144.211042][T16807] usb 2-1: device descriptor read/8, error -71 [ 1144.344480][T16807] usb usb2-port1: unable to enumerate USB device [ 1144.569423][T17675] usbhid 3-1:0.0: can't add hid device: -71 [ 1144.576160][T17675] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1144.589356][T17675] usb 3-1: USB disconnect, device number 40 [ 1145.627954][T17675] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1145.751274][ T5889] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1145.800348][T17675] usb 5-1: Using ep0 maxpacket: 8 [ 1145.806973][T17675] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1145.817272][T17675] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1146.083375][T17675] usb 5-1: config 0 descriptor?? [ 1146.153596][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 1146.212034][ T5889] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1146.225847][ T5889] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1146.288270][ T5889] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1146.383226][T17675] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1146.405247][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1146.415147][ T5889] usb 3-1: Product: syz [ 1146.419496][ T5889] usb 3-1: Manufacturer: syz [ 1146.424893][ T5889] usb 3-1: SerialNumber: syz [ 1146.656069][T21272] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3966'. [ 1146.686049][T21272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3966'. [ 1146.981807][T21272] fuse: Bad value for 'fd' [ 1147.270722][T13938] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1147.540659][T13938] usb 2-1: Using ep0 maxpacket: 8 [ 1147.554030][T13938] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1147.781653][T21266] binder: BINDER_SET_CONTEXT_MGR already set [ 1147.787958][T21266] binder: 21265:21266 ioctl 4018620d 200000000200 returned -16 [ 1147.811410][T21266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1147.827041][T13938] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 1147.852986][T21266] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1147.861363][T13938] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1147.891000][T13938] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1147.902895][T13938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.027392][T13938] usb 2-1: Product: syz [ 1148.032713][T17675] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 1148.050032][T17675] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 1148.067746][T13938] usb 2-1: Manufacturer: syz [ 1148.080390][T13938] usb 2-1: SerialNumber: syz [ 1148.113603][T17675] asix 5-1:0.0: probe with driver asix failed with error -71 [ 1148.168610][T17675] usb 5-1: USB disconnect, device number 42 [ 1148.330435][T16807] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1148.385830][ T5889] usb 3-1: 0:2 : does not exist [ 1148.431564][ T5889] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1148.458527][ T5889] usb 3-1: USB disconnect, device number 41 [ 1148.470844][T13938] usb 2-1: 0:2 : does not exist [ 1148.490400][T16807] usb 4-1: Using ep0 maxpacket: 16 [ 1148.500128][T16807] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 4.00 [ 1148.530420][T16807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1148.533535][T16516] udevd[16516]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1148.548848][T16807] usb 4-1: Product: syz [ 1148.557159][T13938] usb 2-1: USB disconnect, device number 65 [ 1148.566795][T16807] usb 4-1: Manufacturer: syz [ 1148.573449][T16807] usb 4-1: SerialNumber: syz [ 1148.626959][T16807] usb 4-1: config 0 descriptor?? [ 1148.645884][T16516] udevd[16516]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 1148.690178][T16807] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1148.717110][T16807] usb 4-1: Detected FT232B [ 1148.870370][ T5889] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1148.914347][T16807] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1148.922564][T16807] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1148.944911][T16807] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1148.979823][T16807] usb 4-1: USB disconnect, device number 29 [ 1149.005831][T16807] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1149.021243][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 1149.033410][T16807] ftdi_sio 4-1:0.0: device disconnected [ 1149.041645][ T5889] usb 3-1: config 0 has an invalid interface number: 125 but max is 0 [ 1149.255760][ T5889] usb 3-1: config 0 has no interface number 0 [ 1149.273832][ T5889] usb 3-1: config 0 interface 125 has no altsetting 0 [ 1149.380467][ T5889] usb 3-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 1149.403025][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1149.433698][ T5889] usb 3-1: Product: syz [ 1149.440708][ T5889] usb 3-1: Manufacturer: syz [ 1149.456875][ T5889] usb 3-1: SerialNumber: syz [ 1149.473932][ T5889] usb 3-1: config 0 descriptor?? [ 1149.849464][ T5889] usb 3-1: [ueagle-atm] ADSL device founded vid (0X1039) pid (0X2120) Rev (0X2A7): Eagle II [ 1150.522653][ T5889] usb 3-1: reset high-speed USB device number 42 using dummy_hcd [ 1150.598642][T21340] loop6: detected capacity change from 0 to 7 [ 1150.617538][T21340] Dev loop6: unable to read RDB block 7 [ 1150.634675][T21340] loop6: AHDI p1 p2 p3 [ 1150.638923][T21340] loop6: partition table partially beyond EOD, truncated [ 1150.657203][T21340] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1150.665692][T21340] loop6: p2 size 108 extends beyond EOD, truncated [ 1150.739817][ T5889] usb 3-1: device firmware changed [ 1150.751627][T16511] udevd[16511]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1150.760591][ T5889] ueagle-atm 3-1:0.125: usbatm_usb_probe: bind failed: -19! [ 1150.808666][ T5889] usb 3-1: USB disconnect, device number 42 [ 1150.896035][T21347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3985'. [ 1151.000769][ T5889] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1151.241352][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 1151.274883][T21355] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3986'. [ 1151.354396][ T5889] usb 3-1: config 0 has an invalid interface number: 125 but max is 0 [ 1151.378945][ T5889] usb 3-1: config 0 has no interface number 0 [ 1151.411086][ T5889] usb 3-1: config 0 interface 125 has no altsetting 0 [ 1151.534007][ T5889] usb 3-1: string descriptor 0 read error: -71 [ 1151.558528][ T5889] usb 3-1: New USB device found, idVendor=1039, idProduct=2120, bcdDevice= 2.a7 [ 1151.608616][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1151.665045][ T5889] usb 3-1: config 0 descriptor?? [ 1151.932018][T21371] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3991'. [ 1151.946085][ T5889] usb 3-1: can't set config #0, error -71 [ 1151.989184][ T5889] usb 3-1: USB disconnect, device number 43 [ 1153.438800][T21395] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3998'. [ 1154.458733][ T30] kauditd_printk_skb: 41 callbacks suppressed [ 1154.458755][ T30] audit: type=1326 audit(1761128230.160:2854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1154.488659][ T30] audit: type=1326 audit(1761128230.160:2855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1154.597383][ T30] audit: type=1326 audit(1761128230.160:2856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1154.643568][ T30] audit: type=1326 audit(1761128230.160:2857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1154.766664][ T30] audit: type=1326 audit(1761128230.160:2858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1154.844159][T21417] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4006'. [ 1154.863688][T21417] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.4006'. [ 1154.912532][ T30] audit: type=1326 audit(1761128230.160:2859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1155.063896][ T30] audit: type=1326 audit(1761128230.160:2860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1155.355627][ T30] audit: type=1326 audit(1761128230.160:2861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1155.684123][ T30] audit: type=1326 audit(1761128230.160:2862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1155.825802][ T30] audit: type=1326 audit(1761128230.160:2863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21399 comm="syz.3.4001" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f547578efc9 code=0x7ffc0000 [ 1156.113897][T21436] loop6: detected capacity change from 0 to 7 [ 1156.121571][T21436] Dev loop6: unable to read RDB block 7 [ 1156.130228][T21436] loop6: AHDI p1 p2 p3 [ 1156.134554][T21436] loop6: partition table