last executing test programs: 2m55.619071152s ago: executing program 1 (id=24111): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000002c0)={0x4, "421ae3543785259649154c631fb18e6a2ba2b1000000000000000000000007ee"}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f00000010c0)={0x9, "99bdb1b0c7251b0894d3f0230a74bd856e3c10db57c3f7484d9ed4190dbc00f3"}) r1 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) read$FUSE(r1, &(0x7f0000004a80)={0x2020}, 0x2020) 2m55.588080608s ago: executing program 1 (id=24112): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c) listen(r0, 0x100) r1 = dup(r0) sendmsg$inet_sctp(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000300)="d9", 0xff82}], 0x1, &(0x7f0000000280)=[@dstaddrv4={0x18, 0x84, 0x7, @local}], 0x18, 0x48d5}, 0x8050) 2m55.553137766s ago: executing program 1 (id=24113): epoll_create1(0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10000, 0xffffffff, 0x1be}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 2m55.520362595s ago: executing program 1 (id=24114): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 2m54.65359461s ago: executing program 1 (id=24124): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'macvlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000100005800a000400aaaaaaaaaabb000008000300030000000a000400aaaaaaaab1aa000008000500", @ANYRES32=r2], 0x68}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@getchain={0x2c, 0x11, 0x839, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r2, {0x1, 0x6}, {0xd}, {0x11, 0xfff1}}, [{0x8, 0xb, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x84}, 0x0) 2m54.491695301s ago: executing program 1 (id=24125): connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001080002400a7b1af2140003"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 2m54.197370501s ago: executing program 32 (id=24125): connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a3200000000280004800800014000000001080002400a7b1af2140003"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) 6.720302726s ago: executing program 2 (id=26064): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfb, 0x20}, 0xc) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) 6.665833453s ago: executing program 2 (id=26065): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x400, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) r3 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000cc0)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e997ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bb"], 0x0}, 0x94) syz_io_uring_submit(r1, r2, &(0x7f00000003c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r3, 0x0, 0x0, 0xfffffd49, 0x20044080, 0x1}) io_uring_enter(r0, 0x27e2, 0x0, 0x0, 0x0, 0x0) 6.577414155s ago: executing program 2 (id=26066): connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x0, @broadcast}, 0x6e) syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x5a, 0x29, 0x2e, 0x8, 0xc10, 0x0, 0x95a7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xa2, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc5, 0x4, 0x0, 0xf1, 0x78, 0xa9, 0x5b}}]}}]}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[], 0x0) ioctl$EVIOCRMFF(r0, 0x40085507, &(0x7f0000000100)=0xb) 3.412831604s ago: executing program 2 (id=26112): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0xeeee8000, 0x4, 0x81c, 0xeffffdff, 0x0, [{0x0, 0x10, 0xd}, {0x9, 0x5, 0x0, '\x00', 0xff}, {0xfc, 0x8, 0x2}, {0x6, 0x90, 0x3, '\x00', 0x2}, {0x48, 0x0, 0x7, '\x00', 0x10}, {}, {0x0, 0x84, 0xbe}, {0x3, 0x1, 0xd2, '\x00', 0xf9}, {0x0, 0x3, 0x0, '\x00', 0xff}, {0x4c, 0x6, 0x2, '\x00', 0x3e}, {0xd3, 0x2, 0xbe}, {0xe, 0x32, 0x5a}, {0x2, 0x0, 0x2, '\x00', 0x3}, {0x0, 0x4f}, {0x4, 0x2, 0x4, '\x00', 0xfe}, {0x0, 0x6, 0x3, '\x00', 0x5}, {0x1, 0x9e, 0x0, '\x00', 0x4}, {0x3, 0xff, 0x0, '\x00', 0xdd}, {0x1, 0x7, 0x3, '\x00', 0x8b}, {0x80, 0x7, 0x7, '\x00', 0x7}, {0x5, 0xe5}, {0x0, 0x40, 0x4, '\x00', 0x70}, {0x1, 0x0, 0x1, '\x00', 0xe}, {0x10, 0x80, 0xe, '\x00', 0xf4}]}}) 3.15461239s ago: executing program 2 (id=26117): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "b39625e03be22ead", "8da0640c9e8f6b81143f1a1a6d81ee2b", "3b0e7088", "19a4216dfdbf6602"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "34368cd7c3d9641d", "78ae58a5fc601ca7df9cc92c6349fa52", "aa2bd2b3", "f34bf4be357cbf2c"}, 0x28) 3.013439502s ago: executing program 2 (id=26120): r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="120100006df57108e2042414ebc7010203010902380003960000000904cc070002596105052406000105240006000d240f01900800000000070008060600000011090401"], 0x0) syz_usb_control_io$lan78xx(r0, &(0x7f0000000280)={0x14, 0x0, &(0x7f0000000840)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) 2.857070445s ago: executing program 3 (id=26123): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) fcntl$setstatus(r0, 0x4, 0x800) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x10, 0x0, 0x180000}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 2.717023162s ago: executing program 3 (id=26126): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x170, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528) r1 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x7}, 0x1c) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100)="e0b9", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7e7b38}, 0x50) writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0x5dc}], 0x1) 2.397464151s ago: executing program 3 (id=26129): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmmsg$unix(r1, &(0x7f0000003900)=[{{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000000340)=""/12, 0xc}, {&(0x7f0000000700)=""/218, 0xda}], 0x2}}], 0x1, 0x41, 0x0) 2.20057614s ago: executing program 3 (id=26130): socket$packet(0x11, 0xa, 0x300) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000140)={@local, @random="19d0246dd802", @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x9, 0x2c, 0x68, 0x0, 0xfd, 0x6, 0x0, @remote, @local, {[@end]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x4, 0x2}}}}}}, 0x0) 1.955329829s ago: executing program 4 (id=26134): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80, 0xfd}, 'port1\x00', 0x7a, 0x11cfa, 0x0, 0x8080008, 0x3, 0x4, 0x1000001}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000080)={0x800100, 0xfffffffb, 0x2, 0x3, 0x2fca, 0xce0}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) read(r0, &(0x7f0000000000)=""/107, 0x6b) 1.861806351s ago: executing program 4 (id=26135): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x101901, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x971}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000005c0)={0x1, 0x0, [{0x5, 0x2, 0x1, 0x0, @adapter={0xfffffffffffffffc, 0x62e98891, 0x202, 0x1, 0x5}}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.569668682s ago: executing program 4 (id=26136): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) getpid() socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc010}}, {{&(0x7f0000000e00)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x8000}}], 0x2, 0x0) 1.384643991s ago: executing program 4 (id=26137): r0 = syz_io_uring_setup(0x17af, &(0x7f0000000380)={0x0, 0x0, 0x13290}, &(0x7f0000000300), &(0x7f0000000000)) r1 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0x101}], 0x1, 0x0, 0x0) r2 = epoll_create(0x4) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f00000002c0)={0x4}) 1.270141592s ago: executing program 3 (id=26139): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000280)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0xa000000, 0x80000002, 0x7, 0x0, 0x2, 0x4000000, 0xd, 0x20000}) 1.096444473s ago: executing program 3 (id=26140): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f44010203010902120001000000000904"], 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xdc3, 0x0) fcntl$setstatus(r2, 0x4, 0x2000) syz_usb_disconnect(r1) close_range(r0, 0xffffffffffffffff, 0x0) 844.007729ms ago: executing program 0 (id=26143): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe5, 0x10}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0xfffd}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0x1, 0xfff1}, {0xf, 0x6}}}, 0x24}}, 0x0) 735.630618ms ago: executing program 0 (id=26145): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="19", 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000002c0)={0x0, 0x1}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8) 684.775149ms ago: executing program 5 (id=26146): sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000003f00000008", @ANYRES32], 0x7c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8d0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x13, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff886411", 0x0, 0xfe, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8}, 0x50) write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @address_request}}}}, 0x0) 682.635942ms ago: executing program 0 (id=26147): mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1}) madvise(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x9) 633.400013ms ago: executing program 5 (id=26148): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@delqdisc={0xe4, 0x25, 0x400, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}, {0x9, 0xf}, {0x3, 0x1}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xf}}, @qdisc_kind_options=@q_fq={{0x7}, {0x2c, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x1}, @TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x10}, @TCA_FQ_ORPHAN_MASK={0x8, 0xa, 0xfffffffc}, @TCA_FQ_INITIAL_QUANTUM={0x8}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x2}]}}, @qdisc_kind_options=@q_cbq={{0x8}, {0x7c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0xf8, '\x00', 0x4fe, 0x6, 0x800, 0x82a1}}, @TCA_CBS_PARMS={0x18, 0x1, {0x10, '\x00', 0xe32, 0x7, 0x0, 0x9}}, @TCA_CBS_PARMS={0x18, 0x1, {0x9, '\x00', 0x73b8, 0x0, 0x2, 0x10000}}, @TCA_CBS_PARMS={0x18, 0x1, {0x3, '\x00', 0x7, 0xd, 0x9, 0x5}}, @TCA_CBS_PARMS={0x18, 0x1, {0x3, '\x00', 0x20, 0xfffffff9, 0x7, 0x1}}]}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x4000}, 0x2084) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$unix(r1, &(0x7f00000020c0)=[{{&(0x7f00000050c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000000540)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="24000000000000001701"], 0x28, 0x2000c000}}], 0x2, 0x88) 595.882955ms ago: executing program 0 (id=26149): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x3, @mcast2, 0x5}, 0x1c) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0xff, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x1, 0x1000, 0xc, 0x9, 0x4, 0xc4, 0x0, 0x5, 0x6a, 0x3, 0x0, 0xfb}, {0x1, 0xd000, 0x8, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x4, 0x4}, {0x6000, 0x100000, 0xf, 0x0, 0x4, 0x4, 0x0, 0x0, 0x0, 0x3e}, {0xeefe0000, 0x0, 0x0, 0x78, 0x8, 0x0, 0x2, 0x0, 0x40, 0xfe, 0x5}, {0x0, 0xeeee8000, 0x0, 0x4, 0x4, 0x2, 0xa1, 0x20}, {0xf000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x8}, {0x80a0000, 0x3}, {0xdddd1000}, 0xddf8ffcf, 0x0, 0x0, 0x122, 0x0, 0x800, 0x0, [0x80000001, 0x0, 0x1]}) 526.16566ms ago: executing program 5 (id=26150): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="6507060082762422f9a30250a90def79e5ddb933b83b8f8f1a0daad170478560f60eb8dc258ded60aee45b04b15db386", 0x30) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000002940)=[{0x0, 0x0, &(0x7f0000003dc0)=[{&(0x7f0000000280)="1b54beef9765f16d31f668d2db37f75318510ca6025213c6788499c98b9f0e2ff0ef3c7144fbf86f9f5723d4dd85b291e05f5e2aff1bf823e761dd38fed3c9d4fd078734acf85dae7e65c031996462832f2e43e417a5bb2caf853034fa56ca2546e93a9f675d2eb87a6a77b0e612", 