last executing test programs: 7.431812752s ago: executing program 3 (id=4211): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x72bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x24, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x2af, 0x9, 0x3, 0x400, 0x4, 0x0, 0x4, 0xff]}}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0x1}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 7.23211873s ago: executing program 3 (id=4213): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$inet6(0xa, 0x3, 0x1) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x10}}, 0x10) r3 = socket(0x840000000002, 0x3, 0xc) connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) r5 = fcntl$getown(r3, 0x9) r6 = getpid() sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7) read$FUSE(0xffffffffffffffff, 0x0, 0x0) chown(&(0x7f0000000080)='./file1\x00', 0x0, 0x0) stat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x18\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2) openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48) ftruncate(r8, 0x10000) fcntl$addseals(r8, 0x409, 0x7) ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, 0x0) r9 = syz_open_dev$hiddev(&(0x7f0000000680), 0x9, 0x8001) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$unix(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)="d6c9e659cdc31b1aeba10ab686eec41a1757025f733e2cf43ecb8c24edcb61c8f3384516f018936d49d0789d024055577df59e39db74e7a8018693a8352dd4371226922ffee8c52fcf138b67e523fa3df078c91c17661510db28f41481eb576257f9d79ae03ca65a9e2ff63106c4a4c5c4e5e0b4500eecf83da634f7692b1b6d01945bf2bbc48e02284c18ecf4c38d814b9a224d1879eb25692510729e1d3686d39f7f71accb893dd3af4fb35121502f7f78b3f04fba83ed", 0xb8}, {&(0x7f0000000300)="05796d5024c34aa309ed161f3a293e0f0f725cb002f132eb36ed3cb47bee586c5c79d937a8da425a35e3b7916e07", 0x2e}, {&(0x7f0000000400)="b1ad3bcfdc3d1d9c8295085a5115a35a9765fa0f6de900d48274450f706fb313890102fc29678d7d73e113e9bb321fa2f9a527ad6287f126fa74f6c49657983c", 0x40}, {0x0}], 0x4, &(0x7f00000006c0)=[@cred={{0x1c, 0x1, 0x2, {r5, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r6, 0x0, r7}}}, @rights={{0x14, 0x1, 0x1, [r2]}}, @rights={{0x2c, 0x1, 0x1, [r3, r9, r3, r0, r0, r0, r4]}}, @rights={{0x18, 0x1, 0x1, [r3, r1]}}], 0xa0, 0x20000000}, 0x0) 6.989750314s ago: executing program 2 (id=4214): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) read$hiddev(r0, &(0x7f0000000080)=""/134, 0x86) 6.874297092s ago: executing program 3 (id=4215): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000200)={0x2c, r0, 0x1, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xb2}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 6.874121739s ago: executing program 2 (id=4216): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1002}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) socket(0x10, 0x3, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 6.760713587s ago: executing program 3 (id=4217): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ccc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6b3f0000f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784753f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a748cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca7f75d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7f5be5778bb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d9f95e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x7fffffffffffffed, 0x0, {0x0, 0x0, 0x0, {0x3, 0x0, 0xd23, 0x400000000000000, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x200004, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e9", 0x1}], 0x1) 6.210265882s ago: executing program 2 (id=4222): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020732500000000002020207b1af8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x400ad80, &(0x7f00000000c0)={0xa, 0x4e23, 0x5b3, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, 0x1c) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x72, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.934683186s ago: executing program 2 (id=4227): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv6_newroute={0x30, 0x19, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_GATEWAY={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @local}}]}, 0x30}}, 0x0) 5.859571535s ago: executing program 2 (id=4229): getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000340)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000000000b70000007c676ac1e24f96f3772d4c46a08b39cf4261c33037cb1342b0a066db3b3bb5badf64f223c378b9a85d66a15fa7951d09bc5a18e517c5c2b703e2e78b96e030c2005ab615f7b5115e59a823734bacb426827fd6735759f1a0ab4213e4ebd60ac45843dc4fc77331888155530ed5ed28b6def2b5fa7ee9183f5771c105d8cc4b4462552dea196e52373f08616c52062c9fff682af62fb3bba277a717a3410236cd0b2ddf3f38fa168a29a2c5c65c135874b48e779c4804cb6cef041a00354f41493dccce3d1663fde510016911415aa3a128e71ae4cc2f3020847cd0e3df22f2cb5c1504b9f5f1d94b589698453b7815a5fb0d9bd18c68d28e39db97060a96"], 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000680)}], 0x5, 0x4, 0x5) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x1, 0xa, 0x99, '\x00', 0xe}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.654308519s ago: executing program 0 (id=4231): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xa89) 5.609465586s ago: executing program 2 (id=4233): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) ioctl$TCXONC(r3, 0x540a, 0x2) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000000)) ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000200)=0x1b) r4 = ioctl$TIOCGPTPEER(r3, 0x5441, 0x3) open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50) ioctl$TCXONC(r4, 0x540a, 0x2) 5.50274987s ago: executing program 0 (id=4235): syz_usb_connect$uac1(0x0, 0xa7, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x95, 0x3, 0x1, 0xfc, 0x0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x3}, [@feature_unit={0x13, 0x24, 0x6, 0x0, 0x0, 0x6, [0x0, 0x0, 0x0, 0x0, 0xa, 0x0]}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x8, 0x3}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x7, '\x00\x00\x00\x00'}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x1ff, 0x4, 0x4, 0xfe}, @selector_unit={0x8, 0x24, 0x5, 0x4, 0x2, "00008b"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x3, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x0, 0x0, 0x80, {0x7, 0x25, 0x1, 0x0, 0x0, 0xff1d}}}}}}}]}}, 0x0) 4.109545894s ago: executing program 0 (id=4252): prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) 3.443280775s ago: executing program 3 (id=4258): close(0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x3a) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) write$P9_RSTATu(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x2, 0x1, @local, 0x7}, 0x1c) 2.418238564s ago: executing program 1 (id=4266): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000d40)=ANY=[@ANYBLOB="280000001e00431b000000000000000007000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r1], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x0) read(r0, &(0x7f0000000680)=""/249, 0xf9) 2.418007409s ago: executing program 0 (id=4267): r0 = syz_open_dev$loop(&(0x7f0000002d40), 0x3, 0x40000) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000002d80)) 2.166136884s ago: executing program 1 (id=4269): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e00)={0x28, r0, 0x5, 0x0, 0x1fffd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6, 0x10, 0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8885}, 0x0) 2.080718503s ago: executing program 0 (id=4270): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f000000560900a1004daf25cee2d5d1c1"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGES(r1, 0xd01c4813, &(0x7f0000000580)={{0x1, 0xffffffff, 0x5, 0x7, 0x2, 0x7}, 0x10d, [0x9, 0x2, 0x5, 0x1, 0x9, 0xd, 0x0, 0x7fff, 0x5, 0x5, 0x7, 0x10001, 0xffff, 0x401, 0x79, 0x0, 0x3, 0x5, 0x1bf, 0x6, 0xfffffffa, 0x6, 0x1, 0x3b, 0xfffffffd, 0x8, 0xf05, 0x20200, 0x200, 0x9, 0x0, 0x6e6e, 0x13, 0x0, 0x0, 0x7f, 0x7fff, 0x4, 0x6, 0x2c01, 0x9, 0xa, 0xd, 0x1, 0x7, 0x4ad, 0x9, 0xfffffff9, 0x200, 0x10000, 0x0, 0x0, 0xfff, 0x401, 0x80000001, 0x1, 0x7, 0x7, 0x8, 0x5a07, 0x9, 0x5, 0x4, 0x2, 0x4, 0x40, 0xffff0000, 0x8921, 0x3, 0xa536, 0x6, 0xfa, 0x2, 0x3, 0xe2, 0x6, 0xc0, 0x9, 0x16, 0x51, 0x7fff, 0x3, 0x5d3, 0x2, 0x4, 0x2, 0x800, 0xc1bd, 0x5, 0x100, 0x3, 0x200, 0x5, 0x4, 0x5, 0x4, 0x6, 0x8000, 0x0, 0x6, 0x2, 0xe87, 0x30, 0xfffffffd, 0xd, 0xb6a0, 0x0, 0xb78, 0xd, 0x4, 0x489, 0x7, 0x1, 0x7, 0x400, 0x0, 0xd, 0x10001, 0x81, 0xfffffff7, 0x2, 0x8, 0x5a, 0xee30, 0x2, 0x5f9, 0x80000000, 0xf, 0x4, 0x6, 0x800, 0x615, 0xe, 0x254, 0x1, 0x7157, 0x1, 0xe2, 0x0, 0x0, 0x1368, 0x2, 0x3, 0x8, 0x200, 0x5, 0x2, 0x2, 0xfffff01b, 0x3, 0xc, 0xc65f, 0x6, 0x9cbe, 0x6, 0xd7f, 0x1, 0xffffffff, 0x5, 0x1a000000, 0x1, 0xfffffbff, 0x4, 0x4, 0x10000, 0x4, 0x7991, 0x3, 0x210000, 0x7f, 0x6, 0xde7a, 0x7fff, 0x2, 0xb1f, 0x8, 0x8, 0xa1da, 0x2, 0x5, 0x40000000, 0x1, 0x3, 0x500000, 0x7, 0x7, 0x6, 0x9, 0x101, 0x2, 0x0, 0x7fffffff, 0x9, 0x9415, 0x8, 0x3, 0xffff, 0x800, 0x5, 0x40, 0x4, 0x4, 0x1, 0x8, 0x3, 0xcfb, 0x835, 0x5, 0x6, 0x1, 0x4, 0x5, 0x5, 0x6, 0x200, 0x2, 0x81, 0xda, 0x1, 0x6, 0x0, 0xce, 0x6, 0xc, 0x9, 0x9, 0x1, 0x380f, 0xfffffffc, 0x9, 0xd, 0x5, 0x8001, 0x5, 0x23, 0x703, 0x4, 0xda8, 0x5, 0x9, 0x6, 0xe, 0x8, 0x8, 0xfffffffa, 0x5, 0x8, 0xfffffff7, 0x8, 0x3, 0x1ac, 0x1, 0x4, 0x8000, 0x1, 0xc6, 0x2, 0xea6c, 0x435, 0x8, 0x3, 0x5, 0x5, 0xfffffffb, 0xff, 0x8, 0x54, 0xfff, 0x0, 0x4, 0x9, 0x1, 0x1, 0x0, 0x3, 0x8, 0x7, 0x2, 0x4, 0x1, 0x4, 0xf, 0x4, 0x8001, 0x101, 0x4, 0x1, 0x1, 0xf, 0x7, 0x8, 0x4, 0x6cc7, 0x4, 0x5d, 0x2, 0x8, 0x8, 0x6, 0x0, 0x0, 0x6, 0x3, 0xf7, 0xe, 0x9, 0x1000, 0x7, 0x6, 0xfffffffe, 0x6, 0x9, 0x3ff, 0xfffffff8, 0x7, 0x660, 0x8, 0x7ff, 0x1b6b, 0x2, 0x0, 0x0, 0x8, 0x100, 0xc, 0xa, 0x62d, 0x0, 0xbb, 0x1e, 0x6, 0xf, 0x3, 0x1, 0x400, 0x9, 0x0, 0xfffffe01, 0x21ce, 0x4, 0x5, 0xb6, 0x5e2d, 0xd24a, 0x7, 0x3ff, 0x1ff, 0x1, 0x40, 0x3ff, 0x9, 0xfffff260, 0x30, 0xfffffe01, 0x401, 0x10000, 0x3, 0x7, 0xe621630, 0x7, 0x40, 0xfffffff9, 0x3ff, 0xffffffa8, 0xcd2, 0x1, 0x2, 0x9a2, 0x40000, 0x6, 0x7, 0x4, 0xfff, 0x3, 0x3ff, 0xce5, 0x7, 0x7, 0x500000, 0x1, 0x0, 0x9, 0x8, 0x81, 0x5, 0x0, 0x6, 0x3f, 0x6, 0x10001, 0xafd6, 0x2, 0x3d8186ea, 0x7, 0x200, 0x200, 0x2, 0x4, 0x6, 0xe, 0x3, 0x3f, 0x4, 0x5a, 0x40, 0x9, 0xffff1390, 0xfc04, 0x1, 0x3ff, 0x8, 0x7, 0x400, 0x1, 0xf, 0xffff, 0x354, 0x3, 0x200, 0x10, 0x6, 0x6, 0x4, 0xfffffff7, 0x8001, 0x8, 0x8199, 0x3, 0xfffffc01, 0x80000001, 0x8, 0x3, 0x8, 0xfffffe00, 0x0, 0x9, 0x6, 0x1, 0x4daab68b, 0x7f, 0x1, 0xb98, 0x5, 0xa00, 0x2, 0x81, 0x800, 0xc24, 0x80, 0x3, 0xf99, 0xb1f7, 0x1, 0x8, 0xffffff49, 0x1cc, 0x1ff, 0x3b57a768, 0x5f3, 0x1, 0x8, 0x2ed4, 0x3, 0x6, 0x0, 0x7, 0x8000, 0xba5a00, 0x6, 0x9, 0xffffff41, 0x5, 0x2, 0x400, 0xffff, 0x4, 0x3, 0x5, 0x4, 0x2, 0xa, 0x9bd, 0x40000, 0x4, 0x3ff, 0x1, 0x7f, 0xffffff13, 0x8, 0x58b2, 0xc, 0x2, 0x837, 0x0, 0xe2, 0x3, 0x10001, 0x73, 0x2, 0x4800000, 0x2, 0x1, 0xffffffff, 0x9, 0xff, 0x9, 0x101, 0x7, 0x6, 0x5, 0x0, 0x5, 0x80000001, 0x0, 0x6, 0x200, 0x1, 0xfffffffa, 0xca18, 0x6, 0x6e, 0x63f, 0x80, 0x101, 0x8cab, 0x5, 0xdc2d, 0xfffffffc, 0x7fff, 0x8, 0x5, 0x9, 0x3, 0x4, 0x6, 0xda, 0x98c5, 0x5, 0x2, 0x1000, 0x4, 0x8, 0x2, 0x3, 0x4, 0xe741, 0x1, 0x10, 0x10, 0x10, 0x4, 0x6895, 0xc2e, 0x704, 0x10000, 0xb, 0x6, 0x9, 0x5, 0xe7b, 0x8, 0x0, 0x1000, 0xff, 0x6, 0xd2c, 0x6, 0x9, 0x7, 0x8, 0x4, 0x8, 0x3, 0x4, 0x9, 0x3, 0x4a, 0x5800, 0x200, 0x7, 0xa, 0x9, 0xffff590c, 0x7, 0x811d, 0xd141, 0xb6, 0x1, 0x3ca800, 0x9, 0x1, 0x81, 0x7, 0x10, 0x400, 0x8, 0x1, 0x5, 0x5, 0xffffffb1, 0x8c, 0x1000, 0x3, 0x2, 0x8, 0x6, 0x4f535b34, 0x80, 0x0, 0x8001, 0x7, 0x4, 0x5b9e, 0x8001, 0xe47, 0x1a, 0x5, 0x4, 0xb, 0x0, 0x8, 0x5, 0x97, 0x8, 0x6, 0x7d28b3fe, 0x0, 0x86, 0xffffffff, 0xd14e, 0xdf4, 0x9, 0x0, 0x6, 0x8000000, 0x5, 0x0, 0x0, 0x0, 0x9, 0x8, 0x2, 0x9, 0x990, 0x193200, 0x5, 0x4, 0x2, 0x20004000, 0x9, 0x7, 0x7, 0x0, 0x1, 0x7, 0x401, 0x7, 0x99, 0x5, 0xc178, 0x8, 0x1, 0x8, 0x9, 0xf, 0x5, 0x0, 0x4, 0x7, 0xc, 0x5, 0x3, 0x34, 0x2, 0x5, 0x7, 0x7, 0x7, 0x7, 0x4, 0x7, 0xb, 0x9, 0x8, 0x0, 0x1, 0x9, 0x1ff, 0x7, 0x44ed, 0x7, 0xc05, 0x3, 0x9, 0xd4, 0x4, 0x3, 0x6, 0x7ff, 0x9, 0x80, 0x4, 0xc1, 0x1, 0x2, 0x1, 0x3, 0x401, 0xffffffff, 0x80, 0x7, 0x9, 0x400, 0x80, 0x7, 0xea3, 0x80, 0x1ffe, 0x4bef, 0xfffff063, 0x3, 0x0, 0x9, 0x1, 0xfffffd29, 0x2, 0x6, 0x4f8, 0x7, 0x4, 0x6, 0x8, 0x8, 0xfffff69a, 0x200, 0x1, 0xa747, 0x7, 0x800, 0xb340, 0x4, 0x4, 0x4, 0x81, 0x3, 0x2, 0x4, 0x8, 0x9, 0x401, 0xd, 0x2, 0x0, 0x7, 0x318, 0x7, 0x3, 0x2, 0x8, 0x5, 0x2, 0xb, 0x0, 0x8, 0x1, 0xfffffff8, 0x5, 0x8000, 0x8, 0x9, 0xa8, 0xfffffffe, 0x6, 0x7f, 0x80, 0x7, 0xfffffff2, 0xff, 0x9, 0xad, 0x6, 0x3, 0x1, 0x10, 0x6, 0xb059, 0x8, 0x0, 0x2, 0xc0c, 0x3, 0x9, 0xfffffff8, 0x3, 0x7fff, 0x1, 0x1, 0x9, 0x10001, 0x3, 0x4, 0x1, 0x8, 0xfffffffa, 0x6, 0x8, 0x2, 0x800, 0x19, 0x40, 0x9, 0x7, 0xee2, 0x3, 0x949c, 0x6, 0x7fff, 0xa, 0x8193, 0xff, 0x52, 0x3, 0x3ff, 0x1, 0x0, 0xfffffffb, 0x8, 0x7fff, 0x0, 0x1, 0xe3, 0x4, 0x909, 0x8, 0x1ff, 0x9, 0x9, 0x8, 0x4, 0x238, 0x3, 0xf2, 0x1, 0x96d2, 0x3, 0x2, 0x5, 0x1, 0x928f, 0x415b, 0x3, 0x0, 0xc259, 0x7ff, 0xff, 0x1, 0x2, 0x0, 0x0, 0x9, 0x101, 0xfffffffd, 0xf990, 0xbb, 0x4, 0xfffffff0, 0x200, 0x9, 0x4, 0x1, 0x5, 0x11e6, 0xc, 0x8, 0xc91, 0x7, 0x200, 0x7f, 0x0, 0x1ff, 0xda92, 0x8, 0x6, 0xfeec, 0x4, 0x2, 0x5, 0x2, 0x6e, 0xffffffff, 0x2, 0xb4, 0x3, 0x7b, 0x8b2, 0x7, 0x3, 0x3, 0x5, 0x401, 0x7fff, 0x3, 0x8001, 0x40, 0x7, 0x7, 0xfffffff9, 0x9, 0x4c83, 0x0, 0xd, 0x0, 0x6, 0x6, 0xa50, 0x0, 0x1ff, 0x3, 0xd0e, 0x3, 0x1, 0xfffffffe, 0xfffffffd, 0x9, 0xa, 0x8, 0x3, 0x6, 0x6da2, 0x90d6, 0xfffff001, 0x2, 0x5, 0xc1, 0x1, 0x1, 0x9, 0x8, 0x9, 0x3, 0x3, 0x0, 0x800, 0x7, 0x5, 0x9, 0x1, 0xf, 0x5, 0x5, 0x72, 0x7646, 0x800, 0x800, 0x1, 0x8001, 0xc, 0x9, 0x0, 0xfe5d, 0x2, 0x5, 0x7ff, 0x4, 0xe0, 0x5c7640cd, 0x80, 0x6, 0x5, 0x3800, 0x262, 0x9, 0x9, 0x2, 0x1, 0x2, 0x0, 0xfffffffe, 0x2, 0x3ff, 0x9, 0x8, 0x0, 0xff, 0x2, 0x1, 0x2, 0x3, 0x40, 0x1, 0x2, 0x1, 0xb, 0x2, 0x80000001, 0x6, 0x8, 0x8000, 0xa55, 0x3, 0xc80, 0xb, 0x7f, 0xe0a1336c, 0x8001, 0x401, 0x6, 0x7f, 0x7, 0x0, 0x8, 0x9, 0x0, 0x200, 0x8, 0x800, 0x5, 0x80000000, 0x1, 0xf, 0x9, 0xf8, 0x5]}) 1.978385264s ago: executing program 1 (id=4271): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000000c0)={0x3, 0x1002}, 0x4) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) socket(0x10, 0x3, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) 1.978175279s ago: executing program 4 (id=4272): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)={0xa4, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_NAT_DST={0x10, 0xd, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}]}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0xa4}}, 0x0) 1.837651139s ago: executing program 4 (id=4273): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001840)={0x2020}, 0x2020) 1.677921396s ago: executing program 4 (id=4274): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) 1.490235394s ago: executing program 4 (id=4275): madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa) 1.334377375s ago: executing program 4 (id=4276): sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x18, 0x0, 0x800, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8004}, 0xa4) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x48, 0x5, 0x8, 0x3, 0x3, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x7e, 0x7}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.305006124s ago: executing program 3 (id=4277): mmap(&(0x7f0000001000/0x6000)=nil, 0x6000, 0x0, 0x4000010, 0xffffffffffffffff, 0xddb41000) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0xa, "9c8c0396"}, @global=@item_4={0x3, 0x1, 0xb, "a68cbf27"}, @main=@item_4={0x3, 0x0, 0xa, "fbd881fa"}]}}, 0x0}, 0x0) 1.118615386s ago: executing program 1 (id=4278): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) quotactl$Q_SETINFO(0xffffffff80000602, 0x0, 0xee01, 0x0) 870.107019ms ago: executing program 1 (id=4279): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="4001000010000100feffffff00010000fe880000000000000000000000000001fc010000000000000000000000200001000107ffff230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c0000007f000001000000000000000000000000000000000000000092010000000000000600000000000000ffff0000000000001c250800000000000200000000000000f8ffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000feffffffffffffff02000000fcffffff000000002abd700005350000020001002000000000000000480003006465666c617465"], 0x140}, 0x1, 0x0, 0x0, 0x8801}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 679.815358ms ago: executing program 1 (id=4280): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = socket(0xa, 0x3, 0x87) prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x1b) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000000)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x18, r4}) ioctl$sock_inet6_tcp_SIOCINQ(r2, 0x8936, &(0x7f0000000000)) 21.178222ms ago: executing program 4 (id=4281): syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000240)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0xa, 0x2002) write$evdev(r1, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37) 0s ago: executing program 0 (id=4282): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x42082, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) io_setup(0x100, &(0x7f0000000000)=0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xd, r0, &(0x7f0000000200)="58bec2479f34bd9ee97671f9cccf51a07363c1f6a81eb0420841adfe80d06f7fe7f06170f1318345b0c5361d81d1660202eeaa25503e880270258c414e82c10cd63871d26c41fc19edc6", 0x4a, 0x4}]) kernel console output (not intermixed with test programs): many interfaces: 114, using maximum allowed: 32 [ 1383.131117][ T9] usb 5-1: config 111 has an invalid descriptor of length 111, skipping remainder of the config [ 1383.142378][ T9] usb 5-1: config 111 has 0 interfaces, different from the descriptor's value: 114 [ 1383.167531][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 1383.187869][T19428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3655'. [ 1383.564123][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1383.991602][T18184] usb 5-1: USB disconnect, device