partially beyond EOD, truncated [ 1156.155174][T21436] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1156.174944][T21436] loop6: p2 size 108 extends beyond EOD, truncated [ 1156.362655][T16516] udevd[16516]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1156.800358][ T5889] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1156.977085][T21443] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1157.138134][ T5889] usb 4-1: Using ep0 maxpacket: 32 [ 1157.174786][ T5889] usb 4-1: config 0 has an invalid interface number: 161 but max is 0 [ 1157.183077][ T5889] usb 4-1: config 0 has no interface number 0 [ 1157.189300][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has a duplicate endpoint with address 0xA, skipping [ 1157.197446][T21444] macvlan0: entered promiscuous mode [ 1157.220335][ T5889] usb 4-1: config 0 interface 161 altsetting 2 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 1157.261068][T21444] macvlan0: entered allmulticast mode [ 1157.288387][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has a duplicate endpoint with address 0xB, skipping [ 1157.305104][T21444] bond1: entered promiscuous mode [ 1157.405517][T21444] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 1157.429513][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has a duplicate endpoint with address 0xF, skipping [ 1157.474557][ T5889] usb 4-1: config 0 interface 161 altsetting 2 bulk endpoint 0x8 has invalid maxpacket 16 [ 1157.489602][ T5889] usb 4-1: config 0 interface 161 altsetting 2 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1157.502217][ T5889] usb 4-1: config 0 interface 161 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1157.513604][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 1157.525021][ T5889] usb 4-1: config 0 interface 161 altsetting 2 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1157.536468][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has a duplicate endpoint with address 0x85, skipping [ 1157.553018][T21444] bond1: left promiscuous mode [ 1157.584946][ T5889] usb 4-1: config 0 interface 161 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 1157.615073][ T5889] usb 4-1: config 0 interface 161 has no altsetting 0 [ 1157.629623][ T5889] usb 4-1: New USB device found, idVendor=1822, idProduct=0001, bcdDevice= f.68 [ 1157.641680][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1157.655922][ T5889] usb 4-1: Product: syz [ 1157.660210][ T5889] usb 4-1: Manufacturer: syz [ 1157.666118][ T5889] usb 4-1: SerialNumber: syz [ 1157.675234][ T5889] usb 4-1: config 0 descriptor?? [ 1157.688671][T21440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1157.697485][T21440] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1157.936616][T13938] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1158.068218][T21440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1158.077693][T21440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1158.141927][T13938] usb 2-1: Using ep0 maxpacket: 32 [ 1158.220596][T13938] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 1158.229244][T13938] usb 2-1: config 0 has no interface number 0 [ 1158.248154][T13938] usb 2-1: config 0 interface 184 has no altsetting 0 [ 1158.268991][T13938] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1158.279751][T13938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1158.288795][T13938] usb 2-1: Product: syz [ 1158.300714][ T5889] usb-storage 4-1:0.161: USB Mass Storage device detected [ 1158.308358][T13938] usb 2-1: Manufacturer: syz [ 1158.313988][T13938] usb 2-1: SerialNumber: syz [ 1158.321834][ T5889] usb-storage 4-1:0.161: Quirks match for vid 1822 pid 0001: 4 [ 1158.361890][T13938] usb 2-1: config 0 descriptor?? [ 1158.414142][T13938] smsc75xx v1.0.0 [ 1158.463391][ T5889] usb 4-1: USB disconnect, device number 30 [ 1158.720593][T17675] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1158.830515][T13938] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 1158.855176][T13938] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 1158.903279][T17675] usb 5-1: Using ep0 maxpacket: 32 [ 1158.908618][T13938] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1158.944609][T17675] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 1158.957149][T13938] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -61 [ 1158.968737][T17675] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1159.050433][T17675] usb 5-1: Product: syz [ 1159.054672][T17675] usb 5-1: Manufacturer: syz [ 1159.059334][T17675] usb 5-1: SerialNumber: syz [ 1159.093491][T17675] usb 5-1: config 0 descriptor?? [ 1159.421299][T17675] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 043 [ 1159.724950][T17675] usb 5-1: USB disconnect, device number 43 [ 1159.800512][T21475] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 1159.810920][T21475] batadv4: entered promiscuous mode [ 1159.817695][T21475] team0: Port device batadv4 added [ 1159.939124][ T30] kauditd_printk_skb: 127 callbacks suppressed [ 1159.939144][ T30] audit: type=1326 audit(1761128235.650:2991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1159.987132][ T30] audit: type=1326 audit(1761128235.650:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.009595][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.018543][ T30] audit: type=1326 audit(1761128235.650:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.041032][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.054571][ T30] audit: type=1326 audit(1761128235.650:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.077116][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.087085][ T30] audit: type=1326 audit(1761128235.650:2995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.109365][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.304003][ T30] audit: type=1326 audit(1761128235.650:2996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.326529][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.354156][ T30] audit: type=1326 audit(1761128235.650:2997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.376569][ C0] vkms_vblank_simulate: vblank timer overrun [ 1160.383534][ T30] audit: type=1326 audit(1761128235.660:2998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1160.490625][ T30] audit: type=1326 audit(1761128235.660:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53f5990ee7 code=0x7ffc0000 [ 1160.790830][ T30] audit: type=1326 audit(1761128235.660:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21477 comm="syz.0.4023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f53f5990e5c code=0x7ffc0000 [ 1161.479696][ T855] usb 2-1: USB disconnect, device number 66 [ 1161.880746][T21503] autofs4:pid:21503:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e) [ 1162.658148][T21512] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 1162.670170][T21512] batadv5: entered promiscuous mode [ 1162.677515][T21512] team0: Port device batadv5 added [ 1163.056506][T21533] netlink: 'syz.1.4038': attribute type 10 has an invalid length. [ 1163.071271][T21533] dummy0: entered promiscuous mode [ 1163.077557][T21533] team0: Port device dummy0 added [ 1163.093296][T21533] netlink: 'syz.1.4038': attribute type 10 has an invalid length. [ 1163.139872][T21533] dummy0: left promiscuous mode [ 1163.434062][T21542] netlink: 88 bytes leftover after parsing attributes in process `syz.2.4040'. [ 1163.502290][T21533] team0: Port device dummy0 removed [ 1163.514703][T21533] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1163.585642][T21538] loop9: detected capacity change from 0 to 7 [ 1163.604564][T21538] Dev loop9: unable to read RDB block 7 [ 1163.612837][T21538] loop9: unable to read partition table [ 1163.669326][T21538] loop9: partition table beyond EOD, truncated [ 1163.710376][T21538] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1164.906593][T21560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4045'. [ 1166.141240][T21568] veth13: entered promiscuous mode [ 1166.198460][T21568] veth13: entered allmulticast mode [ 1166.767286][T13938] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1166.793606][T21596] ip6gretap1: entered promiscuous mode [ 1166.799187][T21596] ip6gretap1: entered allmulticast mode [ 1166.931374][T13938] usb 5-1: Using ep0 maxpacket: 32 [ 1166.938307][T13938] usb 5-1: config 0 has an invalid interface number: 167 but max is 0 [ 1166.947959][T13938] usb 5-1: config 0 has no interface number 0 [ 1167.107563][T13938] usb 5-1: config 0 interface 167 altsetting 1 bulk endpoint 0xA has invalid maxpacket 1024 [ 1167.133804][T13938] usb 5-1: config 0 interface 167 altsetting 1 bulk endpoint 0x6 