0x6e}, {&(0x7f0000002b40)="fb1add96eb5c4cee3df251747b4c22fa53f4688d7e1de775eb384e67c6582a1c81de03b4a72c33625ef534c5ca4d2efe7943bb3192c53781854a9d34a1bf7e0d6284f0e66080d445b540a2f7e462a8338abd11bf2789063bf6f3064a921853c52bdf68e827858e06ccf3ed47c27b11f2bf39d587a2912ef9643a51e3bf0e366ffac35589fa3784872a51aac3c75257fd292fe52d6b896d0c41961cb60e797fa328f5b86561291635c839bff7e1c824bce99130465d4753b7696b7cd22cfaf8cc647a8852f3ee63fcc4e04f581b45f8a7cbd6fa55ed355666311f6250845bf1580972a8f8b3f6ff65b26544bc917ae8a6fabbfd205cd10a43b35bbb8de22a73d76c01f9c799fc7f0c3e3d2bc7ff1e361b70a1b26063daa61716907012fb463670842f23df5c4ba93aaf4ea87b69d2e51da642a62cd1821c93481c70f8e0c8802679dfafa90863a192e59bc782fc6da8835dc3d0cca2bdfbf5af5cfed924b5e67b3c226e6c4f48f7fbd408447c4d3ac827e8ff35339f621f3ceddfd5a61d10cbb3eb0136fe75456e53faaddb363294b99c950dc990bcdace8f4d55c12f06b70faa3184860063e7977934d100952d911dc7394c546b28be0a841d4655e5bf42553538e03d01a3fd8f8cdcbb5f53e8a6f81831bb77067840e6d724f0937a4da1bfd98ef9dc928c99d740b5d74c47bbf2764516f8090dea2028f6cd84407bb3e59339b2a1bd4f3322498fdc7ce75b9c121b6214dd45f5bf089cd72f131ab17a90ff96799ba0cd5887c108f54e8e43dccf443ef7b9db1b3d0ac90ffae0e70cdeed0114618b5a4be8fd32a1c47c17c6c2060e6a6019460dd7c0dd0c0a9582dabd0ff7a39e3a5abc29efac39e701d07a2647af3a6fa4b0ed8a36bde33323700ad477574a06ecb4dc5fd3c47e3222a4a0f34c0f44f6a633c8c3acc7f49e97e17cf6b0a21c2086f32a10901f84d0f04ca592aeea9a674243ae8969228d6d3a1b92ad815748a6a2357bf0b6c4d7780a8e1761d134156f0e67e092d2f7f4c72e9e1f621f15f2dc8645723efcc81028ceb45bcda59ee8097426481bfaa519d7d18d5ac13a969e3bcf5e6b370156f02f8d7c2244d7a17ccbe3e71b9786d9b3fa594f135694de7fdd9d3039e4230560b77e6c35f67238ca6c74f08e03afedf328579e139fcd284db1a0b28e123c6f7c753f9d7987c693fcd05eabb61df341e5fd800afaf135de7b6b5ae1e00957cd1c49365d81f8f32a6844519abd96d007c2c95813ccc05db8346993840c3833706c31db9ed9dcba95fd8cac19855f7b660d9aa31a856874728923a5503b2b653fad90651adeea9e34ffe0f15396e80c86cfe0cec9715b782927bdd6af92f68165f796b1b669cd75a83f48dcd6d4dd10f3b2b74db0ac282c841f17a50cdd250125f2a2a265d0b41bbbab00a616024c0d8b1566eafdba12dc4fd06d8f74892fb273d9ead766bbecdf01d0eb8f3a86294286733785723b64990dda5c09e48b192712b66e5aad37ba4fad103b54a4a879cafb29514af9bad7b54cc7c449067c27dbf0a2cb749f590516123f45baae9caf3a323c00b5bb505e1a00469e8dadded866821d62e4dba70c0d98f358b14fa0e8a52efd3064e7d812f789a403e51ef34458d9fc11589cf09c059bafed44afc11602436b4c19e87cc7decef689e6f80282911d2b8ab26add8c77ded2a26ab228fc09714a42123fd7ede142d23a3aad7d8694456dd1b148efb80bb399cc6dc439c9b364981a06bb8be124bfae2cfcb935a7a28e25d45beda3f837717ac64a6dcf8aedf6c389831f5b805637dc31f3d027936b915b05b2908f69fd77b712b03efdf35240e1130569133c4327a872200a2b3cee19fe7ec59cd40d99ae7ce8c4e9775d111cdae50c7a0f57cf428a9680c6e2a441db24f705a5c65f769e553bea912276cdf4c77458cf61949cb54e0ea326e69e052a61c97dd8ff280096cc2986a94565b2197d77b2f8323beb8c759089ea34c4ee05e57c9c9ade4b4ac2f618f37322a3324c0154af6b3bbdc4524d509fd3c1fe867eb9abea9270435adb9f55349d15f5c3771bab95ac5b136af24a2d844abb7fca26bb80a09438ca18498723d5f8444d8d570fc6e57d084c713f1c2c507afd6d39209674b9e0984576224c5b458118b10eaf29c8eee156186ac1952017869935ca9a8629a36109f9b45617ce858ab834193b722acf24eb089324348ec143347f5849d692ca6e3789e583708448f5e83b2fa0d14b2f71c50191b8c622f4a20f788303be7d4add2e2a137a4230ad8213f03056420ef5c0b8a3af460be4af74c1d5eaa7de9fda13bb40966ca0dd48294f28247961e63cb93c9936daf3d50e11c36c786988d725e9b281e9fcc7ca343163ffc0185630765671949711863f1f6f9bfd93d51776f4097151d0039808fe3c83fb30c37f6e663af18a43a1792c0313767c78e1daff873cb968ab5d4bfb7d253360adc7561f6779a63054bc4d6d42c83c9d278a686862d5190ee8202d61db1291ffb1a56daf5d36a777146dab33544704aacf393adc32cb6ecdf63d64ffd23f82a3a614dd99697b4feb3c8790527c02104d7a870c2372bfddf6bb2cf0a252fb0ce8e4f164dc4e554f5b4994af6c3e7e9c8bca54742c39d26afd720b7f1090c42dfd6f478d419ca55e8562f0ac3501d5167e818c5cf49e852ab51b6659bc22ad671315cbbae409ee50ff683edec1e874663e4222f8278310c6d548b3c3b8bf856fd489524e9451344182c37392489117d6a5dbe4105cd63cb6e732ec4c71d041e669f25b4a6f45559e0d071e123c2ee5db8826928dfd466663f12010cb00d648782896f5598cf8ba77a5f520eed4e5b1e922669344f2b946c4f1f34ad440e1656c6fe928de18d49d92dd613670cd359d10177e6a505742cd790252b3c2dfd0693dc822eae5cf888eded8bf416ae84a8ebe4dc962947e2da1466735c3aa654ac1509da4894df2a07b0c4e36d859411d4f6846087a651dbde79bc67d95eff5ee562faa3bf41d630e8fead5be072c96962af9f798f57130a3a69f12db7abe31c0ba092fbaf3b72b198a8ebdda4ff41aff572cc05dec5e855240773682d8c327b7d1b095de136e27994911578e0ed5b85acffef2d847cf9872805f54fc06a340cba40707fb1df3051d8ee0652e3dd1fce59117d010d1fa258301953479a8fb5b667e0dff028779c9b783ff9acc14e5d9119ab5f0911ecd7e76ab3c61a1bdeb230649b0a93abdc3ba492bda5c027a8af3b07c62ff45009fd22146ef63e1f93e6f0ab89841dbfed9b7923457bda3cce0c5f246e5b5aafce96d0b42f78a360a3ce70d7def6c141f81fcf7d4d29a238230ed2e875e77280df2afc7ba89f46e643a3553ae4e19ec752ac254645eb03328c9433cf301fee475d0502e7c5ce1122207fed519cda00c758fdaacf291db9a6ccc3a33d00783b6c71629ebf6814aeacbf246150c3f11b1c1c9acdaa29cc1ca324401a5535c7ae95240a8fa034684630e1f667d88cc6e3965896c3ed006c244a83ca415e12389945812928b4744fbcb87f9f4a94da52d9ccbb50313d400fd725869e4cfccbc5022fbaffdda7d59484d90cca55f806f3e43e0b31fb3b72d00d434067c3adcee8b8e4a1a9af700130c494feb5a3596e6555b8f70e428c053f681f3366c54e540bfd468fb1f1df52678cd6eccb70e6b6f7cab0488e22883e8edab25df2299f79f550059123b42bcc5c5e5f8c211529af648a00625c74c5a98ea2adf316fd364c6cd833dcd6d8fcd66b164f6089aad7abc23e9ca4459de0d551c227d0b518d94669603a1f4bd7cf25ac79f44d117fb846eac0d03b9b7a4f744b723440c0f967e53488b16df869375681957ba273358d5fe976f07b64f37e5d9048c8fa4b59076806464aa962d12dee3e23c02dafc5e1e11dd7c4b842b1c19051f4bc0a2f94bd60d0219fa5008448b0a83d5368020b57f629a6491224846ecd5e857234827745e7347861379259f130b29067874d12142e4eaa881503828d865414a1a4bd0ec4d67f62655b4f4e5bdf4cd9e7d4e9deb62e543464d32b2a31d90f28cb348de51c35c019a7883fe8d64e489aa9648e56c49a1d913c3145b661d18c83f6fec738eb59a3b483fd9470d3cbd79e4694e3b276ba5a1cb5cf55fa1e78b0a7d45bcfbe1932f661fd237509cd6988c275f6518cf7c017bb6849eeb914e8c7e49d032ff9e5afb96b9ffb281722eebb31b5d7a60bee49740beb6d934eaf2269c4220fe64265ad4e20c3f57e5cc94c6eb27938e7ace5e178cdaf3854220a4ba7d4e093d0ecc66a1c7a593746f219d64f0ea3e07b8068be7bec4e3a72baae04cd5b61a38257411fa4beda5391c4c8d7139f67689c5af41ccadad0f7fb7f5a6d54fd2421d89b344cb7842bb13db806dd431c9440ef41d927a03c1db59c7c8e6ba672608611e6aa7b2073ef54b0d30fd66dd825959a75fc0029fe14d9736b5ba64b9beb11382c25bd52f242d5d0b5b792961172aca220a740af5cab923010761333e6d1bd6a321682a7a0ac67c1355c75f59784afcca66500fda6aa7b55fd384c343b10782fe106ed201d4c8c0e0a8571472760ce1849a94a29b9ddfc7ffdb0a1916924dcc4dc585b11b7d8b23680151a38a934abbabdee27dbdac519935f221b0e96933e51c0f34f41a2dceb001347a6b59c21f2039923b12afca5f4b196665558734f74e9d365ad373d5a4693ba013faa48fde4d91fb72a96952a4f470012592fdc99b2b1a3c2fa63058433d9295d8881252ac3e7ca8c42247c4c6e62ff5858c1ff26b3d5acb2b9494fe11e39e53d36a909ea629179ecc421798613e92f905e5bd00cb80ce06d20888b25a73374ac1e46b32328335c5a6457eb0746586e4c1bb737c62fbb76f716b304b7ead09bffc2fd2bcbcb8c10506ab71c73c792031e5baec0dc1284e8ec252aa53eea642c4b80e6edaf9ecef48b148e5c5e82427fec11f53e1637f703a34d0ebda7726d43c9984fd7fe189f3b96b267d7772eac5508d5b21cf4f459c3f0e499d90e4a2350c8baed849cf4bb49811afab9fcbba4150c1f9b529f41fbe938dd1ccaf7de0bd48521871e4af580c82ce9a9129aed8542dc7b03cc48d4274ebcf55b6a9aa89c105c811b9915716fa7853bb8123dd865d364f56d61c90bb0be24a8cc8db383507cd5976775ef92344e5b2e95977a53d8e7ea0a820aad6cc9e29991730bcd27e8a1f6a3fdc338a90300fd37fb598311269dd1f10b6ad4fbc3679901f8839c34fe6f4b8f284b88b571949e9752c0ca44676f07a6355da1ddb2269b80dea671349a91d97c23d456668880f906233f8ea255bfc2872cc1fed7cae4a1ee06c1323f480a12723377eac8589e5442a9ba4fe782e356fd7f2185684aa5be4e53043f4853f8cafe6d46bcc1aaced4fe9b445454476b9d0ce5fdfcccd5c226b1284735fac639964346fc10b79ba5335296eab767cbbc76168abbeb0fc1d9134e9171c4d17daa6d051438780392157698d010742e07ce3b5b27aed7674262e6d6ee94fd4dfbad8a2a918f63cc94d46f5f9562726529c6d22e0aa6fac975a9eb925bffde1e0dda1794437fef867c710d2036ad4b14280b0b16808775fa4cc5fb603d8f9d5c4a84266326363eccb64fb9c", 0xf93}], 0x2, &(0x7f0000000300)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000800}], 0x1, 0x4054) recvmsg(r1, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000002b00)=[{&(0x7f0000003f80)=""/4117, 0x1015}], 0x1}, 0x20f2) 448.955415ms ago: executing program 4 (id=26151): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000080)="67400f07c40249af4b8bb9800000c00f3235010200000f300f20a366450f769e00000100440f20c03588001d00445b66baf80cb88cf4b684ef66bafc0ced460f01c9c4827d24c366ba4cf0ff07ef87f345a57a43e16806a4", 0x58}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000900)={{0x2000, 0x1000, 0x8, 0xff, 0xfb, 0x64, 0xc1, 0x5, 0x0, 0x2e, 0x48}, {0x5000, 0x2000, 0xb, 0x6, 0x40, 0x4, 0x7d, 0x7, 0x5, 0x3, 0x6}, {0xeeef0000, 0xeeef0000, 0xb, 0x5, 0x83, 0x7, 0x40, 0x9, 0x1, 0xa7, 0x8, 0x81}, {0xeeee8000, 0x4000, 0xf, 0x4b, 0x7f, 0x43, 0xb, 0xb, 0x8, 0xaf, 0xe, 0x11}, {0x4000, 0x8000000, 0xb, 0x1, 0x15, 0x7, 0xab, 0x8, 0x7, 0x83, 0xf4}, {0x8000000, 0x80a0000, 0x8, 0x1c, 0x4, 0x1, 0x7, 0xa0, 0x80, 0x10, 0x1, 0xb}, {0x3000, 0x8000000, 0xa, 0x5, 0x7, 0x5, 0x6, 0x2, 0x5, 0x81, 0xff, 0x44}, {0x8080000, 0x1000, 0xf, 0xd, 0x2, 0x7, 0x4, 0x34, 0xda, 0x5, 0xd9, 0x9}, {0x10000, 0x30}, {0x7000, 0xd}, 0x80000031, 0x0, 0x8000000, 0x426b5, 0x107, 0x1003, 0xeeee8000, [0x8, 0x2, 0x0, 0x10000000ff]}) 401.588777ms ago: executing program 0 (id=26152): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000100)="6766f30f09670f2386f9b6b580020f3036773e0f080f229d66b888000f00d00f060f00c2", 0x24}], 0x1, 0x0, 0x0, 0x0) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1) ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000180)) ptrace$cont(0x21, r0, 0x80000001, 0x4) 391.965756ms ago: executing program 5 (id=26153): r0 = socket(0x1, 0x5, 0x0) close(0x3) syz_open_dev$sg(&(0x7f0000000080), 0x4a38, 0x200) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000500)={0xe000200c}) ppoll(&(0x7f0000000140)=[{r1, 0x10}, {r0, 0xa700}], 0x2, 0x0, 0x0, 0x0) 241.680118ms ago: executing program 5 (id=26154): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000180)={0x1}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000240)={[{0x9, 0x5, 0x13, 0x1, 0x0, 0x5f, 0x3, 0x0, 0xa6, 0x2, 0x5, 0x6}, {0xfffffff9, 0x4004, 0x0, 0x0, 0x0, 0xf6, 0x1, 0x8, 0x4, 0xff, 0x4, 0x0, 0x800000000000000}, {0xffffff01, 0x35, 0x0, 0x0, 0x4, 0x5, 0x7, 0xfe, 0x5, 0x8, 0xf2, 0x4}]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000002400)={[{0x3, 0xce, 0xfa, 0x5, 0x3, 0x96, 0x9, 0x6, 0x75, 0x0, 0x2, 0x6, 0xffffffff}, {0x15, 0x1, 0x6, 0x2, 0x1, 0x6, 0x2, 0x6, 0xb, 0x5, 0x4, 0x9, 0x1}, {0x2, 0x1000, 0x8, 0x52, 0x1, 0x2a, 0x7f, 0x8, 0xb, 0x40, 0xf4, 0x4, 0x200}], 0xfffffffe}) 207.633261ms ago: executing program 4 (id=26155): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x0, 0xeeef0000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x3, 0x1, 0xdddd1000, 0x1000, &(0x7f0000fe9000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 109.466467ms ago: executing program 0 (id=26156): mknod(0x0, 0x8001420, 0x0) r0 = mq_open(&(0x7f0000000040)='\'\x00]\xa5\xdf?\x86\xcf\xfb\xfe\x10\xf5\xcdrGQf\x10:\xce\xb0FeP3\xb2\xd3.