number 51 [ 1384.877172][T19459] bridge0: port 2(bridge_slave_1) entered blocking state [ 1384.884438][T19459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1384.892173][T19459] bridge0: port 1(bridge_slave_0) entered blocking state [ 1384.899405][T19459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1385.117084][T19459] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1385.635926][T14762] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 1385.795741][T14762] usb 1-1: Using ep0 maxpacket: 32 [ 1385.843393][T14762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1385.907363][T14762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1385.955236][T14762] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1386.003594][T14762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1386.024117][T14762] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1386.075100][T14762] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1386.088836][T14762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1386.109044][T14762] usb 1-1: Product: syz [ 1386.114538][T14762] usb 1-1: Manufacturer: syz [ 1386.253151][T19469] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1386.284565][T14762] usb 1-1: SerialNumber: syz [ 1386.309012][T14762] usb 1-1: config 0 descriptor?? [ 1386.324652][T19459] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1386.351173][T14762] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input230 [ 1386.381668][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.462384][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.489767][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.604585][T19459] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.685341][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.730849][T14278] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.742970][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.771511][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1386.892997][T19478] netlink: 'syz.1.3664': attribute type 1 has an invalid length. [ 1386.946216][T19475] netlink: 'syz.2.3663': attribute type 10 has an invalid length. [ 1387.145618][T14762] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1387.395487][T14762] usb 2-1: Using ep0 maxpacket: 16 [ 1387.409127][T14762] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1387.428322][T14762] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1387.445949][T14762] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1387.457026][T14762] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1387.477764][T14762] usb 2-1: Product: syz [ 1387.492014][T14762] usb 2-1: Manufacturer: syz [ 1387.536286][T14762] usb 2-1: SerialNumber: syz [ 1387.554274][T14762] usb 2-1: config 0 descriptor?? [ 1387.589585][T14762] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1387.612338][T14762] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 1388.008318][ T5902] usb 1-1: USB disconnect, device number 48 [ 1388.190740][T14762] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 1388.208359][T14762] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 1388.223147][T14762] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 1388.259499][T14762] em28xx 2-1:0.0: No AC97 audio processor [ 1388.292102][T14762] usb 2-1: USB disconnect, device number 66 [ 1388.311922][T14762] em28xx 2-1:0.0: Disconnecting em28xx [ 1388.335194][T14762] em28xx 2-1:0.0: Freeing device [ 1388.405515][T17031] usb 5-1: new full-speed USB device number 52 using dummy_hcd [ 1388.559713][T17031] usb 5-1: config 0 has an invalid interface number: 120 but max is 0 [ 1388.569218][T17031] usb 5-1: config 0 has no interface number 0 [ 1388.578414][T17031] usb 5-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=c6.7f [ 1388.588672][T17031] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1388.597109][T17031] usb 5-1: Product: syz [ 1388.610120][T17031] usb 5-1: Manufacturer: syz [ 1388.614921][T17031] usb 5-1: SerialNumber: syz [ 1388.633501][T17031] usb 5-1: config 0 descriptor?? [ 1388.648036][T17031] esd_usb 5-1:0.120: sending version message failed [ 1388.655014][T17031] esd_usb 5-1:0.120: probe with driver esd_usb failed with error -8 [ 1388.886780][ T5902] usb 5-1: USB disconnect, device number 52 [ 1389.014822][T19496] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3669'. [ 1389.235572][T14762] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1389.334876][T19506] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3670'. [ 1389.386201][T14762] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 1389.395314][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.416644][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1389.433804][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1389.433966][T19507] syzkaller1: entered promiscuous mode [ 1389.447098][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1389.461051][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.484463][T19507] syzkaller1: entered allmulticast mode [ 1389.532339][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1389.542677][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1389.560358][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1389.568876][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.581358][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1389.660585][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1389.681837][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1389.693425][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.855299][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1389.885143][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1389.910513][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1389.931170][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.950478][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1390.059735][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1390.084270][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1390.107250][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1390.124192][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1390.170890][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1390.224828][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1390.275359][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1390.314634][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1390.369505][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1390.456255][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1390.566034][T14762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1390.577135][T14762] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1390.582148][T19527] netlink: 'syz.3.3675': attribute type 10 has an invalid length. [ 1390.594391][T14762] usb 2-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1390.636726][T14762] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1390.706723][T14762] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1390.725852][T14762] usb 2-1: New USB device strings: Mfr=41, Product=68, SerialNumber=168 [ 1390.755285][T14762] usb 2-1: Product: syz [ 1390.777347][T14762] usb 2-1: Manufacturer: syz [ 1390.792076][T14762] usb 2-1: SerialNumber: syz [ 1390.838296][T14762] usb 2-1: config 0 descriptor?? [ 1390.873854][T14762] yurex 2-1:0.0: Could not find endpoints [ 1391.119668][ T44] usb 2-1: USB disconnect, device number 67 [ 1391.150143][T19537] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1391.415520][ T9] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1391.615511][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 1391.857058][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1391.870460][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1391.898238][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1391.932740][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1391.953337][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1391.995677][ T9] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1392.006283][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1392.014518][ T9] usb 1-1: Product: syz [ 1392.019133][ T9] usb 1-1: Manufacturer: syz [ 1392.024005][ T9] usb 1-1: SerialNumber: syz [ 1392.123152][ T9] usb 1-1: config 0 descriptor?? [ 1392.136326][T19538] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1392.155339][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input231 [ 1392.158199][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 1392.158220][ T30] audit: type=1326 audit(1765462317.025:2992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19539 comm="syz.4.3678" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70cd539 code=0x7fc00000 [ 1392.230694][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.265066][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.278587][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.299252][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.425862][T19537] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.639331][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.707358][T14278] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.739013][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1392.783411][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1393.535281][T19561] binder: 19558:19561 ioctl 4010640d 80000280 returned -22 [ 1393.596956][T19565] syzkaller1: entered promiscuous mode [ 1393.602581][T19565] syzkaller1: entered allmulticast mode [ 1393.610860][T19565] FAULT_INJECTION: forcing a failure. [ 1393.610860][T19565] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1393.629759][T19565] CPU: 1 UID: 0 PID: 19565 Comm: syz.1.3684 Tainted: G L syzkaller #0 PREEMPT(full) [ 1393.629784][T19565] Tainted: [L]=SOFTLOCKUP [ 1393.629790][T19565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1393.629800][T19565] Call Trace: [ 1393.629807][T19565] [ 1393.629814][T19565] dump_stack_lvl+0x189/0x250 [ 1393.629838][T19565] ? __pfx____ratelimit+0x10/0x10 [ 1393.629861][T19565] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1393.629880][T19565] ? __pfx__printk+0x10/0x10 [ 1393.629904][T19565] ? __might_fault+0xb0/0x130 [ 1393.629935][T19565] should_fail_ex+0x414/0x560 [ 1393.629961][T19565] _copy_from_iter+0x1cd/0x1630 [ 1393.629994][T19565] ? __pfx__copy_from_iter+0x10/0x10 [ 1393.630015][T19565] ? sock_alloc_send_pskb+0x86b/0x980 [ 1393.630038][T19565] ? __pfx__copy_from_iter+0x10/0x10 [ 1393.630063][T19565] ? page_copy_sane+0x16a/0x280 [ 1393.630088][T19565] copy_page_from_iter+0xdd/0x170 [ 1393.630115][T19565] skb_copy_datagram_from_iter+0x306/0x720 [ 1393.630147][T19565] tun_get_user+0x1683/0x3dc0 [ 1393.630178][T19565] ? aa_file_perm+0x44c/0x1530 [ 1393.630197][T19565] ? __pfx_tun_get_user+0x10/0x10 [ 1393.630215][T19565] ? __lock_acquire+0x6b6/0x2cf0 [ 1393.630233][T19565] ? kstrtoull+0x12f/0x1d0 [ 1393.630260][T19565] ? ref_tracker_alloc+0x318/0x460 [ 1393.630285][T19565] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1393.630313][T19565] ? tun_get+0x1c/0x2f0 [ 1393.630332][T19565] ? tun_get+0x1c/0x2f0 [ 1393.630347][T19565] ? tun_get+0x1c/0x2f0 [ 1393.630366][T19565] tun_chr_write_iter+0x113/0x200 [ 1393.630385][T19565] vfs_write+0x5c9/0xb30 [ 1393.630404][T19565] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1393.630423][T19565] ? __pfx_vfs_write+0x10/0x10 [ 1393.630454][T19565] ? __fget_files+0x2a/0x420 [ 1393.630492][T19565] ksys_write+0x145/0x250 [ 1393.630515][T19565] ? exc_page_fault+0x82/0x100 [ 1393.630545][T19565] ? __pfx_ksys_write+0x10/0x10 [ 1393.630563][T19565] ? __do_fast_syscall_32+0xbe/0x570 [ 1393.630581][T19565] __do_fast_syscall_32+0x1f7/0x570 [ 1393.630597][T19565] ? rcu_is_watching+0x15/0xb0 [ 1393.630615][T19565] ? do_fast_syscall_32+0x34/0x80 [ 1393.630634][T19565] do_fast_syscall_32+0x34/0x80 [ 1393.630649][T19565] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1393.630668][T19565] RIP: 0023:0xf70ed539 [ 1393.630681][T19565] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1393.630695][T19565] RSP: 002b:00000000f54dd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1393.630716][T19565] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000740 [ 1393.630727][T19565] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000000 [ 1393.630736][T19565] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1393.630745][T19565] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1393.630754][T19565] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1393.630776][T19565] [ 1394.167865][T16064] usb 1-1: USB disconnect, device number 49 [ 1394.207710][T19566] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1394.631956][T19576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3687'. [ 1394.671405][ T44] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1394.812779][ T44] usb 3-1: device descriptor read/64, error -71 [ 1394.947274][T19578] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3686'. [ 1395.085580][ T44] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1395.225783][ T44] usb 3-1: device descriptor read/64, error -71 [ 1395.245883][T17031] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1395.345838][ T44] usb usb3-port1: attempt power cycle [ 1395.438843][T17031] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1395.470530][T17031] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1395.511132][T17031] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1395.586347][T17031] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1395.613939][T17031] usb 2-1: Product: syz [ 1395.643036][T17031] usb 2-1: Manufacturer: syz [ 1395.654614][T17031] usb 2-1: SerialNumber: syz [ 1395.666070][T19594] netlink: 'syz.4.3689': attribute type 10 has an invalid length. [ 1395.679485][T17031] usb 2-1: config 0 descriptor?? [ 1395.695502][ T44] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1395.762500][ T44] usb 3-1: device descriptor read/8, error -71 [ 1396.015503][ T44] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1396.146682][T17031] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1396.193257][ T44] usb 3-1: device descriptor read/8, error -71 [ 1396.270379][T17031] usb 2-1: USB disconnect, device number 68 [ 1396.393033][ T44] usb usb3-port1: unable to enumerate USB device [ 1396.725497][ T5923] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1396.916197][ T5923] usb 5-1: Using ep0 maxpacket: 8 [ 1396.928024][ T5923] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 1396.936504][ T5923] usb 5-1: config 2 has no interface number 0 [ 1396.996057][ T5923] usb 5-1: config 2 interface 31 has no altsetting 0 [ 1397.011261][ T5923] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1397.020928][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1397.092646][ T5923] usb 5-1: Product: syz [ 1397.110163][ T5923] usb 5-1: Manufacturer: syz [ 1397.123509][ T5923] usb 5-1: SerialNumber: syz [ 1397.153636][ T5923] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22 [ 1398.494786][T19625] lo: entered allmulticast mode [ 1398.507477][T19625] lo: left allmulticast mode [ 1398.834258][T19631] bridge0: port 2(bridge_slave_1) entered blocking state [ 1398.841560][T19631] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1398.850288][T19631] bridge0: port 1(bridge_slave_0) entered blocking state [ 1398.857562][T19631] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1399.021227][T19631] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1399.245823][ T44] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1399.436901][ T9] usb 5-1: USB disconnect, device number 53 [ 1399.613695][ T30] audit: type=1326 audit(1765462324.465:2993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1399.645592][ T30] audit: type=1326 audit(1765462324.465:2994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1399.669482][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 1399.681690][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1399.702075][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1399.713687][ T44] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1399.726359][ T30] audit: type=1326 audit(1765462324.465:2995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1399.751138][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1399.825522][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1399.847629][ T30] audit: type=1326 audit(1765462324.465:2996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1399.879137][ T44] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1399.888640][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1399.897578][ T44] usb 2-1: Product: syz [ 1399.902069][ T44] usb 2-1: Manufacturer: syz [ 1399.906732][ T9] usb 5-1: new full-speed USB device number 54 using dummy_hcd [ 1399.914876][ T30] audit: type=1326 audit(1765462324.465:2997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1399.963855][ T44] usb 2-1: SerialNumber: syz [ 1399.981770][T19656] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3701'. [ 1400.009370][ T44] usb 2-1: config 0 descriptor?? [ 1400.022350][T19632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1400.040092][ T44] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input232 [ 1400.058043][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1400.067277][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.086846][ T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1400.086856][ T30] audit: type=1326 audit(1765462324.475:2998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1400.118913][ T30] audit: type=1326 audit(1765462324.475:2999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1400.128720][ T9] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1400.141799][ T30] audit: type=1326 audit(1765462324.475:3000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1400.203488][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1400.272335][ T9] usb 5-1: config 0 descriptor?? [ 1400.278948][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.333391][ T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1400.347162][ T9] dvb-usb: bulk message failed: -22 (3/0) [ 