has invalid maxpacket 32 [ 1167.155898][T21607] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 1167.204636][T13938] usb 5-1: config 0 interface 167 has no altsetting 0 [ 1167.240858][T13938] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63 [ 1167.275180][T13938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1167.310573][T13938] usb 5-1: Product: syz [ 1167.320406][T13938] usb 5-1: Manufacturer: syz [ 1167.330829][T13938] usb 5-1: SerialNumber: syz [ 1167.345355][T13938] usb 5-1: config 0 descriptor?? [ 1167.351527][T21590] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1167.361326][T21590] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1169.529420][T13938] usbtest 5-1:0.167: couldn't get endpoints, -22 [ 1169.553987][T13938] usbtest 5-1:0.167: probe with driver usbtest failed with error -22 [ 1169.578048][T13938] usb 5-1: USB disconnect, device number 44 [ 1170.848420][T21650] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1171.123809][T21653] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4067'. [ 1171.233387][T16807] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1171.410436][T16807] usb 3-1: Using ep0 maxpacket: 32 [ 1171.495672][T16807] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1171.592183][T16807] usb 3-1: config 7 has an invalid interface number: 187 but max is 0 [ 1171.608534][T16807] usb 3-1: config 7 has no interface number 0 [ 1171.677747][T16807] usb 3-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1171.978838][T21668] x_tables: duplicate entry at hook 2 [ 1171.990980][T16807] usb 3-1: config 7 interface 187 has no altsetting 0 [ 1172.022305][T16807] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1172.100325][T16807] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1172.108385][T16807] usb 3-1: Product: syz [ 1172.148994][T16807] usb 3-1: Manufacturer: syz [ 1172.159132][T16807] usb 3-1: SerialNumber: syz [ 1172.397698][T16807] usb 3-1: Cannot retrieve CPort count: 0 [ 1172.401825][T13938] usb 2-1: new full-speed USB device number 67 using dummy_hcd [ 1172.403670][T16807] usb 3-1: Cannot retrieve CPort count: -5 [ 1172.417736][T16807] es2_ap_driver 3-1:7.187: probe with driver es2_ap_driver failed with error -5 [ 1172.582042][T13938] usb 2-1: config 0 has an invalid descriptor of length 245, skipping remainder of the config [ 1172.592773][T13938] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1172.605241][T17675] usb 3-1: USB disconnect, device number 44 [ 1172.613900][T13938] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00 [ 1172.633438][T13938] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1172.673000][T13938] usb 2-1: rejected 1 configuration due to insufficient available bus power [ 1172.686543][T13938] usb 2-1: no configuration chosen from 1 choice [ 1173.248799][T21689] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 1173.271088][T21689] batadv3: entered promiscuous mode [ 1173.283414][T21689] team0: Port device batadv3 added [ 1173.459436][T21694] pimreg1: tun_chr_ioctl cmd 1074025677 [ 1173.467964][T21694] pimreg1: linktype set to 804 [ 1174.080358][T16807] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1174.230327][T16807] usb 5-1: Using ep0 maxpacket: 16 [ 1174.242255][T16807] usb 5-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 1174.252911][T16807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1174.261064][T16807] usb 5-1: Product: syz [ 1174.268534][T16807] usb 5-1: Manufacturer: syz [ 1174.273242][T16807] usb 5-1: SerialNumber: syz [ 1174.280601][T16807] usb 5-1: config 0 descriptor?? [ 1174.489668][T17675] usb 5-1: USB disconnect, device number 45 [ 1175.196155][T17675] usb 2-1: USB disconnect, device number 67 [ 1175.260713][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 1175.260770][ T30] audit: type=1326 audit(1761128250.970:3044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21673 comm="syz.3.4076" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f547578efc9 code=0x7fc00000 [ 1175.680380][T16807] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1175.842119][T16807] usb 4-1: config 0 has no interfaces? [ 1176.027881][T21713] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1500) ! [ 1176.089051][T16807] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1176.100858][T16807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1176.114683][T16807] usb 4-1: Product: syz [ 1176.123465][T16807] usb 4-1: Manufacturer: syz [ 1176.129526][T16807] usb 4-1: SerialNumber: syz [ 1176.138236][T16807] usb 4-1: config 0 descriptor?? [ 1177.286544][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.292938][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.799406][T21736] veth5: entered promiscuous mode [ 1177.838721][T21736] veth5: entered allmulticast mode [ 1177.997666][ T30] audit: type=1326 audit(1761128253.710:3045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.061395][ T30] audit: type=1326 audit(1761128253.710:3046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.089546][ T30] audit: type=1326 audit(1761128253.710:3047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.173578][ T30] audit: type=1326 audit(1761128253.710:3048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.291753][ T30] audit: type=1326 audit(1761128253.710:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.316017][ T30] audit: type=1326 audit(1761128253.710:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.340881][ T30] audit: type=1326 audit(1761128253.740:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.781809][ T30] audit: type=1326 audit(1761128253.740:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.810174][ C0] vkms_vblank_simulate: vblank timer overrun [ 1178.818311][ T30] audit: type=1326 audit(1761128253.740:3053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21740 comm="syz.0.4097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53f598efc9 code=0x7ffc0000 [ 1178.818690][T16807] usb 4-1: USB disconnect, device number 31 [ 1179.886502][T21778] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4101'. [ 1180.196175][T21785] Cannot find add_set index 1 as target [ 1180.732473][ T855] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1180.831330][T21790] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4106'. [ 1180.987736][ T855] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 1181.049056][ T855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1181.215764][ T855] usb 3-1: config 0 descriptor?? [ 1181.387517][ T855] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 1181.497593][T21794] veth7: entered promiscuous mode [ 1181.505640][T21794] veth7: entered allmulticast mode [ 1181.648540][T21792] syz.3.4106 (21792): drop_caches: 2 [ 1181.931640][T21812] netlink: 'syz.0.4111': attribute type 10 has an invalid length. [ 1181.950700][T21812] dummy0: entered promiscuous mode [ 1181.959232][T21812] team0: Port device dummy0 added [ 1181.969374][T21812] netlink: 'syz.0.4111': attribute type 10 has an invalid length. [ 1182.486428][T21812] team0: Port device dummy0 removed [ 1182.498773][T21812] dummy0: left promiscuous mode [ 1182.522706][T21812] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1182.932788][ T855] usb 3-1: USB disconnect, device number 45 [ 1183.193499][T21821] netlink: 'syz.3.4113': attribute type 10 has an invalid length. [ 1183.208917][T21821] dummy0: entered promiscuous mode [ 1183.216326][T21821] team0: Port device dummy0 added [ 1183.233932][T21821] netlink: 'syz.3.4113': attribute type 10 has an invalid length. [ 1183.246028][T21821] dummy0: left promiscuous mode [ 1183.321819][T21821] team0: Port device dummy0 removed [ 1183.333314][T21821] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1184.590389][ T855] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1184.773702][ T855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1184.806259][ T855] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1184.891631][ T855] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 1184.910624][ T855] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1184.940439][ T855] usb 3-1: Manufacturer: syz [ 1184.962114][ T855] usb 3-1: config 0 descriptor?? [ 1185.300770][T13938] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 1185.391105][T21843] veth5: entered promiscuous mode [ 1185.438313][T21843] veth5: entered allmulticast mode [ 