\xd0{\x11\xe4\x94\xfd\xaa\xbb\xbc\xe6\x19y\x1f\x92\x0f}\xaf\xa7', 0x8c1, 0xe, 0x0) unshare(0x2a020400) connect$inet(0xffffffffffffffff, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) mq_timedreceive(r0, 0x0, 0x0, 0x9fb, 0x0) 0s ago: executing program 5 (id=26157): r0 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[@cpuid={0x64, 0x18, {0xfffffff9, 0x8}}], 0x18}) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000001c0)={0x3, 0x0, [{0x2, 0xa, 0x1, 0xc, 0xfffffffd, 0x4, 0x9583}, {0xc0000000, 0x8001, 0x0, 0x4, 0x5ec, 0x1, 0xb}, {0x0, 0x0, 0x7, 0x2, 0x20b, 0x3, 0x2}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): sing dummy_hcd [ 1279.741141][ T6201] usb 2-1: Using ep0 maxpacket: 16 [ 1279.748011][ T6201] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1279.760080][ T6201] usb 2-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 1279.769711][ T6201] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1279.780232][ T6201] usb 2-1: config 0 descriptor?? [ 1280.205614][ T6201] input: HID 041e:3100 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:041E:3100.00BE/input/input218 [ 1280.298247][ T6201] creative-sb0540 0003:041E:3100.00BE: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.1-1/input0 [ 1280.405525][T28869] usb 2-1: USB disconnect, device number 50 [ 1281.159315][T15008] sctp: [Deprecated]: syz.3.24115 (pid 15008) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1281.159315][T15008] Use struct sctp_sack_info instead [ 1281.991141][ T6364] usb 4-1: new full-speed USB device number 47 using dummy_hcd [ 1282.144466][T14686] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1282.173761][ T6364] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1282.201146][ T6364] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1282.230986][ T6364] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 1282.240120][ T6364] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1282.244853][T14686] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1282.269381][ T6364] usb 4-1: config 0 descriptor?? [ 1282.278818][T15032] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1282.367982][T14686] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1282.456563][T14686] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1282.493749][ T6364] usbhid 4-1:0.0: can't add hid device: -71 [ 1282.507110][ T6364] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1282.519056][ T6364] usb 4-1: USB disconnect, device number 47 [ 1282.835716][T14686] bond0: left allmulticast mode [ 1282.844947][T14686] bond_slave_0: left allmulticast mode [ 1282.870264][T14686] bond_slave_1: left allmulticast mode [ 1282.890381][T14686] bond0: left promiscuous mode [ 1282.900606][T14686] bond_slave_0: left promiscuous mode [ 1282.920751][T14686] bond_slave_1: left promiscuous mode [ 1282.934128][T14686] bridge0: port 3(bond0) entered disabled state [ 1282.975104][T14686] bridge_slave_1: left allmulticast mode [ 1282.980794][T14686] bridge_slave_1: left promiscuous mode [ 1282.982735][ T6201] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1282.999288][T14686] bridge0: port 2(bridge_slave_1) entered disabled state [ 1283.075899][ T5154] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1283.088500][ T5154] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1283.097570][ T5154] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1283.106458][ T5154] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1283.116642][ T5154] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1283.191294][ T6201] usb 4-1: Using ep0 maxpacket: 32 [ 1283.222072][ T6201] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1283.264921][ T6201] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 1283.298485][ T6201] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1283.342777][ T6201] usb 4-1: config 0 descriptor?? [ 1283.798520][ T6201] hid-rmi 0003:06CB:81A7.00BF: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.3-1/input0 [ 1284.043696][ T6201] usb 4-1: USB disconnect, device number 48 [ 1284.921186][T14686] geneve0 (unregistering): left promiscuous mode [ 1284.928776][T14686] team0: Port device geneve0 removed [ 1285.206608][ T5154] Bluetooth: hci1: command tx timeout [ 1285.317126][T14686] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1285.327295][T14686] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1285.337480][T14686] bond0 (unregistering): Released all slaves [ 1285.475336][T14686] bond1 (unregistering): Released all slaves [ 1285.614104][T14686] bond2 (unregistering): Released all slaves [ 1285.626639][T14686] bond3 (unregistering): Released all slaves [ 1285.638665][T14686] bond4 (unregistering): Released all slaves [ 1285.651065][T14686] bond5 (unregistering): Released all slaves [ 1285.665773][T14686] bond6 (unregistering): Released all slaves [ 1286.494227][T15102] chnl_net:caif_netlink_parms(): no params data found [ 1286.709510][T15340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1286.807942][T15102] bridge0: port 1(bridge_slave_0) entered blocking state [ 1286.815925][T15102] bridge0: port 1(bridge_slave_0) entered disabled state [ 1286.823857][T15102] bridge_slave_0: entered allmulticast mode [ 1286.833565][T15102] bridge_slave_0: entered promiscuous mode [ 1286.862466][T15102] bridge0: port 2(bridge_slave_1) entered blocking state [ 1286.879585][T15102] bridge0: port 2(bridge_slave_1) entered disabled state [ 1286.893394][T15102] bridge_slave_1: entered allmulticast mode [ 1286.901879][T15102] bridge_slave_1: entered promiscuous mode [ 1286.972683][T15102] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1286.999146][T15102] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1287.098658][T15102] team0: Port device team_slave_0 added [ 1287.107729][T15102] team0: Port device team_slave_1 added [ 1287.244832][T14686] : left promiscuous mode [ 1287.281731][ T5154] Bluetooth: hci1: command tx timeout [ 1287.341218][T15102] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1287.378885][T15102] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1287.404878][ C1] vkms_vblank_simulate: vblank timer overrun [ 1287.454780][T15102] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1287.506895][T14686] : left promiscuous mode [ 1287.548852][T15102] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1287.593172][T15102] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1287.619229][ C1] vkms_vblank_simulate: vblank timer overrun [ 1287.731077][T15102] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1287.801309][T14686] tipc: Left network mode [ 1287.924118][T14686] IPVS: stopping backup sync thread 24435 ... [ 1287.959680][T15102] hsr_slave_0: entered promiscuous mode [ 1287.987146][T15102] hsr_slave_1: entered promiscuous mode [ 1288.004123][T15102] debugfs: 'hsr0' already exists in 'hsr' [ 1288.019408][T15102] Cannot create hsr debugfs directory [ 1288.773806][T14686] batadv_slave_0: left promiscuous mode [ 1288.786156][T14686] hsr_slave_0: left promiscuous mode [ 1288.792960][T14686] hsr_slave_1: left promiscuous mode [ 1289.171068][ T6364] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1289.179267][T14686] team_slave_1 (unregistering): left promiscuous mode [ 1289.189199][T14686] team0 (unregistering): Port device team_slave_1 removed [ 1289.229713][T14686] team_slave_0 (unregistering): left promiscuous mode [ 1289.237514][T14686] team0 (unregistering): Port device team_slave_0 removed [ 1289.333666][ T6364] usb 4-1: Using ep0 maxpacket: 32 [ 1289.341605][ T6364] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 1289.350110][ T6364] usb 4-1: config 0 has no interface number 0 [ 1289.356455][ T5154] Bluetooth: hci1: command tx timeout [ 1289.367708][ T6364] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1289.377390][ T6364] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1289.386623][ T6364] usb 4-1: Product: syz [ 1289.391065][ T6364] usb 4-1: Manufacturer: syz [ 1289.395725][ T6364] usb 4-1: SerialNumber: syz [ 1289.404411][ T6364] usb 4-1: config 0 descriptor?? [ 1289.413209][ T6364] smsc95xx v2.0.0 [ 1289.747826][T15102] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1289.766194][T15102] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1289.777716][T15102] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1289.796871][T15102] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1289.817733][ T6364] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 1289.863009][ T6364] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1290.109948][T14686] IPVS: stop unused estimator thread 0... [ 1290.203840][T15102] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1290.234883][T15102] 8021q: adding VLAN 0 to HW filter on device team0 [ 1290.250118][T32002] bridge0: port 1(bridge_slave_0) entered blocking state [ 1290.257388][T32002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1290.303595][ T6364] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 1290.318072][T14686] bridge0: port 2(bridge_slave_1) entered blocking state [ 1290.325308][T14686] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1290.336081][ T6364] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 1290.355465][ T6364] usb 4-1: USB disconnect, device number 49 [ 1290.534720][T15102] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1290.667070][T15102] veth0_vlan: entered promiscuous mode [ 1290.699090][T15102] veth1_vlan: entered promiscuous mode [ 1290.797523][T15102] veth0_macvtap: entered promiscuous mode [ 1290.818988][T15102] veth1_macvtap: entered promiscuous mode [ 1290.847392][T15102] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1290.882765][T15102] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1290.932244][ T7639] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1291.016657][ T7639] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1291.045248][ T7639] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1291.110245][ T7639] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1291.333808][ T30] kauditd_printk_skb: 87 callbacks suppressed [ 1291.333826][ T30] audit: type=1326 audit(1764844178.981:8269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.399558][ T893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1291.424003][ T893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1291.441659][ T5154] Bluetooth: hci1: command tx timeout [ 1291.447235][ T30] audit: type=1326 audit(1764844178.981:8270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.469831][ C1] vkms_vblank_simulate: vblank timer overrun [ 1291.483583][ T30] audit: type=1326 audit(1764844178.981:8271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f329532b829 code=0x7ffc0000 [ 1291.603813][T15713] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24172'. [ 1291.611373][ T30] audit: type=1326 audit(1764844178.981:8272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f329532b829 code=0x7ffc0000 [ 1291.635236][ C1] vkms_vblank_simulate: vblank timer overrun [ 1291.693517][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1291.719661][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1291.776606][ T30] audit: type=1326 audit(1764844178.981:8273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.799194][ C1] vkms_vblank_simulate: vblank timer overrun [ 1291.828121][ T30] audit: type=1326 audit(1764844178.981:8274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.850696][ C1] vkms_vblank_simulate: vblank timer overrun [ 1291.865017][ T30] audit: type=1326 audit(1764844178.981:8275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f329532b829 code=0x7ffc0000 [ 1291.894571][ T30] audit: type=1326 audit(1764844178.981:8276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.927360][ T30] audit: type=1326 audit(1764844178.981:8277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1291.949983][ C1] vkms_vblank_simulate: vblank timer overrun [ 1292.010639][ T30] audit: type=1326 audit(1764844178.981:8278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15697 comm="syz.3.24171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f329532b829 code=0x7ffc0000 [ 1292.033130][ C1] vkms_vblank_simulate: vblank timer overrun [ 1292.621814][T28871] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1292.785716][T28871] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1292.804601][T28871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.818021][T28871] usb 4-1: Product: syz [ 1292.826653][T28871] usb 4-1: Manufacturer: syz [ 1292.835462][T28871] usb 4-1: SerialNumber: syz [ 1292.846288][T28871] usb 4-1: config 0 descriptor?? [ 1292.856411][T28871] ch341 4-1:0.0: ch341-uart converter detected [ 1293.888870][T28871] ch341-uart ttyUSB0: failed to read break control: -71 [ 1293.912366][T28871] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 1293.984809][T28871] usb 4-1: USB disconnect, device number 50 [ 1294.007486][T28871] ch341 4-1:0.0: device disconnected [ 1294.324754][T15925] batadv_slave_1: entered promiscuous mode [ 1294.350464][T15924] batadv_slave_1: left promiscuous mode [ 1294.487755][T30363] IPVS: starting estimator thread 0... [ 1294.580989][T15934] IPVS: using max 32 ests per chain, 76800 per kthread [ 1294.920993][T28873] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1294.961502][T28871] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 1295.082129][T28873] usb 4-1: Using ep0 maxpacket: 16 [ 1295.089488][T28873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1295.110710][T28873] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1295.120953][T28873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.132421][T28873] usb 4-1: config 0 descriptor?? [ 