1400.370121][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.414815][ T30] audit: type=1326 audit(1765462324.545:3001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1400.439216][ T30] audit: type=1326 audit(1765462324.565:3002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19636 comm="syz.3.3699" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1539 code=0x7ffc0000 [ 1400.485761][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.519545][ T9] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1400.540411][ T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1400.596836][T14278] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.609561][ T9] usb 5-1: media controller created [ 1400.620441][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1400.707797][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.736777][ T9] dvb-usb: bulk message failed: -22 (6/0) [ 1400.771328][ T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1400.804806][ T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input233 [ 1400.834301][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1400.856504][ T9] dvb-usb: schedule remote query interval to 150 msecs. [ 1400.880294][ T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1400.938911][ T9] usb 5-1: USB disconnect, device number 54 [ 1400.961609][ T5185] xpad 2-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1401.106971][ T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1401.313427][T19661] netlink: 'syz.2.3702': attribute type 10 has an invalid length. [ 1402.868743][T16064] usb 2-1: USB disconnect, device number 69 [ 1403.273798][T19688] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3707'. [ 1403.457217][ T44] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 1403.628970][ T44] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1403.639331][ T44] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1403.737601][ T44] usb 1-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 1403.759808][T19695] loop8: detected capacity change from 0 to 8 [ 1403.775528][T19695] Dev loop8: unable to read RDB block 8 [ 1403.781269][T19695] loop8: unable to read partition table [ 1403.811864][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1403.828397][T19695] loop8: partition table beyond EOD, truncated [ 1403.834677][ T44] usb 1-1: config 0 descriptor?? [ 1403.848498][T19695] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1404.084618][ T44] usb 1-1: USB disconnect, device number 50 [ 1404.285490][T16064] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1404.387716][T19705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3712'. [ 1404.465562][T16064] usb 3-1: Using ep0 maxpacket: 8 [ 1404.483967][T16064] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 1404.492574][T16064] usb 3-1: config 2 has no interface number 0 [ 1404.499266][T16064] usb 3-1: config 2 interface 31 has no altsetting 0 [ 1404.516947][T16064] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1404.531177][T16064] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.539511][T16064] usb 3-1: Product: syz [ 1404.543763][T16064] usb 3-1: Manufacturer: syz [ 1404.548655][T16064] usb 3-1: SerialNumber: syz [ 1404.560531][T16064] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 1404.818219][T19718] bridge0: port 2(bridge_slave_1) entered disabled state [ 1404.825603][T19718] bridge0: port 1(bridge_slave_0) entered disabled state [ 1404.862047][T19718] sctp: [Deprecated]: syz.0.3715 (pid 19718) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1404.862047][T19718] Use struct sctp_sack_info instead [ 1405.335526][T18184] usb 5-1: new full-speed USB device number 55 using dummy_hcd [ 1405.532233][T18184] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1405.583149][T18184] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1405.967091][T18184] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1405.995582][T18184] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1406.040670][T18184] usb 5-1: config 0 descriptor?? [ 1406.115902][T18184] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1406.134646][T18184] dvb-usb: bulk message failed: -22 (3/0) [ 1406.150961][T18184] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1406.160703][T18184] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1406.227123][T18184] usb 5-1: media controller created [ 1406.234492][T18184] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1406.266143][T18184] dvb-usb: bulk message failed: -22 (6/0) [ 1406.290461][T18184] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1406.309976][T18184] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input234 [ 1406.355691][T18184] dvb-usb: schedule remote query interval to 150 msecs. [ 1406.383000][T18184] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1406.418581][T18184] usb 5-1: USB disconnect, device number 55 [ 1406.447042][T19731] netlink: 'syz.0.3717': attribute type 10 has an invalid length. [ 1406.634734][T18184] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1407.005287][T19741] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1407.031816][T19739] ucma_write: process 464 (syz.4.3720) changed security contexts after opening file descriptor, this is not allowed. [ 1407.129843][T19745] batman_adv: batadv0: Interface deactivated: netdevsim0 [ 1407.290979][T16064] usb 3-1: USB disconnect, device number 69 [ 1407.431665][T19745] netdevsim netdevsim0 netdevsim0: refused to change device tx_queue_len [ 1407.460465][T19749] netdevsim netdevsim0 netdevsim0: refused to change device tx_queue_len [ 1407.726169][T16064] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1408.112194][T16064] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1408.258650][T16064] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1408.295912][T16064] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1408.308983][T16064] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1408.364112][T16064] usb 5-1: Product: syz [ 1408.441069][T16064] usb 5-1: Manufacturer: syz [ 1408.479343][T16064] usb 5-1: SerialNumber: syz [ 1408.604495][T16064] usb 5-1: config 0 descriptor?? [ 1408.858669][T16064] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1408.897554][T19765] loop8: detected capacity change from 0 to 8 [ 1408.904801][T19765] Dev loop8: unable to read RDB block 8 [ 1408.942433][T19765] loop8: unable to read partition table [ 1408.985318][T19765] loop8: partition table beyond EOD, truncated [ 1409.124453][T19765] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1409.137398][ T30] kauditd_printk_skb: 46 callbacks suppressed [ 1409.137419][ T30] audit: type=1326 audit(1765462334.005:3049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19764 comm="syz.1.3725" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ed539 code=0x0 [ 1409.238945][T17958] usb 5-1: USB disconnect, device number 56 [ 1410.056862][T19773] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.3728'. [ 1410.145901][T19774] sctp: [Deprecated]: syz.4.3727 (pid 19774) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1410.145901][T19774] Use struct sctp_sack_info instead [ 1410.378711][T19769] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3726'. [ 1410.795483][T17958] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 1410.973592][T19787] netlink: 'syz.3.3731': attribute type 10 has an invalid length. [ 1410.984399][T17958] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1411.001201][T17958] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1411.032440][T17958] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 1411.110876][T17958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1411.137153][T17958] usb 1-1: config 0 descriptor?? [ 1411.162586][T17958] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 1411.191202][T17958] dvb-usb: bulk message failed: -22 (3/0) [ 1411.323935][T17958] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 1411.353662][T17958] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 1411.383356][T17958] usb 1-1: media controller created [ 1411.420090][T17958] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1411.471961][T17958] dvb-usb: bulk message failed: -22 (6/0) [ 1411.499299][T17958] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 1411.519362][T17958] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input235 [ 1411.542979][T17958] dvb-usb: schedule remote query interval to 150 msecs. [ 1411.561326][T17958] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 1411.684800][T17958] usb 1-1: USB disconnect, device number 51 [ 1411.765623][ T5823] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1411.859617][T17958] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 1411.956322][ T5823] usb 3-1: Using ep0 maxpacket: 8 [ 1411.974516][ T5823] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 1412.000774][ T5823] usb 3-1: config 2 has no interface number 0 [ 1412.017207][ T5823] usb 3-1: config 2 interface 31 has no altsetting 0 [ 1412.045215][ T5823] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1412.063114][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1412.097508][ T5823] usb 3-1: Product: syz [ 1412.106688][ T5823] usb 3-1: Manufacturer: syz [ 1412.122502][ T5823] usb 3-1: SerialNumber: syz [ 1412.164366][ T5823] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 1413.419611][T19829] sctp: [Deprecated]: syz.4.3740 (pid 19829) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1413.419611][T19829] Use struct sctp_sack_info instead [ 1414.592573][T19840] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1414.823409][ T5923] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1415.028366][T14762] usb 3-1: USB disconnect, device number 70 [ 1415.065733][ T5923] usb 5-1: Using ep0 maxpacket: 8 [ 1415.076217][ T5923] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 1415.089386][ T5923] usb 5-1: config 2 has no interface number 0 [ 1415.098738][ T5923] usb 5-1: config 2 interface 31 has no altsetting 0 [ 1415.122220][ T5923] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1415.134454][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1415.145460][ T5923] usb 5-1: Product: syz [ 1415.149669][ T5923] usb 5-1: Manufacturer: syz [ 1415.159361][ T5923] usb 5-1: SerialNumber: syz [ 1415.200440][ T5923] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22 [ 1415.556033][T19843] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3743'. [ 1415.655814][ T5923] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1415.689366][ T5924] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1415.847034][ T5923] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1415.860345][ T5923] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1415.870354][ T5924] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1415.882484][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1415.893236][ T5923] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 1415.902464][ T5924] usb 2-1: Product: syz [ 1415.907951][ T5924] usb 2-1: Manufacturer: syz [ 1415.914431][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1415.922580][ T5924] usb 2-1: SerialNumber: syz [ 1415.998594][ T5923] usb 3-1: config 0 descriptor?? [ 1416.003823][ T5924] usb 2-1: config 0 descriptor?? [ 1416.252374][ T5924] usb-storage 2-1:0.0: USB Mass Storage device detected [ 1416.252948][T17958] usb 3-1: USB disconnect, device number 71 [ 1416.542604][T17958] usb 2-1: USB disconnect, device number 70 [ 1416.654320][T19860] netlink: 'syz.0.3746': attribute type 10 has an invalid length. [ 1417.266217][ T5924] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1417.426133][ T5924] usb 3-1: Using ep0 maxpacket: 16 [ 1417.499099][ T5924] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1417.521087][ T5924] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1417.542970][ T5924] usb 3-1: can't read configurations, error -71 [ 1417.556927][T19872] program syz.0.3749 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1417.577603][T17958] usb 5-1: USB disconnect, device number 57 [ 1418.049367][T19879] bridge0: port 2(bridge_slave_1) entered disabled state [ 1418.056738][T19879] bridge0: port 1(bridge_slave_0) entered disabled state [ 1418.339541][T19887] sctp: [Deprecated]: syz.3.3752 (pid 19887) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1418.339541][T19887] Use struct sctp_sack_info instead [ 1418.510253][T14762] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 1418.559685][T19889] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3753'. [ 1418.775562][T14762] usb 1-1: Using ep0 maxpacket: 32 [ 1418.796804][T14762] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 1418.805635][T14762] usb 1-1: config 0 has no interface number 0 [ 1419.260135][T14762] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1419.275844][T14762] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.314461][T14762] usb 1-1: Product: syz [ 1419.336291][T14762] usb 1-1: Manufacturer: syz [ 1419.407616][T14762] usb 1-1: SerialNumber: syz [ 1419.467043][T14762] usb 1-1: config 0 descriptor?? [ 1419.506558][ T5924] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1419.643171][T14762] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1419.685523][ T5924] usb 3-1: Using ep0 maxpacket: 8 [ 1419.916993][ T5924] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 1419.977375][ T5924] usb 3-1: config 2 has no interface number 0 [ 1419.987950][T14762] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1420.054218][T14762] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1420.055198][ T5924] usb 3-1: config 2 interface 31 has no altsetting 0 [ 1420.323201][ T5923] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1420.408411][ T5924] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1420.466075][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.511554][ T5924] usb 3-1: Product: syz [ 1420.541975][ T5924] usb 3-1: Manufacturer: syz [ 1420.570377][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1420.595530][ T5924] usb 3-1: SerialNumber: syz [ 1420.617113][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1420.753118][ T5924] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 1420.770295][ T5923] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1420.789225][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.815681][ T5923] usb 2-1: Product: syz [ 1420.820039][ T5923] usb 2-1: Manufacturer: syz [ 1420.824665][ T5923] usb 2-1: SerialNumber: syz [ 1420.871352][ T5923] usb 2-1: config 0 descriptor?? [ 1421.220708][ T5923] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1421.499404][ T5923] usb 2-1: USB disconnect, device number 71 [ 1422.155756][T19912] netlink: 'syz.4.3759': attribute type 10 has an invalid length. [ 1422.350943][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1422.367235][ T5923] usb 1-1: USB disconnect, device number 52 [ 1422.389272][ T5923] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1422.409653][ T5923] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1422.581903][ T5923] quatech2 1-1:0.51: device disconnected [ 1423.171760][T19929] bridge0: port 2(bridge_slave_1) entered blocking state [ 1423.178956][T19929] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1423.186468][T19929] bridge0: port 1(bridge_slave_0) entered blocking state [ 1423.193594][T19929] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1423.454147][ T9] usb 3-1: USB disconnect, device number 74 [ 1423.495727][ T5923] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 1423.528473][T19929] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1423.551331][T19922] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3761'. [ 1423.775862][ T5923] usb 1-1: Using ep0 maxpacket: 32 [ 1423.788063][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1423.799590][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1423.819340][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1424.205121][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1424.243336][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1424.349368][ T5923] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1424.401593][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1424.427981][ T5923] usb 1-1: Product: syz [ 1424.432197][ T5923] usb 1-1: Manufacturer: syz [ 1424.443495][ T5923] usb 1-1: SerialNumber: syz [ 1424.494391][ T5923] usb 1-1: config 0 descriptor?? [ 1424.574019][T19927] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1424.603044][T19937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3774'. [ 1424.644245][ T5923] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input236 [ 1424.667241][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1424.711043][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1424.987351][T14278] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1425.019408][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1425.050933][T19926] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1425.080202][ C0] xpad 1-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 1425.108879][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1425.134230][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1425.156109][T19945] dns_resolver: Unsupported server list version (0) [ 1425.326785][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1426.184571][T17031] usb 1-1: USB disconnect, device number 53 [ 1426.668371][T19956] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3769'. [ 1426.687082][T19956] batman_adv: batadv0: Interface deactivated: netdevsim0 [ 1426.696722][T19956] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 1428.073033][T19976] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3771'. [ 1428.441961][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.448566][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1429.423415][T19990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3773'. [ 1430.207692][T20004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3778'. [ 1430.596106][T20024] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1430.801492][ T30] audit: type=1326 