1185.459176][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.468357][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.476249][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.483755][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.495538][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.510651][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.522743][T13938] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1185.533082][T13938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1185.544463][T13938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1185.554673][T13938] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 1185.578663][ T855] pyra 0003:1E7D:2CF6.0034: unknown main item tag 0x0 [ 1185.691808][T13938] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1185.701193][T13938] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1185.709384][T13938] usb 5-1: Manufacturer: syz [ 1185.777856][T13938] usb 5-1: config 0 descriptor?? [ 1185.807095][ T855] pyra 0003:1E7D:2CF6.0034: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 1185.844537][ T855] pyra 0003:1E7D:2CF6.0034: couldn't init struct pyra_device [ 1185.887668][ T855] pyra 0003:1E7D:2CF6.0034: couldn't install mouse [ 1185.945382][ T855] pyra 0003:1E7D:2CF6.0034: probe with driver pyra failed with error -32 [ 1186.051668][T13938] rc_core: IR keymap rc-hauppauge not found [ 1186.057889][T13938] Registered IR keymap rc-empty [ 1186.065280][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.090453][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.110879][T16807] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1186.122336][T13938] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 1186.135063][T13938] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input65 [ 1186.149308][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.170571][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.190463][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.210455][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.230988][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.250399][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.270448][T16807] usb 4-1: Using ep0 maxpacket: 16 [ 1186.270461][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.284610][T16807] usb 4-1: config 0 has an invalid interface number: 53 but max is 0 [ 1186.290632][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.292863][ T855] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1186.307996][T16807] usb 4-1: config 0 has no interface number 0 [ 1186.316846][T16807] usb 4-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2 [ 1186.320579][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.326059][T16807] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.341788][T16807] usb 4-1: Product: syz [ 1186.345985][T16807] usb 4-1: Manufacturer: syz [ 1186.350667][T16807] usb 4-1: SerialNumber: syz [ 1186.351831][T13938] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 1186.358311][T16807] usb 4-1: config 0 descriptor?? [ 1186.386063][T13938] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 1186.395945][T13938] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 1186.446171][T21835] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4118'. [ 1186.456705][T21857] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4118'. [ 1186.471533][ T855] usb 2-1: Using ep0 maxpacket: 16 [ 1186.481629][ T855] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1186.483497][T13938] usb 5-1: USB disconnect, device number 46 [ 1186.508184][ T855] usb 2-1: config 4 has an invalid interface number: 111 but max is 0 [ 1186.530555][ T855] usb 2-1: config 4 has no interface number 0 [ 1186.536723][ T855] usb 2-1: config 4 interface 111 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 8 [ 1186.555406][T16807] usb 3-1: USB disconnect, device number 46 [ 1186.564827][ T855] usb 2-1: config 4 interface 111 has no altsetting 0 [ 1186.595443][ T855] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99 [ 1186.620422][ T855] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.628688][ T855] usb 2-1: Product: syz [ 1186.645350][T21860] 8021q: adding VLAN 0 to HW filter on device batadv4 [ 1186.649587][ T855] usb 2-1: Manufacturer: syz [ 1186.655668][T21860] batadv4: entered promiscuous mode [ 1186.657070][ T855] usb 2-1: SerialNumber: syz [ 1186.664128][T21860] team0: Port device batadv4 added [ 1186.682637][T21855] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 1186.772223][T16823] usb 4-1: USB disconnect, device number 32 [ 1187.053259][T16807] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1187.170387][T16823] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1187.213538][T16807] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1187.223043][T16807] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1187.231357][T16807] usb 3-1: Product: syz [ 1187.235570][T16807] usb 3-1: Manufacturer: syz [ 1187.240169][T16807] usb 3-1: SerialNumber: syz [ 1187.250171][T16807] usb 3-1: config 0 descriptor?? [ 1187.325001][T16823] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1187.335512][T16823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1187.343724][T16823] usb 4-1: Product: syz [ 1187.347904][T16823] usb 4-1: Manufacturer: syz [ 1187.352583][T16823] usb 4-1: SerialNumber: syz [ 1187.390385][ T5912] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1187.415924][ T855] pvrusb2: Hardware description: Terratec Grabster AV400 [ 1187.423188][ T855] pvrusb2: ********** [ 1187.427826][ T855] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 1187.438587][ T855] pvrusb2: Important functionality might not be entirely working. [ 1187.453778][ T855] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 1187.474434][ T855] pvrusb2: ********** [ 1187.479119][ T855] usb 2-1: selecting invalid altsetting 0 [ 1187.488040][ T2345] pvrusb2: control-write URB failure, status=-71 [ 1187.494488][ T2345] pvrusb2: Device being rendered inoperable [ 1187.502348][ T2345] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 1187.515726][T21873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1187.524009][ T855] usb 2-1: USB disconnect, device number 68 [ 1187.530506][ T2345] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 1187.547173][T21873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1187.550683][ T5912] usb 5-1: Using ep0 maxpacket: 16 [ 1187.629368][ T5912] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1187.641138][ T5912] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1187.650637][ T5912] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 1187.660030][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1187.673580][T13938] usb 3-1: USB disconnect, device number 47 [ 1187.785160][ T5912] usb 5-1: config 0 descriptor?? [ 1187.932770][T16823] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1187.946880][T16823] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -32 [ 1187.966095][T16823] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1188.062883][T16823] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32 [ 1188.149790][T21891] veth15: entered promiscuous mode [ 1188.159307][T21891] veth15: entered allmulticast mode [ 1188.955713][T21903] 8021q: adding VLAN 0 to HW filter on device batadv3 [ 1188.967643][T21903] batadv3: entered promiscuous mode [ 1188.973994][T21903] team0: Port device batadv3 added [ 1189.222797][T21906] program syz.1.4136 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1189.311343][T21907] netlink: 'syz.1.4136': attribute type 10 has an invalid length. [ 1189.319255][T21907] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4136'. [ 1189.363354][T21907] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 1189.405598][T21911] netlink: 'syz.2.4137': attribute type 11 has an invalid length. [ 1189.650492][T13938] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1189.811858][T13938] usb 3-1: config 0 has an invalid interface number: 91 but max is 0 [ 1189.820340][T13938] usb 3-1: config 0 has no interface number 0 [ 1189.826484][T13938] usb 3-1: config 0 interface 91 has no altsetting 0 [ 1189.833568][T13938] usb 3-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=60.41 [ 1189.842684][T13938] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1189.852399][T13938] usb 3-1: config 0 descriptor?? [ 1189.925324][ T5912] usb 4-1: USB disconnect, device number 33 [ 1190.067865][T13938] usb 3-1: string descriptor 0 read error: -71 [ 1190.098549][T13938] uvcvideo 3-1:0.91: Found UVC 0.00 device (174f:5212) [ 1190.113181][T13938] uvcvideo 3-1:0.91: No valid video chain found. [ 1190.135234][T13938] usb 3-1: USB disconnect, device number 48 [ 1190.168068][T21925] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4142'. [ 1190.211019][T21925] vlan0: entered promiscuous mode [ 1190.216400][T21925] batadv0: entered promiscuous