1295.141587][T28871] usb 6-1: Using ep0 maxpacket: 8 [ 1295.149455][T28871] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1295.160607][T28871] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1295.170522][T28871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1295.181278][T28871] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1295.191929][T28871] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1295.205549][T28871] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1295.215275][T28871] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1295.310304][T15968] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1295.432956][T28871] usb 6-1: usb_control_msg returned -32 [ 1295.438717][T28871] usbtmc 6-1:16.0: can't read capabilities [ 1295.553413][T28873] mcp2221 0003:04D8:00DD.00C0: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 1295.802631][T15949] i2c i2c-1: unsupported multi-msg i2c transaction [ 1295.814659][T28873] usb 4-1: USB disconnect, device number 51 [ 1295.939455][T16025] netlink: 24 bytes leftover after parsing attributes in process `syz.2.24221'. [ 1296.015806][T30363] usb 6-1: USB disconnect, device number 2 [ 1297.181051][T30363] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1297.294340][T16095] netlink: 40 bytes leftover after parsing attributes in process `syz.2.24240'. [ 1297.345297][T30363] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1297.364988][T16095] netlink: 80 bytes leftover after parsing attributes in process `syz.2.24240'. [ 1297.379786][T30363] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1297.394572][T30363] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1297.405591][T16095] netlink: 40 bytes leftover after parsing attributes in process `syz.2.24240'. [ 1297.430966][T30363] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1297.444530][T16095] netlink: 80 bytes leftover after parsing attributes in process `syz.2.24240'. [ 1297.470966][T30363] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1297.486408][T30363] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1297.526466][T30363] usb 6-1: config 0 descriptor?? [ 1297.592208][T16110] loop4: detected capacity change from 0 to 4 [ 1297.619472][T16110] Dev loop4: unable to read RDB block 4 [ 1297.639604][T16110] loop4: unable to read partition table [ 1297.648006][T16110] loop4: partition table beyond EOD, truncated [ 1297.659712][T16110] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1297.967929][T30363] plantronics 0003:047F:FFFF.00C1: ignoring exceeding usage max [ 1298.024381][T30363] plantronics 0003:047F:FFFF.00C1: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1298.527242][T16172] netlink: 'syz.2.24259': attribute type 5 has an invalid length. [ 1299.087927][T16197] syzkaller1: entered promiscuous mode [ 1299.094214][T16197] syzkaller1: entered allmulticast mode [ 1299.241610][T16207] input: syz1 as /devices/virtual/input/input219 [ 1300.143672][T30363] usb 6-1: USB disconnect, device number 3 [ 1300.233805][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.240154][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.831634][T28873] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1300.999808][T16337] xt_hashlimit: size too large, truncated to 1048576 [ 1301.011141][T28873] usb 4-1: Using ep0 maxpacket: 8 [ 1301.032707][T28873] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1301.042054][T28873] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1301.071029][T28873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1301.092828][T28873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1301.113684][T28873] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1301.129373][T28873] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1301.158989][T28873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1301.430718][T28873] usb 4-1: usb_control_msg returned -32 [ 1301.444004][T28873] usbtmc 4-1:16.0: can't read capabilities [ 1301.839734][T16402] usbtmc 4-1:16.0: INDICATOR_PULSE returned 0 [ 1302.057909][T28873] usb 4-1: USB disconnect, device number 52 [ 1302.488025][T16375] bridge0: entered promiscuous mode [ 1302.927477][T16481] netlink: 8 bytes leftover after parsing attributes in process `syz.5.24317'. [ 1303.386802][T16513] netlink: 4 bytes leftover after parsing attributes in process `syz.3.24325'. [ 1304.281855][ T6201] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 1304.394628][T16578] af_packet: tpacket_rcv: packet too big, clamped from 39 to 4294967272. macoff=96 [ 1304.461472][ T6201] usb 6-1: Using ep0 maxpacket: 8 [ 1304.469419][ T6201] usb 6-1: config 0 has an invalid interface number: 52 but max is 0 [ 1304.488106][ T6201] usb 6-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 1304.531269][ T6201] usb 6-1: config 0 has no interface number 0 [ 1304.539548][ T6201] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 97, changing to 10 [ 1304.567440][ T6201] usb 6-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24929, setting to 1024 [ 1304.597535][ T6201] usb 6-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1304.610803][ T6201] usb 6-1: config 0 interface 52 has no altsetting 0 [ 1304.623692][ T6201] usb 6-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00 [ 1304.665931][ T6201] usb 6-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34 [ 1304.691746][ T6201] usb 6-1: Product: syz [ 1304.695990][ T6201] usb 6-1: SerialNumber: syz [ 1304.736297][ T6201] usb 6-1: config 0 descriptor?? [ 1304.978359][ T6201] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.52/input/input220 [ 1305.314136][ T6201] usb 6-1: USB disconnect, device number 4 [ 1305.320176][ C1] synaptics_usb 6-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 1306.781864][T28871] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1306.961551][T28871] usb 4-1: Using ep0 maxpacket: 8 [ 1306.968127][T28871] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1306.976897][T28871] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1306.987625][T28871] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1306.997851][T28871] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1307.007828][T28871] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1307.020910][T28871] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1307.029950][T28871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.245464][T28871] usb 4-1: usb_control_msg returned -32 [ 1307.251656][T28871] usbtmc 4-1:16.0: can't read capabilities [ 1307.611341][T16714] usbtmc 4-1:16.0: INITIATE_CLEAR returned 0 [ 1307.814757][T28869] usb 4-1: USB disconnect, device number 53 [ 1307.836116][T16729] netlink: 4 bytes leftover after parsing attributes in process `syz.5.24369'. [ 1309.491095][ T6201] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1309.656407][ T6201] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1309.673840][ T6201] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1309.687898][ T6201] usb 6-1: config 0 descriptor?? [ 1309.708187][ T6201] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1309.971028][T16827] syzkaller1: entered promiscuous mode [ 1309.976896][T16827] syzkaller1: entered allmulticast mode [ 1310.070821][T28869] hid-generic 0000:0000:0000.00C2: unknown main item tag 0x0 [ 1310.104239][T28869] hid-generic 0000:0000:0000.00C2: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1310.115258][ T6201] cpia1 6-1:0.0: unexpected state after lo power cmd: 00 [ 1310.517037][ T6201] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0) [ 1310.727497][T28869] usb 6-1: USB disconnect, device number 5 [ 1310.978485][T16876] gretap0: entered promiscuous mode [ 1312.965398][T16985] Invalid logical block size (-2) [ 1314.505818][T17046] loop9: detected capacity change from 0 to 7 [ 1314.514498][ T4654] Dev loop9: unable to read RDB block 7 [ 1314.520105][ T4654] loop9: unable to read partition table [ 1314.527501][ T4654] loop9: partition table beyond EOD, truncated [ 1314.541077][T17046] Dev loop9: unable to read RDB block 7 [ 1314.547292][T17046] loop9: unable to read partition table [ 1314.553904][T17046] loop9: partition table beyond EOD, truncated [ 1314.560194][T17046] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1315.341037][ T706] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 1315.493974][ T706] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1315.505825][ T706] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1315.517715][ T706] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1315.527695][ T706] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1315.540770][ T706] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1315.550005][ T706] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1315.560311][ T706] usb 6-1: config 0 descriptor?? [ 1316.007641][ T706] plantronics 0003:047F:FFFF.00C3: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1316.176178][T17097] syzkaller1: entered promiscuous mode [ 1316.201091][T17097] syzkaller1: entered allmulticast mode [ 1317.446054][T17150] netlink: 'syz.2.24477': attribute type 29 has an invalid length. [ 1317.457497][T17150] netlink: 'syz.2.24477': attribute type 29 has an invalid length. [ 1317.473046][T17150] netlink: 500 bytes leftover after parsing attributes in process `syz.2.24477'. [ 1317.731139][T17169] loop5: detected capacity change from 0 to 3415 [ 1317.731801][T17170] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24483'. [ 1317.780461][T17174] loop5: detected capacity change from 3415 to 4663 [ 1317.957586][ T4654] buffer_io_error: 25 callbacks suppressed [ 1317.957607][ T4654] Buffer I/O error on dev loop5, logical block 582, async page read [ 1318.066058][ T6201] usb 6-1: USB disconnect, device number 6 [ 1318.282766][ T4654] Buffer I/O error on dev loop5, logical block 582, async page read [ 1318.474544][T17221] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40 [ 1318.563921][ T4654] Buffer I/O error on dev loop5, logical block 582, async page read [ 1319.345623][T17264] ip6tnl4: entered promiscuous mode [ 1319.351234][T17264] ip6tnl4: entered allmulticast mode [ 1319.471141][T17273] binfmt_misc: register: failed to install interpreter file ./file1 [ 1319.545482][T17278] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24503'. [ 1320.362353][ T30] kauditd_printk_skb: 92 callbacks suppressed [ 1320.362371][ T30] audit: type=1326 audit(1764844208.021:8371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.399051][ T30] audit: type=1326 audit(1764844208.021:8372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.424503][ T30] audit: type=1326 audit(1764844208.051:8373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.446970][ C1] vkms_vblank_simulate: vblank timer overrun [ 1320.455317][ T30] audit: type=1326 audit(1764844208.051:8374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.481223][ T30] audit: type=1326 audit(1764844208.051:8375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.505565][ T30] audit: type=1326 audit(1764844208.051:8376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.530002][ T30] audit: type=1326 audit(1764844208.051:8377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.555498][ T30] audit: type=1326 audit(1764844208.051:8378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.580806][ T30] audit: type=1326 audit(1764844208.051:8379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1320.604075][ T30] audit: type=1326 audit(1764844208.051:8380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17345 comm="syz.2.24518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1321.211886][T17369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24526'. [ 1322.180592][T17398] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1322.181898][ T706] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1322.371206][ T706] usb 6-1: Using ep0 maxpacket: 8 [ 1322.383239][ T706] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1322.403191][ T706] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1322.424462][ T706] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1322.451473][ T706] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1322.497741][ T706] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1322.526084][ T706] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1322.596625][T17417] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1322.686802][T17423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24542'. [ 1322.763165][ T706] usb 6-1: GET_CAPABILITIES returned 0 [ 1322.780023][ T706] usbtmc 6-1:16.0: can't read capabilities [ 1322.791727][ T6364] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 1322.952601][ T6364] usb 4-1: Using ep0 maxpacket: 32 [ 1322.964483][ T6364] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 1322.975301][ T6364] usb 4-1: config 0 has no interface number 0 [ 1322.989667][ T6364] usb 4-1: config 0 interface 12 has no altsetting 0 [ 1323.000552][ T6364] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 1323.007779][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1323.019784][ T6364] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1323.023888][ T706] usb 6-1: USB disconnect, device number 7 [ 1323.049169][ T6364] usb 4-1: Product: syz [ 1323.055958][ T6364] usb 4-1: Manufacturer: syz [ 1323.060580][ T6364] usb 4-1: SerialNumber: syz [ 1323.086708][ T6364] usb 4-1: config 0 descriptor?? [ 1323.599505][T17461] input: syz0 as /devices/virtual/input/input223 [ 1323.728778][T17471] loop5: detected capacity change from 0 to 7 [ 1323.736314][ C0] blk_print_req_error: 25 callbacks suppressed [ 1323.736331][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.751688][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.760217][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.769397][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.777493][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.786772][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.795050][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.804287][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.823002][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.832267][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.841217][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.850414][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.859934][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.869167][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.877365][T17471] ldm_validate_partition_table(): Disk read failed. [ 1323.887263][T17479] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.24553'. [ 1323.889933][ C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.905890][ C0] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.914181][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.922834][ T6364] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 20 failed: -71 [ 1323.923413][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.947227][ T6364] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 1323.947864][ C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1323.955018][ T6364] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 1323.963809][ C1] Buffer I/O error on dev loop5, logical block 0, async page read [ 1323.981121][T17471] Dev loop5: unable to read RDB block 0 [ 1323.987736][T17471] loop5: unable to read partition table [ 1323.995498][T17471] loop5: partition table beyond EOD, truncated [ 1324.004857][T17471] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 1324.043382][ T6364] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 1324.091646][ T6364] usb 4-1: USB disconnect, device number 54 [ 1324.567126][T28861] psmouse serio6: Failed to reset mouse on : -5 [ 1324.854774][ T6201] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1325.022809][ T6201] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1325.056277][ T6201] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1325.079469][ T6201] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1325.121157][ T6201] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1325.160807][ T6201] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1325.217069][ T6201] usb 4-1: config 0 descriptor?? [ 1325.684889][ T6201] plantronics 0003:047F:FFFF.00C4: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1325.935196][ T6201] usb 4-1: USB disconnect, device number 55 [ 1326.549403][T17608] batman_adv: batadv0: Adding interface: vlan4 [ 1326.556781][T17608] batman_adv: batadv0: The MTU of interface vlan4 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1326.581948][ C1] vkms_vblank_simulate: vblank timer overrun [ 1326.589268][T17608] batman_adv: batadv0: Not using interface vlan4 (retrying later): interface not active [ 1326.851808][ T6364] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1327.013430][ T6364] usb 4-1: config index 0 descriptor too short (expected 39, got 27) [ 1327.022378][ T6364] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1327.034447][ T6364] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1327.055184][ T6364] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1327.084940][ T6364] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1327.101535][ T6364] usb 4-1: Product: syz [ 1327.105821][ T6364] usb 4-1: Manufacturer: syz [ 1327.110424][ T6364] usb 4-1: SerialNumber: syz [ 1327.126492][ T6364] usb 4-1: config 0 descriptor?? [ 1327.141909][ T6364] hub 4-1:0.0: bad descriptor, ignoring hub [ 1327.155390][ T6364] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1327.185485][ T6364] usb 4-1: selecting invalid altsetting 0 [ 1327.403166][T17674] netlink: 'syz.5.24595': attribute type 1 has an invalid length. [ 1327.802268][T17612] usb 4-1: reset high-speed USB device number 56 using dummy_hcd [ 1328.072526][T17722] netlink: 35 bytes leftover after parsing attributes in process `syz.5.24603'. [ 1328.090272][T17722] netlink: 8 bytes leftover after parsing attributes in process `syz.5.24603'. [ 1328.331266][T28861] misc userio: Buffer overflowed, userio client isn't keeping up [ 1328.456478][T30363] usb 4-1: USB disconnect, device number 56 [ 1328.986614][T17776] netlink: 20 bytes leftover after parsing attributes in process `syz.3.24614'. [ 1329.389736][T28861] input: PS/2 Generic Mouse as /devices/serio6/input/input224 [ 1329.441649][T30363] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1329.449775][T17806] netlink: 104 bytes leftover after parsing attributes in process `syz.5.24623'. [ 1329.631302][T30363] usb 4-1: Using ep0 maxpacket: 16 [ 1329.640346][T30363] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 1329.650052][T28861] psmouse serio6: Failed to enable mouse on [ 1329.656857][T30363] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1329.673513][T30363] usb 4-1: Product: syz [ 1329.678443][T30363] usb 4-1: Manufacturer: syz [ 1329.685222][T30363] usb 4-1: SerialNumber: syz [ 1329.705614][T30363] usb 4-1: config 0 descriptor?? [ 1329.722753][T30363] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1329.733232][T30363] usb 4-1: Detected FT232H [ 1329.943445][T30363] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1330.003168][T17843] netlink: 20 bytes leftover after parsing attributes in process `syz.0.24632'. [ 1330.371431][T30363] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1330.565992][ T6364] usb 4-1: USB disconnect, device number 57 [ 1330.588327][ T6364] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1330.598493][ T6364] ftdi_sio 4-1:0.0: device disconnected [ 1330.952818][ T6354] kworker/1:7 (6354) used greatest stack depth: 14168 bytes left [ 1331.351950][T30363] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1331.502886][T30363] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1331.521042][T30363] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1331.532593][T30363] usb 4-1: config 0 descriptor?? [ 1331.552607][T30363] cp210x 4-1:0.0: cp210x converter detected [ 1331.683249][T17924] vimc link validate: Sensor A:src:4096x16 (0x33424752, 9, 1, 1, 8) Raw Capture 0:snk:16x16 (0x33424752, 8, 0, 0, 0) [ 1331.970625][T30363] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1332.011890][T30363] cp210x 4-1:0.0: GPIO initialisation failed: -524 [ 1332.029615][T30363] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1332.225298][ T6364] usb 4-1: USB disconnect, device number 58 [ 1332.250262][ T6364] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1332.278290][ T6364] cp210x 4-1:0.0: device disconnected [ 1333.263580][T18006] syzkaller1: entered promiscuous mode [ 1333.299990][T18006] syzkaller1: entered allmulticast mode [ 1333.751402][T30363] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1333.933775][T30363] usb 4-1: Using ep0 maxpacket: 16 [ 1333.958633][T30363] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1333.982098][T30363] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1334.003908][T30363] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1334.010645][T30363] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 1334.040015][T30363] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.068615][T30363] usb 4-1: config 0 descriptor?? [ 1334.494716][T18022] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1334.510137][T18022] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1334.523611][T30363] hid (null): global environment stack underflow [ 1334.546933][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.555232][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.564731][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.572914][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.580032][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.587520][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.595660][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.604289][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.619115][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.629740][T30363] cougar 0003:060B:500A.00C5: unknown main item tag 0x0 [ 1334.638488][T30363] cougar 0003:060B:500A.00C5: global environment stack underflow [ 1334.648914][T30363] cougar 0003:060B:500A.00C5: item 0 4 1 11 parsing failed [ 1334.658995][T30363] cougar 0003:060B:500A.00C5: parse failed [ 1334.665364][T30363] cougar 0003:060B:500A.00C5: probe with driver cougar failed with error -22 [ 1334.689183][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 1334.689199][ T30] audit: type=1326 audit(1764844222.341:8382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18081 comm="syz.2.24684" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9c3f8f749 code=0x0 [ 1334.744864][T18087] netlink: 36 bytes leftover after parsing attributes in process `syz.0.24685'. [ 1334.752351][ T6364] usb 4-1: USB disconnect, device number 59 [ 1334.808160][T18098] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1335.584033][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880572c2c00: rx timeout, send abort [ 1335.813708][T18146] syzkaller1: entered promiscuous mode [ 1335.819457][T18146] syzkaller1: entered allmulticast mode [ 1335.987380][T18155] netlink: 104 bytes leftover after parsing attributes in process `syz.3.24704'. [ 1336.094679][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880572c2c00: abort rx timeout. Force session deactivation [ 1336.238885][T18168] syzkaller1: entered promiscuous mode [ 1336.244888][T18168] syzkaller1: entered allmulticast mode [ 1336.400617][T18191] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1336.482762][T32467] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1336.511435][ T6364] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 1336.661266][T32467] usb 6-1: Using ep0 maxpacket: 16 [ 1336.668148][T32467] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1336.679356][T32467] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1336.689260][T32467] usb 6-1: New USB device found, idVendor=1770, idProduct=ff00, bcdDevice= 0.00 [ 1336.698938][T32467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1336.708093][ T6364] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 1336.720904][T32467] usb 6-1: config 0 descriptor?? [ 1336.726203][ T6364] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1336.748697][ T6364] usb 4-1: config 0 descriptor?? [ 