audit(1765462355.665:3050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20028 comm="syz.0.3784" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x0 [ 1431.005689][ T5823] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1431.119779][T20030] syzkaller1: entered promiscuous mode [ 1431.125495][T20030] syzkaller1: entered allmulticast mode [ 1431.134914][T20030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3784'. [ 1431.185105][T20030] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 1431.242365][ T5823] usb 3-1: Using ep0 maxpacket: 32 [ 1431.433270][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1431.549609][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1431.598211][ T5823] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1431.634364][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1431.663137][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1431.700628][ T5823] usb 3-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1431.710554][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1431.720380][ T5823] usb 3-1: Product: syz [ 1431.724689][ T5823] usb 3-1: Manufacturer: syz [ 1431.730786][ T5823] usb 3-1: SerialNumber: syz [ 1431.742217][ T5823] usb 3-1: config 0 descriptor?? [ 1431.751074][T20024] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1431.779536][ T5823] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input237 [ 1431.805569][ T5924] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1431.820354][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1431.841526][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1431.854960][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1431.899485][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1432.018386][ T5924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1432.046724][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1432.062520][T14278] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1432.066414][ T5924] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1432.100939][ T5924] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1432.186367][T20040] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3787'. [ 1432.614479][ T5924] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1432.624625][ T5924] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1432.677281][ T5924] usb 2-1: Manufacturer: syz [ 1432.690956][ T5924] usb 2-1: config 0 descriptor?? [ 1432.741133][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1432.761754][ T5924] smsusb:smsusb_probe: board id=9, interface number 0 [ 1432.782055][ T5924] smsusb:smsusb_probe: Device initialized with return code -19 [ 1432.795608][ C1] xpad 3-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 1432.806941][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1432.956940][T20024] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1433.051490][T20033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1433.095884][T20033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1433.113760][ T5185] xpad 3-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1433.859404][ T5823] usb 2-1: USB disconnect, device number 72 [ 1434.016067][T20051] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3789'. [ 1434.469144][ T5823] usb 3-1: USB disconnect, device number 75 [ 1435.296717][T20068] netlink: 'syz.2.3794': attribute type 12 has an invalid length. [ 1436.025501][ T5823] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1436.215470][ T5823] usb 5-1: Using ep0 maxpacket: 32 [ 1436.224736][ T5823] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1436.263553][ T5823] usb 5-1: config 0 has no interface number 0 [ 1436.292074][ T5823] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1436.304758][ T5823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1436.324325][ T5823] usb 5-1: Product: syz [ 1436.328779][ T5823] usb 5-1: Manufacturer: syz [ 1436.334373][ T5823] usb 5-1: SerialNumber: syz [ 1436.358534][ T5823] usb 5-1: config 0 descriptor?? [ 1436.368678][ T5823] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1436.596187][ T5823] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1436.825275][ T5823] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1436.969205][T20088] netlink: 'syz.2.3798': attribute type 10 has an invalid length. [ 1438.053384][T20096] FAULT_INJECTION: forcing a failure. [ 1438.053384][T20096] name failslab, interval 1, probability 0, space 0, times 0 [ 1438.108526][T20096] CPU: 1 UID: 0 PID: 20096 Comm: syz.3.3800 Tainted: G L syzkaller #0 PREEMPT(full) [ 1438.108563][T20096] Tainted: [L]=SOFTLOCKUP [ 1438.108571][T20096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1438.108588][T20096] Call Trace: [ 1438.108595][T20096] [ 1438.108603][T20096] dump_stack_lvl+0x189/0x250 [ 1438.108637][T20096] ? __pfx____ratelimit+0x10/0x10 [ 1438.108670][T20096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1438.108696][T20096] ? __pfx__printk+0x10/0x10 [ 1438.108733][T20096] ? __pfx___might_resched+0x10/0x10 [ 1438.108749][T20096] ? fs_reclaim_acquire+0x7d/0x100 [ 1438.108769][T20096] should_fail_ex+0x414/0x560 [ 1438.108803][T20096] should_failslab+0xa8/0x100 [ 1438.108834][T20096] __kmalloc_node_track_caller_noprof+0xe2/0x820 [ 1438.108856][T20096] ? __kasan_kmalloc+0x93/0xb0 [ 1438.108880][T20096] ? __request_module+0x2c1/0x5d0 [ 1438.108899][T20096] ? __kmalloc_cache_noprof+0x3e2/0x700 [ 1438.108916][T20096] kstrdup+0x42/0x100 [ 1438.108935][T20096] __request_module+0x2c1/0x5d0 [ 1438.108971][T20096] ? __pfx___request_module+0x10/0x10 [ 1438.109001][T20096] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1438.109047][T20096] nfnetlink_rcv+0x6d8/0x2590 [ 1438.109065][T20096] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1438.109086][T20096] ? __dev_queue_xmit+0x289/0x3140 [ 1438.109117][T20096] ? __dev_queue_xmit+0x1955/0x3140 [ 1438.109143][T20096] ? __ia32_compat_sys_socketcall+0x71c/0x9d0 [ 1438.109176][T20096] ? __dev_queue_xmit+0x289/0x3140 [ 1438.109203][T20096] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1438.109229][T20096] ? ref_tracker_free+0x63a/0x7d0 [ 1438.109267][T20096] ? __asan_memcpy+0x40/0x70 [ 1438.109287][T20096] ? __pfx_ref_tracker_free+0x10/0x10 [ 1438.109316][T20096] ? __skb_clone+0x63/0x7a0 [ 1438.109343][T20096] ? __skb_clone+0x483/0x7a0 [ 1438.109365][T20096] ? skb_clone+0x246/0x3a0 [ 1438.109384][T20096] ? __netlink_deliver_tap+0x807/0x850 [ 1438.109405][T20096] ? netlink_deliver_tap+0x2e/0x1b0 [ 1438.109450][T20096] netlink_unicast+0x82f/0x9e0 [ 1438.109480][T20096] ? __pfx_netlink_unicast+0x10/0x10 [ 1438.109502][T20096] ? netlink_sendmsg+0x642/0xb30 [ 1438.109519][T20096] ? skb_put+0x11b/0x210 [ 1438.109535][T20096] netlink_sendmsg+0x805/0xb30 [ 1438.109572][T20096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1438.109602][T20096] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1438.109628][T20096] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1438.109650][T20096] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1438.109669][T20096] __sock_sendmsg+0x21c/0x270 [ 1438.109691][T20096] __sys_sendto+0x3bd/0x520 [ 1438.109724][T20096] ? __pfx___sys_sendto+0x10/0x10 [ 1438.109772][T20096] ? __might_fault+0xb0/0x130 [ 1438.109820][T20096] __ia32_compat_sys_socketcall+0x71c/0x9d0 [ 1438.109840][T20096] ? __fget_files+0x3a0/0x420 [ 1438.109866][T20096] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 1438.109895][T20096] ? fput+0xa0/0xd0 [ 1438.109924][T20096] ? ksys_write+0x22a/0x250 [ 1438.109943][T20096] ? exc_page_fault+0x82/0x100 [ 1438.109971][T20096] ? __pfx_ksys_write+0x10/0x10 [ 1438.109990][T20096] ? __do_fast_syscall_32+0xbe/0x570 [ 1438.110009][T20096] __do_fast_syscall_32+0x1f7/0x570 [ 1438.110034][T20096] ? rcu_is_watching+0x15/0xb0 [ 1438.110060][T20096] ? do_fast_syscall_32+0x34/0x80 [ 1438.110085][T20096] do_fast_syscall_32+0x34/0x80 [ 1438.110108][T20096] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1438.110129][T20096] RIP: 0023:0xf7fb1539 [ 1438.110143][T20096] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1438.110157][T20096] RSP: 002b:00000000f54a5430 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 1438.110179][T20096] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f54a5444 [ 1438.110195][T20096] RDX: 0000000000000000 RSI: 00000000f54a5560 RDI: 00000000f7446ff4 [ 1438.110212][T20096] RBP: 00000000f54a5560 R08: 0000000000000000 R09: 0000000000000000 [ 1438.110224][T20096] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1438.110236][T20096] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1438.110272][T20096] [ 1438.645663][ T5924] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1438.795459][ T5924] usb 3-1: Using ep0 maxpacket: 16 [ 1438.802780][ T5924] usb 3-1: config 0 has no interfaces? [ 1438.808424][ T5924] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1438.817713][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1438.828783][ T5924] usb 3-1: config 0 descriptor?? [ 1439.160842][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1439.190804][ T5823] usb 5-1: USB disconnect, device number 58 [ 1439.210649][ T5823] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1439.293651][ T5823] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1439.319902][ T5823] quatech2 5-1:0.51: device disconnected [ 1439.426681][T20101] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3803'. [ 1440.305443][ T5823] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1440.977363][ T5823] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1441.023005][ T5823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1441.076316][ T5823] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1441.155481][ T5823] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1441.171277][ T5923] usb 3-1: USB disconnect, device number 76 [ 1441.217780][ T5823] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1441.255982][ T5823] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1441.289136][ T5823] usb 5-1: Manufacturer: syz [ 1441.320102][ T5823] usb 5-1: config 0 descriptor?? [ 1441.367046][ T5823] smsusb:smsusb_probe: board id=9, interface number 0 [ 1441.423559][ T5823] smsusb:smsusb_probe: Device initialized with return code -19 [ 1441.567800][T20126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1441.629414][T20126] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1441.725878][ T5923] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1441.897641][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1441.937358][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 1441.980625][ T5923] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18 [ 1442.007376][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1442.024067][ T5923] usb 3-1: Product: syz [ 1442.028930][ T5923] usb 3-1: Manufacturer: syz [ 1442.033668][ T5923] usb 3-1: SerialNumber: syz [ 1442.077581][ T5923] usb 3-1: config 0 descriptor?? [ 1442.278183][ T5823] usb 5-1: USB disconnect, device number 59 [ 1442.304797][ T5923] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1442.554917][ T5823] usb 3-1: USB disconnect, device number 77 [ 1442.932948][T20155] FAULT_INJECTION: forcing a failure. [ 1442.932948][T20155] name failslab, interval 1, probability 0, space 0, times 0 [ 1442.946385][T20155] CPU: 1 UID: 0 PID: 20155 Comm: syz.4.3814 Tainted: G L syzkaller #0 PREEMPT(full) [ 1442.946410][T20155] Tainted: [L]=SOFTLOCKUP [ 1442.946416][T20155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1442.946426][T20155] Call Trace: [ 1442.946433][T20155] [ 1442.946439][T20155] dump_stack_lvl+0x189/0x250 [ 1442.946464][T20155] ? __pfx____ratelimit+0x10/0x10 [ 1442.946487][T20155] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1442.946507][T20155] ? __pfx__printk+0x10/0x10 [ 1442.946537][T20155] ? __pfx___might_resched+0x10/0x10 [ 1442.946559][T20155] should_fail_ex+0x414/0x560 [ 1442.946584][T20155] should_failslab+0xa8/0x100 [ 1442.946605][T20155] __kmalloc_noprof+0xdf/0x800 [ 1442.946619][T20155] ? kfree+0x4d/0x660 [ 1442.946640][T20155] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1442.946664][T20155] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1442.946684][T20155] ? tomoyo_domain+0xd8/0x130 [ 1442.946708][T20155] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1442.946743][T20155] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1442.946789][T20155] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1442.946824][T20155] ? __lock_acquire+0x6b6/0x2cf0 [ 1442.946890][T20155] ? __fget_files+0x2a/0x420 [ 1442.946926][T20155] ? __fget_files+0x3a0/0x420 [ 1442.946946][T20155] ? __fget_files+0x2a/0x420 [ 1442.946969][T20155] security_file_ioctl_compat+0xcb/0x2d0 [ 1442.946996][T20155] __ia32_compat_sys_ioctl+0x128/0x840 [ 1442.947014][T20155] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1442.947030][T20155] ? __fget_files+0x3a0/0x420 [ 1442.947055][T20155] ? fput+0xa0/0xd0 [ 1442.947076][T20155] ? ksys_write+0x22a/0x250 [ 1442.947090][T20155] ? exc_page_fault+0x82/0x100 [ 1442.947113][T20155] ? __pfx_ksys_write+0x10/0x10 [ 1442.947131][T20155] ? __do_fast_syscall_32+0xbe/0x570 [ 1442.947149][T20155] __do_fast_syscall_32+0x1f7/0x570 [ 1442.947164][T20155] ? rcu_is_watching+0x15/0xb0 [ 1442.947182][T20155] ? do_fast_syscall_32+0x34/0x80 [ 1442.947200][T20155] do_fast_syscall_32+0x34/0x80 [ 1442.947214][T20155] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1442.947233][T20155] RIP: 0023:0xf70cd539 [ 1442.947247][T20155] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1442.947261][T20155] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1442.947277][T20155] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405602 [ 1442.947288][T20155] RDX: 0000000080000500 RSI: 0000000000000000 RDI: 0000000000000000 [ 1442.947298][T20155] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1442.947307][T20155] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1442.947316][T20155] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1442.947338][T20155] [ 1442.947346][T20155] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1443.635714][T14712] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1443.785475][T14712] usb 3-1: Using ep0 maxpacket: 8 [ 1443.810514][T14712] usb 3-1: config 2 has an invalid interface number: 31 but max is 0 [ 1443.830582][T14712] usb 3-1: config 2 has no interface number 0 [ 1443.868817][T14712] usb 3-1: config 2 interface 31 has no altsetting 0 [ 1443.926892][T14712] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1443.951524][T14712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1443.972487][T14712] usb 3-1: Product: syz [ 1443.979912][T14712] usb 3-1: Manufacturer: syz [ 1443.989483][T14712] usb 3-1: SerialNumber: syz [ 1444.047044][T14712] ch9200 3-1:2.31: probe with driver ch9200 failed with error -22 [ 1444.195480][ T6030] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1444.355569][ T6030] usb 1-1: Using ep0 maxpacket: 16 [ 1444.369688][ T6030] usb 1-1: config 0 has no interfaces? [ 1444.375330][ T6030] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1444.505200][ T6030] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1444.566961][ T6030] usb 1-1: config 0 descriptor?? [ 1444.947342][T14712] usb 1-1: USB disconnect, device number 54 [ 1446.231155][T20195] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1446.424648][T20198] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3824'. [ 1446.715648][ T6030] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 1446.869331][ T5902] usb 3-1: USB disconnect, device number 78 [ 1446.895516][ T6030] usb 1-1: Using ep0 maxpacket: 32 [ 1446.924626][ T6030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1446.957658][ T6030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1447.003323][ T6030] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1447.041247][ T6030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1447.071452][ T6030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1447.095473][T17031] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1447.406187][T17031] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1447.416514][ T6030] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1447.448987][T17031] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1447.485468][ T6030] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1447.503727][T17031] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1447.523588][ T6030] usb 1-1: Product: syz [ 1447.535482][ T6030] usb 1-1: Manufacturer: syz [ 1447.546294][T17031] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1447.561180][ T6030] usb 1-1: SerialNumber: syz [ 1447.593464][ T6030] usb 1-1: config 0 descriptor?? [ 1447.614131][T17031] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1447.625814][T20195] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1447.633369][T17031] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1447.641766][ T6030] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input238 [ 1447.660410][T17031] usb 2-1: Manufacturer: syz [ 1447.670642][T17031] usb 2-1: config 0 descriptor?? [ 1447.728469][T17031] smsusb:smsusb_probe: board id=9, interface number 0 [ 1447.738087][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1447.771754][T17031] smsusb:smsusb_probe: Device initialized with return code -19 [ 1447.773490][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1447.829854][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1447.896670][T20201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1447.907672][T20201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1447.932000][T20195] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1447.954189][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1448.164309][T20210] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3828'. [ 1448.221756][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1448.385658][T14310] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1448.401449][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1448.433142][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1448.736677][ T5902] usb 2-1: USB disconnect, device