mode [ 1190.227206][ T5912] usb 5-1: USB disconnect, device number 47 [ 1190.700375][ T5912] usb 5-1: new full-speed USB device number 48 using dummy_hcd [ 1190.963563][ T5912] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 1190.978010][ T5912] usb 5-1: config 0 has no interface number 0 [ 1191.057244][ T5912] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1191.073929][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.186222][T13938] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1191.194051][ T5889] IPVS: starting estimator thread 0... [ 1191.220750][ T5912] usb 5-1: Product: syz [ 1191.234383][ T5912] usb 5-1: Manufacturer: syz [ 1191.285071][T21948] IPVS: using max 23 ests per chain, 55200 per kthread [ 1191.302057][ T5912] usb 5-1: SerialNumber: syz [ 1191.320038][ T5912] usb 5-1: config 0 descriptor?? [ 1191.370497][T13938] usb 3-1: Using ep0 maxpacket: 32 [ 1191.387341][T13938] usb 3-1: config 4 has an invalid interface number: 8 but max is 0 [ 1191.395847][T13938] usb 3-1: config 4 has no interface number 0 [ 1191.402920][T13938] usb 3-1: config 4 interface 8 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1191.423000][T13938] usb 3-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 0 [ 1191.526994][T13938] usb 3-1: config 4 interface 8 has no altsetting 0 [ 1191.539559][ T5912] usb 5-1: Firmware version (0.0) predates our first public release. [ 1191.579936][ T5912] usb 5-1: Please update to version 0.2 or newer [ 1191.597544][T13938] usb 3-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65 [ 1191.606818][T13938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1191.615750][T13938] usb 3-1: Product: syz [ 1191.625603][T13938] usb 3-1: Manufacturer: syz [ 1191.634683][T13938] usb 3-1: SerialNumber: syz [ 1191.737623][ T5912] usb 5-1: USB disconnect, device number 48 [ 1191.887480][T21940] random: crng reseeded on system resumption [ 1192.340803][ T5889] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1192.524754][ T5889] usb 2-1: Using ep0 maxpacket: 32 [ 1192.584568][ T5889] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 1192.596239][ T5889] usb 2-1: config 0 has no interface number 0 [ 1192.608143][ T5889] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1192.617559][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1192.641491][ T5889] usb 2-1: Product: syz [ 1192.650347][ T5912] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 1192.701610][ T5889] usb 2-1: Manufacturer: syz [ 1192.706295][ T5889] usb 2-1: SerialNumber: syz [ 1192.836730][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1192.838717][ T5889] usb 2-1: config 0 descriptor?? [ 1192.868239][ T5889] smsc95xx v2.0.0 [ 1192.880509][ T5912] usb 5-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 1192.890098][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1192.938392][ T5912] usb 5-1: config 0 descriptor?? [ 1193.167766][T21963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1193.194521][T21963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1193.269519][ T5889] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1193.320113][ T5889] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1193.433907][ T5912] holtek 0003:1241:5015.0035: unknown main item tag 0x0 [ 1193.449878][ T5912] holtek 0003:1241:5015.0035: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.4-1/input0 [ 1193.554968][ T5912] holtek 0003:1241:5015.0035: no inputs found [ 1193.593297][ T5889] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 1193.639338][ T5912] usb 5-1: USB disconnect, device number 49 [ 1193.696527][ T5889] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -61 [ 1193.782031][T16823] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1193.835339][T21979] fido_id[21979]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 1193.952135][T16823] usb 4-1: Using ep0 maxpacket: 8 [ 1193.960021][T16823] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1193.971193][T16823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1194.004939][T16823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1194.036578][T16823] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1194.064439][T16823] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1194.083362][T16823] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1194.098495][T13938] opticon 3-1:4.8: opticon converter detected [ 1194.121852][T13938] usb 3-1: opticon converter now attached to ttyUSB0 [ 1194.160984][T13938] usb 3-1: USB disconnect, device number 49 [ 1194.188029][T13938] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0 [ 1194.227647][T21981] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4155'. [ 1194.254658][T13938] opticon 3-1:4.8: device disconnected [ 1194.338201][T16823] usb 4-1: GET_CAPABILITIES returned 0 [ 1194.351965][T16823] usbtmc 4-1:16.0: can't read capabilities [ 1194.559753][T21978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1194.571996][T21978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1194.606566][ T5912] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 1194.880328][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 1194.887112][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1194.898234][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1194.908837][ T5912] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 1194.918075][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1194.943033][ T5912] usb 5-1: config 0 descriptor?? [ 1195.030965][T16823] usb 2-1: USB disconnect, device number 69 [ 1195.927926][ T5912] usbhid 5-1:0.0: can't add hid device: -71 [ 1195.934027][ T5912] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1195.961068][ T5912] usb 5-1: USB disconnect, device number 50 [ 1196.665340][ T5912] usb 4-1: USB disconnect, device number 34 [ 1197.150494][T13938] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 1197.275088][T22025] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.4167'. [ 1197.286813][T22025] netlink: 5128 bytes leftover after parsing attributes in process `syz.4.4167'. [ 1197.295649][T22024] FAULT_INJECTION: forcing a failure. [ 1197.295649][T22024] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1197.296906][T22025] netlink: 640 bytes leftover after parsing attributes in process `syz.4.4167'. [ 1197.314281][T22021] netlink: 6288 bytes leftover after parsing attributes in process `syz.2.4166'. [ 1197.320791][T13938] usb 4-1: config index 0 descriptor too short (expected 24868, got 36) [ 1197.334780][T22024] CPU: 1 UID: 0 PID: 22024 Comm: syz.1.4168 Not tainted syzkaller #0 PREEMPT(full) [ 1197.334808][T22024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1197.334820][T22024] Call Trace: [ 1197.334829][T22024] [ 1197.334837][T22024] dump_stack_lvl+0x189/0x250 [ 1197.334868][T22024] ? __pfx____ratelimit+0x10/0x10 [ 1197.334891][T22024] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1197.334915][T22024] ? __pfx__printk+0x10/0x10 [ 1197.334935][T22024] ? __might_fault+0xb0/0x130 [ 1197.334971][T22024] should_fail_ex+0x414/0x560 [ 1197.335003][T22024] _copy_from_user+0x2d/0xb0 [ 1197.335027][T22024] do_ip6t_set_ctl+0x69f/0xce0 [ 1197.335057][T22024] ? rcu_is_watching+0x15/0xb0 [ 1197.335080][T22024] ? trace_contention_end+0x39/0x120 [ 1197.335102][T22024] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 1197.335149][T22024] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1197.335184][T22024] ? __pfx_aa_sk_perm+0x10/0x10 [ 1197.335214][T22024] nf_setsockopt+0x26f/0x290 [ 1197.335237][T22024] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1197.335264][T22024] do_sock_setsockopt+0x17c/0x1b0 [ 1197.335288][T22024] __x64_sys_setsockopt+0x13f/0x1b0 [ 1197.335311][T22024] do_syscall_64+0xfa/0xfa0 [ 1197.335333][T22024] ? lockdep_hardirqs_on+0x9c/0x150 [ 1197.335355][T22024] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.335373][T22024] ? clear_bhb_loop+0x60/0xb0 [ 1197.335396][T22024] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1197.335413][T22024] RIP: 0033:0x7f070858efc9 [ 1197.335431][T22024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1197.335448][T22024] RSP: 002b:00007f0709465038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1197.335469][T22024] RAX: ffffffffffffffda RBX: 00007f07087e5fa0 RCX: 00007f070858efc9 [ 1197.335483][T22024] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 1197.335495][T22024] RBP: 00007f0709465090 R08: 00000000000003b8 R09: 0000000000000000 [ 1197.335507][T22024] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1197.335519][T22024] R13: 00007f07087e6038 R14: 00007f07087e5fa0 R15: 00007f070890fa28 [ 1197.335550][T22024] [ 