1336.968519][ T6364] kaweth 4-1:0.0: Firmware present in device. [ 1337.143026][T32467] gt683r_led 0003:1770:FF00.00C6: ignoring exceeding usage max [ 1337.158409][T32467] gt683r_led 0003:1770:FF00.00C6: hidraw0: USB HID v0.00 Device [HID 1770:ff00] on usb-dummy_hcd.5-1/input0 [ 1337.170523][ T6364] kaweth 4-1:0.0: Statistics collection: 0 [ 1337.177376][ T6364] kaweth 4-1:0.0: Multicast filter limit: 0 [ 1337.190767][ T6364] kaweth 4-1:0.0: MTU: 0 [ 1337.206961][ T6364] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 1337.359875][T32467] usb 6-1: USB disconnect, device number 8 [ 1337.384357][T28873] gt683r_led 0003:1770:FF00.00C6: failed to send set report request: -19 [ 1337.772763][ T6364] kaweth 4-1:0.0: Error setting receive filter [ 1337.788647][ T6364] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 1337.805164][ T6364] usb 4-1: USB disconnect, device number 60 [ 1339.011082][T30363] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1339.163900][T30363] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1339.193235][T30363] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1339.217500][T30363] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1339.242371][T30363] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1339.252102][T30363] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1339.270306][T30363] usb 4-1: config 0 descriptor?? [ 1339.713990][T30363] plantronics 0003:047F:FFFF.00C7: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1340.288699][ T30] audit: type=1326 audit(1764844227.941:8383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18330 comm="syz.0.24747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd09e18f749 code=0x7fc00000 [ 1340.575962][T18383] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.24760'. [ 1340.931054][T30363] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1341.003751][ C1] plantronics 0003:047F:FFFF.00C7: usb_submit_urb(ctrl) failed: -1 [ 1341.091140][T30363] usb 6-1: Using ep0 maxpacket: 32 [ 1341.098163][T30363] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 1341.107131][T30363] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1341.121093][T30363] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1341.138876][T30363] usb 6-1: config 1 has no interface number 0 [ 1341.145438][T30363] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1341.157808][T30363] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1341.171779][T30363] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1341.180964][T30363] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1341.206685][T30363] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 1341.390690][T18421] syzkaller1: entered promiscuous mode [ 1341.396723][T18421] syzkaller1: entered allmulticast mode [ 1341.408012][T30363] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached [ 1341.798474][ T6364] usb 4-1: USB disconnect, device number 61 [ 1341.845813][ T6201] usb 6-1: USB disconnect, device number 9 [ 1341.866241][ T6201] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 1343.141853][ T706] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 1343.292595][ T706] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1343.304284][ T706] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1343.316712][ T706] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1343.328545][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1343.339343][ T706] usb 4-1: Product: syz [ 1343.344238][ T706] usb 4-1: Manufacturer: syz [ 1343.355877][ T706] usb 4-1: SerialNumber: syz [ 1343.581999][ T706] usb 4-1: 0:2 : does not exist [ 1343.597504][ T706] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 1343.627737][ T706] usb 4-1: USB disconnect, device number 62 [ 1343.662124][ T4654] udevd[4654]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1344.207465][ T30] audit: type=1326 audit(1764844231.861:8384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18627 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1344.230262][ T30] audit: type=1326 audit(1764844231.861:8385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18627 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1344.255746][ T30] audit: type=1326 audit(1764844231.881:8386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18627 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1344.291817][ T30] audit: type=1326 audit(1764844231.881:8387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18627 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1344.319628][ T30] audit: type=1326 audit(1764844231.881:8388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18627 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f329538f749 code=0x7ffc0000 [ 1344.509919][T18645] netlink: 16 bytes leftover after parsing attributes in process `syz.3.24817'. [ 1347.044853][T18737] netlink: 'syz.3.24847': attribute type 3 has an invalid length. [ 1347.054298][T18737] netlink: 'syz.3.24847': attribute type 1 has an invalid length. [ 1347.063544][T18737] netlink: 100 bytes leftover after parsing attributes in process `syz.3.24847'. [ 1347.477241][T18760] netlink: 566 bytes leftover after parsing attributes in process `syz.3.24857'. [ 1347.791271][T28873] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 1347.962802][T28873] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 1347.973669][T28873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1347.987919][T28873] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1347.998084][T28873] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1348.006307][T28873] usb 4-1: Manufacturer: syz [ 1348.015606][T28873] usb 4-1: config 0 descriptor?? [ 1348.080932][T28873] rc_core: IR keymap rc-hauppauge not found [ 1348.087180][T28873] Registered IR keymap rc-empty [ 1348.094770][T28873] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 1348.107312][T28873] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input226 [ 1348.405439][T18766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1348.417391][T18766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1348.427732][T28873] usb 4-1: USB disconnect, device number 63 [ 1348.714415][T18839] fuse: Unknown parameter ': 1 [ 1348.714415][T18839] TracerPid: 0 [ 1348.714415][T18839] Uid: 0 0 0 0 [ 1348.714415][T18839] Gid: 0 0 0 0 [ 1348.714415][T18839] FDSize: 256 [ 1348.714415][T18839] Groups: 0 65534 [ 1348.714415][T18839] NStgid: 10017 [ 1348.714415][T18839] NSpid: 10018 [ 1348.714415][T18839] NSpgid: 10017 [ 1348.714415][T18839] NSsid: 0 [ 1348.714415][T18839] Kthread: 0 [ 1348.714415][T18839] VmPeak: 102032 kB [ 1348.714415][T18839] VmSize: 102032 kB [ 1348.714415][T18839] VmLck: 0 kB [ 1348.714415][T18839] VmPin: 0 kB [ 1348.714415][T18839] VmHWM: 23592 kB [ 1348.714415][T18839] VmRSS: 23592 kB [ 1348.714415][T18839] RssAnon: 1344 kB [ 1348.714415][T18839] RssFile: 22248 kB [ 1348.714415][T18839] RssShmem: 0 kB [ 1348.714415][T18839] VmData: 36584 kB [ 1348.714415][T18839] VmStk: 132 kB [ 1348.714415][T18839] VmExe: 1684 kB [ 1348.714415][T18839] VmLib: 8 kB [ 1348.714415][T18839] VmPTE: 136 kB [ 1348.714415][T18839] VmSwap: 0 kB [ 1348.714415][T18839] HugetlbPages: 0 kB [ 1348.714415][T18839] CoreDumping: 0 [ 1348.714415][T18839] THP_enabled: 1 [ 1348.714415][T18839] untag_mask: 0xffffffffffffffff [ 1348.714415][T18839] Threads: 2 [ 1348.714415][T18839] SigQ: 0/13015 [ 1348.714415][T18839] SigPnd: 0000000000000000 [ 1348.714415][T18839] ShdPnd: 0000000000000000 [ 1348.714415][T18839] SigBlk: 0000000000000000 [ 1348.714415][T18839] SigIgn: fffffffefffaba35 [ 1348.714415][T18839] SigCgt: 0000000100010440 [ 1348.714415][T18839] CapInh: 0000000000000000 [ 1348.714415][T18839] CapPrm: 000001ffff77ffff [ 1348.714415][T18839] CapEff: 000001ffff77ffff [ 1348.714415][T18839] CapBnd: 000001ffffffffff [ 1348.714415][T18839] CapAmb: 0000000000000000 [ 1348.714415][T18839] NoNewPrivs: 0 [ 1348.714415][T18839] Seccomp: 0 [ 1348.714415][T18839] Seccomp_filters: 0 [ 1348.714415][T18839] Speculation_Store_Bypass: thread vulnerable [ 1348.714415][T18839] SpeculationIndirectBranch: conditional enabled [ 1349.449548][T18890] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24892'. [ 1349.565902][T18895] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24892'. [ 1349.635953][T18903] netlink: 4 bytes leftover after parsing attributes in process `syz.5.24896'. [ 1350.111790][ T706] usb 4-1: new low-speed USB device number 64 using dummy_hcd [ 1350.152680][T30363] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1350.273017][ T706] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1350.280520][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1350.301922][ T706] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1350.324862][T30363] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1350.352543][T30363] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 128, changing to 11 [ 1350.365667][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1350.383270][T30363] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1350.398705][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1350.412236][ T706] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1350.419676][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1350.432302][ T706] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1350.445307][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1350.457480][T30363] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1350.468003][T30363] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.478162][T30363] usb 6-1: Product: syz [ 1350.482678][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1350.494063][T30363] usb 6-1: Manufacturer: syz [ 1350.499051][T30363] usb 6-1: SerialNumber: syz [ 1350.507475][ T706] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 1350.525278][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 1350.539030][ T706] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1350.552429][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 1350.564560][ T706] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 1350.583846][ T706] usb 4-1: string descriptor 0 read error: -22 [ 1350.590791][ T706] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1350.603083][T18966] netlink: 32 bytes leftover after parsing attributes in process `syz.0.24905'. [ 1350.622818][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.680380][ T706] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1350.688445][T18966] netlink: 16 bytes leftover after parsing attributes in process `syz.0.24905'. [ 1350.929051][ T6364] usb 4-1: USB disconnect, device number 64 [ 1351.115576][T19001] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1351.314786][T19013] macvtap2: entered allmulticast mode [ 1351.320261][T19013] veth0_macvtap: entered allmulticast mode [ 1351.533105][T30363] cdc_ncm 6-1:1.0: bind() failure [ 1351.548053][T30363] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 1351.565541][T30363] usb 6-1: USB disconnect, device number 10 [ 1351.710992][ T706] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 1351.862540][ T706] usb 4-1: Using ep0 maxpacket: 32 [ 1351.869232][ T706] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 1351.878612][ T706] usb 4-1: config 0 has no interface number 0 [ 1351.886894][ T706] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1351.896621][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1351.905758][ T706] usb 4-1: Product: syz [ 1351.909950][ T706] usb 4-1: Manufacturer: syz [ 1351.915711][ T706] usb 4-1: SerialNumber: syz [ 1351.923503][ T706] usb 4-1: config 0 descriptor?? [ 1351.932365][ T706] smsc95xx v2.0.0 [ 1352.098897][T19048] loop2: detected capacity change from 0 to 7 [ 1352.109795][ T4570] Dev loop2: unable to read RDB block 7 [ 1352.117201][ T4570] loop2: unable to read partition table [ 1352.123206][ T4570] loop2: partition table beyond EOD, truncated [ 1352.138057][T19048] Dev loop2: unable to read RDB block 7 [ 1352.144533][T19048] loop2: unable to read partition table [ 1352.150354][T19048] loop2: partition table beyond EOD, truncated [ 