number 73 [ 1449.268986][T16064] usb 1-1: USB disconnect, device number 55 [ 1449.955451][T17031] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 1450.147605][T20246] bridge0: port 3(macvtap1) entered blocking state [ 1450.204854][T20246] bridge0: port 3(macvtap1) entered disabled state [ 1450.212536][T17031] usb 1-1: Using ep0 maxpacket: 16 [ 1450.220458][T20246] macvtap1: entered allmulticast mode [ 1450.226291][T20246] bridge0: entered allmulticast mode [ 1450.241105][T20246] macvtap1: left allmulticast mode [ 1450.247670][T20246] bridge0: left allmulticast mode [ 1450.273997][T17031] usb 1-1: config 0 has no interfaces? [ 1450.279861][T17031] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1450.312704][T17031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1450.346654][T17031] usb 1-1: config 0 descriptor?? [ 1450.405447][T16064] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1450.625444][T16064] usb 2-1: Using ep0 maxpacket: 8 [ 1450.868953][T16064] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 1450.997647][T16064] usb 2-1: config 2 has no interface number 0 [ 1451.005556][T16064] usb 2-1: config 2 interface 31 has no altsetting 0 [ 1451.112665][T16064] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1451.150140][T16064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1451.196246][T16064] usb 2-1: Product: syz [ 1451.230719][T16064] usb 2-1: Manufacturer: syz [ 1451.249550][T16064] usb 2-1: SerialNumber: syz [ 1451.351812][T16064] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22 [ 1451.406575][T16064] usb 1-1: USB disconnect, device number 56 [ 1452.595523][ T6030] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1452.771082][ T6030] usb 5-1: Using ep0 maxpacket: 16 [ 1452.821201][ T6030] usb 5-1: config 1 has an invalid interface number: 7 but max is 0 [ 1452.870879][ T6030] usb 5-1: config 1 has no interface number 0 [ 1452.913178][ T6030] usb 5-1: config 1 interface 7 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1452.995470][ T6030] usb 5-1: config 1 interface 7 has no altsetting 0 [ 1453.033865][ T6030] usb 5-1: New USB device found, idVendor=eb1a, idProduct=2885, bcdDevice=cf.00 [ 1453.065286][ T6030] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1453.095449][ T6030] usb 5-1: Product: syz [ 1453.116423][ T6030] usb 5-1: Manufacturer: syz [ 1453.121189][ T6030] usb 5-1: SerialNumber: syz [ 1453.186013][T20268] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1453.424611][ T6030] em28xx 5-1:1.7: New device syz syz @ 480 Mbps (eb1a:2885, interface 7, class 7) [ 1453.482241][ T6030] em28xx 5-1:1.7: Video interface 7 found: bulk [ 1453.766473][T20277] netlink: 'syz.4.3839': attribute type 10 has an invalid length. [ 1453.803808][ T5923] usb 2-1: USB disconnect, device number 74 [ 1453.918521][T20280] netlink: 'syz.4.3839': attribute type 10 has an invalid length. [ 1454.176527][T20277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1454.203996][T20280] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3839'. [ 1454.389671][T20277] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1454.454175][T20280] batadv0: entered promiscuous mode [ 1454.561507][T20280] batadv0: entered allmulticast mode [ 1454.585447][T16064] usb 2-1: new full-speed USB device number 75 using dummy_hcd [ 1454.605800][ T6030] em28xx 5-1:1.7: unknown em28xx chip ID (0) [ 1454.626125][T20280] bond0: (slave batadv0): Releasing backup interface [ 1454.699202][ T6030] em28xx 5-1:1.7: reading from i2c device at 0xa0 failed (error=-5) [ 1454.719814][ T6030] em28xx 5-1:1.7: board has no eeprom [ 1454.755979][T16064] usb 2-1: device descriptor read/64, error -71 [ 1454.850615][ T6030] em28xx 5-1:1.7: Identified as Terratec Cinergy H5 (card=79) [ 1454.861362][ T6030] em28xx 5-1:1.7: Currently, V4L2 is not supported on this model [ 1454.869621][T17031] em28xx 5-1:1.7: Binding DVB extension [ 1454.881008][T17031] em28xx 5-1:1.7: no endpoint for DVB mode and transfer type 0 [ 1454.893097][T17031] em28xx 5-1:1.7: failed to pre-allocate USB transfer buffers for DVB. [ 1454.923521][T20280] bridge0: port 3(batadv0) entered blocking state [ 1454.930270][T20280] bridge0: port 3(batadv0) entered disabled state [ 1454.950462][T17031] em28xx 5-1:1.7: Remote control support is not available for this card. [ 1455.087885][T16064] usb 2-1: new full-speed USB device number 76 using dummy_hcd [ 1455.120955][T20292] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1455.218105][T17762] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1455.227667][T17762] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1455.265493][T16064] usb 2-1: device descriptor read/64, error -71 [ 1455.460750][ T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 1455.471428][T16064] usb usb2-port1: attempt power cycle [ 1455.718168][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 1455.817501][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1455.836325][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1455.865492][T16064] usb 2-1: new full-speed USB device number 77 using dummy_hcd [ 1455.900872][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1455.913022][T16064] usb 2-1: device descriptor read/8, error -71 [ 1455.969799][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1456.022482][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1456.091269][ T9] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1456.158247][T16064] usb 2-1: new full-speed USB device number 78 using dummy_hcd [ 1456.217201][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1456.303343][T16064] usb 2-1: device descriptor read/8, error -71 [ 1456.318553][ T9] usb 1-1: Product: syz [ 1456.333518][ T9] usb 1-1: Manufacturer: syz [ 1456.341328][ T9] usb 1-1: SerialNumber: syz [ 1456.400168][ T9] usb 1-1: config 0 descriptor?? [ 1456.406819][T20294] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 1456.418817][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input239 [ 1456.431432][T16064] usb usb2-port1: unable to enumerate USB device [ 1456.495875][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1456.519012][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1456.578319][ C1] xpad 1-1:0.0: xpad_irq_in - usb_submit_urb failed with result -1 [ 1456.604316][T14278] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1456.683787][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1456.862775][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1456.904654][T20292] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1457.093956][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1457.162383][ T5185] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1457.651841][ T9] usb 5-1: USB disconnect, device number 60 [ 1457.659061][ T9] em28xx 5-1:1.7: Disconnecting em28xx [ 1457.667011][ T9] em28xx 5-1:1.7: Closing input extension [ 1457.754539][ T9] em28xx 5-1:1.7: Freeing device [ 1458.537899][ T6030] usb 1-1: USB disconnect, device number 57 [ 1458.838422][T20324] netlink: 'syz.4.3853': attribute type 3 has an invalid length. [ 1459.704066][T20339] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3857'. [ 1459.825470][ T9] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1460.029547][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1460.043336][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1460.068602][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1460.097606][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1460.125660][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1460.139670][ T9] usb 5-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1460.151469][ T9] usb 5-1: Manufacturer: syz [ 1460.165914][ T9] usb 5-1: config 0 descriptor?? [ 1460.183545][ T9] smsusb:smsusb_probe: board id=9, interface number 0 [ 1460.190987][ T9] smsusb:smsusb_probe: Device initialized with return code -19 [ 1460.335473][T19729] usb 1-1: new full-speed USB device number 58 using dummy_hcd [ 1460.409732][T20336] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1460.432375][T20336] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1460.729639][T19729] usb 1-1: device descriptor read/64, error -71 [ 1460.975520][T19729] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 1461.024107][T20348] sctp: [Deprecated]: syz.3.3861 (pid 20348) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1461.024107][T20348] Use struct sctp_sack_info instead [ 1461.040656][ T9] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1461.088368][T16064] usb 5-1: USB disconnect, device number 61 [ 1461.185561][ T9] usb 3-1: device descriptor read/64, error -71 [ 1461.205501][T19729] usb 1-1: device descriptor read/64, error -71 [ 1461.320780][T20353] input: syz0 as /devices/virtual/input/input240 [ 1461.327736][T19729] usb usb1-port1: attempt power cycle [ 1461.457657][ T9] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1461.615443][ T9] usb 3-1: device descriptor read/64, error -71 [ 1461.716740][T19729] usb 1-1: new full-speed USB device number 60 using dummy_hcd [ 1461.736080][ T9] usb usb3-port1: attempt power cycle [ 1461.746597][T19729] usb 1-1: device descriptor read/8, error -71 [ 1461.985471][T19729] usb 1-1: new full-speed USB device number 61 using dummy_hcd [ 1462.008674][T19729] usb 1-1: device descriptor read/8, error -71 [ 1462.085752][ T9] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1462.123539][ T9] usb 3-1: device descriptor read/8, error -71 [ 1462.136281][T19729] usb usb1-port1: unable to enumerate USB device [ 1462.365451][ T9] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1462.416140][ T9] usb 3-1: device descriptor read/8, error -71 [ 1462.528048][ T9] usb usb3-port1: unable to enumerate USB device [ 1463.176585][T20379] netlink: 'syz.1.3870': attribute type 10 has an invalid length. [ 1463.636401][ T6030] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 1463.825533][ T6030] usb 1-1: Using ep0 maxpacket: 16 [ 1463.833764][ T6030] usb 1-1: config 0 has no interfaces? [ 1463.838081][T20395] bridge0: port 2(bridge_slave_1) entered disabled state [ 1463.846520][T20395] bridge0: port 1(bridge_slave_0) entered disabled state [ 1463.887839][T20395] sctp: [Deprecated]: syz.1.3874 (pid 20395) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1463.887839][T20395] Use struct sctp_sack_info instead [ 1463.963316][ T6030] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1464.041927][ T6030] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.066287][T20400] binder: 20399:20400 unknown command 0 [ 1464.108863][T20400] binder: 20399:20400 ioctl c0306201 80000080 returned -22 [ 1464.169961][ T6030] usb 1-1: config 0 descriptor?? [ 1464.213585][T20391] bridge0: entered promiscuous mode [ 1464.243363][T20391] bridge0: port 3(macvtap1) entered blocking state [ 1464.270877][T20391] bridge0: port 3(macvtap1) entered disabled state [ 1464.285300][T20391] macvtap1: entered allmulticast mode [ 1464.290862][T20391] bridge0: entered allmulticast mode [ 1464.304999][T20391] macvtap1: left allmulticast mode [ 1464.312406][T20391] bridge0: left allmulticast mode [ 1464.356264][T20391] bridge0: left promiscuous mode [ 1464.410511][T16064] usb 1-1: USB disconnect, device number 62 [ 1464.545499][ T5823] usb 3-1: new full-speed USB device number 83 using dummy_hcd [ 1464.800933][ T5823] usb 3-1: config 0 has no interfaces? [ 1464.811074][ T5823] usb 3-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 1464.924202][T20414] bridge0: port 2(bridge_slave_1) entered blocking state [ 1464.931528][T20414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1464.936038][ T5823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.939245][T20414] bridge0: port 1(bridge_slave_0) entered blocking state [ 1464.954090][T20414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1464.967723][ T5823] usb 3-1: config 0 descriptor?? [ 1465.082725][T20414] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1465.675624][T20422] bridge0: port 2(bridge_slave_1) entered blocking state [ 1465.682913][T20422] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1465.691686][T20422] bridge0: port 1(bridge_slave_0) entered blocking state [ 1465.698881][T20422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1465.885543][T16064] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1465.921841][T20422] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1465.961133][ T5823] usb 1-1: new full-speed USB device number 63 using dummy_hcd [ 1466.095484][ T5823] usb 1-1: device descriptor read/64, error -71 [ 1466.155777][T16064] usb 2-1: Using ep0 maxpacket: 32 [ 1466.184353][T16064] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1466.238671][T16064] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 255, changing to 11 [ 1466.281397][T16064] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1466.295963][T19729] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1466.344181][T16064] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1466.373782][ T5823] usb 1-1: new full-speed USB device number 64 using dummy_hcd [ 1466.532733][T16064] usb 2-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1466.549130][ T5823] usb 1-1: device descriptor read/64, error -71 [ 1466.568869][T16064] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1466.588806][T16064] usb 2-1: Product: syz [ 1466.603048][T16064] usb 2-1: Manufacturer: syz [ 1466.624600][T16064] usb 2-1: SerialNumber: syz [ 1466.645399][T16064] usb 2-1: config 0 descriptor?? [ 1466.685843][ T5823] usb usb1-port1: attempt power cycle [ 1466.851842][T16064] usb 3-1: USB disconnect, device number 83 [ 1466.865902][T19729] usb 5-1: Using ep0 maxpacket: 32 [ 1466.915201][T19729] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 1466.930554][T19729] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 255, changing to 11 [ 1466.947003][T19729] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1466.982713][T19729] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1467.011553][T19729] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1467.031465][T19729] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1467.035149][ T5823] usb 1-1: new full-speed USB device number 65 using dummy_hcd [ 1467.054138][T19729] usb 5-1: Product: syz [ 1467.083098][T19729] usb 5-1: Manufacturer: syz [ 1467.095678][T19729] usb 5-1: SerialNumber: syz [ 1467.120806][T19729] usb 5-1: config 0 descriptor?? [ 1467.122133][T20433] FAULT_INJECTION: forcing a failure. [ 1467.122133][T20433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1467.193826][ T5823] usb 1-1: device descriptor read/8, error -71 [ 1467.232596][T20433] CPU: 0 UID: 0 PID: 20433 Comm: syz.3.3883 Tainted: G L syzkaller #0 PREEMPT(full) [ 1467.232634][T20433] Tainted: [L]=SOFTLOCKUP [ 1467.232644][T20433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1467.232658][T20433] Call Trace: [ 1467.232668][T20433] [ 1467.232678][T20433] dump_stack_lvl+0x189/0x250 [ 1467.232712][T20433] ? __pfx____ratelimit+0x10/0x10 [ 1467.232742][T20433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1467.232761][T20433] ? __pfx__printk+0x10/0x10 [ 1467.232793][T20433] should_fail_ex+0x414/0x560 [ 1467.232819][T20433] _copy_to_user+0x31/0xb0 [ 1467.232837][T20433] simple_read_from_buffer+0xe1/0x170 [ 1467.232866][T20433] proc_fail_nth_read+0x1b3/0x220 [ 1467.232886][T20433] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1467.232906][T20433] ? rw_verify_area+0x2a6/0x4d0 [ 1467.232920][T20433] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1467.232945][T20433] vfs_read+0x200/0xa30 [ 1467.232965][T20433] ? fdget_pos+0x247/0x320 [ 1467.232997][T20433] ? __pfx___mutex_lock+0x10/0x10 [ 1467.233018][T20433] ? __pfx_vfs_read+0x10/0x10 [ 1467.233043][T20433] ? __fget_files+0x2a/0x420 [ 1467.233067][T20433] ? __fget_files+0x3a0/0x420 [ 1467.233086][T20433] ? __fget_files+0x2a/0x420 [ 1467.233113][T20433] ksys_read+0x145/0x250 [ 1467.233130][T20433] ? __pfx_ksys_read+0x10/0x10 [ 1467.233148][T20433] ? __do_fast_syscall_32+0xbe/0x570 [ 1467.233167][T20433] __do_fast_syscall_32+0x1f7/0x570 [ 1467.233182][T20433] ? rcu_is_watching+0x15/0xb0 [ 1467.233202][T20433] ? do_fast_syscall_32+0x34/0x80 [ 1467.233220][T20433] do_fast_syscall_32+0x34/0x80 [ 1467.233235][T20433] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1467.233254][T20433] RIP: 0023:0xf7fb1539 [ 1467.233268][T20433] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1467.233282][T20433] RSP: 002b:00000000f5485590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 1467.233299][T20433] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f5485620 [ 1467.233310][T20433] RDX: 000000000000000f RSI: 00000000f7446ff4 RDI: 0000000000000000 [ 1467.233319][T20433] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1467.233328][T20433] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1467.233338][T20433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1467.233360][T20433] [ 1467.665508][ T5823] usb 1-1: new full-speed USB device number 66 using dummy_hcd [ 1467.777079][ T5823] usb 1-1: device descriptor read/8, error -71 [ 1467.885882][ T5823] usb usb1-port1: unable to enumerate USB device [ 1468.096711][T20439] netlink: 'syz.3.3885': attribute type 10 has an invalid length. [ 1468.934976][ T5823] usb 2-1: USB disconnect, device number 79 [ 1469.112422][T20459] bridge0: port 2(bridge_slave_1) entered disabled state [ 1469.119682][T20459] bridge0: port 1(bridge_slave_0) entered disabled state [ 1469.148254][ T5823] usb 5-1: USB disconnect, device number 62 [ 1469.250844][T20464] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3890'. [ 1469.278048][T20459] sctp: [Deprecated]: syz.1.3889 (pid 20459) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1469.278048][T20459] Use struct sctp_sack_info instead [ 1469.715843][T20470] loop8: detected capacity change from 0 to 8 [ 1469.748188][T14283] Dev loop8: unable to read RDB block 8 [ 1469.753887][T14283] loop8: unable to read partition table [ 1469.760153][T14283] loop8: partition table beyond EOD, truncated [ 1469.769215][T20470] Dev loop8: unable to read RDB block 8 [ 1469.809670][T20470] loop8: unable to read