1197.555531][T13938] usb 4-1: config 127 has too many interfaces: 186, using maximum allowed: 32 [ 1197.564823][T13938] usb 4-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 1197.575755][T13938] usb 4-1: config 127 has 1 interface, different from the descriptor's value: 186 [ 1197.618525][T13938] usb 4-1: config 127 has no interface number 0 [ 1197.625431][T13938] usb 4-1: config 127 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 1197.694621][T13938] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1197.710667][T13938] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1197.723529][T13938] usb 4-1: Product: syz [ 1197.727751][T13938] usb 4-1: Manufacturer: syz [ 1197.734723][T13938] usb 4-1: SerialNumber: syz [ 1197.877959][T22040] netlink: 'syz.2.4170': attribute type 10 has an invalid length. [ 1197.900630][T22040] dummy0: entered promiscuous mode [ 1197.908768][T22040] team0: Port device dummy0 added [ 1197.930993][T22040] netlink: 'syz.2.4170': attribute type 10 has an invalid length. [ 1197.945873][T22040] dummy0: left promiscuous mode [ 1197.993871][T22040] team0: Port device dummy0 removed [ 1198.016561][T22040] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1198.035045][T13938] hso 4-1:127.2: Failed to find INT IN ep [ 1198.047484][T13938] usb 4-1: USB disconnect, device number 35 [ 1198.120390][ T5912] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 1198.360537][ T5912] usb 5-1: device descriptor read/64, error -71 [ 1198.670365][ T5912] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1198.730795][T22051] loop9: detected capacity change from 0 to 7 [ 1198.825683][T16516] Dev loop9: unable to read RDB block 7 [ 1198.832124][T16516] loop9: unable to read partition table [ 1198.837913][T16516] loop9: partition table beyond EOD, truncated [ 1198.844637][ T5912] usb 5-1: device descriptor read/64, error -71 [ 1198.854729][T22051] Dev loop9: unable to read RDB block 7 [ 1198.911248][T22051] loop9: unable to read partition table [ 1198.927252][T22051] loop9: partition table beyond EOD, truncated [ 1198.936650][T22051] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1198.977253][ T5912] usb usb5-port1: attempt power cycle [ 1199.103957][T22057] FAULT_INJECTION: forcing a failure. [ 1199.103957][T22057] name failslab, interval 1, probability 0, space 0, times 0 [ 1199.117159][T22057] CPU: 1 UID: 0 PID: 22057 Comm: syz.2.4179 Not tainted syzkaller #0 PREEMPT(full) [ 1199.117190][T22057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1199.117201][T22057] Call Trace: [ 1199.117208][T22057] [ 1199.117216][T22057] dump_stack_lvl+0x189/0x250 [ 1199.117242][T22057] ? __pfx____ratelimit+0x10/0x10 [ 1199.117268][T22057] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1199.117295][T22057] ? __pfx__printk+0x10/0x10 [ 1199.117324][T22057] ? __pfx___might_resched+0x10/0x10 [ 1199.117346][T22057] ? fs_reclaim_acquire+0x7d/0x100 [ 1199.117382][T22057] should_fail_ex+0x414/0x560 [ 1199.117418][T22057] should_failslab+0xa8/0x100 [ 1199.117448][T22057] __kvmalloc_node_noprof+0x158/0x910 [ 1199.117480][T22057] ? xt_alloc_table_info+0x40/0xb0 [ 1199.117513][T22057] xt_alloc_table_info+0x40/0xb0 [ 1199.117538][T22057] do_ip6t_set_ctl+0x88a/0xce0 [ 1199.117571][T22057] ? rcu_is_watching+0x15/0xb0 [ 1199.117596][T22057] ? trace_contention_end+0x39/0x120 [ 1199.117622][T22057] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 1199.117675][T22057] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1199.117723][T22057] ? __pfx_aa_sk_perm+0x10/0x10 [ 1199.117757][T22057] nf_setsockopt+0x26f/0x290 [ 1199.117784][T22057] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1199.117822][T22057] do_sock_setsockopt+0x17c/0x1b0 [ 1199.117848][T22057] __x64_sys_setsockopt+0x13f/0x1b0 [ 1199.117875][T22057] do_syscall_64+0xfa/0xfa0 [ 1199.117900][T22057] ? lockdep_hardirqs_on+0x9c/0x150 [ 1199.117933][T22057] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1199.117961][T22057] ? clear_bhb_loop+0x60/0xb0 [ 1199.118010][T22057] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1199.118046][T22057] RIP: 0033:0x7f966dd8efc9 [ 1199.118073][T22057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1199.118098][T22057] RSP: 002b:00007f966eb8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1199.118123][T22057] RAX: ffffffffffffffda RBX: 00007f966dfe5fa0 RCX: 00007f966dd8efc9 [ 1199.118139][T22057] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 1199.118153][T22057] RBP: 00007f966eb8c090 R08: 00000000000003b8 R09: 0000000000000000 [ 1199.118166][T22057] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1199.118180][T22057] R13: 00007f966dfe6038 R14: 00007f966dfe5fa0 R15: 00007f966e10fa28 [ 1199.118222][T22057] [ 1199.354374][ C1] vkms_vblank_simulate: vblank timer overrun [ 1199.364722][T16823] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1199.437151][ T5912] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1199.461658][ T5912] usb 5-1: device descriptor read/8, error -71 [ 1199.509518][T22063] 8021q: adding VLAN 0 to HW filter on device batadv5 [ 1199.518803][T22063] batadv5: entered promiscuous mode [ 1199.524726][T22063] team0: Port device batadv5 added [ 1199.692731][T16823] usb 4-1: Using ep0 maxpacket: 16 [ 1199.732537][T16823] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 1199.741848][T16823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1199.750383][ T5912] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 1199.769439][T16823] usb 4-1: Product: syz [ 1199.778470][T16823] usb 4-1: Manufacturer: syz [ 1199.784864][ T5912] usb 5-1: device descriptor read/8, error -71 [ 1199.826453][T16823] usb 4-1: SerialNumber: syz [ 1199.839704][T16823] usb 4-1: config 0 descriptor?? [ 1199.910829][ T5912] usb usb5-port1: unable to enumerate USB device [ 1200.052959][T22053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1200.065406][T22053] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1200.941785][T22094] FAULT_INJECTION: forcing a failure. [ 1200.941785][T22094] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1200.945408][T22095] loop9: detected capacity change from 0 to 7 [ 1200.963144][T22095] Dev loop9: unable to read RDB block 7 [ 1200.968797][T22095] loop9: unable to read partition table [ 1200.975640][T22094] CPU: 1 UID: 0 PID: 22094 Comm: syz.1.4190 Not tainted syzkaller #0 PREEMPT(full) [ 1200.975669][T22094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1200.975682][T22094] Call Trace: [ 1200.975691][T22094] [ 1200.975699][T22094] dump_stack_lvl+0x189/0x250 [ 1200.975733][T22094] ? __pfx____ratelimit+0x10/0x10 [ 1200.975757][T22094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1200.975783][T22094] ? __pfx__printk+0x10/0x10 [ 1200.975819][T22094] should_fail_ex+0x414/0x560 [ 1200.975856][T22094] _copy_from_user+0x2d/0xb0 [ 1200.975882][T22094] copy_from_sockptr_offset+0x66/0xa0 [ 1200.975913][T22094] do_ip6t_set_ctl+0x8b7/0xce0 [ 1200.975946][T22094] ? rcu_is_watching+0x15/0xb0 [ 1200.975970][T22094] ? trace_contention_end+0x39/0x120 [ 1200.975995][T22094] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 1200.976051][T22094] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1200.976092][T22094] ? __pfx_aa_sk_perm+0x10/0x10 [ 1200.976127][T22094] nf_setsockopt+0x26f/0x290 [ 1200.976154][T22094] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1200.976184][T22094] do_sock_setsockopt+0x17c/0x1b0 [ 1200.976207][T22094] __x64_sys_setsockopt+0x13f/0x1b0 [ 1200.976234][T22094] do_syscall_64+0xfa/0xfa0 [ 1200.976257][T22094] ? lockdep_hardirqs_on+0x9c/0x150 [ 1200.976281][T22094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.976302][T22094] ? clear_bhb_loop+0x60/0xb0 [ 1200.976327][T22094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1200.976346][T22094] RIP: 0033:0x7f070858efc9 [ 1200.976365][T22094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1200.976382][T22094] RSP: 002b:00007f0709465038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1200.976405][T22094] RAX: ffffffffffffffda RBX: 00007f07087e5fa0 RCX: 00007f070858efc9 [ 1200.976420][T22094] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 1200.976433][T22094] RBP: 00007f0709465090 R08: 00000000000003b8 R09: 0000000000000000 [ 1200.976456][T22094] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1200.976469][T22094] R13: 00007f07087e6038 R14: 00007f07087e5fa0 R15: 00007f070890fa28 [ 1200.976504][T22094] [ 1200.990575][T22095] loop9: partition table beyond EOD, truncated [ 1201.270783][T22095] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1201.383350][ T5912] usb 4-1: USB disconnect, device number 36 [ 1201.454929][T22101] 8021q: adding VLAN 0 