last executing test programs: 4m53.813817494s ago: executing program 1 (id=3479): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) 4m52.336302177s ago: executing program 1 (id=3483): openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2) r0 = epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) socket$nl_generic(0x10, 0x3, 0x10) r2 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x4452]}, 0x8, 0x800) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha384\x00'}, 0x58) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x249, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0xef8, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0x10000, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x4, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x3, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8d0, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0xfffffffe, 0x9]}, 0x45c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x4e2080, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0xc008ae05, &(0x7f0000000400)={0x1, 0x0, [{0x80000007, 0x800, 0x0, 0x9, 0x4, 0x401, 0x2}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000280)={0x4, 0x0, [{0x80000008, 0x81, 0x0, 0x4, 0x9, 0x1, 0x9}, {0x80000008, 0x3, 0x0, 0x81, 0xd5, 0x4, 0x4}, {0xc0000001, 0xcb7, 0x3, 0x73, 0x3}, {0x40000000, 0xd, 0x6, 0x3, 0x2, 0x3}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xc000000b}) signalfd4(r2, &(0x7f0000000140)={[0xfffffffffffffff9]}, 0x8, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) 4m51.738504841s ago: executing program 1 (id=3489): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) 4m50.240422545s ago: executing program 1 (id=3499): openat$vicodec0(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2) r0 = epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) socket$nl_generic(0x10, 0x3, 0x10) r2 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0)={[0x4452]}, 0x8, 0x800) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha384\x00'}, 0x58) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x249, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0xef8, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0x10000, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x4, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x3, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8d0, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0xfffffffe, 0x9]}, 0x45c) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x4e2080, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0xc008ae05, &(0x7f0000000400)={0x1, 0x0, [{0x80000007, 0x800, 0x0, 0x9, 0x4, 0x401, 0x2}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000280)={0x4, 0x0, [{0x80000008, 0x81, 0x0, 0x4, 0x9, 0x1, 0x9}, {0x80000008, 0x3, 0x0, 0x81, 0xd5, 0x4, 0x4}, {0xc0000001, 0xcb7, 0x3, 0x73, 0x3}, {0x40000000, 0xd, 0x6, 0x3, 0x2, 0x3}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0xc000000b}) signalfd4(r2, &(0x7f0000000140)={[0xfffffffffffffff9]}, 0x8, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) 4m47.26248486s ago: executing program 1 (id=3511): ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) 4m45.435741248s ago: executing program 1 (id=3515): setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="04", 0x1, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x2, 0xa, 0x7, 0x8, 0x7, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_address={0x5, 0x17, 0x32, 0x0, 0x0, @in6={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2f77}}]}, 0x38}}, 0x40810) 4m29.86451752s ago: executing program 32 (id=3515): setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="04", 0x1, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) gettid() r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000002c0)={0x2, 0xa, 0x7, 0x8, 0x7, 0x0, 0x70bd2c, 0x25dfdbfb, [@sadb_address={0x5, 0x17, 0x32, 0x0, 0x0, @in6={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2f77}}]}, 0x38}}, 0x40810) 8.864600315s ago: executing program 3 (id=6576): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f931", 0x38}], 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'lo\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000280)={@multicast2, @loopback}, 0x10) r3 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r4, 0x5452, &(0x7f0000000180)=0xffffffffffffffbf) fdatasync(r5) fcntl$setsig(r4, 0xa, 0x12) ppoll(&(0x7f0000000000)=[{r5, 0x400}], 0x1, 0x0, &(0x7f0000000080)={[0x3ff]}, 0x8) dup2(r4, r5) fcntl$setown(r5, 0x8, r3) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000) tkill(r3, 0x13) 8.591717842s ago: executing program 3 (id=6582): syz_usb_connect(0x2, 0x24, &(0x7f00000025c0)={{0x12, 0x1, 0x201, 0x9, 0x4a, 0x68, 0x8, 0x6cd, 0x10b, 0x7e2f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x2, 0xa0, 0xf3, "", [{{0x9, 0x4, 0xd9, 0x9, 0x0, 0xb7, 0xfa, 0x97, 0x4}}]}}]}}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0}) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100), 0x842, 0x0) 7.704688621s ago: executing program 5 (id=6597): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x5a2119bf86ff29ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x92, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x0, 0x4, 0x3, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) r0 = socket$kcm(0x1e, 0x5, 0x0) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43) bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xf, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000f02000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) 7.585983604s ago: executing program 5 (id=6599): r0 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0xa68b, 0x100, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000000)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) io_uring_enter(r0, 0x1, 0xeed, 0x1, 0x0, 0x0) 5.711374226s ago: executing program 3 (id=6616): r0 = syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read(r1, &(0x7f0000000380)=""/144, 0x90) syz_usb_control_io$uac1(r0, 0x0, 0x0) io_uring_setup(0x1de0, &(0x7f0000001040)={0x0, 0x764, 0x2, 0xffffffff, 0x1d2}) pwrite64(r1, 0x0, 0x0, 0x4) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]}) close_range(r2, 0xffffffffffffffff, 0x0) 3.381374009s ago: executing program 2 (id=6631): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fa, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x2e3}]}) syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x61) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$NILFS_IOCTL_GET_SUINFO(r0, 0x80186e84, &(0x7f00000000c0)={&(0x7f0000000040), 0x0, 0x10, 0x1, 0x8}) 3.044263955s ago: executing program 5 (id=6634): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r3, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r2, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 2.509658014s ago: executing program 5 (id=6643): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, 0x0, &(0x7f0000000200)=""/51, 0x0}) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340)) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 2.466522994s ago: executing program 2 (id=6644): r0 = io_uring_setup(0x136a, &(0x7f0000000080)={0x0, 0x1f8a, 0x0, 0x3, 0x28c}) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @empty}, 0x20) recvfrom$inet6(r1, 0x0, 0x0, 0x22, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60f91e2e00107300fc040000000000000000000000000000ff02000000000000000000000000000100000000ff"], 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda501009bdeffafde25"}) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.195499305s ago: executing program 3 (id=6649): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@my=0x0}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) lseek(0xffffffffffffffff, 0x2004, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f0000000140)={0x8, 0x100000, 0x6, 0x3077, 0x0, 0x4}) 2.09816485s ago: executing program 5 (id=6651): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r1, 0x18000000000002a0, 0x1c, 0x0, &(0x7f00000011c0)="b9ffddc1ddcccdf175537d53888edfcef6e296510cff24fc83423368", 0x0, 0x600, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.097313629s ago: executing program 2 (id=6653): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xc45, 0x9, 0xfffffffffefffffd, 0x1, 0x10001, 0x7, 0x4002004c1, 0x7ff, 0x369, 0x6, 0x400, 0x8000083, 0x8c, 0x1, 0xe, 0x8d], 0x25000, 0x2850}) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000200)={0x0, 0x19, "7f4b993aed8e5ba4703f7b5f82f16d9bb8063c43840f857089"}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.358299899s ago: executing program 3 (id=6661): fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x25, &(0x7f00000000c0)={0x0, 0x219a, 0x80, 0x8001, 0x143}, &(0x7f0000000000), &(0x7f0000000640), &(0x7f0000000000)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sched_setscheduler(0x0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) r1 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r1, &(0x7f0000000140)='connect aa:aa:aa:aa:aa:10 1', 0x1b) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000080)={0x9, r0, 0x3, {0x9, 0x7}}, 0x1) 1.184283029s ago: executing program 2 (id=6664): ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xa27, 0x0, &(0x7f0000000280)}) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x19, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x20}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000180)) 1.098615386s ago: executing program 4 (id=6666): socket$caif_stream(0x25, 0x1, 0x1) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) splice(r0, 0x0, r4, 0x0, 0x80, 0x6) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) write(r2, 0x0, 0x0) 1.065849476s ago: executing program 0 (id=6667): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000200000000000006040000000000f93132", 0x39}], 0x1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000040)={'lo\x00'}) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000280)={@multicast2, @loopback}, 0x10) r3 = gettid() socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0xffffffffffffffbf) fdatasync(0xffffffffffffffff) fcntl$setsig(0xffffffffffffffff, 0xa, 0x12) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x400}], 0x1, 0x0, &(0x7f0000000080)={[0x3ff]}, 0x8) dup2(0xffffffffffffffff, 0xffffffffffffffff) fcntl$setown(0xffffffffffffffff, 0x8, r3) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000) tkill(r3, 0x13) 1.029599401s ago: executing program 5 (id=6668): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000004c0), 0xa8201, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000080)=0x8000) chdir(0x0) r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000001c0), 0x9640, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4004040) ppoll(&(0x7f0000000040)=[{r1, 0xb00}], 0x1, 0x0, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) read$dsp(r1, &(0x7f0000003200)=""/4088, 0x57d) write$dsp(r0, &(0x7f0000002200)="44e211a385424bf02640ba0d3a219de1033222bea86d14dc6bc540f652f0873cec4d2b540364b6e4ff506bf40b976a8485725d9cfab14bb4c91a5fd888b8b983ef960999942529696b90b853c1f1a3b01af9b0cdc6a605c13de44b58eaf66b597768a5a9bccdb34c1aa1c48b2484cf0f1d68f8b5c1d9f6179459a466a2e865c2a66274717ef95f59fcf4d5b05c4540a35bb64a8fab9af3ad51f3c648121e933ea77809f3901ca59ed3e990ff80d87a814eb6fb68e3305fd9420d4a163ad5654ce60386346b6d1154ecef0f4a782c4459c0a8ca7278655e6f806c4bc2e870000bfcb1346232b0ccce39ee18152165cf3f85e87ae23c4113586cf300b39d7589b28372e554f7d748b618bca2a4298d82864e0d8212f4fbd80fd854691ccac21279bb85aacac8a3301ad2ece3d6061dbcc63e4af0fefc68fab6e5319f6d9e6a2708e41e60b2673d62ec952bae35b854fe7e87bc78e2d1a56cc383e5a1783ce35eaa20868d97eb1198ecae2d6375d7cd6992883aa3bbbdcb93b92b6eca3d6cde5baa92a6adda4540d5fce6d4772e5711b3744210587c05833966b300da0a378787ad06e9d5cba6e569b14c013b8428dad38eb6d2bc547615dac42aca90ac891e6db4d1dd029fe628170433f9229a286a814d39afd5a019db11c185b72c34e01ea5e82a5008a059e6791c9b807c4aab4e9807a5a7896a4c5bfa42f15284c1481618461ce3501cf24a722e74923d01bd7d586eec5d5ccba03eee1c8fc83bc5d73675a11eaaebdcd25fb806155f5e669ed8af3267b214f7d23cf8600ab7e909e7347783b94f235ea797d2c1bd83c7f499c04532f2b63a55b336fa9e5305a4a22cdde74360995ffd241c9592043df3dc99dac462dd43443604ffed04b1ee23b6665e0955e0b38fa71f73af930a9762d6d4d762e11df043a78b90f49f1645acffe61094a20b4caaeca22feca5f66c549cfcda38a1a7b6b79b71aba7a696975a257a94344bf65b7b79212a61f465ee55b530582e8b1dc993c379dd40ab5dd860c5828e2c27afae20539978340db55a68897920c1019e75e0b43b4c93cb1061c98f683f8d407fae9b1a87f2f9cd2b8252059ac39766fc174c344c5224b43bbea978d722c93e727292c738b293da0b9f12b4f11c8f354ae91d644131ce3873612146d79fe3ace49c1446a79e0a324f23cc0b6fb673fc6c34315fa0baf03fb5bd36656a2272c9a4d80a312dfbec125af5aacd2faf633650e3ab54f9fd2c6ee76d5abd9fac547fe7880d0dd9341ac0f095c529d3232447a0d1b28c101a2a95c4a9040041fbdf47ff7da3abe4ee7d8acac57b6553e58f1c5f832e7b920ef3708b98e4917f5b855928344da2ad0a9755d3f90d31f3e427bc869a163844b5e38c62302cc2938b03c132caa4d8044ed92680d406b7d635026f38082b26d6d3dfe80e8f659f1101cec8ea74418699a4fedfcd4ce6f2693cce43123c03122f61b62497bc2fdc2307786943feb7325d645657ae5e58d1e2587003ed4712aba34973199238d3f3d29704ba86538a764abb4d69b9efabcd956fa688536e0661a2a2e0fc84d3e4152187fd90dfbd5023aa12e964d1f3bff4e2c2915f2600a3ab701b177bda95ba8203a45182e03cc07db3b20342cd45d4f8954edebb32fb7fdf49d1952477da9ead5d4ba6de96c42f5923e3dce7188b9e9ec1862dd2fd39d256e1de8cd0906f67a8423b29f0b5bf81539828a1f8ae7e747e6b43bd639c6d6a52a29a0e4944f6b07390fc390770154135acf448ed23c507009af66d20b175723069f8eef06c2cd3edc86bd80ebbe2f5cd56c379d655632b62794aa3757ea10fb232414a9477277261879e88c49e8eb5253c91551c13ed725f3551939533d7c131109d10b4300e24db600f8020b10e9aac24d8572873fac24d149398a3306707c5c3de875eca837e140d23b02637ef888d539b6f0c7fd6d97fd8b9edf9a82bf19d75cec625237a6b9716ac0003d1b8c8db5d04f5231bed4aac9e93da9b6bfea002af81eb77a3ef8cab9878fac2574742277e5403e44844e50e64d1471213c724cf14142291a44ff108c1334fd2aa086aff52cdf1e7c53a3c9757a6717ad360137a50c4968865083c132abfc3a5eba97a4387bd5affdf091f8396b443dad822a15150d68a0d9728c548fb793e6c9d5420561fe683b8b5e89227d357873891e95d87db4a33056f3af5aabdffa3cbaacc44bdbcca971d8e84586545ae5b0e5eb5c7fada201db84c3faf06eb3812c560d7b0c680e9c4908837c5fb10627eb828dc34718004c066b8d999d34fe25b831771eda169c2bd54aab176e851db66c2623a01b8ef09c006c9aeb2fc87502231f75f5e4e01cc2674847c4c4eef86afee4ae3646b25d11d885befe01c43a34d60eff675eabefceba4664fbc211b3f014e315ea8e4c95f5088b82c590695616127cf63ebcee2fd78f3856443d3cb529376d34db3db1a6949cb7c80bc403ba92952b694dec72c540763ce3901d262087bf5a16a89c4151ce2d2d97eb77dce3d93d99e087bc5352cbda39935c686cf294c3ba66fab0135acb713281c90d562fc473df7133df5af7d42e183e4b860ee7b624038141ee757cb14db143ef8e8617eb6cb24a0eb73ef230e417d543f4afc5858c43ad20819bf6eda31bd5c258e66e9703a9b1daa8b34f9db16cae43b131ef258da25272320e2b357357b1d12fd87d9a00551185f3d494426d3f33b0ee84e1ae65508b9916fec12805783a857ac5d70a661fce59088437cf991821d3cf5b0db477dc8f6bb38c8455bb628e563ca45cb65383db9ecfc80386cd05f92ab32bf825a0953c101609ca8239b6ef1fb5a7fcc55642f9b2911df108d64b8c72c5bd31645955056968d4917cbab525ae5994b5dcbd33de392081819012a16be8c1b4f164fa6a1c2d88fd957bd62f28a3e87ba1ffcf644116ffdcf26937d4e64b4e87bd4771b9e0a8d8eba4605a8eac0f8e320b1204eeab358a5a5b2caf3e534c28f9da5598fedc5f13b4a7930a569439c3bc43ac5f5195a29280042278f194f84f8e5ee210223f8a486d568fe4a51bf8ef813c1bd02a669e4e0ea79d1e6bad48257ace2e7feba18123a5e67fd7212a341f92061df472db87f1158b0a2088e48a3680edc29ce3d3156108c04e3b16a1cf18cd70c5f5eeeb59824fb869906679eceb4a6ab8ec8733e72db06403f357e128e3383e2b35269b20f032cc21da717ba3febe02fba9f4893074ee2fd98e85499e36ffe2077348bc541548a34bc32fa0f7c00d84cabfd31e5c75b6769a1ba5770c5217cb03d1f0a8c91ba8d524b42c7365e09d94d95cf43f7ec896718f210fd0ba4ef91a5262daf7cd2bae3c2aad3e2eb925bec9ca7c1b874776dc28784a3719cb191cc317ff897698b2667081cc9db30c96c6510766b65c55c5fd4b8564faca924e6f52c2b181561ee5403184a822f0a207d747602f616c5513cabfe55e525b2bce4d662ae0b9ea68c015d6ca87bc752ed3e527826191a36d23e8032e15f65b3d60a517f16c4ece8bc8b09681bad96a5300f7e30e6848612d67ad853bc1523799c568e46b1dfe0d37cbc202c1332718cfadd4d6938bc0bfb21fc15ad19a0506f669d5c8790b685d81c4acbdb8e1b06918e934b459e3f2b46fe0999e6eae4185edac1cb3e85e8b61de24794d339014c03a285a3d7ba91e00bed2d63b0edb933c290ddd62fb1c56b6d08cb99f47dabd72a667805d63a7784450a1bd1af6dfc2ec785ddb8b86fe4a44a7c8f86c4b19a61fdb701a81bd720bb70f8657e256b0f531ab7848b6206ba7cd4c32b866735a4b46091a0bb6c47c923a3efa99a09c0344228ed412f94c4eca96e6bf6ee75f23a1ae8415a892ff19bd190e1d67b8e1212be638eb179176e4074435ed381a7c2faaee9acbcf873823abd906e92f308b36c6c259e43d13b328ded6bf3c1f4a93a76e9a6d0483875456cf8f30eda231d9f26d6b3861a3f2db165758b0d7aacb7b5a8e9f4d775798556cee8dbe8a94fae8df837f71d66a0aaa48df5c36afa9033ec5283e713806d5a07f82729f9e888d309b713db36256757292443f00f1af08058057373ae710d90cefa5872bbeac931ddd145ba9a64997c0bc53cc59a954f8ee2670caac75e2a63b5a1ca6ca6e3f9287f080b271f34b2e63be2ad4c2b85b7c9683245b12491d221314ab2685e2a44787733af58502245e19af646f65dd26b44dda320d583d9ddd6567d6021dc2d7d731963d6cc790d8b082889045cb749de9857ee4388d0f3c2ef83d405d0a2328bd7f76fa4d3d0a2e8238c979babe572ab3e8ae2768ca212bad33249523fa89fc0498f5f29a68aa7aae681e41284f46b47cc996679c4f1d9936647cb9b47ca8dac8e161b5cc0ff29f48f4a42b6a567f1116a5c239e67069b96862e2ba0cb3d424d4c4810cc1f3da1c61f39e7cca3e519159c057a440db9838f9f14351f64ec24c70a21a874da100af89d4753d274bd87c6574de363d44ee5aa37bb360b3acf347b3a72fac5e66c939daf4c6cbfacb43ab73229cc0badacc30b6c771bee9a7a8e36a5839cf5d68ffac084e69cb7bb34f71fc2244e5d16d056f97f581e3c50112e81d8410b6aa6b33b924cbafbc8dcb163f22f0e7b618ecd22296328e3fafdc2366e49a7ab08fa0d5b55c8aaffa8c9fc2899c07cabcf35748b0f30edb03a8a55807b6c73cd0b64cdd1a77ec0dcb8be359715b284a9476a0013d69c825274f45b6ffa59df58ca07756af102a6bb0efa1b4b356f89c504097cf79c76ca07d325375bfac4d7c8483cabd8d7c9141c96948c32ec87c231b69d6776160b8b31dada7e0837b4c2dc2ecb28f9b0400589c12cde99dc7db30a9d4c4f8a904f6b2f2fba1d0c36544f84db803bef904ec5b1f976345f67688df6e2d866d9eda4a87395b8953c0dc1e93ca742d2141b3591bb0bfdb56a0f8eabf710a3479d8b8f7e3f0e73a6fd29fc946909f77a6ad3044495e4d6e661bc633f4eb63204dd9f47ee85676ec0aa8b713819a280c27f086445d62f258379ffd77ced5d2c8cdf7d87135d6806f340a111f42b042058b96daa2633a6975dc0c5580f93a38e3daba8fdfb21fd94ebb30a2e165a75c1788c1cfe2687af2c3d3908514722e19afb385a74d6ac8cb12ca6232cde2e99d4ac651b280e65b3b897e39984a64d55eb4f65ab0912675c3f334d7c7ce6ecd84044125d98ef9eb6cf46c5d5d01b3ba01fa4bb5ff70ba1d18cba8b28f3980fca9c75441ada9122d497ac2e779277edece11bd175bf79657c37b982acb078591520792cf8278b75177ad1aad8133b2e4a61c561b42f6ab11ff8227d75303720d121ad3f3ad2e350b4cbfb6c5476e0f73e58dd25a18f3b50d0b30a629b2f5e053422c5a18decb3ad311ca978dcb53d44c64f43ceec7f803370a9b4b91e837371c4ed274d636423cb189cfe1302c6605142d5765239c6c86384b7c6de980764793956cacff762f8c4feaef7dee318a977e942e3a2ef45e220857162ac83b0fd4f1deef6510005737e7588dac6679fd8ae630d60bb9509d848f00939134f0c52b2b122bcf7e46ce5ca2592d649ff00252e57d9541bafdfeb6492113f401eb428e543168a96bd06b31a9becd8f0fbb2b89d19479411bbe4e265480cf2a6f34e5bc02a98b9f29b8adc10f9096aa5096fe12ef67d9690388459664f9583095f9bef69f9725a76a2bab82cdefe92fefa283ad56c21ab3e8ea602130ad2d831c0a4fbbb7779476e74674034c6051272ca292540de9bfcb34536604865c759b639c6f1e58699635e037d", 