partition table [ 1469.864647][T20470] loop8: partition table beyond EOD, truncated [ 1469.899952][T20470] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1470.245482][ T6030] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1470.255707][T19729] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 1470.588046][T19729] usb 1-1: Using ep0 maxpacket: 16 [ 1470.593242][ T6030] usb 2-1: Using ep0 maxpacket: 8 [ 1470.602449][T19729] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 1470.627409][T19729] usb 1-1: config 1 has no interface number 0 [ 1470.648977][ T5823] usb 3-1: new full-speed USB device number 84 using dummy_hcd [ 1470.656853][T19729] usb 1-1: config 1 interface 7 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1470.697712][T19729] usb 1-1: config 1 interface 7 has no altsetting 0 [ 1470.733336][T19729] usb 1-1: New USB device found, idVendor=eb1a, idProduct=2885, bcdDevice=cf.00 [ 1470.779927][T19729] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1470.807132][T19729] usb 1-1: Product: syz [ 1470.815619][ T5823] usb 3-1: device descriptor read/64, error -71 [ 1470.833516][T19729] usb 1-1: Manufacturer: syz [ 1470.838843][ T6030] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 1470.851139][ T6030] usb 2-1: config 2 has no interface number 0 [ 1470.866445][T19729] usb 1-1: SerialNumber: syz [ 1470.880860][ T6030] usb 2-1: config 2 interface 31 has no altsetting 0 [ 1470.902347][T20480] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1470.927397][ T6030] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1470.940291][T19729] em28xx 1-1:1.7: New device syz syz @ 480 Mbps (eb1a:2885, interface 7, class 7) [ 1470.953949][ T6030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1470.983986][T19729] em28xx 1-1:1.7: Video interface 7 found: bulk [ 1470.994079][ T6030] usb 2-1: Product: syz [ 1471.005668][ T6030] usb 2-1: Manufacturer: syz [ 1471.011402][ T6030] usb 2-1: SerialNumber: syz [ 1471.081130][ T5823] usb 3-1: new full-speed USB device number 85 using dummy_hcd [ 1471.142442][ T6030] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22 [ 1471.235652][ T5823] usb 3-1: device descriptor read/64, error -71 [ 1471.321472][T20489] netlink: 'syz.0.3895': attribute type 10 has an invalid length. [ 1471.469306][ T5823] usb usb3-port1: attempt power cycle [ 1471.491569][T20491] netlink: 'syz.0.3895': attribute type 10 has an invalid length. [ 1471.501992][T20490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1471.587123][T20491] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3895'. [ 1471.638309][T20491] batadv0: entered promiscuous mode [ 1471.643643][T20491] batadv0: entered allmulticast mode [ 1471.650476][T20491] bridge0: port 3(batadv0) entered blocking state [ 1471.657248][T20491] bridge0: port 3(batadv0) entered disabled state [ 1471.824993][T15597] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1471.834366][T15597] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1471.845470][ T5823] usb 3-1: new full-speed USB device number 86 using dummy_hcd [ 1471.890937][ T5823] usb 3-1: device descriptor read/8, error -71 [ 1471.965456][T14712] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1472.171384][T19729] em28xx 1-1:1.7: unknown em28xx chip ID (0) [ 1472.225497][ T5823] usb 3-1: new full-speed USB device number 87 using dummy_hcd [ 1472.275586][T14712] usb 5-1: Using ep0 maxpacket: 32 [ 1472.347697][T14712] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 1472.369188][T19729] em28xx 1-1:1.7: reading from i2c device at 0xa0 failed (error=-5) [ 1472.374084][T14712] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1472.392494][ T5823] usb 3-1: device descriptor read/8, error -71 [ 1472.466274][T14712] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1472.484967][T19729] em28xx 1-1:1.7: board has no eeprom [ 1472.485007][T14712] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1472.548935][T14712] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1472.576562][ T5823] usb usb3-port1: unable to enumerate USB device [ 1472.615428][T19729] em28xx 1-1:1.7: Identified as Terratec Cinergy H5 (card=79) [ 1472.625192][T19729] em28xx 1-1:1.7: Currently, V4L2 is not supported on this model [ 1472.685551][ T6030] em28xx 1-1:1.7: Binding DVB extension [ 1472.691210][ T6030] em28xx 1-1:1.7: no endpoint for DVB mode and transfer type 0 [ 1472.785007][ T6030] em28xx 1-1:1.7: failed to pre-allocate USB transfer buffers for DVB. [ 1472.858466][ T6030] em28xx 1-1:1.7: Remote control support is not available for this card. [ 1473.027586][T14712] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 1473.039274][T14712] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1473.048730][T14712] usb 5-1: Product: syz [ 1473.054511][T14712] usb 5-1: Manufacturer: syz [ 1473.063661][T14712] usb 5-1: SerialNumber: syz [ 1473.085103][T14712] usb 5-1: config 0 descriptor?? [ 1473.092057][T20490] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22 [ 1473.122496][T14712] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input241 [ 1473.140325][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.165970][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.183521][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.236981][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.332275][T20490] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.415162][T20496] netlink: 'syz.3.3898': attribute type 10 has an invalid length. [ 1473.520977][ T6030] usb 2-1: USB disconnect, device number 80 [ 1473.540640][T14278] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.657435][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.721991][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1473.750896][ T5185] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 1474.365684][ T5924] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1474.481377][T14712] usb 1-1: USB disconnect, device number 67 [ 1474.489410][T14712] em28xx 1-1:1.7: Disconnecting em28xx [ 1474.526239][ T5924] usb 2-1: Using ep0 maxpacket: 8 [ 1474.535983][ T5924] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 1474.549750][T14712] em28xx 1-1:1.7: Closing input extension [ 1474.549773][ T5924] usb 2-1: config 2 has no interface number 0 [ 1474.577842][ T5924] usb 2-1: config 2 interface 31 has no altsetting 0 [ 1474.648383][T14712] em28xx 1-1:1.7: Freeing device [ 1474.701676][ T5924] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1474.707873][ T5902] usb 5-1: USB disconnect, device number 63 [ 1474.763558][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1474.795903][ T5924] usb 2-1: Product: syz [ 1474.810672][T20517] bridge0: port 2(bridge_slave_1) entered disabled state [ 1474.818199][T20517] bridge0: port 1(bridge_slave_0) entered disabled state [ 1474.833620][ T5924] usb 2-1: Manufacturer: syz [ 1474.848615][ T5924] usb 2-1: SerialNumber: syz [ 1474.879703][ T5924] ch9200 2-1:2.31: probe with driver ch9200 failed with error -22 [ 1474.945317][T20521] tipc: New replicast peer: 255.255.255.255 [ 1474.947895][T20517] sctp: [Deprecated]: syz.0.3904 (pid 20517) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1474.947895][T20517] Use struct sctp_sack_info instead [ 1474.952645][T20521] tipc: Enabled bearer , priority 10 [ 1475.439842][T20524] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3907'. [ 1476.485595][ T6030] usb 3-1: new full-speed USB device number 88 using dummy_hcd [ 1476.705470][ T6030] usb 3-1: device descriptor read/64, error -71 [ 1476.958046][ T6030] usb 3-1: new full-speed USB device number 89 using dummy_hcd [ 1477.135492][ T6030] usb 3-1: device descriptor read/64, error -71 [ 1477.290465][ T6030] usb usb3-port1: attempt power cycle [ 1477.400321][ T5823] usb 2-1: USB disconnect, device number 81 [ 1477.514279][T20547] netlink: 'syz.4.3912': attribute type 10 has an invalid length. [ 1477.667047][ T6030] usb 3-1: new full-speed USB device number 90 using dummy_hcd [ 1477.696203][ T6030] usb 3-1: device descriptor read/8, error -71 [ 1477.985659][ T6030] usb 3-1: new full-speed USB device number 91 using dummy_hcd [ 1478.461302][ T6030] usb 3-1: device descriptor read/8, error -71 [ 1478.608841][ T6030] usb usb3-port1: unable to enumerate USB device [ 1478.775527][ T5823] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 1478.850929][T20563] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3917'. [ 1478.985585][ T5823] usb 2-1: Using ep0 maxpacket: 32 [ 1478.992808][ T5823] usb 2-1: config 0 has an invalid interface number: 89 but max is 0 [ 1479.007564][ T5823] usb 2-1: config 0 has no interface number 0 [ 1479.026542][ T5823] usb 2-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68 [ 1479.044672][ T5823] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1479.064513][ T5823] usb 2-1: Product: syz [ 1479.074971][ T5823] usb 2-1: Manufacturer: syz [ 1479.086479][ T5823] usb 2-1: SerialNumber: syz [ 1479.102791][ T5823] usb 2-1: config 0 descriptor?? [ 1479.120633][ T5823] hub 2-1:0.89: bad descriptor, ignoring hub [ 1479.134475][ T5823] hub 2-1:0.89: probe with driver hub failed with error -5 [ 1479.145579][ T5823] option 2-1:0.89: GSM modem (1-port) converter detected [ 1479.186871][ T5823] usb 2-1: GSM modem (1-port) converter now attached to ttyUSB0 [ 1479.361783][T14712] tipc: Node number set to 3797525591 [ 1479.604958][T20567] bridge0: port 2(bridge_slave_1) entered disabled state [ 1479.612322][T20567] bridge0: port 1(bridge_slave_0) entered disabled state [ 1479.747110][T20567] sctp: [Deprecated]: syz.2.3918 (pid 20567) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1479.747110][T20567] Use struct sctp_sack_info instead [ 1479.894581][T20573] QAT: Device 64 not found [ 1479.903496][T20573] QAT: Invalid ioctl -1072667448 [ 1480.145454][ T6030] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1480.215445][T19729] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 1480.305473][ T6030] usb 5-1: Using ep0 maxpacket: 8 [ 1480.329210][ T6030] usb 5-1: config 8 has an invalid interface number: 142 but max is 0 [ 1480.339323][ T6030] usb 5-1: config 8 has no interface number 0 [ 1480.347058][ T6030] usb 5-1: config 8 interface 142 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 1480.370857][T19729] usb 3-1: Using ep0 maxpacket: 16 [ 1480.388173][T19729] usb 3-1: config 0 has no interfaces? [ 1480.396515][ T6030] usb 5-1: config 8 interface 142 altsetting 5 bulk endpoint 0x7 has invalid maxpacket 64 [ 1480.406650][T19729] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1480.430071][T19729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1480.440959][ T6030] usb 5-1: config 8 interface 142 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 1480.463479][ T6030] usb 5-1: config 8 interface 142 altsetting 5 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1480.475470][T19729] usb 3-1: config 0 descriptor?? [ 1480.495270][ T6030] usb 5-1: config 8 interface 142 has no altsetting 0 [ 1480.515296][ T6030] usb 5-1: language id specifier not provided by device, defaulting to English [ 1480.531200][ T6030] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=31.8b [ 1480.541675][ T6030] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1480.550337][ T6030] usb 5-1: Manufacturer: ы [ 1480.561617][ T6030] usb 5-1: SerialNumber: 몐꧶螒㖈 [ 1480.579599][T20573] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1480.703184][T19729] usb 3-1: USB disconnect, device number 92 [ 1480.812382][T20573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1480.840765][T20573] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1480.891034][ T6030] dm9601 5-1:8.142: probe with driver dm9601 failed with error -22 [ 1480.908015][ T6030] sr9700 5-1:8.142: probe with driver sr9700 failed with error -22 [ 1480.942042][ T6030] usb 5-1: USB disconnect, device number 64 [ 1482.287585][T20602] netlink: 'syz.4.3930': attribute type 10 has an invalid length. [ 1482.368515][ T6030] usb 2-1: USB disconnect, device number 82 [ 1482.407767][ T6030] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0 [ 1482.427984][ T6030] option 2-1:0.89: device disconnected [ 1483.305511][ T5924] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 1483.836763][ T5924] usb 1-1: Using ep0 maxpacket: 8 [ 1483.899367][ T5924] usb 1-1: config 2 has an invalid interface number: 31 but max is 0 [ 1483.929167][ T5924] usb 1-1: config 2 has no interface number 0 [ 1483.958306][ T5924] usb 1-1: config 2 interface 31 has no altsetting 0 [ 1484.063574][ T5924] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 1484.101653][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1484.137200][ T5924] usb 1-1: Product: syz [ 1484.173934][ T5924] usb 1-1: Manufacturer: syz [ 1484.211169][ T5924] usb 1-1: SerialNumber: syz [ 1484.261985][ T5924] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22 [ 1485.635510][ T5924] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 1485.789506][ T5924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 1485.803317][ T5924] usb 3-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 1485.824599][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1485.858672][ T5924] usb 3-1: config 0 descriptor?? [ 1486.080740][T16064] usb 1-1: USB disconnect, device number 68 [ 1486.305808][ T5924] logitech 0003:046D:CA03.0014: unbalanced collection at end of report description [ 1486.325156][ T5924] logitech 0003:046D:CA03.0014: parse failed [ 1486.335307][ T5924] logitech 0003:046D:CA03.0014: probe with driver logitech failed with error -22 [ 1486.511457][ T5924] usb 3-1: USB disconnect, device number 93 [ 1488.435539][ T5924] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1488.618007][ T5924] usb 5-1: Using ep0 maxpacket: 16 [ 1488.629254][ T5924] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1488.654000][ T5924] usb 5-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 1488.679268][ T5924] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1488.701273][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1488.735489][ T5924] usb 5-1: SerialNumber: syz [ 1488.981487][ T5924] usb 5-1: USB disconnect, device number 65 [ 1489.379044][T20719] syzkaller0: entered promiscuous mode [ 1489.379077][T20719] syzkaller0: entered allmulticast mode [ 1489.466334][T16064] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 1489.622813][T16064] usb 2-1: Using ep0 maxpacket: 8 [ 1489.636070][T16064] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 1489.644475][T16064] usb 2-1: config 179 has no interface number 0 [ 1489.675831][T16064] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1489.687683][T16064] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1489.765408][T16064] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1489.791810][T16064] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1489.809925][T16064] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1489.833873][T16064] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1489.854054][T16064] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.879528][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1489.896342][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1489.910992][T20717] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1490.172181][T16064] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input242 [ 1490.392738][T16064] usb 2-1: USB disconnect, device number 83 [ 1490.392799][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1490.407089][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1492.452202][ T5924] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1492.605790][ T5924] usb 5-1: Using ep0 maxpacket: 16 [ 1492.612978][ T5924] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1492.624059][ T5924] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1492.630924][ T5924] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1492.643196][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1492.654880][ T5924] usb 5-1: config 0 descriptor?? [ 1493.090914][ T5924] nzxt-smart2 0003:1E71:2009.0015: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0 [ 1493.221344][ T30] audit: type=1326 audit(1765462418.085:3051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20775 comm="syz.0.3996" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f05539 code=0x7ffc0000 [ 1493.550910][ T5924] usb 5-1: USB disconnect, device number 66 [ 1494.516268][T20786] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4000'. [ 1495.170214][T20805] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4008'. [ 1495.218802][T20805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4008'. [ 1495.432601][T20807] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4009'. [ 1495.681136][T20816] kvm: pic: single mode not supported [ 1495.681162][T20816] kvm: pic: level sensitive irq not supported [ 1496.108418][T20825] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4016'. [ 1496.535474][T19729] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1496.709579][T19729] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1496.719591][T19729] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1496.729388][T19729] usb 5-1: Product: syz [ 1496.745574][T19729] usb 5-1: Manufacturer: syz [ 1496.753971][T19729] usb 5-1: SerialNumber: syz [ 1496.775490][T14712] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1496.863661][T20846] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1496.945478][T14712] usb 2-1: Using ep0 maxpacket: 32 [ 1496.952413][T14712] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 1496.964917][T14712] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= a.f5 [ 1496.974082][T14712] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1496.983005][T14712] usb 2-1: Product: syz [ 1496.987302][T14712] usb 2-1: Manufacturer: syz [ 1496.991934][T14712] usb 2-1: SerialNumber: syz [ 1496.999682][T14712] usb 2-1: config 0 descriptor?? [ 1497.006180][T20835] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1497.019314][T14712] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1497.224597][T14712] usb 2-1: USB disconnect, device number 84 [ 