1352.168835][T19048] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà–ü5) failed (rc=-5) [ 1352.735142][T19098] netlink: 216 bytes leftover after parsing attributes in process `syz.0.24933'. [ 1352.745278][T19098] netlink: 40 bytes leftover after parsing attributes in process `syz.0.24933'. [ 1352.955682][ T706] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 1353.006765][ T706] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 1353.027555][ T706] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1353.060699][ T706] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 1353.081663][ T706] usb 4-1: USB disconnect, device number 65 [ 1353.327440][T19133] Context (ID=0x1) not attached to queue pair (handle=0x0:0x2) [ 1353.645655][T19149] netlink: 4 bytes leftover after parsing attributes in process `syz.0.24946'. [ 1353.662116][T19151] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24947'. [ 1353.671578][T19151] netlink: 20 bytes leftover after parsing attributes in process `syz.3.24947'. [ 1353.693859][T19151] geneve2: entered promiscuous mode [ 1353.699188][T19151] geneve2: entered allmulticast mode [ 1353.769072][T19159] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1353.945708][T19172] syzkaller1: entered promiscuous mode [ 1353.955666][T19172] syzkaller1: entered allmulticast mode [ 1355.414322][ T57] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 1355.495786][T19260] syzkaller1: entered promiscuous mode [ 1355.502688][T19260] syzkaller1: entered allmulticast mode [ 1355.581419][ T57] usb 6-1: Using ep0 maxpacket: 16 [ 1355.606310][ T57] usb 6-1: New USB device found, idVendor=05ac, idProduct=0241, bcdDevice= 0.00 [ 1355.620329][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1355.643596][ T57] usb 6-1: config 0 descriptor?? [ 1355.655526][ T57] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input227 [ 1355.848490][T19285] dummy0: entered promiscuous mode [ 1355.882199][T19285] hsr1: Slave B (bond0) is not up; please bring it up to get a fully working HSR network [ 1355.923435][T19285] hsr1: entered allmulticast mode [ 1355.928824][T19285] dummy0: entered allmulticast mode [ 1355.935150][T19285] bond0: entered allmulticast mode [ 1355.984581][ T5188] bcm5974 6-1:0.0: could not read from device [ 1355.996860][ T5188] bcm5974 6-1:0.0: could not read from device [ 1356.032978][ T57] usb 6-1: USB disconnect, device number 11 [ 1356.052046][ T5188] bcm5974 6-1:0.0: could not read from device [ 1356.906074][T19347] netlink: 20 bytes leftover after parsing attributes in process `syz.5.25000'. [ 1357.053256][T19356] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.25004'. [ 1359.135137][T19427] delete_channel: no stack [ 1359.385598][T19442] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1361.275773][T32467] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 1361.435170][T32467] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1361.450622][T32467] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1361.477079][T32467] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1361.487081][T32467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1361.490665][T19568] kvm: MWAIT instruction emulated as NOP! [ 1361.500079][T19542] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1361.509546][T19542] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1361.525945][T32467] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1361.674555][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.682575][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.753893][T32467] usb 6-1: USB disconnect, device number 12 [ 1362.771914][T19639] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1362.882134][T19650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25075'. [ 1364.366825][T19728] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1364.385733][T19730] netlink: 'syz.0.25095': attribute type 9 has an invalid length. [ 1364.434727][T19730] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25095'. [ 1364.453668][T19742] netlink: 'syz.0.25095': attribute type 9 has an invalid length. [ 1364.473503][T19742] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25095'. [ 1364.607020][T19730] macvlan1: entered promiscuous mode [ 1364.621744][T19730] hsr0: entered promiscuous mode [ 1364.627402][T19730] macvlan1: entered allmulticast mode [ 1364.684005][T19742] macvlan2: entered promiscuous mode [ 1364.718032][T19742] macvlan2: entered allmulticast mode [ 1365.390317][T19794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.466625][T19796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.583065][T19794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.709443][T19796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.767925][ T30] audit: type=1326 audit(1764844253.421:8389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19809 comm="syz.2.25116" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9c3f8f749 code=0x0 [ 1365.827027][T19794] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.853439][T32467] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1365.886020][T19796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25113'. [ 1365.916497][T19818] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.25117'. [ 1366.031431][T32467] usb 6-1: Using ep0 maxpacket: 32 [ 1366.038394][T32467] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 1366.071267][T32467] usb 6-1: config 0 has no interface number 0 [ 1366.084300][T32467] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 1366.104262][T32467] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1366.131051][T32467] usb 6-1: Product: syz [ 1366.138655][T32467] usb 6-1: Manufacturer: syz [ 1366.149844][T32467] usb 6-1: SerialNumber: syz [ 1366.166015][T32467] usb 6-1: config 0 descriptor?? [ 1366.176306][T32467] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 1366.187329][T32467] usb 6-1: selecting invalid altsetting 1 [ 1366.194123][T32467] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 1366.206690][T32467] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1366.218140][T32467] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 1366.226725][T32467] usb 6-1: media controller created [ 1366.253467][T32467] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1366.571010][ T706] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 1366.753712][ T706] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1366.770951][ T706] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1366.798552][ T706] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 1366.818333][ T706] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1366.833450][ T706] usb 4-1: config 0 descriptor?? [ 1367.249126][ T706] hid_parser_main: 50 callbacks suppressed [ 1367.249151][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.262477][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.270291][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.277901][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.286159][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.293779][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.300605][ T706] arvo 0003:1E7D:30D4.00C8: unknown main item tag 0x0 [ 1367.310393][ T706] arvo 0003:1E7D:30D4.00C8: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.3-1/input0 [ 1367.361747][T32467] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 1367.369542][T32467] zl10353_read_register: readreg error (reg=127, ret==-110) [ 1367.389422][T32467] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 1367.435470][T32467] usb 6-1: USB disconnect, device number 13 [ 1367.450572][ T706] arvo 0003:1E7D:30D4.00C8: couldn't init struct arvo_device [ 1367.465246][ T706] arvo 0003:1E7D:30D4.00C8: couldn't install keyboard [ 1367.490031][ T706] arvo 0003:1E7D:30D4.00C8: probe with driver arvo failed with error -71 [ 1367.515764][ T706] usb 4-1: USB disconnect, device number 66 [ 1367.960164][T19913] syzkaller1: entered promiscuous mode [ 1367.965903][T19913] syzkaller1: entered allmulticast mode [ 1368.033883][T19919] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 1368.411314][T32467] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 1368.573216][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1368.584328][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1368.594121][T32467] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1368.607353][T32467] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1368.616487][T32467] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1368.621107][T30363] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1368.638927][T32467] usb 4-1: config 0 descriptor?? [ 1368.781017][T30363] usb 6-1: Using ep0 maxpacket: 32 [ 1368.787904][T30363] usb 6-1: config index 0 descriptor too short (expected 29220, got 36) [ 1368.797004][T30363] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 1368.806349][T30363] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 1368.815669][T30363] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1368.825577][T30363] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1368.835434][T30363] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1368.848565][T30363] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1368.857880][T30363] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1368.869273][T30363] usb 6-1: config 0 descriptor?? [ 1369.059297][T32467] acrux 0003:1A34:0802.00C9: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 1369.071973][T32467] acrux 0003:1A34:0802.00C9: no inputs found [ 1369.077990][T32467] acrux 0003:1A34:0802.00C9: Failed to enable force feedback support, error: -19 [ 1369.102700][T30363] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 14 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 1369.266412][T32467] usb 4-1: USB disconnect, device number 67 [ 1369.310699][ C1] usblp0: nonzero read bulk status received: -71 [ 1369.323968][T30363] usb 6-1: USB disconnect, device number 14 [ 1369.533123][T19936] usblp0: removed [ 1370.153086][T20001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25147'. [ 1370.201253][T20001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25147'. [ 1370.551857][T20028] netlink: 'syz.5.25157': attribute type 11 has an invalid length. [ 1370.991000][ T706] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1371.153173][ T706] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1371.165079][ T706] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1371.175087][ T706] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1371.188335][ T706] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1371.197643][ T706] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.208317][ T706] usb 4-1: config 0 descriptor?? [ 1371.293241][T32467] usb 6-1: new full-speed USB device number 15 using dummy_hcd [ 1371.453638][T32467] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1371.478155][T32467] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 1371.490740][T32467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.518350][T32467] usb 6-1: config 0 descriptor?? [ 1371.534422][T20065] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1371.662240][ T706] plantronics 0003:047F:FFFF.00CA: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1371.936597][ T706] usb 4-1: USB disconnect, device number 68 [ 1372.002507][T32467] elan 0003:04F3:0755.00CB: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0 [ 1372.180377][T32467] usb 6-1: USB disconnect, device number 15 [ 1372.468010][T20153] input: syz0 as /devices/virtual/input/input229 [ 1374.449760][T20233] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1374.466469][T20233] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1374.652923][T20253] netlink: 184 bytes leftover after parsing attributes in process `syz.0.25203'. [ 1374.856248][T20280] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1374.909344][T20280] bond1: (slave lo): Enslaving as a backup interface with an up link [ 1374.923161][T20280] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1375.035659][T20299] kvm: emulating exchange as write [ 1378.240809][T20412] netlink: 'syz.0.25242': attribute