0xffe) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@local, 0x2}) 865.203727ms ago: executing program 0 (id=6669): syz_io_uring_setup(0x408b, &(0x7f0000000400)={0x0, 0x8000, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0, 0x0) syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000000000/0xc000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0, 0x2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0x7f9, &(0x7f0000000040)={0x0, 0xc8df, 0xfc00, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x300, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xfff1, 0xffff}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x20040000) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 865.086275ms ago: executing program 4 (id=6670): r0 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x2) close(0x3) fchdir(r3) open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, 0x0) 767.87605ms ago: executing program 4 (id=6671): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) write(r0, &(0x7f0000000280)="81", 0x1) 757.905992ms ago: executing program 0 (id=6672): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) inotify_init1(0x800) fsopen(&(0x7f0000000080)='autofs\x00', 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000001000/0x3000)=nil, 0x30000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000007000/0x1000)=nil) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, 0x0) 657.452662ms ago: executing program 4 (id=6673): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) r1 = socket$inet6(0xa, 0x80002, 0x0) close(0x3) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300), 0x84, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, 0x0, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/udp6\x00') preadv(r4, &(0x7f00000006c0)=[{&(0x7f0000000340)=""/210, 0xd2}, {&(0x7f0000000200)=""/136, 0x88}], 0x2, 0x1, 0x804) 642.069759ms ago: executing program 2 (id=6674): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e14060200a100000e000a001000000002", 0x29}, {&(0x7f00000000c0)="78685b0bd1", 0x5}], 0x2}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x40000) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) 517.212715ms ago: executing program 0 (id=6675): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x9, 0x4d032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 447.864921ms ago: executing program 4 (id=6676): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_x25_SIOCDELRT(r0, 0x890c, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, 0x0) sendmmsg$inet6(r1, 0x0, 0x0, 0x40010) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000006140), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r2, &(0x7f0000006240)={&(0x7f0000006100)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040800}, 0x850) syz_genetlink_get_family_id$nl80211(0x0, r2) 378.657604ms ago: executing program 3 (id=6677): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) io_uring_setup(0x3450, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) poll(&(0x7f0000000100)=[{r1, 0x84}], 0x1, 0x3ff) sendto$inet(r1, &(0x7f0000000140)='^', 0x34000, 0x0, &(0x7f0000004ff0)={0x2, 0x0, @rand_addr=0xfffffffffffffffe}, 0x10) listen(r1, 0xda90) accept4(r1, 0x0, 0x0, 0x0) 309.661535ms ago: executing program 2 (id=6678): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="0000000000004a641c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000980)=ANY=[@ANYBLOB="3c0000001000030425bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0005000082180000140012800b00010062726964676500000400028008000a00", @ANYRES32=r5], 0x3c}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000) 262.2617ms ago: executing program 0 (id=6679): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r3, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000000)={0xa0000001}) epoll_pwait(r4, &(0x7f0000000040)=[{}], 0x1, 0xff, 0x0, 0x2000) 190.968355ms ago: executing program 4 (id=6680): syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) 0s ago: executing program 0 (id=6681): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000001340)) syz_usb_connect$lan78xx(0x5, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(r1, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r2 = dup2(r0, r0) read$FUSE(r2, &(0x7f00000063c0)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): tected capacity change from 0 to 8 [ 461.876973][T11475] Dev loop8: unable to read RDB block 8 [ 461.877031][T11475] loop8: unable to read partition table [ 461.877265][T11475] loop8: partition table beyond EOD, truncated [ 461.877299][T11475] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 465.653654][ T1004] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 465.803630][ T1004] usb 3-1: Using ep0 maxpacket: 32 [ 465.806864][ T1004] usb 3-1: config 10 has an invalid interface number: 251 but max is 0 [ 465.806891][ T1004] usb 3-1: config 10 has no interface number 0 [ 465.806945][ T1004] usb 3-1: config 10 interface 251 has no altsetting 0 [ 465.811813][ T1004] usb 3-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice= 5.ff [ 465.811842][ T1004] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.811865][ T1004] usb 3-1: Product: syz [ 465.811880][ T1004] usb 3-1: Manufacturer: syz [ 465.811895][ T1004] usb 3-1: SerialNumber: syz [ 466.124348][ T1004] gspca_main: sunplus-2.14.0 probing 052b:1803 [ 466.124913][ T1004] gspca_sunplus: reg_r err -71 [ 466.125002][ T1004] sunplus 3-1:10.251: probe with driver sunplus failed with error -71 [ 466.128831][ T1004] usb 3-1: USB disconnect, device number 11 [ 468.943608][ T5882] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 469.105190][ T5882] usb 3-1: Using ep0 maxpacket: 32 [ 469.108970][ T5882] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 469.108999][ T5882] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 469.109020][ T5882] usb 3-1: config 0 has no interface number 0 [ 469.128150][ T5882] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 469.128247][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.128304][ T5882] usb 3-1: Product: syz [ 469.128349][ T5882] usb 3-1: Manufacturer: syz [ 469.128397][ T5882] usb 3-1: SerialNumber: syz [ 469.248543][ T5882] usb 3-1: config 0 descriptor?? [ 469.287844][ T5882] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 469.287879][ T5882] cx231xx 3-1:0.1: Not found matching IAD interface [ 469.596713][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 469.597362][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 470.271946][ T819] usb 3-1: USB disconnect, device number 12 [ 480.331747][T11817] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 481.064870][T11834] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2470'. [ 481.064898][T11834] nbd: must specify at least one socket [ 484.063961][ T5882] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 484.233547][ T5882] usb 3-1: Using ep0 maxpacket: 32 [ 484.237766][ T5882] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 484.237794][ T5882] usb 3-1: config 0 has no interface number 0 [ 484.269968][ T5882] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 484.270000][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.270022][ T5882] usb 3-1: Product: syz [ 484.270037][ T5882] usb 3-1: Manufacturer: syz [ 484.270053][ T5882] usb 3-1: SerialNumber: syz [ 484.363555][ T5882] usb 3-1: config 0 descriptor?? [ 485.623572][ T1004] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 485.651642][ T5882] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 485.651674][ T5882] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 485.652197][ T5882] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 485.652510][ T5882] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 485.703154][ T5882] usb 3-1: USB disconnect, device number 13 [ 485.773727][ T1004] usb 2-1: Using ep0 maxpacket: 8 [ 485.778328][ T1004] usb 2-1: config 8 has an invalid interface number: 37 but max is 0 [ 485.778354][ T1004] usb 2-1: config 8 has no interface number 0 [ 485.778382][ T1004] usb 2-1: config 8 interface 37 has no altsetting 0 [ 485.810910][ T1004] usb 2-1: New USB device found, idVendor=55aa, idProduct=a103, bcdDevice=2b.c9 [ 485.810941][ T1004] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.810961][ T1004] usb 2-1: Product: syz [ 485.810976][ T1004] usb 2-1: Manufacturer: syz [ 485.810992][ T1004] usb 2-1: SerialNumber: syz [ 486.430771][ T1004] ums-sddr55 2-1:8.37: USB Mass Storage device detected [ 486.855223][ T1004] usb 2-1: USB disconnect, device number 13 [ 487.459905][T11980] loop2: detected capacity change from 0 to 7 [ 487.574347][T11980] Dev loop2: unable to read RDB block 7 [ 487.574401][T11980] loop2: unable to read partition table [ 487.574632][T11980] loop2: partition table beyond EOD, truncated [ 487.574665][T11980] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 487.730349][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 487.730369][ T37] audit: type=1326 audit(1776854833.897:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11986 comm="syz.3.2534" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x0 [ 489.003654][ T5882] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 489.087494][T12032] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2555'. [ 489.087525][T12032] netlink: 84 bytes leftover after parsing attributes in process `syz.2.2555'. [ 489.088090][T12032] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 489.158172][ T5882] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959 [ 489.158207][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 489.158231][ T5882] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 489.178231][ T5882] usb 1-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 489.178265][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.178287][ T5882] usb 1-1: Product: syz [ 489.178302][ T5882] usb 1-1: Manufacturer: syz [ 489.178318][ T5882] usb 1-1: SerialNumber: syz [ 489.235587][ T5882] usb 1-1: config 0 descriptor?? [ 489.239316][T12021] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 489.472492][ T1004] usb 1-1: USB disconnect, device number 19 [ 490.038364][T12056] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 490.299193][T12063] netlink: 'syz.0.2567': attribute type 4 has an invalid length. [ 490.498425][T12073] misc userio: Invalid payload size [ 495.213586][ T5881] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 495.474693][ T5881] usb 4-1: Using ep0 maxpacket: 16 [ 495.477139][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.477173][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 495.477198][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 495.477241][ T5881] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 495.477333][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.542046][ T5881] usb 4-1: config 0 descriptor?? [ 496.015372][ T5928] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 496.553909][ T5881] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.000F/input/input17 [ 497.026764][ T5928] usb 2-1: Using ep0 maxpacket: 16 [ 497.060214][ T5928] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 497.060248][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.144410][ T5928] usb 2-1: config 0 descriptor?? [ 497.240524][ T5928] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 497.294728][ T5881] appleir 0003:05AC:8241.000F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0 [ 497.632521][T12161] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2607'. [ 497.827471][T12162] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2607'. [ 497.827501][T12162] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2607'. [ 498.238572][T12173] binder: 12172:12173 ioctl c018620c 200000000000 returned -22 [ 498.426060][ T5928] gspca_sonixj: reg_w1 err -71 [ 498.443656][ T5928] sonixj 2-1:0.0: probe with driver sonixj failed with error -71 [ 498.483751][ T5928] usb 2-1: USB disconnect, device number 14 [ 500.346621][T12200] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2624'. [ 500.352193][ T6041] usb 4-1: USB disconnect, device number 8 [ 501.479149][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.479224][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.994691][ T819] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 504.569654][ T819] usb 3-1: Using ep0 maxpacket: 32 [ 504.661905][ T819] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 504.982162][ T819] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 504.982207][ T819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.982266][ T819] usb 3-1: Product: syz [ 504.982283][ T819] usb 3-1: Manufacturer: syz [ 504.982343][ T819] usb 3-1: SerialNumber: syz [ 505.540146][ T819] usb 3-1: config 0 descriptor?? [ 505.631418][ T819] smsc95xx 3-1:0.0 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 505.632677][ T819] smsc95xx 3-1:0.0: probe with driver smsc95xx failed with error -22 [ 505.707801][ T59] Bluetooth: hci3: unexpected event 0x05 length: 101 > 4 [ 505.775565][ T819] usb 3-1: USB disconnect, device number 14 [ 506.486995][T12315] netlink: 'syz.3.2673': attribute type 15 has an invalid length. [ 506.879438][T12331] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2679'. [ 506.908755][T12328] bridge_slave_0: left allmulticast mode [ 506.908787][T12328] bridge_slave_0: left promiscuous mode [ 506.909056][T12328] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.981127][T12328] bridge_slave_1: left allmulticast mode [ 506.981158][T12328] bridge_slave_1: left promiscuous mode [ 506.998408][T12328] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.624296][T12328] bond0: (slave bond_slave_0): Releasing backup interface [ 508.043312][T12328] bond0: (slave bond_slave_1): Releasing backup interface [ 508.288966][T12328] team0: Port device team_slave_0 removed [ 508.425308][ T5882] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 508.583641][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 508.586250][ T5882] usb 3-1: config 0 has no interfaces? [ 508.586288][ T5882] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 508.586314][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 508.591630][T12328] team0: Port device team_slave_1 removed [ 508.602658][T12328] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 508.602690][T12328] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 509.501449][ T5882] usb 3-1: config 0 descriptor?? [ 509.832573][T12328] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 509.832603][T12328] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 509.952183][T12328] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 510.007777][T12331] team0: Mode "" not found [ 510.595305][ T819] usb 3-1: USB disconnect, device number 15 [ 510.903634][ T6065] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 511.053649][ T6065] usb 2-1: Using ep0 maxpacket: 16 [ 511.055951][ T6065] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 511.055977][ T6065] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 511.055998][ T6065] usb 2-1: config 0 has no interface number 0 [ 511.058922][ T6065] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 511.058950][ T6065] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.058972][ T6065] usb 2-1: Product: syz [ 511.058987][ T6065] usb 2-1: Manufacturer: syz [ 511.059002][ T6065] usb 2-1: SerialNumber: syz [ 511.198705][ T6065] usb 2-1: config 0 descriptor?? [ 511.254530][ T6065] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3) [ 511.254564][ T6065] uvcvideo 2-1:0.105: No valid video chain found. [ 511.409500][ T6041] usb 2-1: USB disconnect, device number 15 [ 514.027790][T12480] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2735'. [ 516.012066][ T59] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 520.224920][ T6065] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 520.373623][ T6065] usb 4-1: Using ep0 maxpacket: 32 [ 520.378960][ T6065] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.379065][ T6065] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 520.379123][ T6065] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 520.379146][ T6065] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.465076][ T6065] usb 4-1: config 0 descriptor?? [ 520.527137][ T6065] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 521.900331][T12737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2849'. [ 522.824021][ T5928] usb 4-1: USB disconnect, device number 9 [ 522.981794][T12754] bond1: (slave vxcan5): The slave device specified does not support setting the MAC address [ 523.002675][T12754] bond1: (slave vxcan5): Error -95 calling set_mac_address [ 524.372520][T12813] input: syz0 as /devices/virtual/input/input18 [ 528.203629][ T819] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 528.356601][ T819] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 528.356636][ T819] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.390029][ T819] usb 2-1: config 0 descriptor?? [ 528.404395][ T819] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 528.531057][T12944] sctp: [Deprecated]: syz.2.2939 (pid 12944) Use of struct sctp_assoc_value in delayed_ack socket option. [ 528.531057][T12944] Use struct sctp_sack_info instead [ 528.531474][T12944] sctp: [Deprecated]: syz.2.2939 (pid 12944) Use of struct sctp_assoc_value in delayed_ack socket option. [ 528.531474][T12944] Use struct sctp_sack_info instead [ 529.683211][ T819] gspca_stv06xx: I2C: Read error writing address: -71 [ 529.714436][ T819] usb 2-1: USB disconnect, device number 16 [ 531.983601][ T6041] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 532.143726][ T6041] usb 3-1: Using ep0 maxpacket: 32 [ 532.153085][ T6041] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 532.153114][ T6041] usb 3-1: config 0 has no interface number 0 [ 532.153161][ T6041] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 532.153184][ T6041] usb 3-1: config 0 interface 1 has no altsetting 0 [ 532.177930][ T6041] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 532.177962][ T6041] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.177983][ T6041] usb 3-1: Product: syz [ 532.177998][ T6041] usb 3-1: Manufacturer: syz [ 532.178012][ T6041] usb 3-1: SerialNumber: syz [ 532.282044][ T6041] usb 3-1: config 0 descriptor?? [ 532.512830][ T6041] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 532.512867][ T6041] cx231xx 3-1:0.1: Not found matching IAD interface [ 532.539518][ T6041] usb 3-1: USB disconnect, device number 16 [ 533.043989][ T6041] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 533.196547][ T6041] usb 3-1: Using ep0 maxpacket: 32 [ 533.199980][ T6041] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 533.200008][ T6041] usb 3-1: config 0 has no interface number 0 [ 533.200054][ T6041] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 533.200077][ T6041] usb 3-1: config 0 interface 1 has no altsetting 0 [ 533.246290][ T6041] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 533.246326][ T6041] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.246350][ T6041] usb 3-1: Product: syz [ 533.246365][ T6041] usb 3-1: Manufacturer: syz [ 533.246381][ T6041] usb 3-1: SerialNumber: syz [ 533.248427][T13109] overlayfs: failed to resolve './bus': -2 [ 533.307470][ T6041] usb 3-1: config 0 descriptor?? [ 533.550415][ T6041] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 533.550469][ T6041] cx231xx 3-1:0.1: Not found matching IAD interface [ 533.577936][ T6041] usb 3-1: USB disconnect, device number 17 [ 538.293723][ T6059] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 538.483670][ T6059] usb 4-1: Using ep0 maxpacket: 8 [ 538.521123][ T6059] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 538.521198][ T6059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.521262][ T6059] usb 4-1: Product: syz [ 538.521323][ T6059] usb 4-1: Manufacturer: syz [ 538.521340][ T6059] usb 4-1: SerialNumber: syz [ 539.050353][ T6059] usb 4-1: config 0 descriptor?? [ 539.954360][ T6059] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 540.521556][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 540.522618][ T6059] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 540.748922][ T6059] usb 4-1: USB disconnect, device number 10 [ 543.685388][T13257] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3079'. [ 544.633051][T13285] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3090'. [ 546.243794][ T6065] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 546.393666][ T6065] usb 2-1: Using ep0 maxpacket: 8 [ 546.396679][ T6065] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 546.396710][ T6065] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 546.396737][ T6065] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 546.396764][ T6065] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 546.396808][ T6065] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 546.396833][ T6065] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.722809][ T6065] usb 2-1: GET_CAPABILITIES returned 0 [ 546.722860][ T6065] usbtmc 2-1:16.0: can't read capabilities [ 547.274005][ T6065] usb 2-1: USB disconnect, device number 17 [ 551.503567][ T6065] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 551.654895][ T6065] usb 3-1: Using ep0 maxpacket: 32 [ 551.657459][ T6065] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.657492][ T6065] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.659713][ T6065] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 551.659745][ T6065] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 551.659768][ T6065] usb 3-1: Product: syz [ 551.659784][ T6065] usb 3-1: Manufacturer: syz [ 551.737957][ T6065] hub 3-1:4.0: USB hub found [ 551.957596][ T6065] hub 3-1:4.0: 2 ports detected [ 551.959143][T13480] netlink: 'syz.3.3175': attribute type 4 has an invalid length. [ 552.446535][T13494] tipc: Failed to remove unknown binding: 66,0,0/0:785203066/785203068 [ 552.446661][T13494] tipc: Failed to remove unknown binding: 66,0,0/0:785203066/785203067 [ 553.000907][ T6059] usb 3-1: USB disconnect, device number 18 [ 553.001080][ T6065] hub 3-1:4.0: hub_ext_port_status failed (err = -71) [ 555.283561][ T1004] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 555.443696][ T1004] usb 4-1: Using ep0 maxpacket: 8 [ 555.447719][ T1004] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 129, changing to 7 [ 555.450722][ T1004] usb 4-1: New USB device found, idVendor=0763, idProduct=2003, bcdDevice= 0.40 [ 555.450753][ T1004] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.450776][ T1004] usb 4-1: Product: syz [ 555.450792][ T1004] usb 4-1: Manufacturer: syz [ 555.450808][ T1004] usb 4-1: SerialNumber: syz [ 555.808756][ T1004] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 556.077358][ T1004] usb 4-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 556.077389][ T1004] usb 4-1: 2:1 : sample bitwidth 9 in over sample bytes 1 [ 556.077421][ T1004] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 556.077438][ T1004] usb 4-1: 2:1 : invalid channels 0 [ 556.323626][ T5882] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 557.577531][ T5882] usb 2-1: Using ep0 maxpacket: 32 [ 557.580346][ T5882] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 557.580375][ T5882] usb 2-1: config 0 has no interface number 0 [ 557.612854][ T5882] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 557.612888][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 557.612909][ T5882] usb 2-1: Product: syz [ 557.612925][ T5882] usb 2-1: Manufacturer: syz [ 557.612940][ T5882] usb 2-1: SerialNumber: syz [ 557.704396][ T5882] usb 2-1: config 0 descriptor?? [ 557.724246][ T5882] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 557.921185][ T1004] usb 4-1: USB disconnect, device number 11 [ 558.087285][ T5882] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 558.166827][ T5882] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 558.386627][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 558.405767][ T5882] usb 2-1: USB disconnect, device number 18 [ 558.669297][ T5882] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 558.785341][ T5882] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 558.793361][ T5882] quatech2 2-1:0.51: device disconnected [ 558.821648][ T9552] udevd[9552]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 559.080198][ T37] audit: type=1326 audit(1776854905.247:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13606 comm="syz.3.3232" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x0 [ 560.281834][T13652] loop0: detected capacity change from 0 to 7 [ 560.435178][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 560.437744][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.437947][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.438363][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.438395][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.503943][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.503980][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.505013][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.505042][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.506339][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.506373][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.601292][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.601331][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.601620][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.601651][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.601851][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.601879][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.602937][T13652] ldm_validate_partition_table(): Disk read failed. [ 560.603211][ C1] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 560.603269][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.665006][ C1] Buffer I/O error on dev loop0, logical block 0, async page read [ 560.714224][T13652] Dev loop0: unable to read RDB block 0 [ 560.715381][T13652] loop0: unable to read partition table [ 560.715605][T13652] loop0: partition table beyond EOD, truncated [ 560.715638][T13652] loop_reread_partitions: partition scan of loop0 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 562.864228][ T1004] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 562.921040][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.921113][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.046278][ T1004] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 563.046314][ T1004] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.115489][ T1004] usb 2-1: config 0 descriptor?? [ 563.163275][ T1004] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 563.604829][ T1004] gspca_cpia1: usb_control_msg 03, error -71 [ 563.605246][ T1004] gspca_cpia1: usb_control_msg 01, error -71 [ 563.605270][ T1004] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 563.665416][ T1004] usb 2-1: USB disconnect, device number 19 [ 565.581811][T13794] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3318'. [ 565.833609][ T5882] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 565.975160][ T1004] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 566.004087][ T5882] usb 3-1: unable to get BOS descriptor or descriptor too short [ 566.006219][ T5882] usb 3-1: not running at top speed; connect to a high speed hub [ 566.010886][ T5882] usb 3-1: New USB device found, idVendor=2a39, idProduct=3fd4, bcdDevice= 0.40 [ 566.010917][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.010940][ T5882] usb 3-1: Product: syz [ 566.010955][ T5882] usb 3-1: Manufacturer: syz [ 566.010971][ T5882] usb 3-1: SerialNumber: syz [ 566.193758][ T1004] usb 2-1: Using ep0 maxpacket: 32 [ 566.196595][ T1004] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 566.196624][ T1004] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 566.196646][ T1004] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 566.196668][ T1004] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 92 [ 566.196708][ T1004] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 566.196733][ T1004] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.416706][T13794] binder: 13793:13794 ioctl 400c620e 200000000240 returned -22 [ 566.508935][ T5882] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 566.513044][ T5882] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 566.654572][ T1296] Bluetooth: (null): Invalid header checksum [ 566.662835][ T1004] usb 2-1: USB disconnect, device number 20 [ 566.751378][ T5882] usb 3-1: USB disconnect, device number 19 [ 567.092411][T13686] udevd[13686]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 572.039766][T13915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3371'. [ 572.325163][ T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 572.477461][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 572.490698][ T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 572.490738][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.490760][ T10] usb 3-1: Product: syz [ 572.490776][ T10] usb 3-1: Manufacturer: syz [ 572.490791][ T10] usb 3-1: SerialNumber: syz [ 572.545563][ T10] usb 3-1: config 0 descriptor?? [ 572.768331][ T10] snd-usb-6fire 3-1:0.0: unable to receive device firmware state. [ 572.768378][ T10] snd-usb-6fire 3-1:0.0: probe with driver snd-usb-6fire failed with error -71 [ 572.801826][ T10] usb 3-1: USB disconnect, device number 20 [ 584.185105][T14136] ptrace attach of "./syz-executor exec"[5820] was attempted by "./syz-executor exec"[14136] [ 585.624584][ T5928] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 585.813681][ T5928] usb 2-1: Using ep0 maxpacket: 16 [ 585.822455][ T5928] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 585.822554][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.106684][ T5928] usb 2-1: config 0 descriptor?? [ 586.239554][ T5928] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 586.840679][ T5928] gspca_sonixj: reg_w1 err -110 [ 586.856932][ T5928] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 589.262786][ T6059] usb 2-1: USB disconnect, device number 21 [ 593.993322][T14203] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 594.039380][T14188] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 594.039410][T14188] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 594.070117][T14196] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 594.070149][T14196] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 594.141294][T14188] vhci_hcd vhci_hcd.0: Device attached [ 594.148583][T14196] vhci_hcd vhci_hcd.0: Device attached [ 594.162653][T14199] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(11) [ 594.162674][T14199] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 594.184546][T14203] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(17) [ 594.184577][T14203] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 594.184640][T14203] vhci_hcd vhci_hcd.0: Device attached [ 594.185062][T14199] vhci_hcd vhci_hcd.0: Device attached [ 594.373113][T14207] vhci_hcd: connection closed [ 594.378927][T14215] vhci_hcd: connection closed [ 594.381981][T14208] vhci_hcd: connection closed [ 594.382030][T14213] vhci_hcd: connection closed [ 594.405009][ T1004] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 594.493634][T14211] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 594.528451][ T1296] vhci_hcd vhci_hcd.2: stop threads [ 594.529437][ T1296] vhci_hcd vhci_hcd.2: release socket [ 594.608024][ T1296] vhci_hcd vhci_hcd.2: disconnect device [ 594.608699][ T1296] vhci_hcd vhci_hcd.2: stop threads [ 594.608722][ T1296] vhci_hcd vhci_hcd.2: release socket [ 594.656291][ T1296] vhci_hcd vhci_hcd.2: disconnect device [ 594.656402][ T1296] vhci_hcd vhci_hcd.2: stop threads [ 594.656423][ T1296] vhci_hcd vhci_hcd.2: release socket [ 594.660727][ T1296] vhci_hcd vhci_hcd.2: disconnect device [ 594.662205][ T1296] vhci_hcd vhci_hcd.2: stop threads [ 594.662237][ T1296] vhci_hcd vhci_hcd.2: release socket [ 594.738272][ T1296] vhci_hcd vhci_hcd.2: disconnect device [ 595.601034][T14188] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 600.820681][ T1004] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 604.171942][ T6059] usb usb38-port1: attempt power cycle [ 605.784066][T14349] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3539'. [ 608.785085][ T6059] usb usb38-port1: unable to enumerate USB device [ 610.006327][ T36] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 610.067826][T14349] nbd: socks must be embedded in a SOCK_ITEM attr [ 611.661025][T14392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3553'. [ 612.385649][ T37] audit: type=1326 audit(1776854958.557:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.385987][ T37] audit: type=1326 audit(1776854958.557:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.386289][ T37] audit: type=1326 audit(1776854958.557:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.387332][ T37] audit: type=1326 audit(1776854958.557:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.387620][ T37] audit: type=1326 audit(1776854958.557:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.387950][ T37] audit: type=1326 audit(1776854958.557:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.388557][ T37] audit: type=1326 audit(1776854958.557:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.388897][ T37] audit: type=1326 audit(1776854958.557:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.389173][ T37] audit: type=1326 audit(1776854958.557:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.389604][ T37] audit: type=1326 audit(1776854958.557:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14419 comm="syz.3.