to HW filter on device batadv6 [ 1201.481520][T22101] batadv6: entered promiscuous mode [ 1201.488059][T22101] team0: Port device batadv6 added [ 1201.640373][T16823] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1201.707733][T22110] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4193'. [ 1201.841135][T16823] usb 2-1: Using ep0 maxpacket: 32 [ 1201.852458][T16823] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 1201.861592][T16823] usb 2-1: config 0 has no interface number 0 [ 1201.875288][T16823] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1201.899413][T16823] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1201.924243][T16823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1202.360433][T16823] usb 2-1: Product: syz [ 1202.370413][T16823] usb 2-1: Manufacturer: syz [ 1202.375158][T16823] usb 2-1: SerialNumber: syz [ 1202.405563][T16823] usb 2-1: config 0 descriptor?? [ 1202.418023][T16823] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1202.432639][T16823] em28xx 2-1:0.132: Video interface 132 found: [ 1202.891897][T22119] loop6: detected capacity change from 0 to 7 [ 1202.987178][T22119] Dev loop6: unable to read RDB block 7 [ 1203.006824][T22119] loop6: AHDI p1 p2 p3 [ 1203.026715][T22119] loop6: partition table partially beyond EOD, truncated [ 1203.055667][T22119] loop6: p1 start 4217409618 is beyond EOD, truncated [ 1203.069997][T22119] loop6: p2 size 108 extends beyond EOD, truncated [ 1203.204565][T16511] udevd[16511]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 1203.533454][T22130] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 1203.540058][T22130] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1203.550650][T22130] vhci_hcd vhci_hcd.0: Device attached [ 1203.711709][T16823] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 1203.730394][ T5912] vhci_hcd: vhci_device speed not set [ 1203.790423][ T855] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1203.799556][ T5912] usb 39-1: new full-speed USB device number 3 using vhci_hcd [ 1203.814538][T16823] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 1203.855186][T16823] em28xx 2-1:0.132: board has no eeprom [ 1203.930373][ T855] usb 4-1: device descriptor read/64, error -71 [ 1203.940741][T16823] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1203.958736][T16823] em28xx 2-1:0.132: analog set to bulk mode. [ 1203.970636][T16807] em28xx 2-1:0.132: Registering V4L2 extension [ 1204.085405][T22146] IPVS: Unknown mcast interface: vlan0 [ 1204.120558][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x4a (error=-5) [ 1204.131866][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x48 (error=-5) [ 1204.146922][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x42 (error=-5) [ 1204.166237][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x40 (error=-5) [ 1204.175081][ T855] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1204.243886][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x84 (error=-5) [ 1204.253925][T13938] usb 2-1: USB disconnect, device number 70 [ 1204.293994][T16823] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 1204.303678][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x86 (error=-19) [ 1204.314438][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x94 (error=-19) [ 1204.323615][ T855] usb 4-1: device descriptor read/64, error -71 [ 1204.331201][T16807] em28xx 2-1:0.132: failed to trigger read from i2c address 0x96 (error=-19) [ 1204.346785][T13938] em28xx 2-1:0.132: Disconnecting em28xx [ 1204.442385][ T855] usb usb4-port1: attempt power cycle [ 1204.463055][T16823] usb 5-1: not running at top speed; connect to a high speed hub [ 1204.476745][T16823] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x82 has invalid maxpacket 1096, setting to 64 [ 1204.506157][T16807] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 1204.513908][T16823] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 1204.530890][T16807] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 1204.538059][T16807] em28xx 2-1:0.132: No AC97 audio processor [ 1204.550930][T16823] usb 5-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1204.579235][T16807] usb 2-1: Decoder not found [ 1204.586364][T16823] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1204.623274][T22155] loop3: detected capacity change from 0 to 7 [ 1204.642601][T16807] em28xx 2-1:0.132: failed to create media graph [ 1204.686830][T16823] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1204.709156][T22155] Dev loop3: unable to read RDB block 7 [ 1204.737261][T16807] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 1204.745487][T16823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1204.746088][T22155] loop3: unable to read partition table [ 1204.768232][T16807] em28xx 2-1:0.132: Remote control support is not available for this card. [ 1204.790764][ T855] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1204.871903][T16823] usb 5-1: Product: syz [ 1204.882024][T16823] usb 5-1: Manufacturer: syz [ 1204.920725][T13938] em28xx 2-1:0.132: Closing input extension [ 1204.920840][T16823] usb 5-1: SerialNumber: syz [ 1204.934612][T13938] ================================================================== [ 1204.940864][T22155] loop3: partition table beyond EOD, truncated [ 1204.942703][T13938] BUG: KASAN: slab-use-after-free in media_device_unregister+0x141/0x400 [ 1204.942740][T13938] Read of size 8 at addr ffff888025750210 by task kworker/0:1/13938 [ 1204.960762][T22155] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1204.965633][T13938] [ 1204.977188][T13938] CPU: 0 UID: 0 PID: 13938 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) [ 1204.977219][T13938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1204.977235][T13938] Workqueue: usb_hub_wq hub_event [ 1204.977271][T13938] Call Trace: [ 1204.977281][T13938] [ 1204.977291][T13938] dump_stack_lvl+0x189/0x250 [ 1204.977322][T13938] ? rcu_is_watching+0x15/0xb0 [ 1204.977347][T13938] ? __kasan_check_byte+0x12/0x40 [ 1204.977368][T13938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1204.977394][T13938] ? rcu_is_watching+0x15/0xb0 [ 1204.977418][T13938] ? lock_release+0x4b/0x3e0 [ 1204.977441][T13938] ? __virt_addr_valid+0x1c8/0x5c0 [ 1204.977469][T13938] ? __virt_addr_valid+0x4a5/0x5c0 [ 1204.977497][T13938] print_report+0xca/0x240 [ 1204.977522][T13938] ? media_device_unregister+0x141/0x400 [ 1204.977547][T13938] kasan_report+0x118/0x150 [ 1204.977568][T13938] ? media_device_unregister+0x141/0x400 [ 1204.977596][T13938] media_device_unregister+0x141/0x400 [ 1204.977626][T13938] em28xx_release_resources+0xac/0x240 [ 1204.977665][T13938] em28xx_usb_disconnect+0x19f/0x2f0 [ 1204.977690][T13938] usb_unbind_interface+0x26e/0x910 [ 1204.977716][T13938] ? __pfx_usb_unbind_interface+0x10/0x10 [ 1204.977738][T13938] device_release_driver_internal+0x4d9/0x800 [ 1204.977769][T13938] bus_remove_device+0x34d/0x410 [ 1204.977793][T13938] device_del+0x511/0x8e0 [ 1204.977820][T13938] ? __pfx_device_del+0x10/0x10 [ 1204.977844][T13938] ? kobject_put+0x446/0x480 [ 1204.977885][T13938] usb_disable_device+0x3e9/0x8a0 [ 1204.977920][T13938] usb_disconnect+0x330/0x950 [ 1204.977958][T13938] hub_event+0x1cf5/0x4a20 [ 1204.977987][T13938] ? cpuacct_charge+0x117/0x320 [ 1204.978019][T13938] ? do_raw_spin_lock+0x121/0x290 [ 1204.978046][T13938] ? register_lock_class+0x51/0x320 [ 1204.978073][T13938] ? __pfx_hub_event+0x10/0x10 [ 1204.978102][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1204.978127][T13938] ? _raw_spin_unlock_irq+0x23/0x50 [ 1204.978150][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1204.978171][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1204.978194][T13938] process_scheduled_works+0xae1/0x17b0 [ 1204.978230][T13938] ? __pfx_process_scheduled_works+0x10/0x10 [ 1204.978260][T13938] worker_thread+0x8a0/0xda0 [ 1204.978285][T13938] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1204.978313][T13938] ? __kthread_parkme+0x7b/0x200 [ 1204.978340][T13938] kthread+0x711/0x8a0 [ 1204.978367][T13938] ? __pfx_worker_thread+0x10/0x10 [ 1204.978397][T13938] ? __pfx_kthread+0x10/0x10 [ 1204.978423][T13938] ? _raw_spin_unlock_irq+0x23/0x50 [ 1204.978446][T13938] ? lockdep_hardirqs_on+0x9c/0x150 [ 1204.978469][T13938] ? __pfx_kthread+0x10/0x10 [ 1204.978507][T13938] ret_from_fork+0x4bc/0x870 [ 1204.978528][T13938] ? __pfx_ret_from_fork+0x10/0x10 [ 1204.978551][T13938] ? __switch_to_asm+0x39/0x70 [ 1204.978569][T13938] ? __switch_to_asm+0x33/0x70 [ 1204.978587][T13938] ? __pfx_kthread+0x10/0x10 [ 1204.978610][T13938] ret_from_fork_asm+0x1a/0x30 [ 1204.978645][T13938] [ 1204.978653][T13938] [ 