1497.797918][T19729] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1497.804505][T19729] cdc_ncm 5-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048 [ 1497.812092][T19729] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 1498.024287][T19729] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 1498.060603][T19729] usb 5-1: USB disconnect, device number 67 [ 1498.081033][T19729] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 1500.305440][T19729] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 1500.465798][T19729] usb 2-1: Using ep0 maxpacket: 16 [ 1500.483435][T19729] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1500.502871][T19729] usb 2-1: config 1 has no interface number 1 [ 1500.513012][T19729] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1500.529425][T20937] syzkaller0: entered promiscuous mode [ 1500.534957][T20937] syzkaller0: entered allmulticast mode [ 1500.546292][T19729] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1500.577687][T19729] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1500.606785][T19729] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1500.618201][T19729] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1500.626413][T19729] usb 2-1: Product: syz [ 1500.633680][T19729] usb 2-1: Manufacturer: syz [ 1500.639012][T19729] usb 2-1: SerialNumber: syz [ 1500.835747][ T5924] usb 3-1: new full-speed USB device number 94 using dummy_hcd [ 1500.941708][T20946] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1500.974857][T20949] loop2: detected capacity change from 0 to 7 [ 1500.984173][T14283] Dev loop2: unable to read RDB block 7 [ 1500.989962][T14283] loop2: AHDI p1 p2 p3 [ 1500.992853][ T5924] usb 3-1: config 0 has an invalid interface number: 117 but max is 0 [ 1500.994393][T14283] loop2: partition table partially beyond EOD, truncated [ 1501.011850][ T5924] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1501.013303][T14283] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1501.035523][ T5924] usb 3-1: config 0 has no interface number 0 [ 1501.039953][T14283] loop2: p3 start 335544320 is beyond EOD, truncated [ 1501.047712][ T5924] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1501.061905][ T5924] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1501.076927][T20949] Dev loop2: unable to read RDB block 7 [ 1501.081055][T19729] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 1501.082540][T20949] loop2: AHDI p1 p2 p3 [ 1501.096280][T20949] loop2: partition table partially beyond EOD, truncated [ 1501.098046][ T5924] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1501.104236][T20949] loop2: p1 start 1818582900 is beyond EOD, truncated [ 1501.120323][T20949] loop2: p3 start 335544320 is beyond EOD, truncated [ 1501.128348][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1501.156286][ T5924] usb 3-1: Product: syz [ 1501.160807][ T5924] usb 3-1: Manufacturer: syz [ 1501.166898][ T5924] usb 3-1: SerialNumber: syz [ 1501.179603][ T5924] usb 3-1: config 0 descriptor?? [ 1501.497638][T20956] kvm: pic: single mode not supported [ 1501.497664][T20956] kvm: pic: level sensitive irq not supported [ 1501.820172][ T5924] usbtouchscreen 3-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1501.859297][ T5924] usb 3-1: USB disconnect, device number 94 [ 1501.887410][T19729] usb 2-1: 2:1: cannot get freq at ep 0x82 [ 1501.991727][T19729] usb 2-1: USB disconnect, device number 85 [ 1502.165597][T14712] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 1502.335432][T14712] usb 1-1: Using ep0 maxpacket: 16 [ 1502.342647][T14712] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1502.354932][T14712] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1502.369396][T14712] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1502.399183][T14712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1502.427815][T14712] usb 1-1: config 0 descriptor?? [ 1502.639343][T20977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4070'. [ 1502.915926][T14712] nzxt-smart2 0003:1E71:2009.0016: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0 [ 1503.341687][T18184] usb 1-1: USB disconnect, device number 69 [ 1503.695487][T14712] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 1503.875743][T14712] usb 3-1: Using ep0 maxpacket: 16 [ 1503.883442][T14712] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1504.025835][T14712] usb 3-1: config 0 has no interfaces? [ 1504.037219][T14712] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1504.055702][T14712] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1504.063766][T14712] usb 3-1: Product: syz [ 1504.085410][T14712] usb 3-1: Manufacturer: syz [ 1504.090082][T14712] usb 3-1: SerialNumber: syz [ 1504.125818][T14712] usb 3-1: config 0 descriptor?? [ 1504.335585][T21021] input: syz1 as /devices/virtual/input/input244 [ 1504.354489][T14712] usb 3-1: USB disconnect, device number 95 [ 1504.612825][T21027] Invalid logical block size (-3) [ 1505.455517][T19729] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1505.605435][T19729] usb 3-1: Using ep0 maxpacket: 16 [ 1505.632762][T19729] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1505.675158][T19729] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1505.692490][T19729] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1505.713506][T19729] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1505.744751][T19729] usb 3-1: config 0 descriptor?? [ 1506.290302][T19729] nzxt-smart2 0003:1E71:2009.0017: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 1506.673504][T19729] usb 3-1: USB disconnect, device number 96 [ 1507.662428][ T30] audit: type=1326 audit(1765462432.525:3052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21085 comm="syz.4.4110" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70cd539 code=0x0 [ 1507.714967][T21088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4110'. [ 1508.055500][T21096] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4113'. [ 1508.335538][T19729] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1508.485944][T19729] usb 1-1: Using ep0 maxpacket: 8 [ 1508.498441][T19729] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1508.512973][T19729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 1508.528047][T19729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1508.540037][T19729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 1508.552671][T18184] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1508.561023][T19729] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 1508.571905][T19729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1508.581864][T19729] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 195 [ 1508.594439][T19729] usb 1-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 1508.603702][T19729] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.611988][T19729] usb 1-1: Product: syz [ 1508.617854][T19729] usb 1-1: Manufacturer: syz [ 1508.622483][T19729] usb 1-1: SerialNumber: syz [ 1508.630255][T19729] usb 1-1: config 0 descriptor?? [ 1508.636934][T21098] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1508.645983][T21098] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1508.659518][T19729] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1508.719564][T18184] usb 2-1: Using ep0 maxpacket: 16 [ 1508.732672][T18184] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 1508.742127][T18184] usb 2-1: config 0 has no interface number 0 [ 1508.752221][T18184] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 1508.763099][T18184] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.777227][T18184] usb 2-1: Product: syz [ 1508.781657][T18184] usb 2-1: Manufacturer: syz [ 1508.786711][T18184] usb 2-1: SerialNumber: syz [ 1508.793923][T18184] usb 2-1: config 0 descriptor?? [ 1508.889218][T20128] usb 1-1: USB disconnect, device number 70 [ 1509.005723][T18184] uvcvideo 2-1:0.105: probe with driver uvcvideo failed with error -22 [ 1509.082405][T21114] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4122'. [ 1509.227971][T19729] usb 2-1: USB disconnect, device number 86 [ 1509.767736][T19729] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1509.935461][T19729] usb 5-1: Using ep0 maxpacket: 16 [ 1509.951008][T19729] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1509.973319][T19729] usb 5-1: config 13 has an invalid interface number: 50 but max is 0 [ 1509.984357][T19729] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 1509.999325][T21150] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4138'. [ 1510.005871][T19729] usb 5-1: config 13 has no interface number 0 [ 1510.010184][T21150] netlink: 70 bytes leftover after parsing attributes in process `syz.0.4138'. [ 1510.014821][T19729] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16 [ 1510.054234][T19729] usb 5-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1510.075455][T19729] usb 5-1: config 13 interface 50 has no altsetting 0 [ 1510.095890][T19729] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 1510.109351][T19729] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.128007][T19729] usb 5-1: Product: syz [ 1510.136241][T19729] usb 5-1: Manufacturer: syz [ 1510.145537][T19729] usb 5-1: SerialNumber: syz [ 1510.173518][T21132] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1510.419619][T19729] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1510.434782][T19729] usb 5-1: MIDIStreaming interface descriptor not found [ 1510.749899][T19729] usb 5-1: USB disconnect, device number 68 [ 1510.840150][T14311] udevd[14311]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1511.180092][T21170] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1511.527495][T21191] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4156'. [ 1511.844613][T21208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4163'. [ 1513.415471][T20128] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1513.572965][T20128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1513.584785][T20128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1513.598126][T20128] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 1513.607781][T14712] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1513.616023][T20128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.630483][T20128] usb 1-1: config 0 descriptor?? [ 1513.755641][ T5823] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1513.788731][T14712] usb 3-1: Using ep0 maxpacket: 16 [ 1513.795450][T18184] usb 5-1: new low-speed USB device number 69 using dummy_hcd [ 1513.803358][T14712] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1513.817638][T14712] usb 3-1: New USB device found, idVendor=056a, idProduct=0101, bcdDevice= 0.00 [ 1513.829453][T14712] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.843425][T14712] usb 3-1: config 0 descriptor?? [ 1513.907908][ T5823] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1513.917597][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1513.929690][ T5823] usb 2-1: config 0 descriptor?? [ 1513.941259][T18184] usb 5-1: device descriptor read/64, error -71 [ 1514.067747][T20128] hid_parser_main: 133 callbacks suppressed [ 1514.067775][T20128] holtek_kbd 0003:04D9:A055.0018: unknown main item tag 0x2 [ 1514.081741][T20128] holtek_kbd 0003:04D9:A055.0018: item fetching failed at offset 6/7 [ 1514.091569][T20128] holtek_kbd 0003:04D9:A055.0018: probe with driver holtek_kbd failed with error -22 [ 1514.195482][T18184] usb 5-1: new low-speed USB device number 70 using dummy_hcd [ 1514.265473][T20128] usb 1-1: USB disconnect, device number 71 [ 1514.296037][T14712] wacom 0003:056A:0101.0019: unknown main item tag 0x0 [ 1514.303237][T14712] wacom 0003:056A:0101.0019: unknown main item tag 0x0 [ 1514.310295][T14712] wacom 0003:056A:0101.0019: unknown main item tag 0x0 [ 1514.318907][T14712] wacom 0003:056A:0101.0019: unknown main item tag 0x0 [ 1514.326166][T14712] wacom 0003:056A:0101.0019: unknown main item tag 0x0 [ 1514.336624][T18184] usb 5-1: device descriptor read/64, error -71 [ 1514.455865][T18184] usb usb5-port1: attempt power cycle [ 1514.497774][T20128] usb 3-1: USB disconnect, device number 98 [ 1514.805475][T18184] usb 5-1: new low-speed USB device number 71 using dummy_hcd [ 1514.826184][T18184] usb 5-1: device descriptor read/8, error -71 [ 1514.954350][ T5823] usb 2-1: Cannot set autoneg [ 1514.961453][ T5823] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1514.979218][ T5823] usb 2-1: USB disconnect, device number 87 [ 1515.066885][T18184] usb 5-1: new low-speed USB device number 72 using dummy_hcd [ 1515.106448][T18184] usb 5-1: device descriptor read/8, error -71 [ 1515.225867][T18184] usb usb5-port1: unable to enumerate USB device [ 1515.251476][T21296] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4199'. [ 1515.795157][T21318] loop4: detected capacity change from 0 to 7 [ 1515.808773][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.822027][T21316] kvm: pic: single mode not supported [ 1515.822050][T21316] kvm: pic: level sensitive irq not supported [ 1515.828798][T21316] kvm: pic: single mode not supported [ 1515.832844][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.836391][T21316] kvm: pic: level sensitive irq not supported [ 1515.852513][T21316] kvm: pic: single mode not supported [ 1515.858805][T21316] kvm: pic: level sensitive irq not supported [ 1515.859096][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.868414][T21316] kvm: pic: single mode not supported [ 1515.878656][T21316] kvm: pic: level sensitive irq not supported [ 1515.905574][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.938377][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.951389][T21324] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4212'. [ 1515.960837][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.970135][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1515.988488][T14283] ldm_validate_partition_table(): Disk read failed. [ 1515.995530][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1516.015715][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1516.025533][T14283] Buffer I/O error on dev loop4, logical block 0, async page read [ 1516.033524][T14283] Dev loop4: unable to read RDB block 0 [ 1516.040303][T14283] loop4: unable to read partition table [ 1516.046899][T14283] loop4: partition table beyond EOD, truncated [ 1516.054179][T21318] ldm_validate_partition_table(): Disk read failed. [ 1516.061204][T21318] Dev loop4: unable to read RDB block 0 [ 1516.075703][T21318] loop4: unable to read partition table [ 1516.081778][T21318] loop4: partition table beyond EOD, truncated [ 1516.095828][T21318] loop_reread_partitions: partition scan of loop4 (Sj̖P=ý?}X %`ր5) failed (rc=-5) [ 1516.238580][T21327] netlink: 'syz.3.4213': attribute type 4 has an invalid length. [ 1516.815040][T21344] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4220'. [ 1516.892373][T21348] netlink: 108 bytes leftover after parsing attributes in process `syz.1.4221'. [ 1517.366870][T21366] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.4226' sets config #5 [ 1517.837632][T21390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4237'. [ 1518.036539][T18184] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 1518.195553][T18184] usb 1-1: Using ep0 maxpacket: 16 [ 1518.202797][T18184] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1518.225457][T18184] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1518.244622][T18184] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1518.256605][T18184] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.265219][T18184] usb 1-1: Product: syz [ 1518.269526][T18184] usb 1-1: Manufacturer: syz [ 1518.274158][T18184] usb 1-1: SerialNumber: syz [ 1518.540605][T18184] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1518.613824][T18184] usb 1-1: USB disconnect, device number 72 [ 1519.961268][T21437] binder: BC_ATTEMPT_ACQUIRE not supported [ 1520.004913][T21437] binder: 21434:21437 ioctl c0306201 80000680 returned -22 [ 1520.428739][T21449] usb usb8: usbfs: process 21449 (syz.4.4262) did not claim interface 0 before use [ 1521.546174][T14712] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1521.727721][T14712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1521.758843][T14712] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1521.797072][T14712] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1521.834021][T14712] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1521.865003][T14712] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.896255][T14712] usb 1-1: config 0 descriptor?? [ 1522.128037][T21479] kvm: pic: single mode not supported [ 1522.128063][T21479] kvm: pic: level sensitive irq not supported [ 1522.148645][T21479] kvm: pic: single mode not supported [ 1522.166241][T21479] kvm: pic: level sensitive irq not supported [ 1522.176156][T21479] kvm: pic: single mode not supported [ 1522.182356][T21479] kvm: pic: level sensitive irq not supported [ 1522.201464][T21479] kvm: pic: single mode not supported [ 1522.207917][T21479] kvm: pic: level sensitive irq not supported [ 1522.359860][T14712] plantronics 0003:047F:FFFF.001A: reserved main item tag 0xe [ 1522.385215][T14712] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 1522.415572][T14712] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1522.475598][T21486] netlink: 84 bytes leftover after parsing attributes in process `syz.1.4279'. [ 1522.660160][T14712] usb 1-1: USB disconnect, device number 73 [ 1522.689986][T21487] fido_id[21487]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 1523.354551][T21492] [ 1523.356950][T21492] ===================================================== [ 1523.363906][T21492] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1523.371409][T21492] syzkaller #0 Tainted: G L [ 1523.377420][T21492] ----------------------------------------------------- [ 1523.384381][T21492] syz.4.4281/21492 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1523.392145][T21492] ffff88807aae8210 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1523.400934][T21492] [ 1523.400934][T21492] and this task is already holding: [ 1523.408316][T21492] ffff88801f2cd028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1523.418112][T21492] which would create a new lock dependency: [ 1523.424021][T21492] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 1523.432161][T21492] [ 1523.432161][T21492] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1523.441620][T21492] (&dev->event_lock#2){..