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 612.392002][T14420] loop2: detected capacity change from 0 to 7 [ 612.678201][T14420] loop2: [ 612.678236][T14420] loop2: partition table partially beyond EOD, truncated [ 617.791381][ T5133] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 617.880915][ T5133] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 617.896938][ T5133] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 617.898172][ T5133] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 617.945657][ T5133] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 620.114104][ T59] Bluetooth: hci5: command tx timeout [ 620.149442][T14470] chnl_net:caif_netlink_parms(): no params data found [ 622.193989][ T59] Bluetooth: hci5: command tx timeout [ 622.443661][T14543] netlink: 72 bytes leftover after parsing attributes in process `syz.3.3609'. [ 622.443787][T14543] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3609'. [ 624.106076][T14470] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.125127][T14470] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.125379][T14470] bridge_slave_0: entered allmulticast mode [ 624.129972][T14470] bridge_slave_0: entered promiscuous mode [ 624.169626][T14470] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.172816][T14470] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.199944][T14470] bridge_slave_1: entered allmulticast mode [ 624.219905][T14470] bridge_slave_1: entered promiscuous mode [ 624.285691][ T59] Bluetooth: hci5: command tx timeout [ 624.386435][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.386516][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.945567][ T5928] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 625.134531][ T5928] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 625.134561][ T5928] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 625.135347][ T5928] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 625.135377][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.201367][ T5928] usb 4-1: config 0 descriptor?? [ 625.220578][ T5928] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 625.220641][ T5928] dvb-usb: bulk message failed: -22 (3/0) [ 625.298746][ T5928] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 625.299688][ T5928] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 625.299743][ T5928] usb 4-1: media controller created [ 625.326383][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 625.364745][ T5928] dvb-usb: bulk message failed: -22 (6/0) [ 625.364875][ T5928] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 625.370188][ T5928] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input20 [ 625.426152][T14576] dibusb: i2c wr: len=65 is too big! [ 625.426152][T14576] [ 625.430337][ T5928] dvb-usb: schedule remote query interval to 150 msecs. [ 625.430361][ T5928] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 625.464142][ T5928] usb 4-1: USB disconnect, device number 12 [ 625.762814][ T98] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.970477][ T5928] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 626.677825][ T59] Bluetooth: hci5: command tx timeout [ 627.184474][T14470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 627.209162][T14470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 627.845508][ T98] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 627.928977][T14470] team0: Port device team_slave_0 added [ 627.947940][T14470] team0: Port device team_slave_1 added [ 631.240234][ T98] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.685265][T14470] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 632.685284][T14470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.685315][T14470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 632.759656][T14470] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 632.759674][T14470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 632.759704][T14470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 633.496333][ T98] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.730671][T14470] hsr_slave_0: entered promiscuous mode [ 633.739472][T14470] hsr_slave_1: entered promiscuous mode [ 633.742855][T14470] debugfs: 'hsr0' already exists in 'hsr' [ 633.742880][T14470] Cannot create hsr debugfs directory [ 637.188669][ T98] bridge_slave_1: left allmulticast mode [ 637.257236][ T98] bridge_slave_1: left promiscuous mode [ 637.324996][ T98] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.696447][ T98] bridge_slave_0: left allmulticast mode [ 637.696479][ T98] bridge_slave_0: left promiscuous mode [ 637.696825][ T98] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.224333][ T98] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 640.295490][ T98] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 640.327714][ T98] bond0 (unregistering): Released all slaves [ 640.641128][ T5478] 8021q: adding VLAN 0 to HW filter on device eth1 [ 641.185225][ T6059] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 642.294446][ T6059] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 642.294480][ T6059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.294503][ T6059] usb 4-1: Product: syz [ 642.294519][ T6059] usb 4-1: Manufacturer: syz [ 642.294535][ T6059] usb 4-1: SerialNumber: syz [ 642.374635][ T6059] usb 4-1: config 0 descriptor?? [ 642.607139][ T6059] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 644.011356][ T6059] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 644.031160][ T6059] usb 4-1: USB disconnect, device number 13 [ 644.265363][T14889] IPVS: set_ctl: invalid protocol: 33 172.20.20.170:20002 [ 647.268143][T14470] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 647.823911][T14470] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 649.473766][T14470] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 649.705411][T14470] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 649.803452][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 649.823442][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 649.833441][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 649.843431][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 651.373708][T14470] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 651.608330][T14470] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 652.672072][ T98] hsr_slave_0: left promiscuous mode [ 652.831857][ T98] hsr_slave_1: left promiscuous mode [ 652.873594][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 652.873787][ T98] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 652.967629][ T98] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 652.967657][ T98] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 653.169759][ T98] veth1_macvtap: left promiscuous mode [ 653.199778][ T98] veth0_macvtap: left promiscuous mode [ 653.200122][ T98] veth1_vlan: left promiscuous mode [ 653.249710][ T98] veth0_vlan: left promiscuous mode [ 655.015980][T15018] binder: 15012:15018 ioctl 400c620e 2000000003c0 returned -22 [ 655.976110][T15044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3819'. [ 656.145048][ T6059] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 656.343545][ T6059] usb 3-1: Using ep0 maxpacket: 16 [ 656.345684][ T6059] usb 3-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 656.345717][ T6059] usb 3-1: config 0 interface 0 has no altsetting 0 [ 656.345749][ T6059] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 656.345772][ T6059] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 656.374461][ T6059] usb 3-1: config 0 descriptor?? [ 656.619847][T15040] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 657.074095][ T6041] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 657.223861][ T6041] usb 4-1: Using ep0 maxpacket: 16 [ 657.227152][ T6041] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 657.227179][ T6041] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 657.227231][ T6041] usb 4-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 657.227255][ T6041] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.318468][ T6041] usb 4-1: config 0 descriptor?? [ 659.505274][ T6059] usbhid 3-1:0.0: can't add hid device: -71 [ 659.505390][ T6059] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 659.614215][ T6059] usb 3-1: USB disconnect, device number 21 [ 660.847908][ T6041] usb 4-1: USB disconnect, device number 14 [ 664.114165][T15129] ubi31: attaching mtd0 [ 664.118322][T15129] ubi31: scanning is finished [ 664.118337][T15129] ubi31: empty MTD device detected [ 665.042125][ T98] team0 (unregistering): Port device team_slave_1 removed [ 665.091717][T15129] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 665.251409][ T98] team0 (unregistering): Port device team_slave_0 removed [ 668.716672][T14470] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 668.838711][T14470] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 669.011579][ T5478] 8021q: adding VLAN 0 to HW filter on device eth2 [ 673.003044][T14470] 8021q: adding VLAN 0 to HW filter on device bond0 [ 673.069992][T14470] 8021q: adding VLAN 0 to HW filter on device team0 [ 673.095462][T12370] bridge0: port 1(bridge_slave_0) entered blocking state [ 673.096676][T12370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 673.151907][T12369] bridge0: port 2(bridge_slave_1) entered blocking state [ 673.152045][T12369] bridge0: port 2(bridge_slave_1) entered forwarding state [ 677.240813][T15270] binder: 15268:15270 ioctl c0306201 0 returned -14 [ 677.255324][T15270] binder: BINDER_SET_CONTEXT_MGR already set [ 677.255339][T15270] binder: 15268:15270 ioctl 4018620d 200000004a80 returned -16 [ 677.344631][T15273] binder: 15268:15273 ioctl c0306201 0 returned -14 [ 677.859722][T14474] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 677.907253][T14474] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 677.908800][T14474] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 677.911234][T14474] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 677.912419][T14474] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 678.569446][T15304] usb usb8: usbfs: process 15304 (syz.2.3913) did not claim interface 0 before use [ 678.769475][ T5478] 8021q: adding VLAN 0 to HW filter on device eth3 [ 680.034523][T14474] Bluetooth: hci1: command tx timeout [ 680.072759][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 680.072778][ T37] audit: type=1800 audit(1776855026.227:60): pid=15323 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.3917" name="file1" dev="tmpfs" ino=2744 res=0 errno=0 [ 680.373677][ T1004] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 680.620330][ T1004] usb 3-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice= 9.00 [ 680.620379][ T1004] usb 3-1: New USB device strings: Mfr=0, Product=16, SerialNumber=0 [ 680.620402][ T1004] usb 3-1: Product: syz [ 680.649531][ T1004] usb 3-1: config 0 descriptor?? [ 680.681757][ T1004] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 680.703598][ T1004] usb 3-1: Detected FT232H [ 681.209669][T15350] PKCS7: Unknown OID: [4] 0.0 [ 681.209712][T15350] PKCS7: Only support pkcs7_signedData type [ 681.876117][T15350] netlink: 452 bytes leftover after parsing attributes in process `syz.3.3925'. [ 681.926825][T15347] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3917'. [ 682.113973][T14474] Bluetooth: hci1: command tx timeout [ 682.137675][ T1004] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 682.138150][ T1004] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 682.138671][ T1004] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 682.240016][ T1004] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 682.303669][ T1004] usb 3-1: USB disconnect, device number 22 [ 682.372103][ T1004] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 682.392454][ T1004] ftdi_sio 3-1:0.0: device disconnected [ 682.517279][ T5478] 8021q: adding VLAN 0 to HW filter on device eth4 [ 682.543223][T15284] chnl_net:caif_netlink_parms(): no params data found [ 684.240454][T14474] Bluetooth: hci1: command tx timeout [ 686.368458][T14474] Bluetooth: hci1: command tx timeout [ 687.074395][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 687.074467][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 688.056995][T15429] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 688.663866][T15432] faux_driver vkms: [drm] Unknown color mode 262147; guessing buffer size. [ 688.983518][ T5882] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 689.080360][T15443] random: crng reseeded on system resumption [ 689.249481][ T5882] usb 3-1: config 0 has an invalid interface number: 148 but max is 0 [ 689.249541][ T5882] usb 3-1: config 0 has no interface number 0 [ 689.249708][ T5882] usb 3-1: config 0 interface 148 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 10 [ 689.573796][ T5882] usb 3-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.ec [ 689.573830][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.573868][ T5882] usb 3-1: Product: syz [ 689.573935][ T5882] usb 3-1: Manufacturer: syz [ 689.573952][ T5882] usb 3-1: SerialNumber: syz [ 689.810667][ T5882] usb 3-1: config 0 descriptor?? [ 690.014086][ T5882] kobil_sct 3-1:0.148: KOBIL USB smart card terminal converter detected [ 690.042402][ T5882] usb 3-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 691.755673][ T6059] usb 3-1: USB disconnect, device number 23 [ 691.807367][ T6059] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 691.812359][ T6059] kobil_sct 3-1:0.148: device disconnected [ 696.297556][T15284] bridge0: port 1(bridge_slave_0) entered blocking state [ 696.297769][T15284] bridge0: port 1(bridge_slave_0) entered disabled state [ 696.298109][T15284] bridge_slave_0: entered allmulticast mode [ 696.300974][T15284] bridge_slave_0: entered promiscuous mode [ 696.499533][T15284] bridge0: port 2(bridge_slave_1) entered blocking state [ 696.499693][T15284] bridge0: port 2(bridge_slave_1) entered disabled state [ 696.499926][T15284] bridge_slave_1: entered allmulticast mode [ 696.526405][T15284] bridge_slave_1: entered promiscuous mode [ 696.627901][T15284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 696.740329][T15284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 698.186199][T15284] team0: Port device team_slave_0 added [ 698.309225][T15284] team0: Port device team_slave_1 added [ 700.897347][T15284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 700.897366][T15284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 700.897398][T15284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.236449][T15284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.236468][T15284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 701.236501][T15284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 703.444096][T15284] hsr_slave_0: entered promiscuous mode [ 703.450518][T15284] hsr_slave_1: entered promiscuous mode [ 703.452303][T15284] debugfs: 'hsr0' already exists in 'hsr' [ 703.452329][T15284] Cannot create hsr debugfs directory [ 704.121066][ T13] bridge_slave_1: left allmulticast mode [ 704.121101][ T13] bridge_slave_1: left promiscuous mode [ 704.574952][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 704.852183][T15642] binder: 15631:15642 ioctl c0285840 200000000000 returned -22 [ 705.064060][ T13] bridge_slave_0: left allmulticast mode [ 705.064091][ T13] bridge_slave_0: left promiscuous mode [ 705.064376][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 705.402589][ T6059] IPVS: starting estimator thread 0... [ 705.509157][T15659] IPVS: set_ctl: invalid protocol: 4 127.0.0.1:20001 [ 705.560240][T15661] IPVS: using max 8 ests per chain, 19200 per kthread [ 706.061155][ T37] audit: type=1326 audit(1776855052.227:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15677 comm="syz.2.4053" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa12a97c819 code=0x0 [ 708.218027][T15704] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4065'. [ 708.366745][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 708.454736][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 708.508144][ T13] bond0 (unregistering): Released all slaves [ 708.560608][T15704] hsr0: entered promiscuous mode [ 708.608865][T15640] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4038'. [ 708.842987][ T5478] 8021q: adding VLAN 0 to HW filter on device eth5 [ 709.013579][ T5928] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 709.186161][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 709.186229][ T5928] usb 3-1: config 0 interface 0 has no altsetting 0 [ 709.199019][ T5928] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 709.199053][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 709.199076][ T5928] usb 3-1: Product: syz [ 709.199091][ T5928] usb 3-1: Manufacturer: syz [ 709.199107][ T5928] usb 3-1: SerialNumber: syz [ 709.256791][ T5928] usb 3-1: config 0 descriptor?? [ 709.839681][ T5928] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 709.868488][ T5928] usb 3-1: USB disconnect, device number 24 [ 709.907110][ T13] hsr_slave_0: left promiscuous mode [ 709.937825][T13686] udevd[13686]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 709.961164][ T13] hsr_slave_1: left promiscuous mode [ 709.973131][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 709.995647][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 711.399947][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 713.234079][T15821] netlink: 'syz.3.4111': attribute type 10 has an invalid length. [ 713.613484][ T5928] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 713.843511][ T5928] usb 4-1: device descriptor read/64, error -71 [ 714.203520][ T5928] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 714.205587][ T13] team0 (unregistering): Port device team_slave_1 removed [ 714.333565][ T5928] usb 4-1: device descriptor read/64, error -71 [ 714.394763][ T13] team0 (unregistering): Port device team_slave_0 removed [ 714.444117][ T5928] usb usb4-port1: attempt power cycle [ 714.865551][ T5928] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 714.898638][ T5928] usb 4-1: device descriptor read/8, error -71 [ 715.143568][ T5928] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 715.165451][ T5928] usb 4-1: device descriptor read/8, error -71 [ 715.277869][ T5928] usb usb4-port1: unable to enumerate USB device [ 716.404480][T15821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 716.421742][T15821] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 716.593596][ T5928] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 716.818815][ T5928] usb 3-1: unable to get BOS descriptor or descriptor too short [ 716.821962][ T5928] usb 3-1: config 137 has an invalid interface number: 52 but max is 0 [ 716.821989][ T5928] usb 3-1: config 137 has no interface number 0 [ 716.822021][ T5928] usb 3-1: config 137 interface 52 has no altsetting 0 [ 716.843970][ T5928] usb 3-1: New USB device found, idVendor=19d2, idProduct=1123, bcdDevice=78.08 [ 716.844002][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 716.844024][ T5928] usb 3-1: Product: syz [ 716.844039][ T5928] usb 3-1: Manufacturer: syz [ 716.844055][ T5928] usb 3-1: SerialNumber: syz [ 717.240946][ T5928] usb 3-1: No union descriptors [ 717.267844][ T5928] usb 3-1: USB disconnect, device number 25 [ 719.807163][T15961] netlink: 'syz.2.4177': attribute type 4 has an invalid length. [ 719.849315][T15961] netlink: 'syz.2.4177': attribute type 4 has an invalid length. [ 720.611003][ T5478] 8021q: adding VLAN 0 to HW filter on device eth6 [ 725.173557][ T5928] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 725.194807][ T1004] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 725.345688][ T5928] usb 4-1: Using ep0 maxpacket: 16 [ 725.366296][ T5928] usb 4-1: unable to get BOS descriptor or descriptor too short [ 725.368226][ T5928] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 725.368278][ T5928] usb 4-1: config 1 interface 0 altsetting 15 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 725.368371][ T5928] usb 4-1: config 1 interface 0 has no altsetting 0 [ 725.373284][ T5928] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=42.40 [ 725.373315][ T5928] usb 4-1: New USB device strings: Mfr=47, Product=98, SerialNumber=24 [ 725.374996][ T5928] usb 4-1: Product: syz [ 725.375015][ T5928] usb 4-1: Manufacturer: syz [ 725.375032][ T5928] usb 4-1: SerialNumber: syz [ 725.471260][ T1004] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 725.471331][ T1004] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 725.474866][ T1004] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 725.474907][ T1004] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 725.474929][ T1004] usb 3-1: Product: syz [ 725.474945][ T1004] usb 3-1: SerialNumber: syz [ 725.544511][ T1004] usb 3-1: selecting invalid altsetting 1 [ 725.890635][ T5928] cdc_ether 4-1:1.0: bad CDC descriptors [ 725.962674][ T1004] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS [ 725.962844][ T1004] cdc_ncm 3-1:1.0: bind() failure [ 726.024788][ T5928] usb 4-1: USB disconnect, device number 19 [ 726.024964][ T1004] usb 3-1: USB disconnect, device number 26 [ 727.264010][T16114] netlink: 'syz.3.4236': attribute type 4 has an invalid length. [ 727.285368][T16116] netlink: 'syz.3.4236': attribute type 4 has an invalid length. [ 728.070394][T15284] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 728.226172][T15284] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 728.227371][T15284] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 728.475556][T15284] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 728.479724][T15284] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 728.577624][T15284] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 728.600725][T15284] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 728.660367][T15284] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 729.428506][T15284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 729.571753][T15284] 8021q: adding VLAN 0 to HW filter on device team0 [ 730.712730][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 730.712950][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 730.859202][T12370] bridge0: port 2(bridge_slave_1) entered blocking state [ 730.859343][T12370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 731.197253][T16218] netlink: 'syz.2.4273': attribute type 4 has an invalid length. [ 731.258128][T16221] netlink: 'syz.2.4273': attribute type 4 has an invalid length. [ 732.160037][T16257] netlink: 'syz.3.4286': attribute type 4 has an invalid length. [ 732.225360][T16257] netlink: 'syz.3.4286': attribute type 4 has an invalid length. [ 732.446413][T15284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 733.520603][T15284] veth0_vlan: entered promiscuous mode [ 733.544012][T15284] veth1_vlan: entered promiscuous mode [ 733.674729][T15284] veth0_macvtap: entered promiscuous mode [ 733.767568][T15284] veth1_macvtap: entered promiscuous mode [ 733.850160][T15284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 733.942735][T15284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 734.009829][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.010095][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.010135][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 734.010169][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 736.351475][ T3605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 736.351496][ T3605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 736.851939][T12369] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 736.851961][T12369] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 737.137339][T16387] netlink: 5192 bytes leftover after parsing attributes in process `syz.3.4331'. [ 737.909259][T14474] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 737.912526][T14474] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 737.946258][T14474] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 737.952019][T14474] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 737.976796][T14474] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 740.203680][ T59] Bluetooth: hci5: command tx timeout [ 741.030631][T16470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4362'. [ 741.972616][T16507] netlink: 'syz.2.4376': attribute type 4 has an invalid length. [ 742.028747][T16512] netlink: 'syz.2.4376': attribute type 4 has an invalid length. [ 742.125263][ T5882] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 742.274426][T14474] Bluetooth: hci5: command tx timeout [ 742.276968][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 742.277003][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 742.277028][ T5882] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 742.277084][ T5882] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 742.277117][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 742.360854][ T5882] usb 4-1: config 0 descriptor?? [ 742.374067][ T5882] hub 4-1:0.0: USB hub found [ 742.579585][ T5882] hub 4-1:0.0: 9 ports detected [ 742.580053][ T5882] hub 4-1:0.0: insufficient power available to use all downstream ports [ 742.786645][ T5882] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 742.786674][ T5882] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 742.812402][ T3605] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 742.854948][ T5882] usb 4-1: USB disconnect, device number 20 [ 743.018985][T16406] chnl_net:caif_netlink_parms(): no params data found [ 743.326060][ T3605] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 743.730376][T16406] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.730558][T16406] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.730738][T16406] bridge_slave_0: entered allmulticast mode [ 743.751784][T16406] bridge_slave_0: entered promiscuous mode [ 743.787937][T16406] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.791484][T16406] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.791692][T16406] bridge_slave_1: entered allmulticast mode [ 743.795349][T16406] bridge_slave_1: entered promiscuous mode [ 744.363829][T14474] Bluetooth: hci5: command tx timeout [ 744.579238][ T3605] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 744.669767][T16406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 744.716389][T16406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 745.342097][ T3605] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 745.415105][T16406] team0: Port device team_slave_0 added [ 745.489118][T16406] team0: Port device team_slave_1 added [ 745.644908][T16633] netlink: 'syz.2.4426': attribute type 21 has an invalid length. [ 745.644935][T16633] netlink: 128 bytes leftover after parsing attributes in process `syz.2.4426'. [ 745.711730][T16633] netlink: 'syz.2.4426': attribute type 4 has an invalid length. [ 745.711752][T16633] netlink: 'syz.2.4426': attribute type 3 has an invalid length. [ 745.711766][T16633] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4426'. [ 745.762872][T16406] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 745.762904][T16406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 745.762932][T16406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 745.813781][T16406] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 745.813795][T16406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 745.813816][T16406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 746.044923][T16406] hsr_slave_0: entered promiscuous mode [ 746.046498][T16406] hsr_slave_1: entered promiscuous mode [ 746.052524][T16406] debugfs: 'hsr0' already exists in 'hsr' [ 746.052545][T16406] Cannot create hsr debugfs directory [ 746.090325][ T37] audit: type=1326 audit(1776855092.257:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.103506][ T37] audit: type=1326 audit(1776855092.257:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.140862][ T37] audit: type=1326 audit(1776855092.297:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.141159][ T37] audit: type=1326 audit(1776855092.307:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.141452][ T37] audit: type=1326 audit(1776855092.307:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.158713][ T37] audit: type=1326 audit(1776855092.317:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.170275][ T37] audit: type=1326 audit(1776855092.327:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.181815][ T37] audit: type=1326 audit(1776855092.347:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.183935][ T37] audit: type=1326 audit(1776855092.357:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16640 comm="syz.3.4431" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa7ac6ac819 code=0x7ffc0000 [ 746.443503][T14474] Bluetooth: hci5: command tx timeout [ 747.199603][T16678] netlink: 'syz.2.4447': attribute type 4 has an invalid length. [ 747.255311][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.255414][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.266589][T16673] netlink: 'syz.2.4447': attribute type 4 has an invalid length. [ 750.058846][T16708] netlink: 'syz.2.4459': attribute type 4 has an invalid length. [ 750.111568][T16711] netlink: 'syz.2.4459': attribute type 4 has an invalid length. [ 750.584970][ T3605] bridge_slave_1: left allmulticast mode [ 750.585000][ T3605] bridge_slave_1: left promiscuous mode [ 750.585278][ T3605] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.685059][ T3605] bridge_slave_0: left allmulticast mode [ 750.685091][ T3605] bridge_slave_0: left promiscuous mode [ 750.685363][ T3605] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.782017][T16783] netlink: 'syz.3.4496': attribute type 4 has an invalid length. [ 751.837160][T16786] netlink: 'syz.3.4496': attribute type 4 has an invalid length. [ 752.455885][ T3605] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 752.599556][ T3605] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 752.643326][ T3605] bond0 (unregistering): Released all slaves [ 754.670919][T16881] netlink: 'syz.2.4542': attribute type 4 has an invalid length. [ 754.722606][T16882] netlink: 'syz.2.4542': attribute type 4 has an invalid length. [ 755.205965][T16901] netlink: 'syz.3.4552': attribute type 21 has an invalid length. [ 756.028843][ T3605] hsr_slave_0: left promiscuous mode [ 756.054260][T16933] netlink: 'syz.3.4565': attribute type 10 has an invalid length. [ 756.073226][ T3605] hsr_slave_1: left promiscuous mode [ 756.084415][ T3605] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 756.084442][ T3605] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 756.133077][ T3605] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 756.133098][ T3605] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 756.467894][ T3605] veth1_macvtap: left promiscuous mode [ 756.468014][ T3605] veth0_macvtap: left promiscuous mode [ 756.468291][ T3605] veth1_vlan: left promiscuous mode [ 756.468468][ T3605] veth0_vlan: left promiscuous mode [ 758.288573][ T3605] team0 (unregistering): Port device team_slave_1 removed [ 758.344751][ T3605] team0 (unregistering): Port device team_slave_0 removed [ 759.537907][T16933] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 759.643110][ T5478] 8021q: adding VLAN 0 to HW filter on device eth5 [ 760.298902][T17082] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4632'. [ 760.352201][T17085] netlink: 52 bytes leftover after parsing attributes in process `syz.2.4636'. [ 760.452948][T17090] netlink: 'syz.2.4637': attribute type 32 has an invalid length. [ 760.452973][T17090] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4637'. [ 760.673861][T17100] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4641'. [ 761.124108][T17116] netlink: 'syz.3.4650': attribute type 4 has an invalid length. [ 764.307484][T17178] netlink: 'syz.2.4671': attribute type 4 has an invalid length. [ 764.359197][T17176] netlink: 'syz.2.4671': attribute type 4 has an invalid length. [ 765.309497][T16406] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 765.413724][T16406] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 765.414686][T16406] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 765.589380][T16406] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 765.595390][T16406] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 765.670363][T16406] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 765.683285][T16406] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 765.818618][T17231] netlink: 'syz.2.4694': attribute type 4 has an invalid length. [ 765.870786][T17234] netlink: 'syz.2.4694': attribute type 4 has an invalid length. [ 765.934762][T16406] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 766.548766][T16406] 8021q: adding VLAN 0 to HW filter on device bond0 [ 766.611152][T16406] 8021q: adding VLAN 0 to HW filter on device team0 [ 766.741533][ T2389] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.741673][ T2389] bridge0: port 1(bridge_slave_0) entered forwarding state [ 766.801203][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.801349][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 767.584494][T17302] netlink: 'syz.2.4726': attribute type 4 has an invalid length. [ 767.624060][T17302] netlink: 'syz.2.4726': attribute type 4 has an invalid length. [ 767.921625][T16406] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 768.497001][T17342] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4742'. [ 768.887946][T16406] veth0_vlan: entered promiscuous mode [ 768.969479][T16406] veth1_vlan: entered promiscuous mode [ 769.153028][T16406] veth0_macvtap: entered promiscuous mode [ 769.223907][T16406] veth1_macvtap: entered promiscuous mode [ 769.351149][T16406] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.429400][T16406] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.444645][T17375] netlink: 'syz.3.4757': attribute type 4 has an invalid length. [ 769.445479][T17375] netlink: 'syz.3.4757': attribute type 4 has an invalid length. [ 769.496713][ T149] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.500513][ T3605] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.502910][ T3605] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.502957][ T3605] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.372490][ T98] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.372514][ T98] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 770.672964][ T7168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.672998][ T7168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 773.778251][T17466] batadv_slave_1: entered promiscuous mode [ 773.778493][T17466] macsec1: entered promiscuous mode [ 775.913770][T17555] netlink: 56 bytes leftover after parsing attributes in process `syz.5.4839'. [ 778.306478][T17648] netlink: 'syz.2.4882': attribute type 4 has an invalid length. [ 778.333604][T17648] netlink: 'syz.2.4882': attribute type 4 has an invalid length. [ 779.517921][T17699] macsec1: entered promiscuous mode [ 779.517949][T17699] macsec1: entered allmulticast mode [ 780.003537][ T1004] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 780.153439][ T1004] usb 3-1: Using ep0 maxpacket: 16 [ 780.163258][ T1004] usb 3-1: unable to get BOS descriptor or descriptor too short [ 780.194762][ T1004] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 780.252495][ T1004] usb 3-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 780.252619][ T1004] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 780.252642][ T1004] usb 3-1: Product: syz [ 780.252659][ T1004] usb 3-1: Manufacturer: syz [ 780.252674][ T1004] usb 3-1: SerialNumber: syz [ 780.669030][ T1004] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 780.669549][ T1004] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 781.192090][ T1004] usb 3-1: USB disconnect, device number 27 [ 781.369391][T17769] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4940'. [ 781.369413][T17769] tipc: Invalid UDP bearer configuration [ 781.369454][T17769] tipc: Enabling of bearer rejected, failed to enable media [ 781.550586][T13686] udevd[13686]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 781.972762][T17791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4952'. [ 782.399449][T17812] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4960'. [ 783.126163][ T37] audit: type=1326 audit(1776855129.287:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.2.4976" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa12a97c819 code=0x0 [ 784.009764][T17882] netlink: 'syz.5.4993': attribute type 10 has an invalid length. [ 784.320050][T17882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 784.380050][T17882] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 784.993485][ T36] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 785.143761][ T36] usb 4-1: Using ep0 maxpacket: 16 [ 785.149968][ T36] usb 4-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 785.150001][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.150025][ T36] usb 4-1: Product: syz [ 785.150041][ T36] usb 4-1: Manufacturer: syz [ 785.150057][ T36] usb 4-1: SerialNumber: syz [ 785.210608][ T36] usb 4-1: config 0 descriptor?? [ 785.229277][ T36] ums-onetouch 4-1:0.0: USB Mass Storage device detected [ 785.474450][ T36] usb 4-1: USB disconnect, device number 21 [ 786.471896][T17980] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5040'. [ 786.743138][T17990] netlink: 1 bytes leftover after parsing attributes in process `syz.3.5045'. [ 787.865174][T18043] netlink: 'syz.2.5072': attribute type 4 has an invalid length. [ 788.791009][T18081] netlink: 'syz.2.5091': attribute type 4 has an invalid length. [ 788.816199][T18081] netlink: 'syz.2.5091': attribute type 4 has an invalid length. [ 789.168483][T14474] Bluetooth: hci5: link tx timeout [ 789.168710][T14474] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 789.882454][T18133] 9p: Invalid gid '0x00000000ffffffff' [ 789.946246][T18137] netlink: 52 bytes leftover after parsing attributes in process `syz.3.5119'. [ 789.946272][T18137] netlink: 48 bytes leftover after parsing attributes in process `syz.3.5119'. [ 789.993643][ T1004] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 790.146915][ T1004] usb 3-1: not running at top speed; connect to a high speed hub [ 790.148596][ T1004] usb 3-1: config 0 has an invalid interface number: 83 but max is 0 [ 790.148622][ T1004] usb 3-1: config 0 has no interface number 0 [ 790.148660][ T1004] usb 3-1: config 0 interface 83 has no altsetting 0 [ 790.152867][ T1004] usb 3-1: string descriptor 0 read error: -22 [ 790.152983][ T1004] usb 3-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.f7 [ 790.153001][ T1004] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 790.223531][ T1004] usb 3-1: config 0 descriptor?? [ 790.326613][ T6059] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 790.363858][ T1004] uvcvideo 3-1:0.83: Found UVC 0.00 device (19ab:1000) [ 790.363899][ T1004] uvcvideo 3-1:0.83: No valid video chain found. [ 790.458466][ T10] usb 3-1: USB disconnect, device number 28 [ 790.474729][ T6059] usb 4-1: Using ep0 maxpacket: 16 [ 790.479107][ T6059] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 790.479142][ T6059] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 790.479166][ T6059] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 790.479214][ T6059] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 790.479241][ T6059] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.598542][ T6059] usb 4-1: config 0 descriptor?? [ 791.032842][ T6059] appleir 0003:05AC:8241.0010: item fetching failed at offset 4/5 [ 791.036257][ T6059] appleir 0003:05AC:8241.0010: parse failed [ 791.036615][ T6059] appleir 0003:05AC:8241.0010: probe with driver appleir failed with error -22 [ 791.236273][T14474] Bluetooth: hci5: command 0x0406 tx timeout [ 791.256107][ T819] usb 4-1: USB disconnect, device number 22 [ 791.580480][T18190] netlink: 'syz.5.5143': attribute type 4 has an invalid length. [ 791.637790][T18191] netlink: 'syz.5.5143': attribute type 4 has an invalid length. [ 791.959500][T18206] netlink: 'syz.2.5152': attribute type 4 has an invalid length. [ 792.503588][ T1004] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 792.657086][ T1004] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 792.657156][ T1004] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 792.657179][ T1004] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.693694][ T1004] usb 4-1: config 0 descriptor?? [ 792.710450][T18240] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5169'. [ 792.710487][T18240] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5169'. [ 792.713714][ T5882] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 792.739034][ T1004] hdpvr 4-1:0.0: Could not find bulk-in endpoint [ 792.739282][ T1004] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 792.840196][T18240] gretap0: entered promiscuous mode [ 792.877724][ T5882] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 792.877757][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 792.883287][T18240] gretap0: left promiscuous mode [ 792.907296][ T5882] usb 3-1: config 0 descriptor?? [ 792.919118][ T5882] cp210x 3-1:0.0: cp210x converter detected [ 792.942888][ T1004] usb 4-1: USB disconnect, device number 23 [ 793.568604][ T5882] cp210x 3-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 793.568661][ T5882] cp210x 3-1:0.0: GPIO initialisation failed: -71 [ 793.655734][ T5882] usb 3-1: cp210x converter now attached to ttyUSB0 [ 793.681008][ T5882] usb 3-1: USB disconnect, device number 29 [ 793.707771][ T5882] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 793.708569][ T5882] cp210x 3-1:0.0: device disconnected [ 794.023484][ T819] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 794.186052][ T819] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 794.186086][ T819] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 794.186108][ T819] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 794.186161][ T819] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 794.186190][ T819] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 794.192589][ T819] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 794.192618][ T819] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 794.192639][ T819] usb 4-1: Product: syz [ 794.192655][ T819] usb 4-1: Manufacturer: syz [ 794.297988][ T819] cdc_wdm 4-1:1.0: skipping garbage [ 794.298010][ T819] cdc_wdm 4-1:1.0: skipping garbage [ 794.445416][ T819] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 794.445452][ T819] cdc_wdm 4-1:1.0: Unknown control protocol [ 794.709714][ T819] usb 4-1: USB disconnect, device number 24 [ 795.083489][ T6059] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 795.238120][ T6059] usb 6-1: Using ep0 maxpacket: 8 [ 795.249790][ T6059] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 795.249840][ T6059] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.249863][ T6059] usb 6-1: Product: syz [ 795.249879][ T6059] usb 6-1: Manufacturer: syz [ 795.249895][ T6059] usb 6-1: SerialNumber: syz [ 795.263563][T18323] netlink: 128 bytes leftover after parsing attributes in process `syz.2.5209'. [ 795.339209][ T6059] usb 6-1: config 0 descriptor?? [ 795.373608][ T6059] gspca_main: se401-2.14.0 probing 047d:5003 [ 795.501401][T18332] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5215'. [ 795.812453][ T6059] gspca_se401: Bayer format not supported! [ 796.036022][ T6059] usb 6-1: USB disconnect, device number 2 [ 797.381698][T18408] netlink: 'syz.3.5252': attribute type 29 has an invalid length. [ 797.394669][T18408] netlink: 'syz.3.5252': attribute type 29 has an invalid length. [ 797.395271][T18408] netlink: 'syz.3.5252': attribute type 29 has an invalid length. [ 797.963483][T18431] netlink: 52 bytes leftover after parsing attributes in process `syz.2.5264'. [ 798.327192][T18444] vlan2: entered promiscuous mode [ 798.327218][T18444] syz_tun: entered promiscuous mode [ 798.327399][T18444] vlan2: entered allmulticast mode [ 798.327411][T18444] syz_tun: entered allmulticast mode [ 798.853852][ T5882] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 799.009500][ T5882] usb 4-1: Using ep0 maxpacket: 32 [ 799.021278][ T5882] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 799.021321][ T5882] usb 4-1: config 0 has no interface number 0 [ 799.021386][ T5882] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 799.062282][ T5882] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 799.062314][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 799.062337][ T5882] usb 4-1: Product: syz [ 799.062352][ T5882] usb 4-1: Manufacturer: syz [ 799.062368][ T5882] usb 4-1: SerialNumber: syz [ 799.120670][ T5882] usb 4-1: config 0 descriptor?? [ 799.121599][T18460] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 799.340346][T18460] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 799.751306][ T5882] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 799.751590][ T5882] asix 4-1:0.188: probe with driver asix failed with error -32 [ 799.803872][ T5882] usb 4-1: USB disconnect, device number 25 [ 800.851185][T18533] ipip1: entered promiscuous mode [ 800.851213][T18533] ipip1: entered allmulticast mode [ 800.950888][T18533] team0: Port device ipip1 added [ 801.913293][T18578] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5332'. [ 801.918302][T18579] netlink: 'syz.2.5334': attribute type 4 has an invalid length. [ 801.921690][T18579] netlink: 'syz.2.5334': attribute type 4 has an invalid length. [ 803.473139][T18638] netlink: 'syz.5.5363': attribute type 4 has an invalid length. [ 804.024728][ T1004] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 804.176801][ T1004] usb 6-1: Using ep0 maxpacket: 16 [ 804.179713][ T1004] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 804.179743][ T1004] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.253116][ T1004] usb 6-1: config 0 descriptor?? [ 804.310131][ T1004] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 804.700612][T18680] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 805.121835][ T1004] gspca_sonixj: reg_r err -71 [ 805.121929][ T1004] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 805.168234][ T1004] usb 6-1: USB disconnect, device number 3 [ 805.968120][T18728] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5405'. [ 805.968162][T18728] netlink: 'syz.3.5405': attribute type 2 has an invalid length. [ 806.493477][ T1004] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 806.553879][ T5882] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 806.650542][ T1004] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 806.650575][ T1004] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 806.650596][ T1004] usb 4-1: config 0 has no interface number 0 [ 806.694291][ T1004] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 806.694323][ T1004] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.694345][ T1004] usb 4-1: Product: syz [ 806.694361][ T1004] usb 4-1: Manufacturer: syz [ 806.694377][ T1004] usb 4-1: SerialNumber: syz [ 806.737526][ T5882] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 806.737584][ T5882] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 806.737609][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 806.784671][ T5882] usb 3-1: config 0 descriptor?? [ 806.792332][ T5882] pwc: Askey VC010 type 2 USB webcam detected. [ 806.804971][ T1004] usb 4-1: config 0 descriptor?? [ 807.149504][ T1004] uvcvideo 4-1:0.64: Found UVC 0.00 device syz (046d:0823) [ 807.149538][ T1004] uvcvideo 4-1:0.64: No valid video chain found. [ 807.178856][ T1004] usb 4-1: USB disconnect, device number 26 [ 807.213864][ T5882] pwc: recv_control_msg error -32 req 02 val 2b00 [ 807.263848][ T819] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 807.417779][ T5882] pwc: recv_control_msg error -71 req 02 val 2c00 [ 807.418266][ T5882] pwc: recv_control_msg error -71 req 04 val 1000 [ 807.420224][ T5882] pwc: recv_control_msg error -71 req 04 val 1300 [ 807.420746][ T5882] pwc: recv_control_msg error -71 req 04 val 1400 [ 807.421223][ T5882] pwc: recv_control_msg error -71 req 02 val 2000 [ 807.421688][ T5882] pwc: recv_control_msg error -71 req 02 val 2100 [ 807.422171][ T5882] pwc: recv_control_msg error -71 req 04 val 1500 [ 807.422681][ T5882] pwc: recv_control_msg error -71 req 02 val 2500 [ 807.429942][ T819] usb 6-1: Using ep0 maxpacket: 32 [ 807.443121][ T5882] pwc: recv_control_msg error -71 req 02 val 2400 [ 807.456644][ T819] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 807.456711][ T819] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 807.456739][ T819] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 807.456768][ T819] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 807.538343][ T5882] pwc: recv_control_msg error -71 req 02 val 2600 [ 807.539035][ T5882] pwc: recv_control_msg error -71 req 02 val 2900 [ 807.539987][ T5882] pwc: recv_control_msg error -71 req 02 val 2800 [ 807.540235][ T819] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 807.540265][ T819] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 807.540288][ T819] usb 6-1: Product: syz [ 807.540303][ T819] usb 6-1: Manufacturer: syz [ 807.540319][ T819] usb 6-1: SerialNumber: syz [ 807.542358][ T5882] pwc: recv_control_msg error -71 req 04 val 1100 [ 807.542840][ T5882] pwc: recv_control_msg error -71 req 04 val 1200 [ 807.659997][ C1] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 807.804050][ T5882] pwc: Registered as video103. [ 807.820985][ T5882] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input23 [ 807.823186][ T819] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/input/input22 [ 807.852831][ T5882] usb 3-1: USB disconnect, device number 30 [ 808.203773][ T819] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 808.203797][ T819] (id 0x00) [ 808.356933][ T1004] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 808.515881][ T1004] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 808.515913][ T1004] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 808.518766][ T1004] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 808.518796][ T1004] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 808.518819][ T1004] usb 4-1: SerialNumber: syz [ 808.553838][ T819] rc_core: IR keymap rc-imon-pad not found [ 808.553861][ T819] Registered IR keymap rc-empty [ 808.554085][ T819] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 808.554106][ T819] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 808.678316][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.678410][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 808.721864][ T819] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0 [ 808.782750][ T819] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:155.0/rc/rc0/input24 [ 808.833715][ T819] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:4> initialized [ 808.884008][ T819] usb 6-1: USB disconnect, device number 4 [ 808.941479][ T1004] usb 4-1: 0:2 : does not exist [ 809.456798][ T1004] usb 4-1: USB disconnect, device number 27 [ 809.990241][T13686] udevd[13686]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 810.462638][T18845] veth0_to_hsr: entered allmulticast mode [ 810.967683][T18862] netlink: 'syz.5.5465': attribute type 4 has an invalid length. [ 812.690405][T18927] netlink: 'syz.3.5494': attribute type 4 has an invalid length. [ 812.894769][T16353] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 813.062311][T16353] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 813.062343][T16353] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.062363][T16353] usb 3-1: Product: syz [ 813.062377][T16353] usb 3-1: Manufacturer: syz [ 813.062391][T16353] usb 3-1: SerialNumber: syz [ 813.145298][T16353] usb 3-1: config 0 descriptor?? [ 813.566270][T16353] usb 3-1: Firmware version (0.0) predates our first public release. [ 813.566309][T16353] usb 3-1: Please update to version 0.2 or newer [ 813.687011][T18964] tap0: tun_chr_ioctl cmd 1074025676 [ 813.687044][T18964] tap0: owner set to 0 [ 814.156180][T16353] usb 3-1: USB disconnect, device number 31 [ 815.983616][T19038] loop9: detected capacity change from 0 to 524287872 [ 816.678421][T19068] netlink: 'syz.3.5565': attribute type 4 has an invalid length. [ 818.192290][T19112] netlink: 264 bytes leftover after parsing attributes in process `syz.5.5586'. [ 818.659304][T19130] netlink: 'syz.5.5594': attribute type 4 has an invalid length. [ 819.030609][T19146] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5600'. [ 819.030646][T19146] netlink: 'syz.3.5600': attribute type 7 has an invalid length. [ 819.030661][T19146] netlink: 'syz.3.5600': attribute type 8 has an invalid length. [ 819.030675][T19146] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5600'. [ 820.058360][T19188] netlink: 'syz.5.5621': attribute type 4 has an invalid length. [ 820.173554][ T6059] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 820.325040][ T6059] usb 4-1: Using ep0 maxpacket: 8 [ 820.328981][ T6059] usb 4-1: config 1 interface 0 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 32 [ 820.329012][ T6059] usb 4-1: config 1 interface 0 has no altsetting 0 [ 820.360392][ T6059] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 820.360425][ T6059] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 820.360446][ T6059] usb 4-1: Product: syz [ 820.360462][ T6059] usb 4-1: Manufacturer: syz [ 820.360477][ T6059] usb 4-1: SerialNumber: syz [ 820.444281][T19180] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 820.738370][ T6059] usb 4-1: USB disconnect, device number 28 [ 821.362550][T19236] netlink: 'syz.2.5644': attribute type 4 has an invalid length. [ 821.436752][T19239] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5646'. [ 821.497045][T19239] macvtap1: entered promiscuous mode [ 821.801074][T19256] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5653'. [ 821.801111][T19256] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5653'. [ 821.801380][T19258] netlink: 'syz.3.5654': attribute type 4 has an invalid length. [ 821.940647][ T13] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 821.941207][ T13] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 821.941250][ T13] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 821.941285][ T13] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 822.299958][T19278] netlink: 'syz.5.5663': attribute type 4 has an invalid length. [ 822.856813][T19303] ubi16: attaching mtd0 [ 822.856836][T19303] ubi16 error: ubi_attach_mtd_dev: bad VID header (3) or data offsets (67) [ 823.003577][ T6059] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 823.153577][ T6059] usb 6-1: Using ep0 maxpacket: 16 [ 823.155899][ T6059] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 823.155926][ T6059] usb 6-1: config 0 has no interface number 0 [ 823.155975][ T6059] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 823.156004][ T6059] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 823.156046][ T6059] usb 6-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 823.156072][ T6059] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 823.219022][ T6059] usb 6-1: config 0 descriptor?? [ 823.872135][ T6059] uclogic 0003:28BD:0071.0011: pen parameters not found [ 823.872174][ T6059] uclogic 0003:28BD:0071.0011: interface is invalid, ignoring [ 823.937034][ T6059] usb 6-1: USB disconnect, device number 5 [ 824.906408][T19372] program syz.2.5709 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 825.601770][T19402] netlink: 'syz.5.5724': attribute type 4 has an invalid length. [ 826.423907][ T819] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 826.461064][T19439] netlink: 'syz.2.5741': attribute type 4 has an invalid length. [ 826.583484][ T819] usb 6-1: Using ep0 maxpacket: 16 [ 826.588113][ T819] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 826.588147][ T819] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 826.588359][ T819] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 10044, setting to 1024 [ 826.588392][ T819] usb 6-1: config 0 interface 0 has no altsetting 0 [ 826.655710][ T819] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 826.655744][ T819] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 826.655767][ T819] usb 6-1: Product: syz [ 826.655783][ T819] usb 6-1: Manufacturer: syz [ 826.655798][ T819] usb 6-1: SerialNumber: syz [ 826.703149][ T819] usb 6-1: config 0 descriptor?? [ 826.709794][T19428] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 826.931052][T19428] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 