1204.988789][T22144] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1204.998385][T13938] Allocated by task 16807: [ 1205.280503][T13938] kasan_save_track+0x3e/0x80 [ 1205.285203][T13938] __kasan_kmalloc+0x93/0xb0 [ 1205.289801][T13938] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 1205.295345][T13938] em28xx_v4l2_init+0x10b/0x2e70 [ 1205.300337][T13938] em28xx_init_extension+0x120/0x1c0 [ 1205.305647][T13938] process_scheduled_works+0xae1/0x17b0 [ 1205.311337][T13938] worker_thread+0x8a0/0xda0 [ 1205.315952][T13938] kthread+0x711/0x8a0 [ 1205.320051][T13938] ret_from_fork+0x4bc/0x870 [ 1205.324642][T13938] ret_from_fork_asm+0x1a/0x30 [ 1205.329449][T13938] [ 1205.331798][T13938] Freed by task 16807: [ 1205.335886][T13938] kasan_save_track+0x3e/0x80 [ 1205.340621][T13938] __kasan_save_free_info+0x46/0x50 [ 1205.346040][T13938] __kasan_slab_free+0x5c/0x80 [ 1205.350824][T13938] kfree+0x19a/0x6d0 [ 1205.354813][T13938] em28xx_v4l2_init+0x1683/0x2e70 [ 1205.359863][T13938] em28xx_init_extension+0x120/0x1c0 [ 1205.365191][T13938] process_scheduled_works+0xae1/0x17b0 [ 1205.370765][T13938] worker_thread+0x8a0/0xda0 [ 1205.375363][T13938] kthread+0x711/0x8a0 [ 1205.379569][T13938] ret_from_fork+0x4bc/0x870 [ 1205.384201][T13938] ret_from_fork_asm+0x1a/0x30 [ 1205.388991][T13938] [ 1205.391351][T13938] The buggy address belongs to the object at ffff888025750000 [ 1205.391351][T13938] which belongs to the cache kmalloc-8k of size 8192 [ 1205.405614][T13938] The buggy address is located 528 bytes inside of [ 1205.405614][T13938] freed 8192-byte region [ffff888025750000, ffff888025752000) [ 1205.419513][T13938] [ 1205.421866][T13938] The buggy address belongs to the physical page: [ 1205.428279][T13938] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25750 [ 1205.437035][T13938] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1205.445545][T13938] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1205.453614][T13938] page_type: f5(slab) [ 1205.457615][T13938] raw: 00fff00000000040 ffff88801a027280 0000000000000000 0000000000000001 [ 1205.466272][T13938] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1205.474906][T13938] head: 00fff00000000040 ffff88801a027280 0000000000000000 0000000000000001 [ 1205.483719][T13938] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1205.492444][T13938] head: 00fff00000000003 ffffea000095d401 00000000ffffffff 00000000ffffffff [ 1205.501294][T13938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1205.509974][T13938] page dumped because: kasan: bad access detected [ 1205.516375][T13938] page_owner tracks the page as allocated [ 1205.522173][T13938] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 20949, tgid 20948 (syz.0.3874), ts 1124037306030, free_ts 1117993404703 [ 1205.545476][T13938] post_alloc_hook+0x240/0x2a0 [ 1205.550275][T13938] get_page_from_freelist+0x2365/0x2440 [ 1205.555849][T13938] __alloc_frozen_pages_noprof+0x181/0x370 [ 1205.561749][T13938] alloc_pages_mpol+0x232/0x4a0 [ 1205.566632][T13938] allocate_slab+0x96/0x3a0 [ 1205.571150][T13938] ___slab_alloc+0xe94/0x18a0 [ 1205.575822][T13938] __slab_alloc+0x65/0x100 [ 1205.580227][T13938] __kmalloc_cache_noprof+0x411/0x6f0 [ 1205.585620][T13938] audit_log_d_path+0xb8/0x1a0 [ 1205.590381][T13938] audit_log_d_path_exe+0x42/0x70 [ 1205.595431][T13938] audit_log_task+0x2b3/0x3c0 [ 1205.600143][T13938] audit_seccomp+0x86/0x190 [ 1205.604668][T13938] __seccomp_filter+0xce4/0x1e10 [ 1205.609630][T13938] syscall_trace_enter+0xaa/0x160 [ 1205.614656][T13938] do_syscall_64+0xd3/0xfa0 [ 1205.619180][T13938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.625097][T13938] page last free pid 16516 tgid 16516 stack trace: [ 1205.631611][T13938] __free_frozen_pages+0xbc4/0xd30 [ 1205.636903][T13938] __put_partials+0x146/0x170 [ 1205.641677][T13938] put_cpu_partial+0x1f2/0x2e0 [ 1205.646442][T13938] __slab_free+0x2b9/0x390 [ 1205.650865][T13938] qlist_free_all+0x97/0x140 [ 1205.655506][T13938] kasan_quarantine_reduce+0x148/0x160 [ 1205.661148][T13938] __kasan_slab_alloc+0x22/0x80 [ 1205.666002][T13938] kmem_cache_alloc_noprof+0x367/0x6e0 [ 1205.671584][T13938] getname_flags+0xb8/0x540 [ 1205.676193][T13938] do_sys_openat2+0xbc/0x1c0 [ 1205.680884][T13938] __x64_sys_openat+0x138/0x170 [ 1205.685759][T13938] do_syscall_64+0xfa/0xfa0 [ 1205.690380][T13938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1205.696271][T13938] [ 1205.698696][T13938] Memory state around the buggy address: [ 1205.704436][T13938] ffff888025750100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1205.712556][T13938] ffff888025750180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1205.720745][T13938] >ffff888025750200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1205.729028][T13938] ^ [ 1205.733717][T13938] ffff888025750280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1205.741879][T13938] ffff888025750300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1205.749945][T13938] ================================================================== [ 1205.766859][T22144] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1205.774634][ T855] usb 4-1: device descriptor read/8, error -71 [ 1205.915150][T13938] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1205.922416][T13938] CPU: 0 UID: 0 PID: 13938 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT(full) [ 1205.932036][T13938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1205.942130][T13938] Workqueue: usb_hub_wq hub_event [ 1205.947309][T13938] Call Trace: [ 1205.950631][T13938] [ 1205.953593][T13938] dump_stack_lvl+0x99/0x250 [ 1205.958328][T13938] ? __asan_memcpy+0x40/0x70 [ 1205.962964][T13938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1205.968213][T13938] ? __pfx__printk+0x10/0x10 [ 1205.972849][T13938] vpanic+0x237/0x6d0 [ 1205.976877][T13938] ? __pfx_vpanic+0x10/0x10 [ 1205.981408][T13938] ? preempt_schedule+0xae/0xc0 [ 1205.986324][T13938] ? __pfx_preempt_schedule+0x10/0x10 [ 1205.991818][T13938] panic+0xb9/0xc0 [ 1205.995587][T13938] ? __pfx_panic+0x10/0x10 [ 1206.000041][T13938] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 1206.005962][T13938] ? media_device_unregister+0x141/0x400 [ 1206.011647][T13938] check_panic_on_warn+0x89/0xb0 [ 1206.016628][T13938] ? media_device_unregister+0x141/0x400 [ 1206.022275][T13938] end_report+0x78/0x160 [ 1206.026563][T13938] kasan_report+0x129/0x150 [ 1206.031080][T13938] ? media_device_unregister+0x141/0x400 [ 1206.036732][T13938] media_device_unregister+0x141/0x400 [ 1206.042476][T13938] em28xx_release_resources+0xac/0x240 [ 1206.048029][T13938] em28xx_usb_disconnect+0x19f/0x2f0 [ 1206.053335][T13938] usb_unbind_interface+0x26e/0x910 [ 1206.058550][T13938] ? __pfx_usb_unbind_interface+0x10/0x10 [ 1206.064279][T13938] device_release_driver_internal+0x4d9/0x800 [ 1206.070376][T13938] bus_remove_device+0x34d/0x410 [ 1206.075321][T13938] device_del+0x511/0x8e0 [ 1206.079674][T13938] ? __pfx_device_del+0x10/0x10 [ 1206.084619][T13938] ? kobject_put+0x446/0x480 [ 1206.089224][T13938] usb_disable_device+0x3e9/0x8a0 [ 1206.094271][T13938] usb_disconnect+0x330/0x950 [ 1206.099061][T13938] hub_event+0x1cf5/0x4a20 [ 1206.103515][T13938] ? cpuacct_charge+0x117/0x320 [ 1206.108404][T13938] ? do_raw_spin_lock+0x121/0x290 [ 1206.113445][T13938] ? register_lock_class+0x51/0x320 [ 1206.118662][T13938] ? __pfx_hub_event+0x10/0x10 [ 1206.123449][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1206.129455][T13938] ? _raw_spin_unlock_irq+0x23/0x50 [ 1206.134668][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1206.140404][T13938] ? process_scheduled_works+0x9ef/0x17b0 [ 1206.146215][T13938] process_scheduled_works+0xae1/0x17b0 [ 1206.151777][T13938] ? __pfx_process_scheduled_works+0x10/0x10 [ 1206.157777][T13938] worker_thread+0x8a0/0xda0 [ 1206.162373][T13938] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1206.168830][T13938] ? __kthread_parkme+0x7b/0x200 [ 1206.173785][T13938] kthread+0x711/0x8a0 [ 1206.177872][T13938] ? __pfx_worker_thread+0x10/0x10 [ 1206.182991][T13938] ? __pfx_kthread+0x10/0x10 [ 1206.187791][T13938] ? _raw_spin_unlock_irq+0x23/0x50 [ 1206.193185][T13938] ? lockdep_hardirqs_on+0x9c/0x150 [ 1206.198447][T13938] ? __pfx_kthread+0x10/0x10 [ 1206.203095][T13938] ret_from_fork+0x4bc/0x870 [ 1206.207704][T13938] ? __pfx_ret_from_fork+0x10/0x10 [ 1206.212830][T13938] ? __switch_to_asm+0x39/0x70 [ 1206.217605][T13938] ? __switch_to_asm+0x33/0x70 [ 1206.222370][T13938] ? __pfx_kthread+0x10/0x10 [ 1206.227100][T13938] ret_from_fork_asm+0x1a/0x30 [ 1206.231969][T13938] [ 1206.235391][T13938] Kernel Offset: disabled [ 1206.239734][T13938] Rebooting in 86400 seconds..