-.}-{3:3} [ 1523.441661][T21492] [ 1523.441661][T21492] ... which became SOFTIRQ-irq-safe at: [ 1523.454589][T21492] lock_acquire+0x117/0x340 [ 1523.459215][T21492] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1523.464522][T21492] input_inject_event+0xa5/0x340 [ 1523.469563][T21492] led_trigger_event+0x138/0x210 [ 1523.474650][T21492] kbd_bh+0x1f3/0x300 [ 1523.478731][T21492] tasklet_action_common+0x358/0x550 [ 1523.484120][T21492] handle_softirqs+0x27d/0x850 [ 1523.488976][T21492] run_ksoftirqd+0x9b/0x100 [ 1523.493579][T21492] smpboot_thread_fn+0x542/0xa60 [ 1523.498620][T21492] kthread+0x711/0x8a0 [ 1523.502787][T21492] ret_from_fork+0x599/0xb30 [ 1523.507475][T21492] ret_from_fork_asm+0x1a/0x30 [ 1523.512341][T21492] [ 1523.512341][T21492] to a SOFTIRQ-irq-unsafe lock: [ 1523.519363][T21492] (tasklist_lock){.+.+}-{3:3} [ 1523.519393][T21492] [ 1523.519393][T21492] ... which became SOFTIRQ-irq-unsafe at: [ 1523.532042][T21492] ... [ 1523.532051][T21492] lock_acquire+0x117/0x340 [ 1523.539226][T21492] _raw_read_lock+0x36/0x50 [ 1523.543831][T21492] __do_wait+0xde/0x740 [ 1523.548085][T21492] do_wait+0x1e8/0x4f0 [ 1523.552263][T21492] kernel_wait+0xab/0x170 [ 1523.556704][T21492] call_usermodehelper_exec_work+0xbe/0x230 [ 1523.562697][T21492] process_scheduled_works+0xad1/0x1770 [ 1523.568337][T21492] worker_thread+0x8a0/0xda0 [ 1523.573029][T21492] kthread+0x711/0x8a0 [ 1523.577204][T21492] ret_from_fork+0x599/0xb30 [ 1523.581889][T21492] ret_from_fork_asm+0x1a/0x30 [ 1523.586756][T21492] [ 1523.586756][T21492] other info that might help us debug this: [ 1523.586756][T21492] [ 1523.596991][T21492] Chain exists of: [ 1523.596991][T21492] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1523.596991][T21492] [ 1523.610575][T21492] Possible interrupt unsafe locking scenario: [ 1523.610575][T21492] [ 1523.618895][T21492] CPU0 CPU1 [ 1523.624266][T21492] ---- ---- [ 1523.629734][T21492] lock(tasklist_lock); [ 1523.633998][T21492] local_irq_disable(); [ 1523.640774][T21492] lock(&dev->event_lock#2); [ 1523.648001][T21492] lock(&client->buffer_lock); [ 1523.655389][T21492] [ 1523.658846][T21492] lock(&dev->event_lock#2); [ 1523.663715][T21492] [ 1523.663715][T21492] *** DEADLOCK *** [ 1523.663715][T21492] [ 1523.671864][T21492] 7 locks held by syz.4.4281/21492: [ 1523.677068][T21492] #0: ffff888146f74118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 1523.686252][T21492] #1: ffff8881446e1230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1523.696405][T21492] #2: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xb6/0x340 [ 1523.706103][T21492] #3: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 1523.715704][T21492] #4: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 1523.724883][T21492] #5: ffff88801f2cd028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 1523.735116][T21492] #6: ffffffff8df419e0 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1523.744204][T21492] [ 1523.744204][T21492] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1523.754619][T21492] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1523.760287][T21492] IN-SOFTIRQ-W at: [ 1523.764367][T21492] lock_acquire+0x117/0x340 [ 1523.770712][T21492] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1523.777757][T21492] input_inject_event+0xa5/0x340 [ 1523.784589][T21492] led_trigger_event+0x138/0x210 [ 1523.791392][T21492] kbd_bh+0x1f3/0x300 [ 1523.797230][T21492] tasklet_action_common+0x358/0x550 [ 1523.804372][T21492] handle_softirqs+0x27d/0x850 [ 1523.810981][T21492] run_ksoftirqd+0x9b/0x100 [ 1523.817335][T21492] smpboot_thread_fn+0x542/0xa60 [ 1523.824111][T21492] kthread+0x711/0x8a0 [ 1523.830033][T21492] ret_from_fork+0x599/0xb30 [ 1523.836483][T21492] ret_from_fork_asm+0x1a/0x30 [ 1523.843102][T21492] INITIAL USE at: [ 1523.847099][T21492] lock_acquire+0x117/0x340 [ 1523.853377][T21492] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1523.860332][T21492] input_inject_event+0xa5/0x340 [ 1523.867022][T21492] kbd_led_trigger_activate+0xbc/0x100 [ 1523.874235][T21492] led_trigger_set+0x52d/0x950 [ 1523.880750][T21492] led_trigger_set_default+0x260/0x2a0 [ 1523.887969][T21492] led_classdev_register_ext+0x73d/0x960 [ 1523.895359][T21492] input_leds_connect+0x517/0x790 [ 1523.902138][T21492] input_register_device+0xd00/0x1170 [ 1523.909263][T21492] atkbd_connect+0x73b/0xa50 [ 1523.915610][T21492] serio_driver_probe+0x82/0xd0 [ 1523.922255][T21492] really_probe+0x26d/0xad0 [ 1523.928524][T21492] __driver_probe_device+0x18c/0x320 [ 1523.935575][T21492] driver_probe_device+0x4f/0x240 [ 1523.942347][T21492] __driver_attach+0x349/0x650 [ 1523.948868][T21492] bus_for_each_dev+0x233/0x2b0 [ 1523.955476][T21492] serio_handle_event+0x1f9/0x8d0 [ 1523.962279][T21492] process_scheduled_works+0xad1/0x1770 [ 1523.969587][T21492] worker_thread+0x8a0/0xda0 [ 1523.975934][T21492] kthread+0x711/0x8a0 [ 1523.981764][T21492] ret_from_fork+0x599/0xb30 [ 1523.988099][T21492] ret_from_fork_asm+0x1a/0x30 [ 1523.994615][T21492] } [ 1523.997204][T21492] ... key at: [] input_allocate_device.__key.6+0x0/0x20 [ 1524.006327][T21492] -> (&client->buffer_lock){....}-{3:3} { [ 1524.012083][T21492] INITIAL USE at: [ 1524.015986][T21492] lock_acquire+0x117/0x340 [ 1524.022072][T21492] _raw_spin_lock_irq+0xa2/0xf0 [ 1524.028531][T21492] evdev_read+0x370/0xca0 [ 1524.034441][T21492] vfs_readv+0x5aa/0x850 [ 1524.040265][T21492] do_readv+0x14d/0x2d0 [ 1524.045996][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.052767][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.059207][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.067115][T21492] } [ 1524.069622][T21492] ... key at: [] evdev_open.__key.26+0x0/0x20 [ 1524.077788][T21492] ... acquired at: [ 1524.081595][T21492] _raw_spin_lock+0x2e/0x40 [ 1524.086288][T21492] evdev_pass_values+0xb9/0xbd0 [ 1524.091330][T21492] evdev_events+0x1e6/0x340 [ 1524.096041][T21492] input_pass_values+0x288/0x890 [ 1524.101176][T21492] input_event_dispose+0x330/0x6b0 [ 1524.106469][T21492] input_inject_event+0x1dd/0x340 [ 1524.111677][T21492] evdev_write+0x2fc/0x480 [ 1524.116281][T21492] vfs_write+0x27e/0xb30 [ 1524.120707][T21492] ksys_write+0x145/0x250 [ 1524.125229][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.130610][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.135653][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.142192][T21492] [ 1524.144530][T21492] [ 1524.144530][T21492] the dependencies between the lock to be acquired [ 1524.144541][T21492] and SOFTIRQ-irq-unsafe lock: [ 1524.158086][T21492] -> (tasklist_lock){.+.+}-{3:3} { [ 1524.163413][T21492] HARDIRQ-ON-R at: [ 1524.167577][T21492] lock_acquire+0x117/0x340 [ 1524.174092][T21492] _raw_read_lock+0x36/0x50 [ 1524.180610][T21492] __do_wait+0xde/0x740 [ 1524.186782][T21492] do_wait+0x1e8/0x4f0 [ 1524.192872][T21492] kernel_wait+0xab/0x170 [ 1524.199221][T21492] call_usermodehelper_exec_work+0xbe/0x230 [ 1524.207124][T21492] process_scheduled_works+0xad1/0x1770 [ 1524.214678][T21492] worker_thread+0x8a0/0xda0 [ 1524.221277][T21492] kthread+0x711/0x8a0 [ 1524.227447][T21492] ret_from_fork+0x599/0xb30 [ 1524.234049][T21492] ret_from_fork_asm+0x1a/0x30 [ 1524.240835][T21492] SOFTIRQ-ON-R at: [ 1524.245002][T21492] lock_acquire+0x117/0x340 [ 1524.251521][T21492] _raw_read_lock+0x36/0x50 [ 1524.258044][T21492] __do_wait+0xde/0x740 [ 1524.264216][T21492] do_wait+0x1e8/0x4f0 [ 1524.270295][T21492] kernel_wait+0xab/0x170 [ 1524.276633][T21492] call_usermodehelper_exec_work+0xbe/0x230 [ 1524.284533][T21492] process_scheduled_works+0xad1/0x1770 [ 1524.292090][T21492] worker_thread+0x8a0/0xda0 [ 1524.298702][T21492] kthread+0x711/0x8a0 [ 1524.304780][T21492] ret_from_fork+0x599/0xb30 [ 1524.311376][T21492] ret_from_fork_asm+0x1a/0x30 [ 1524.318155][T21492] INITIAL USE at: [ 1524.322230][T21492] lock_acquire+0x117/0x340 [ 1524.328655][T21492] _raw_write_lock_irq+0xa2/0xf0 [ 1524.335524][T21492] copy_process+0x2185/0x3950 [ 1524.342121][T21492] kernel_clone+0x21e/0x820 [ 1524.348568][T21492] user_mode_thread+0xdd/0x140 [ 1524.355287][T21492] rest_init+0x23/0x300 [ 1524.361406][T21492] start_kernel+0x3a7/0x400 [ 1524.367871][T21492] x86_64_start_reservations+0x24/0x30 [ 1524.375299][T21492] x86_64_start_kernel+0x143/0x1c0 [ 1524.382365][T21492] common_startup_64+0x13e/0x147 [ 1524.389244][T21492] INITIAL READ USE at: [ 1524.393768][T21492] lock_acquire+0x117/0x340 [ 1524.400628][T21492] _raw_read_lock+0x36/0x50 [ 1524.407515][T21492] __do_wait+0xde/0x740 [ 1524.414033][T21492] do_wait+0x1e8/0x4f0 [ 1524.420463][T21492] kernel_wait+0xab/0x170 [ 1524.427152][T21492] call_usermodehelper_exec_work+0xbe/0x230 [ 1524.435399][T21492] process_scheduled_works+0xad1/0x1770 [ 1524.443310][T21492] worker_thread+0x8a0/0xda0 [ 1524.450251][T21492] kthread+0x711/0x8a0 [ 1524.456699][T21492] ret_from_fork+0x599/0xb30 [ 1524.463638][T21492] ret_from_fork_asm+0x1a/0x30 [ 1524.470774][T21492] } [ 1524.473452][T21492] ... key at: [] tasklist_lock+0x18/0x40 [ 1524.481363][T21492] ... acquired at: [ 1524.485344][T21492] _raw_read_lock+0x36/0x50 [ 1524.490040][T21492] send_sigurg+0x12b/0x420 [ 1524.494650][T21492] sk_send_sigurg+0x6c/0x2e0 [ 1524.499427][T21492] queue_oob+0x420/0x4f0 [ 1524.503865][T21492] unix_stream_sendmsg+0xc32/0xde0 [ 1524.509169][T21492] __sock_sendmsg+0x21c/0x270 [ 1524.514035][T21492] ____sys_sendmsg+0x505/0x820 [ 1524.518983][T21492] ___sys_sendmsg+0x21f/0x2a0 [ 1524.523852][T21492] __sys_sendmsg+0x164/0x220 [ 1524.528623][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.534002][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.539033][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.545569][T21492] [ 1524.547902][T21492] -> (&f_owner->lock){....}-{3:3} { [ 1524.553224][T21492] INITIAL USE at: [ 1524.557216][T21492] lock_acquire+0x117/0x340 [ 1524.563513][T21492] _raw_write_lock_irq+0xa2/0xf0 [ 1524.570211][T21492] __f_setown+0x67/0x370 [ 1524.576211][T21492] fcntl_dirnotify+0x3fa/0x6a0 [ 1524.582726][T21492] do_fcntl+0x745/0x1a50 [ 1524.588726][T21492] do_compat_fcntl64+0x477/0x720 [ 1524.595438][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.602391][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.608993][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.617076][T21492] INITIAL READ USE at: [ 1524.621500][T21492] lock_acquire+0x117/0x340 [ 1524.628184][T21492] _raw_read_lock_irqsave+0xaf/0x100 [ 1524.635652][T21492] send_sigio+0x38/0x370 [ 1524.642085][T21492] dnotify_handle_event+0x169/0x440 [ 1524.649461][T21492] fsnotify+0x180b/0x1ab0 [ 1524.655976][T21492] path_openat+0x1aa1/0x3dd0 [ 1524.662751][T21492] do_filp_open+0x1fa/0x410 [ 1524.669434][T21492] do_sys_openat2+0x121/0x200 [ 1524.676300][T21492] __se_sys_openat2+0x226/0x2c0 [ 1524.683334][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.690712][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.697739][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.706268][T21492] } [ 1524.708869][T21492] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1524.717813][T21492] ... acquired at: [ 1524.721707][T21492] _raw_read_lock_irqsave+0xaf/0x100 [ 1524.727178][T21492] send_sigio+0x38/0x370 [ 1524.731614][T21492] kill_fasync+0x24d/0x4d0 [ 1524.736220][T21492] sock_wake_async+0x137/0x160 [ 1524.741188][T21492] sock_def_readable+0x3c1/0x530 [ 1524.746312][T21492] tcp_urg+0x2e6/0x3f0 [ 1524.750559][T21492] tcp_rcv_established+0xf4c/0x2580 [ 1524.755969][T21492] tcp_v4_do_rcv+0xa90/0x1430 [ 1524.760841][T21492] __release_sock+0x265/0x3a0 [ 1524.765703][T21492] release_sock+0x5f/0x1f0 [ 1524.770311][T21492] tcp_sendmsg+0x39/0x50 [ 1524.774738][T21492] __sock_sendmsg+0x19c/0x270 [ 1524.779601][T21492] __sys_sendto+0x3bd/0x520 [ 1524.784296][T21492] __ia32_sys_sendto+0xdd/0x100 [ 1524.789341][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1524.794727][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.799782][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.806331][T21492] [ 1524.808685][T21492] -> (&new->fa_lock){....}-{3:3} { [ 1524.813849][T21492] INITIAL USE at: [ 1524.817765][T21492] lock_acquire+0x117/0x340 [ 1524.823851][T21492] _raw_write_lock_irq+0xa2/0xf0 [ 1524.830468][T21492] fasync_remove_entry+0xf1/0x1c0 [ 1524.837078][T21492] sock_fasync+0x85/0xf0 [ 1524.842898][T21492] __fput+0x8a2/0xa70 [ 1524.848460][T21492] task_work_run+0x1d4/0x260 [ 1524.854631][T21492] get_signal+0x11ec/0x1340 [ 1524.860718][T21492] arch_do_signal_or_restart+0x9a/0x7a0 [ 1524.867866][T21492] exit_to_user_mode_loop+0x87/0x4f0 [ 1524.874739][T21492] __do_fast_syscall_32+0x3cb/0x570 [ 1524.881515][T21492] do_fast_syscall_32+0x34/0x80 [ 1524.887943][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1524.895873][T21492] INITIAL READ USE at: [ 1524.900229][T21492] lock_acquire+0x117/0x340 [ 1524.906744][T21492] _raw_read_lock_irqsave+0xaf/0x100 [ 1524.914045][T21492] kill_fasync+0x199/0x4d0 [ 1524.920488][T21492] sock_wake_async+0x137/0x160 [ 1524.927535][T21492] sk_send_sigurg+0x1f1/0x2e0 [ 1524.934258][T21492] tcp_check_urg+0x200/0x760 [ 1524.940884][T21492] tcp_urg+0x164/0x3f0 [ 1524.946969][T21492] tcp_rcv_established+0xf4c/0x2580 [ 1524.954172][T21492] tcp_v4_do_rcv+0xa90/0x1430 [ 1524.960871][T21492] __release_sock+0x265/0x3a0 [ 1524.967581][T21492] release_sock+0x5f/0x1f0 [ 1524.974010][T21492] tcp_sendmsg+0x39/0x50 [ 1524.980263][T21492] __sock_sendmsg+0x19c/0x270 [ 1524.986952][T21492] __sys_sendto+0x3bd/0x520 [ 1524.993470][T21492] __ia32_sys_sendto+0xdd/0x100 [ 1525.000439][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1525.007664][T21492] do_fast_syscall_32+0x34/0x80 [ 1525.014531][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1525.022870][T21492] } [ 1525.025394][T21492] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1525.034086][T21492] ... acquired at: [ 1525.037895][T21492] _raw_read_lock_irqsave+0xaf/0x100 [ 1525.043371][T21492] kill_fasync+0x199/0x4d0 [ 1525.048004][T21492] evdev_pass_values+0x627/0xbd0 [ 1525.053170][T21492] evdev_events+0x1e6/0x340 [ 1525.057875][T21492] input_pass_values+0x288/0x890 [ 1525.063000][T21492] input_event_dispose+0x330/0x6b0 [ 1525.068314][T21492] input_inject_event+0x1dd/0x340 [ 1525.073521][T21492] evdev_write+0x2fc/0x480 [ 1525.078127][T21492] vfs_write+0x27e/0xb30 [ 1525.082552][T21492] ksys_write+0x145/0x250 [ 1525.087117][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1525.092534][T21492] do_fast_syscall_32+0x34/0x80 [ 1525.097586][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1525.104117][T21492] [ 1525.106466][T21492] [ 1525.106466][T21492] stack backtrace: [ 1525.112368][T21492] CPU: 1 UID: 0 PID: 21492 Comm: syz.4.4281 Tainted: G L syzkaller #0 PREEMPT(full) [ 1525.112395][T21492] Tainted: [L]=SOFTLOCKUP [ 1525.112403][T21492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1525.112415][T21492] Call Trace: [ 1525.112423][T21492] [ 1525.112431][T21492] dump_stack_lvl+0x189/0x250 [ 1525.112462][T21492] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1525.112484][T21492] ? __pfx__printk+0x10/0x10 [ 1525.112516][T21492] __lock_acquire+0x2a95/0x2cf0 [ 1525.112549][T21492] ? kill_fasync+0x199/0x4d0 [ 1525.112576][T21492] lock_acquire+0x117/0x340 [ 1525.112594][T21492] ? kill_fasync+0x199/0x4d0 [ 1525.112627][T21492] _raw_read_lock_irqsave+0xaf/0x100 [ 1525.112654][T21492] ? kill_fasync+0x199/0x4d0 [ 1525.112680][T21492] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 1525.112705][T21492] ? do_raw_spin_lock+0x121/0x290 [ 1525.112735][T21492] kill_fasync+0x199/0x4d0 [ 1525.112762][T21492] ? kill_fasync+0x53/0x4d0 [ 1525.112789][T21492] evdev_pass_values+0x627/0xbd0 [ 1525.112821][T21492] ? evdev_pass_values+0x5a1/0xbd0 [ 1525.112850][T21492] evdev_events+0x1e6/0x340 [ 1525.112876][T21492] ? evdev_events+0x79/0x340 [ 1525.112902][T21492] ? input_pass_values+0x8d/0x890 [ 1525.112928][T21492] input_pass_values+0x288/0x890 [ 1525.112956][T21492] ? input_handle_event+0x70c/0xf30 [ 1525.112978][T21492] input_event_dispose+0x330/0x6b0 [ 1525.113002][T21492] input_inject_event+0x1dd/0x340 [ 1525.113024][T21492] ? input_inject_event+0xb6/0x340 [ 1525.113046][T21492] evdev_write+0x2fc/0x480 [ 1525.113077][T21492] ? __pfx_evdev_write+0x10/0x10 [ 1525.113110][T21492] ? bpf_lsm_file_permission+0x9/0x20 [ 1525.113131][T21492] ? security_file_permission+0x75/0x290 [ 1525.113160][T21492] ? rw_verify_area+0x255/0x4d0 [ 1525.113177][T21492] ? __pfx_evdev_write+0x10/0x10 [ 1525.113204][T21492] vfs_write+0x27e/0xb30 [ 1525.113225][T21492] ? __pfx_vfs_write+0x10/0x10 [ 1525.113243][T21492] ? __fget_files+0x2a/0x420 [ 1525.113268][T21492] ? __fget_files+0x2a/0x420 [ 1525.113290][T21492] ? __fget_files+0x3a0/0x420 [ 1525.113317][T21492] ? __fget_files+0x2a/0x420 [ 1525.113344][T21492] ksys_write+0x145/0x250 [ 1525.113363][T21492] ? __pfx_ksys_write+0x10/0x10 [ 1525.113382][T21492] ? __do_fast_syscall_32+0xbe/0x570 [ 1525.113401][T21492] __do_fast_syscall_32+0x1f7/0x570 [ 1525.113418][T21492] ? rcu_is_watching+0x15/0xb0 [ 1525.113441][T21492] ? do_fast_syscall_32+0x34/0x80 [ 1525.113460][T21492] do_fast_syscall_32+0x34/0x80 [ 1525.113477][T21492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1525.113500][T21492] RIP: 0023:0xf70cd539 [ 1525.113519][T21492] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1525.113537][T21492] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 1525.113557][T21492] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 1525.113571][T21492] RDX: 0000000000000037 RSI: 0000000000000000 RDI: 0000000000000000 [ 1525.113583][T21492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1525.113594][T21492] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1525.113606][T21492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1525.113625][T21492]