826.971587][ T819] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input25 [ 827.394117][ T819] usb 6-1: USB disconnect, device number 6 [ 827.394203][ C1] synaptics_usb 6-1:0.0: synusb_irq - usb_submit_urb failed with result: -19 [ 827.420864][ T5168] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -19 [ 827.723587][ T1004] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 827.876183][ T1004] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 827.877628][ T1004] usb 4-1: config 0 has no interfaces? [ 827.879998][ T1004] usb 4-1: config 0 has no interfaces? [ 827.881083][ T1004] usb 4-1: config 0 has no interfaces? [ 827.882513][ T1004] usb 4-1: config 0 has no interfaces? [ 827.896260][ T1004] usb 4-1: config 0 has no interfaces? [ 827.924230][ T1004] usb 4-1: config 0 has no interfaces? [ 827.925348][ T1004] usb 4-1: config 0 has no interfaces? [ 827.926534][ T1004] usb 4-1: config 0 has no interfaces? [ 827.950009][ T1004] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 827.950103][ T1004] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 827.950159][ T1004] usb 4-1: Product: syz [ 827.950201][ T1004] usb 4-1: Manufacturer: syz [ 827.950243][ T1004] usb 4-1: SerialNumber: syz [ 828.001227][ T1004] usb 4-1: config 0 descriptor?? [ 828.464643][T19468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 828.465270][T19468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 828.492344][ T819] usb 4-1: USB disconnect, device number 29 [ 829.231500][T19514] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5777'. [ 829.231528][T19514] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5777'. [ 829.982322][T19542] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 829.982353][T19542] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 831.017864][T19579] netlink: 'syz.2.5808': attribute type 4 has an invalid length. [ 831.695284][ T59] Bluetooth: hci3: Dropping invalid advertising data [ 831.695320][ T59] Bluetooth: hci3: Malformed LE Event: 0x02 [ 832.137348][ T37] audit: type=1800 audit(1776855178.307:72): pid=19623 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.5827" name="file1" dev="tmpfs" ino=3943 res=0 errno=0 [ 832.346946][T19627] program syz.3.5830 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 838.770965][T19840] veth0_to_bridge: Caught tx_queue_len zero misconfig [ 839.017596][T19851] netlink: 'syz.2.5934': attribute type 4 has an invalid length. [ 839.047096][T19851] netlink: 'syz.2.5934': attribute type 4 has an invalid length. [ 841.921142][T19986] binder: 19983:19986 ioctl c0306201 0 returned -14 [ 842.219048][ T59] Bluetooth: hci0: Invalid handle: 0x2e6d > 0x0eff [ 842.476270][T20008] netlink: 'syz.2.6004': attribute type 4 has an invalid length. [ 843.113453][ T6065] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 843.266403][ T6065] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 843.266431][ T6065] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 843.266451][ T6065] usb 6-1: config 1 has no interface number 0 [ 843.266489][ T6065] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 843.266517][ T6065] usb 6-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 843.274454][T20040] netlink: 'syz.3.6022': attribute type 4 has an invalid length. [ 843.335666][ T6065] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 843.335721][ T6065] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 843.335744][ T6065] usb 6-1: Product: syz [ 843.335759][ T6065] usb 6-1: Manufacturer: syz [ 843.335776][ T6065] usb 6-1: SerialNumber: syz [ 844.272567][ T6065] cdc_ncm 6-1:1.1: bind() failure [ 844.481865][ T36] usb 6-1: USB disconnect, device number 7 [ 844.605125][T20086] netlink: 'syz.2.6043': attribute type 4 has an invalid length. [ 844.606100][T20086] netlink: 'syz.2.6043': attribute type 4 has an invalid length. [ 845.073581][T14474] Bluetooth: hci5: command 0x0406 tx timeout [ 845.150777][T20110] netlink: 'syz.3.6054': attribute type 4 has an invalid length. [ 845.490559][T20119] af_packet: tpacket_rcv: packet too big, clamped from 18 to 4294967272. macoff=96 [ 846.121814][ T37] audit: type=1326 audit(1776855192.287:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.122157][ T37] audit: type=1326 audit(1776855192.287:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.144570][ T37] audit: type=1326 audit(1776855192.317:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.147221][ T37] audit: type=1326 audit(1776855192.317:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.149849][ T37] audit: type=1326 audit(1776855192.317:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.150586][ T37] audit: type=1326 audit(1776855192.317:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.151816][ T37] audit: type=1326 audit(1776855192.317:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.153157][ T37] audit: type=1326 audit(1776855192.317:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.183473][ T37] audit: type=1326 audit(1776855192.347:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.203393][ T37] audit: type=1326 audit(1776855192.367:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20142 comm="syz.5.6069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fdaf963c819 code=0x7ffc0000 [ 846.967288][T20175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6083'. [ 846.967317][T20175] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6083'. [ 847.215255][T20183] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 847.843458][ T36] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 847.868340][T20210] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6099'. [ 847.993483][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 847.996042][ T36] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 847.996076][ T36] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 848.001821][ T36] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 848.001851][ T36] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 848.001875][ T36] usb 4-1: Product: syz [ 848.001891][ T36] usb 4-1: Manufacturer: syz [ 848.119642][ T36] hub 4-1:4.0: USB hub found [ 848.349663][ T36] hub 4-1:4.0: 2 ports detected [ 848.767659][ T36] hub 4-1:4.0: set hub depth failed [ 848.799471][ T36] usb 4-1: USB disconnect, device number 30 [ 849.424351][T20264] netlink: 'syz.5.6124': attribute type 4 has an invalid length. [ 849.959527][T20283] loop8: detected capacity change from 0 to 7 [ 849.966048][T20283] Dev loop8: unable to read RDB block 7 [ 849.966186][T20283] loop8: unable to read partition table [ 849.966759][T20283] loop8: partition table beyond EOD, truncated [ 849.966779][T20283] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 850.362367][T20297] netlink: 'syz.3.6141': attribute type 4 has an invalid length. [ 850.658958][T20305] tipc: Started in network mode [ 850.658981][T20305] tipc: Node identity 4004, cluster identity 4711 [ 850.658995][T20305] tipc: Node number set to 16388 [ 851.353595][ T36] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 851.513797][ T36] usb 4-1: Using ep0 maxpacket: 32 [ 851.517715][ T36] usb 4-1: config 0 has an invalid interface number: 85 but max is 0 [ 851.517743][ T36] usb 4-1: config 0 has no interface number 0 [ 851.517790][ T36] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 851.517827][ T36] usb 4-1: config 0 interface 85 has no altsetting 0 [ 851.564127][ T36] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 851.564157][ T36] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.564180][ T36] usb 4-1: Product: syz [ 851.564194][ T36] usb 4-1: Manufacturer: syz [ 851.564210][ T36] usb 4-1: SerialNumber: syz [ 851.609798][ T36] usb 4-1: config 0 descriptor?? [ 852.039076][ T36] appletouch 4-1:0.85: Geyser mode initialized. [ 852.065100][ T36] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input26 [ 852.254806][ C0] appletouch 4-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 852.459079][ C0] appletouch 4-1:0.85: atp_complete: usb_submit_urb failed with result -1 [ 852.507283][ T36] usb 4-1: USB disconnect, device number 31 [ 852.709259][ T36] appletouch 4-1:0.85: input: appletouch disconnected [ 855.273524][ T1004] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 855.423465][ T1004] usb 4-1: Using ep0 maxpacket: 32 [ 855.427019][ T1004] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 855.427051][ T1004] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 855.427097][ T1004] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 855.427122][ T1004] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 855.479037][ T1004] usb 4-1: config 0 descriptor?? [ 855.497889][ T1004] hub 4-1:0.0: USB hub found [ 855.725296][ T1004] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 855.953535][ T1004] hid-generic 0003:046D:C31C.0012: item fetching failed at offset 0/1 [ 855.954369][ T1004] hid-generic 0003:046D:C31C.0012: probe with driver hid-generic failed with error -22 [ 856.043448][ T6065] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 856.192456][T20489] binder: 20488:20489 ioctl c0306201 200000000a80 returned -22 [ 856.218089][ T6065] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 856.218127][ T6065] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 856.218152][ T6065] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 856.218195][ T6065] usb 3-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 856.218219][ T6065] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 856.253769][ T36] usb 4-1: USB disconnect, device number 32 [ 856.451347][ T6065] usb 3-1: config 0 descriptor?? [ 856.887752][ T6065] hid (null): invalid report_size 1869505638 [ 856.954499][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x7 [ 856.954535][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954562][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954588][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954612][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954638][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954663][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954688][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954713][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954738][ T6065] hid-multitouch 0003:0457:07DA.0013: unknown main item tag 0x3 [ 856.954829][ T6065] hid-multitouch 0003:0457:07DA.0013: invalid report_size 1869505638 [ 856.954846][ T6065] hid-multitouch 0003:0457:07DA.0013: item 0 4 1 7 parsing failed [ 856.964165][ T6065] hid-multitouch 0003:0457:07DA.0013: probe with driver hid-multitouch failed with error -22 [ 857.105576][ T6065] usb 3-1: USB disconnect, device number 32 [ 857.343549][ T6059] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 857.496702][ T6059] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959 [ 857.496750][ T6059] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 857.496775][ T6059] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 857.502600][ T6059] usb 6-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38 [ 857.502632][ T6059] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.502653][ T6059] usb 6-1: Product: syz [ 857.502668][ T6059] usb 6-1: Manufacturer: syz [ 857.502684][ T6059] usb 6-1: SerialNumber: syz [ 857.573994][ T6059] usb 6-1: config 0 descriptor?? [ 857.577961][T20514] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 857.798350][ T6065] usb 6-1: USB disconnect, device number 8 [ 857.798954][T20540] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes [ 859.588926][ T36] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 859.777929][ T36] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 859.780622][ T36] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 859.780654][ T36] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 859.780677][ T36] usb 3-1: SerialNumber: syz [ 860.329770][ T36] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 860.377035][ T36] usb 3-1: USB disconnect, device number 33 [ 861.099405][T20671] netlink: 'syz.2.6318': attribute type 4 has an invalid length. [ 861.169920][T20675] netlink: 'syz.2.6318': attribute type 4 has an invalid length. [ 861.483473][ T6059] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 861.640694][ T6059] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 861.640724][ T6059] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 861.643999][ T6059] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 861.644072][ T6059] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 861.644123][ T6059] usb 6-1: SerialNumber: syz [ 861.974652][ T6059] usb 6-1: 0:2 : does not exist [ 862.203708][ T819] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 862.278367][ T6059] usb 6-1: USB disconnect, device number 9 [ 862.355819][ T819] usb 3-1: Using ep0 maxpacket: 32 [ 862.361620][ T819] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 862.361651][ T819] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 862.361685][ T819] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 862.361706][ T819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 862.427635][ T819] usb 3-1: config 0 descriptor?? [ 862.456876][ T819] hub 3-1:0.0: USB hub found [ 862.659349][ T819] hub 3-1:0.0: 1 port detected [ 862.837308][T13686] udevd[13686]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 863.034214][T20733] netlink: 'syz.5.6344': attribute type 4 has an invalid length. [ 863.034936][T20733] netlink: 'syz.5.6344': attribute type 4 has an invalid length. [ 863.282378][ T819] hub 3-1:0.0: activate --> -90 [ 863.688336][ T6065] usb 3-1: USB disconnect, device number 34 [ 864.593800][ T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 864.743502][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 864.748010][ T10] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 864.748043][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.842437][ T10] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 865.540845][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 865.540865][ T37] audit: type=1800 audit(1776855211.667:84): pid=20822 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.3.6386" name="file1" dev="tmpfs" ino=4299 res=0 errno=0 [ 865.852141][ T10] gspca_nw80x: reg_w err -71 [ 865.852234][ T10] nw80x 3-1:3.0: probe with driver nw80x failed with error -71 [ 865.906769][ T10] usb 3-1: USB disconnect, device number 35 [ 866.495960][ T819] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 866.649381][T20865] netlink: 'syz.2.6408': attribute type 4 has an invalid length. [ 866.664368][ T819] usb 4-1: Using ep0 maxpacket: 16 [ 866.667656][ T819] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 866.667686][ T819] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 866.667712][ T819] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 866.667742][ T819] usb 4-1: config 1 interface 0 has no altsetting 0 [ 866.726413][ T819] usb 4-1: New USB device found, idVendor=0521, idProduct=b1a8, bcdDevice= 0.40 [ 866.726447][ T819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 866.726471][ T819] usb 4-1: Product: syz [ 866.726486][ T819] usb 4-1: Manufacturer: syz [ 866.726502][ T819] usb 4-1: SerialNumber: syz [ 866.731333][T20869] netlink: 'syz.2.6408': attribute type 4 has an invalid length. [ 867.089958][ T819] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 33 if 0 alt 255 proto 1 vid 0x0521 pid 0xB1A8 [ 867.308315][ T819] usb 4-1: USB disconnect, device number 33 [ 867.526263][T20849] usblp0: removed [ 868.877857][ T819] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 869.028970][ T819] usb 4-1: Using ep0 maxpacket: 16 [ 869.033147][ T819] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40 [ 869.033178][ T819] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 869.033198][ T819] usb 4-1: Product: syz [ 869.033213][ T819] usb 4-1: Manufacturer: syz [ 869.033227][ T819] usb 4-1: SerialNumber: syz [ 870.135385][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.135457][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.540918][ T819] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 870.579986][ T819] usb 4-1: USB disconnect, device number 34 [ 871.256016][T21036] netlink: 32 bytes leftover after parsing attributes in process `syz.3.6487'. [ 871.328655][T21038] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6487'. [ 872.918733][T21093] netlink: 'syz.2.6512': attribute type 4 has an invalid length. [ 872.933440][ T5882] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 872.936669][T21093] netlink: 'syz.2.6512': attribute type 4 has an invalid length. [ 873.088206][ T5882] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 873.088265][ T5882] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 873.088291][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 873.127848][ T5882] usb 4-1: config 0 descriptor?? [ 873.165747][ T5882] pwc: Askey VC010 type 2 USB webcam detected. [ 873.562984][ T5882] pwc: recv_control_msg error -32 req 02 val 2b00 [ 873.570323][ T5882] pwc: recv_control_msg error -32 req 02 val 2700 [ 873.571386][ T5882] pwc: recv_control_msg error -32 req 02 val 2c00 [ 873.574777][ T5882] pwc: recv_control_msg error -32 req 04 val 1000 [ 873.794553][ T5882] pwc: recv_control_msg error -71 req 04 val 1400 [ 873.795015][ T5882] pwc: recv_control_msg error -71 req 02 val 2000 [ 873.798736][ T5882] pwc: recv_control_msg error -71 req 02 val 2100 [ 873.800724][ T5882] pwc: recv_control_msg error -71 req 04 val 1500 [ 873.802561][ T5882] pwc: recv_control_msg error -71 req 02 val 2500 [ 873.802976][ T5882] pwc: recv_control_msg error -71 req 02 val 2400 [ 873.804606][ T5882] pwc: recv_control_msg error -71 req 02 val 2600 [ 873.805013][ T5882] pwc: recv_control_msg error -71 req 02 val 2900 [ 873.805499][ T5882] pwc: recv_control_msg error -71 req 02 val 2800 [ 873.808119][ T5882] pwc: recv_control_msg error -71 req 04 val 1100 [ 873.813416][ T5882] pwc: recv_control_msg error -71 req 04 val 1200 [ 873.976076][ T5882] pwc: Registered as video103. [ 874.018648][ T5882] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input27 [ 874.048197][ T5882] usb 4-1: USB disconnect, device number 35 [ 875.286340][T21174] Bluetooth: hci0: invalid length 0, exp 2 for type 4 [ 875.663606][ T10] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 875.815864][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 875.815901][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 875.815943][ T10] usb 6-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 875.815970][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 875.822524][ T10] usb 6-1: config 0 descriptor?? [ 876.389432][ T10] kye 0003:0458:5016.0014: control desc unexpectedly large [ 876.420070][ T10] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.0014/input/input28 [ 876.757637][ T10] input: HID 0458:5016 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5016.0014/input/input29 [ 876.898643][ T10] kye 0003:0458:5016.0014: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.5-1/input0 [ 877.288724][T21233] netlink: 'syz.3.6576': attribute type 4 has an invalid length. [ 877.874088][ T10] usb 6-1: reset full-speed USB device number 10 using dummy_hcd [ 877.893523][ T5882] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 878.009140][T21263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6590'. [ 878.009167][T21263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6590'. [ 878.107959][ T5882] usb 4-1: unable to get BOS descriptor or descriptor too short [ 878.108520][ T5882] usb 4-1: not running at top speed; connect to a high speed hub [ 878.109876][ T5882] usb 4-1: config 6 has an invalid interface number: 217 but max is 0 [ 878.109901][ T5882] usb 4-1: config 6 has no interface number 0 [ 878.109931][ T5882] usb 4-1: config 6 interface 217 has no altsetting 0 [ 878.112516][ T5882] usb 4-1: New USB device found, idVendor=06cd, idProduct=010b, bcdDevice=7e.2f [ 878.112546][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 878.112569][ T5882] usb 4-1: Product: syz [ 878.112585][ T5882] usb 4-1: Manufacturer: syz [ 878.112600][ T5882] usb 4-1: SerialNumber: syz [ 878.695201][ T6065] usb 6-1: USB disconnect, device number 10 [ 879.629002][ T5882] hub 4-1:6.217: bad descriptor, ignoring hub [ 879.629046][ T5882] hub 4-1:6.217: probe with driver hub failed with error -5 [ 879.650527][ T5882] keyspan 4-1:6.217: Keyspan - (without firmware) converter detected [ 879.688621][ T5882] usb 4-1: USB disconnect, device number 36 [ 879.707143][ T5882] keyspan 4-1:6.217: device disconnected [ 880.783449][ T6065] usb 4-1: new low-speed USB device number 37 using dummy_hcd [ 881.828283][ T6065] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 881.828338][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 881.828365][ T6065] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 881.828391][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 881.828416][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 881.830043][ T6065] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 881.830088][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 881.830113][ T6065] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 881.830137][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 881.830161][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 881.832617][ T6065] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 881.832678][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 881.832723][ T6065] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 881.832749][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 881.832776][ T6065] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 882.022915][ T6065] usb 4-1: string descriptor 0 read error: -22 [ 882.023051][ T6065] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 882.023076][ T6065] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 882.128743][ T6065] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 882.933645][T21282] syz.5.6599 (21282): drop_caches: 2 [ 883.800447][ T6065] usb 4-1: USB disconnect, device number 37 [ 884.774362][ T37] audit: type=1326 audit(1776855230.947:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21421 comm="syz.3.6661" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7ac6ac819 code=0x0 [ 885.588481][T21456] netlink: 'syz.2.6674': attribute type 10 has an invalid length. [ 885.588527][T21456] team0: Device netdevsim0 is up. Set it down before adding it as a team port [ 885.890372][T21463] netlink: 'syz.2.6678': attribute type 1 has an invalid length. [ 886.060749][T21439] ================================================================== [ 886.060767][T21439] BUG: KASAN: slab-use-after-free in rt_spin_lock+0x83/0x400 [ 886.060809][T21439] Read of size 1 at addr ffff8880385b2200 by task syz.5.6668/21439 [ 886.060828][T21439] [ 886.060854][T21439] CPU: 1 UID: 0 PID: 21439 Comm: syz.5.6668 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 886.060883][T21439] Tainted: [L]=SOFTLOCKUP [ 886.060892][T21439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 886.060917][T21439] Call Trace: [ 886.060925][T21439] [ 886.060934][T21439] dump_stack_lvl+0xe8/0x150 [ 886.060970][T21439] print_address_description+0x55/0x1e0 [ 886.061003][T21439] ? rt_spin_lock+0x83/0x400 [ 886.061034][T21439] print_report+0x58/0x70 [ 886.061065][T21439] kasan_report+0x117/0x150 [ 886.061088][T21439] ? rt_spin_lock+0x83/0x400 [ 886.061124][T21439] ? __wake_up_common_lock+0x2f/0x1e0 [ 886.061147][T21439] __kasan_check_byte+0x2a/0x40 [ 886.061167][T21439] lock_acquire+0x84/0x350 [ 886.061198][T21439] rt_spin_lock+0x83/0x400 [ 886.061230][T21439] ? __wake_up_common_lock+0x2f/0x1e0 [ 886.061253][T21439] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 886.061286][T21439] ? __pfx_rt_spin_lock+0x10/0x10 [ 886.061317][T21439] ? rt_spin_unlock+0x14f/0x200 [ 886.061361][T21439] ? rt_spin_unlock+0x160/0x200 [ 886.061394][T21439] __wake_up_common_lock+0x2f/0x1e0 [ 886.061421][T21439] snd_pcm_stop+0x428/0x550 [ 886.061449][T21439] loopback_trigger+0x11ff/0x1cf0 [ 886.061489][T21439] snd_pcm_start+0x43d/0x5d0 [ 886.061515][T21439] __snd_pcm_lib_xfer+0x175a/0x1d10 [ 886.061553][T21439] ? __pfx_interleaved_copy+0x10/0x10 [ 886.061585][T21439] ? __pfx_default_write_copy+0x10/0x10 [ 886.061619][T21439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 886.061647][T21439] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 886.061678][T21439] ? rt_mutex_slowunlock+0x1cb/0x300 [ 886.061711][T21439] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 886.061746][T21439] ? snd_pcm_oss_write3+0x191/0x300 [ 886.061776][T21439] snd_pcm_oss_write3+0x1ab/0x300 [ 886.061808][T21439] snd_pcm_oss_write2+0x2c2/0x440 [ 886.061841][T21439] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 886.061881][T21439] ? rt_spin_unlock+0x14f/0x200 [ 886.061912][T21439] ? rt_spin_unlock+0x160/0x200 [ 886.061966][T21439] snd_pcm_oss_sync1+0x180/0x520 [ 886.062003][T21439] ? __pfx_snd_pcm_oss_sync1+0x10/0x10 [ 886.062036][T21439] ? __pfx_default_wake_function+0x10/0x10 [ 886.062068][T21439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 886.062094][T21439] ? lockdep_hardirqs_on+0x7a/0x110 [ 886.062117][T21439] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 886.062142][T21439] ? mutex_lock_interruptible_nested+0x152/0x1d0 [ 886.062174][T21439] ? snd_pcm_oss_sync+0x313/0xfc0 [ 886.062223][T21439] ? snd_pcm_format_set_silence+0x12f/0x2d0 [ 886.062246][T21439] snd_pcm_oss_sync+0xab2/0xfc0 [ 886.062280][T21439] snd_pcm_oss_release+0x102/0x250 [ 886.062312][T21439] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 886.062351][T21439] __fput+0x461/0xa70 [ 886.062387][T21439] task_work_run+0x1d9/0x270 [ 886.062418][T21439] ? __pfx_task_work_run+0x10/0x10 [ 886.062450][T21439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.062474][T21439] exit_to_user_mode_loop+0xed/0x480 [ 886.062499][T21439] ? rcu_is_watching+0x15/0xb0 [ 886.062530][T21439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.062554][T21439] do_syscall_64+0x33e/0xf80 [ 886.062579][T21439] ? trace_irq_disable+0x3b/0x140 [ 886.062602][T21439] ? clear_bhb_loop+0x40/0x90 [ 886.062629][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.062659][T21439] RIP: 0033:0x7fdaf963c819 [ 886.062682][T21439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.062702][T21439] RSP: 002b:00007fff03c4fd68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 886.062726][T21439] RAX: 0000000000000000 RBX: 00007fdaf98b7da0 RCX: 00007fdaf963c819 [ 886.062742][T21439] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 886.062755][T21439] RBP: 00007fdaf98b7da0 R08: 0000000000000006 R09: 0000000000000000 [ 886.062769][T21439] R10: 00007fdaf98b7cb0 R11: 0000000000000246 R12: 00000000000d83c3 [ 886.062785][T21439] R13: 00007fdaf98b618c R14: 00000000000d8149 R15: 00007fdaf98b6180 [ 886.062811][T21439] [ 886.062819][T21439] [ 886.062829][T21439] Allocated by task 21441: [ 886.062839][T21439] kasan_save_track+0x3e/0x80 [ 886.062871][T21439] __kasan_kmalloc+0x93/0xb0 [ 886.062902][T21439] __kmalloc_cache_noprof+0x3a6/0x690 [ 886.062922][T21439] snd_pcm_attach_substream+0x5b7/0xb20 [ 886.062955][T21439] snd_pcm_open_substream+0xbd/0x2420 [ 886.062980][T21439] snd_pcm_oss_open+0xf90/0x1c20 [ 886.063008][T21439] chrdev_open+0x4d0/0x5f0 [ 886.063030][T21439] do_dentry_open+0x83d/0x13e0 [ 886.063055][T21439] vfs_open+0x3b/0x350 [ 886.063079][T21439] path_openat+0x2e43/0x38a0 [ 886.063097][T21439] do_file_open+0x23e/0x4a0 [ 886.063115][T21439] do_sys_openat2+0x113/0x200 [ 886.063140][T21439] __x64_sys_openat+0x138/0x170 [ 886.063167][T21439] do_syscall_64+0x15f/0xf80 [ 886.063192][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.063223][T21439] [ 886.063228][T21439] Freed by task 21441: [ 886.063237][T21439] kasan_save_track+0x3e/0x80 [ 886.063265][T21439] kasan_save_free_info+0x46/0x50 [ 886.063288][T21439] __kasan_slab_free+0x5c/0x80 [ 886.063317][T21439] kfree+0x1c5/0x6c0 [ 886.063351][T21439] snd_pcm_detach_substream+0x1c8/0x270 [ 886.063382][T21439] snd_pcm_oss_release+0x184/0x250 [ 886.063408][T21439] __fput+0x461/0xa70 [ 886.063432][T21439] task_work_run+0x1d9/0x270 [ 886.063465][T21439] exit_to_user_mode_loop+0xed/0x480 [ 886.063486][T21439] do_syscall_64+0x33e/0xf80 [ 886.063507][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.063526][T21439] [ 886.063531][T21439] The buggy address belongs to the object at ffff8880385b2000 [ 886.063531][T21439] which belongs to the cache kmalloc-2k of size 2048 [ 886.063548][T21439] The buggy address is located 512 bytes inside of [ 886.063548][T21439] freed 2048-byte region [ffff8880385b2000, ffff8880385b2800) [ 886.063568][T21439] [ 886.063572][T21439] The buggy address belongs to the physical page: [ 886.063593][T21439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x385b0 [ 886.063616][T21439] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 886.063632][T21439] flags: 0x80000000000040(head|node=0|zone=1) [ 886.063654][T21439] page_type: f5(slab) [ 886.063671][T21439] raw: 0080000000000040 ffff88801a022000 dead000000000100 dead000000000122 [ 886.063687][T21439] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 886.063706][T21439] head: 0080000000000040 ffff88801a022000 dead000000000100 dead000000000122 [ 886.063722][T21439] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000 [ 886.063740][T21439] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff [ 886.063757][T21439] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008 [ 886.063767][T21439] page dumped because: kasan: bad access detected [ 886.063781][T21439] page_owner tracks the page as allocated [ 886.063789][T21439] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 93524037714, free_ts 90993527923 [ 886.063823][T21439] post_alloc_hook+0x231/0x280 [ 886.063854][T21439] get_page_from_freelist+0x27c8/0x2840 [ 886.063875][T21439] __alloc_frozen_pages_noprof+0x18d/0x380 [ 886.063896][T21439] allocate_slab+0x77/0x660 [ 886.063918][T21439] refill_objects+0x33c/0x3d0 [ 886.063940][T21439] __pcs_replace_empty_main+0x373/0x720 [ 886.063965][T21439] __kmalloc_noprof+0x530/0x7b0 [ 886.063981][T21439] ops_init+0x7b/0x5c0 [ 886.064006][T21439] setup_net+0x118/0x340 [ 886.064029][T21439] copy_net_ns+0x50e/0x730 [ 886.064052][T21439] create_new_namespaces+0x3e7/0x6a0 [ 886.064081][T21439] unshare_nsproxy_namespaces+0x149/0x190 [ 886.064109][T21439] ksys_unshare+0x57d/0x9f0 [ 886.064128][T21439] __x64_sys_unshare+0x38/0x50 [ 886.064147][T21439] do_syscall_64+0x15f/0xf80 [ 886.064167][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.064185][T21439] page last free pid 5803 tgid 5803 stack trace: [ 886.064196][T21439] __free_frozen_pages+0xfa6/0x10f0 [ 886.064213][T21439] __folio_put+0x2eb/0x3a0 [ 886.064241][T21439] skb_release_data+0x544/0xa60 [ 886.064257][T21439] __kfree_skb+0x5d/0x210 [ 886.064284][T21439] tcp_ack+0x2818/0x7dd0 [ 886.064312][T21439] tcp_rcv_established+0x1484/0x2800 [ 886.064353][T21439] tcp_v4_do_rcv+0x755/0x13f0 [ 886.064373][T21439] __release_sock+0x285/0x3d0 [ 886.064392][T21439] __sk_flush_backlog+0x4b/0xe0 [ 886.064411][T21439] tcp_sendmsg_locked+0x4167/0x5370 [ 886.064429][T21439] tcp_sendmsg+0x2f/0x50 [ 886.064445][T21439] sock_write_iter+0x40c/0x4f0 [ 886.064464][T21439] vfs_write+0x629/0xba0 [ 886.064479][T21439] ksys_write+0x156/0x270 [ 886.064494][T21439] do_syscall_64+0x15f/0xf80 [ 886.064515][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.064534][T21439] [ 886.064538][T21439] Memory state around the buggy address: [ 886.064548][T21439] ffff8880385b2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 886.064562][T21439] ffff8880385b2180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 886.064575][T21439] >ffff8880385b2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 886.064585][T21439] ^ [ 886.064596][T21439] ffff8880385b2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 886.064609][T21439] ffff8880385b2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 886.064620][T21439] ================================================================== [ 886.129663][T21439] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 886.129727][T21439] CPU: 1 UID: 0 PID: 21439 Comm: syz.5.6668 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 886.129799][T21439] Tainted: [L]=SOFTLOCKUP [ 886.129818][T21439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 886.129848][T21439] Call Trace: [ 886.129866][T21439] [ 886.129886][T21439] vpanic+0x56c/0xa60 [ 886.129958][T21439] ? __pfx_vpanic+0x10/0x10 [ 886.130005][T21439] ? __pfx___schedule+0x10/0x10 [ 886.130062][T21439] panic+0xc5/0xd0 [ 886.130125][T21439] ? __pfx_panic+0x10/0x10 [ 886.130191][T21439] ? preempt_schedule_common+0x82/0xd0 [ 886.130261][T21439] ? rt_spin_lock+0x83/0x400 [ 886.130344][T21439] check_panic_on_warn+0x89/0xb0 [ 886.130403][T21439] ? rt_spin_lock+0x83/0x400 [ 886.130471][T21439] end_report+0x73/0x170 [ 886.130519][T21439] ? rt_spin_lock+0x83/0x400 [ 886.130587][T21439] kasan_report+0x128/0x150 [ 886.130636][T21439] ? rt_spin_lock+0x83/0x400 [ 886.130712][T21439] ? __wake_up_common_lock+0x2f/0x1e0 [ 886.130766][T21439] __kasan_check_byte+0x2a/0x40 [ 886.130814][T21439] lock_acquire+0x84/0x350 [ 886.130888][T21439] rt_spin_lock+0x83/0x400 [ 886.130962][T21439] ? __wake_up_common_lock+0x2f/0x1e0 [ 886.131015][T21439] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 886.131080][T21439] ? __pfx_rt_spin_lock+0x10/0x10 [ 886.131155][T21439] ? rt_spin_unlock+0x14f/0x200 [ 886.131250][T21439] ? rt_spin_unlock+0x160/0x200 [ 886.131324][T21439] __wake_up_common_lock+0x2f/0x1e0 [ 886.131402][T21439] snd_pcm_stop+0x428/0x550 [ 886.131473][T21439] loopback_trigger+0x11ff/0x1cf0 [ 886.131601][T21439] snd_pcm_start+0x43d/0x5d0 [ 886.131675][T21439] __snd_pcm_lib_xfer+0x175a/0x1d10 [ 886.131760][T21439] ? __pfx_interleaved_copy+0x10/0x10 [ 886.131832][T21439] ? __pfx_default_write_copy+0x10/0x10 [ 886.131909][T21439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 886.131979][T21439] ? __pfx___snd_pcm_lib_xfer+0x10/0x10 [ 886.132057][T21439] ? rt_mutex_slowunlock+0x1cb/0x300 [ 886.132137][T21439] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 886.132214][T21439] ? snd_pcm_oss_write3+0x191/0x300 [ 886.132287][T21439] snd_pcm_oss_write3+0x1ab/0x300 [ 886.132375][T21439] snd_pcm_oss_write2+0x2c2/0x440 [ 886.132449][T21439] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 886.132527][T21439] ? rt_spin_unlock+0x14f/0x200 [ 886.132598][T21439] ? rt_spin_unlock+0x160/0x200 [ 886.132675][T21439] snd_pcm_oss_sync1+0x180/0x520 [ 886.132760][T21439] ? __pfx_snd_pcm_oss_sync1+0x10/0x10 [ 886.132853][T21439] ? __pfx_default_wake_function+0x10/0x10 [ 886.132940][T21439] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 886.133015][T21439] ? lockdep_hardirqs_on+0x7a/0x110 [ 886.133075][T21439] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 886.133142][T21439] ? mutex_lock_interruptible_nested+0x152/0x1d0 [ 886.133216][T21439] ? snd_pcm_oss_sync+0x313/0xfc0 [ 886.133293][T21439] ? snd_pcm_format_set_silence+0x12f/0x2d0 [ 886.133316][T21439] snd_pcm_oss_sync+0xab2/0xfc0 [ 886.133357][T21439] snd_pcm_oss_release+0x102/0x250 [ 886.133397][T21439] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 886.133424][T21439] __fput+0x461/0xa70 [ 886.133463][T21439] task_work_run+0x1d9/0x270 [ 886.133537][T21439] ? __pfx_task_work_run+0x10/0x10 [ 886.133641][T21439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.133690][T21439] exit_to_user_mode_loop+0xed/0x480 [ 886.133755][T21439] ? rcu_is_watching+0x15/0xb0 [ 886.133831][T21439] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.133887][T21439] do_syscall_64+0x33e/0xf80 [ 886.133952][T21439] ? trace_irq_disable+0x3b/0x140 [ 886.134015][T21439] ? clear_bhb_loop+0x40/0x90 [ 886.134073][T21439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 886.134136][T21439] RIP: 0033:0x7fdaf963c819 [ 886.134202][T21439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 886.134220][T21439] RSP: 002b:00007fff03c4fd68 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 886.134240][T21439] RAX: 0000000000000000 RBX: 00007fdaf98b7da0 RCX: 00007fdaf963c819 [ 886.134255][T21439] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 886.134266][T21439] RBP: 00007fdaf98b7da0 R08: 0000000000000006 R09: 0000000000000000 [ 886.134278][T21439] R10: 00007fdaf98b7cb0 R11: 0000000000000246 R12: 00000000000d83c3 [ 886.134291][T21439] R13: 00007fdaf98b618c R14: 00000000000d8149 R15: 00007fdaf98b6180 [ 886.134313][T21439] [ 886.135375][T21439] Kernel Offset: disabled