type 11 has an invalid length. [ 1378.400120][T20419] netlink: 204 bytes leftover after parsing attributes in process `syz.0.25246'. [ 1378.669673][T20429] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25250'. [ 1378.883858][T20440] input: syz1 as /devices/virtual/input/input230 [ 1379.271477][ T6364] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1379.483990][ T6364] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1379.503802][ T6364] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1379.530517][ T6364] usb 4-1: config 0 descriptor?? [ 1379.550772][ T6364] cp210x 4-1:0.0: cp210x converter detected [ 1379.681373][T32467] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 1379.838407][T20489] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1379.853113][T32467] usb 6-1: Using ep0 maxpacket: 16 [ 1379.871905][T32467] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1379.882143][T32467] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1379.890423][T32467] usb 6-1: Product: syz [ 1379.898969][T32467] usb 6-1: Manufacturer: syz [ 1379.903941][T32467] usb 6-1: SerialNumber: syz [ 1379.923363][T32467] r8152-cfgselector 6-1: Unknown version 0x0000 [ 1379.930585][T32467] r8152-cfgselector 6-1: config 0 descriptor?? [ 1379.972569][T20446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1379.982788][ T6364] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1379.991356][T20446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1380.024960][ T6364] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1380.247070][T32467] usb 4-1: USB disconnect, device number 69 [ 1380.257575][T32467] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1380.283283][T32467] cp210x 4-1:0.0: device disconnected [ 1380.348250][ T6364] r8152-cfgselector 6-1: USB disconnect, device number 16 [ 1381.311308][ T706] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1381.480962][ T706] usb 4-1: Using ep0 maxpacket: 32 [ 1381.487958][ T706] usb 4-1: config 0 has an invalid interface number: 191 but max is 0 [ 1381.498924][ T706] usb 4-1: config 0 has no interface number 0 [ 1381.508048][ T706] usb 4-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 1381.518727][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1381.529626][ T706] usb 4-1: Product: syz [ 1381.534734][ T706] usb 4-1: Manufacturer: syz [ 1381.539576][ T706] usb 4-1: SerialNumber: syz [ 1381.548767][ T706] usb 4-1: config 0 descriptor?? [ 1381.560035][ T706] asix 4-1:0.191: probe with driver asix failed with error -22 [ 1381.786311][ T706] usb 4-1: USB disconnect, device number 70 [ 1382.630452][T20637] syzkaller1: entered promiscuous mode [ 1382.639616][T20637] syzkaller1: entered allmulticast mode [ 1383.245111][T20662] netlink: 'syz.3.25306': attribute type 12 has an invalid length. [ 1383.410342][T32467] hid-generic 0000:0000:0000.00CC: unknown main item tag 0x0 [ 1383.442671][T32467] hid-generic 0000:0000:0000.00CC: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1383.621607][T32467] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1383.661107][ T706] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 1383.760449][T19035] hid-generic 0000:0000:0000.00CD: unknown main item tag 0x0 [ 1383.778939][T19035] hid-generic 0000:0000:0000.00CD: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1383.783271][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1383.822295][ T706] usb 6-1: Using ep0 maxpacket: 16 [ 1383.831039][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1383.840807][T32467] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1383.843579][ T706] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1383.871464][T32467] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1383.890722][T32467] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1383.916744][T32467] usb 4-1: config 0 descriptor?? [ 1383.932687][ T706] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1383.958664][ T706] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 1383.969042][ T706] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1383.990051][ T706] usb 6-1: config 0 descriptor?? [ 1384.349452][T32467] plantronics 0003:047F:FFFF.00CE: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1384.418889][ T706] mcp2221 0003:04D8:00DD.00CF: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 1384.625397][T32467] usb 6-1: USB disconnect, device number 17 [ 1385.464470][T20791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25330'. [ 1385.497653][T20793] gretap0: entered promiscuous mode [ 1385.503232][T20793] vlan0: entered promiscuous mode [ 1386.318672][T20841] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25343'. [ 1386.632175][T19035] usb 4-1: USB disconnect, device number 71 [ 1386.781201][T19035] usb 4-1: new full-speed USB device number 72 using dummy_hcd [ 1386.933457][T19035] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1386.943962][ T706] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 1386.951783][T19035] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1386.963913][T19035] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1386.973134][T19035] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1386.981199][T19035] usb 4-1: Product: syz [ 1386.985485][T19035] usb 4-1: Manufacturer: syz [ 1386.990062][T19035] usb 4-1: SerialNumber: syz [ 1387.111166][ T706] usb 6-1: Using ep0 maxpacket: 32 [ 1387.118662][ T706] usb 6-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1387.127908][ T706] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1387.139099][ T706] usb 6-1: config 0 descriptor?? [ 1387.150087][ T706] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1387.203469][T19035] usb 4-1: 0:2 : does not exist [ 1387.215669][T19035] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 1387.238028][T19035] usb 4-1: USB disconnect, device number 72 [ 1387.268895][ T4654] udevd[4654]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1388.097038][T28871] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1388.270505][T28871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1388.289654][T28871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1388.309101][T28871] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1388.346854][T28871] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1388.358458][ T706] gspca_sunplus: reg_w_riv err -71 [ 1388.368464][T28871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1388.384694][ T706] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 1388.396530][T28871] usb 4-1: config 0 descriptor?? [ 1388.433231][ T706] usb 6-1: USB disconnect, device number 18 [ 1388.566577][T20927] netlink: 8 bytes leftover after parsing attributes in process `syz.4.25356'. [ 1388.836120][T28871] plantronics 0003:047F:FFFF.00D0: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1389.323070][T20978] netlink: 28 bytes leftover after parsing attributes in process `syz.5.25369'. [ 1389.374549][ T30] audit: type=1326 audit(1764844277.031:8390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20970 comm="syz.4.25366" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff30458f749 code=0x0 [ 1389.646926][ T30] audit: type=1326 audit(1764844277.291:8391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20991 comm="syz.5.25375" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0dc618f749 code=0x0 [ 1389.832892][T21000] netlink: 212368 bytes leftover after parsing attributes in process `syz.0.25377'. [ 1390.183217][ C0] plantronics 0003:047F:FFFF.00D0: usb_submit_urb(ctrl) failed: -1 [ 1390.214170][T21008] input: syz0 as /devices/virtual/input/input232 [ 1390.377032][ T30] audit: type=1326 audit(1764844278.031:8392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21023 comm="syz.4.25383" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff30458f749 code=0x0 [ 1390.843954][T21056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25386'. [ 1390.982329][T28871] usb 4-1: USB disconnect, device number 73 [ 1393.979584][T21144] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1395.123996][T21201] loop7: detected capacity change from 0 to 16384 [ 1395.154625][T21207] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25420'. [ 1395.246854][T21207] vxlan1: entered promiscuous mode [ 1395.286927][T32002] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1395.297565][T32002] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1395.308346][T32002] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1395.319507][T32002] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1395.371462][ T6364] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 1395.421039][T21208] loop7: detected capacity change from 16384 to 0 [ 1395.421186][ C0] blk_print_req_error: 10 callbacks suppressed [ 1395.421203][ C0] I/O error, dev loop7, sector 15360 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2 [ 1395.541792][ T6364] usb 6-1: Using ep0 maxpacket: 16 [ 1395.555353][ T6364] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 108, changing to 10 [ 1395.581357][ T6364] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1395.596697][ T6364] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 1395.614486][ T6364] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.626529][ T6364] usb 6-1: config 0 descriptor?? [ 1395.752722][ T30] audit: type=1326 audit(1764844283.411:8393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21228 comm="syz.2.25428" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9c3f8f749 code=0x0 [ 1396.059002][ T6364] nzxt-smart2 0003:1E71:2009.00D1: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0 [ 1396.157506][T28871] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1396.364746][T28871] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1396.373183][T28871] usb 4-1: config 0 has no interface number 0 [ 1396.382500][T28871] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1396.400992][T28871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1396.409077][T28871] usb 4-1: Product: syz [ 1396.421198][T28871] usb 4-1: Manufacturer: syz [ 1396.425879][T28871] usb 4-1: SerialNumber: syz [ 1396.440149][T28871] usb 4-1: config 0 descriptor?? [ 1396.472886][T19035] usb 6-1: USB disconnect, device number 19 [ 1396.654818][T28871] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 1396.677724][T28871] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 1396.711490][T28871] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 1396.725825][T28871] usb 4-1: media controller created [ 1396.758053][T28871] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1397.068664][T21298] ALSA: seq fatal error: cannot create timer (-16) [ 1397.162486][T21305] input: syz0 as /devices/virtual/input/input233 [ 1397.240389][ T30] audit: type=1326 audit(1764844284.891:8394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.310483][ T30] audit: type=1326 audit(1764844284.891:8395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.391114][ T30] audit: type=1326 audit(1764844284.891:8396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.436631][ T30] audit: type=1326 audit(1764844284.891:8397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.511881][ T30] audit: type=1326 audit(1764844284.891:8398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.565406][ T30] audit: type=1326 audit(1764844284.891:8399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.615689][ T30] audit: type=1326 audit(1764844284.891:8400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.732398][ T30] audit: type=1326 audit(1764844284.891:8401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.828738][ T30] audit: type=1326 audit(1764844284.891:8402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21308 comm="syz.2.25449" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9c3f8f749 code=0x7ffc0000 [ 1397.911418][T28871] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 1398.064460][T28871] usb 4-1: USB disconnect, device number 74 [ 1398.757447][ T706] hid-generic 0000:0000:0000.00D2: unknown main item tag 0x0 [ 1398.812212][ T706] hid-generic 0000:0000:0000.00D2: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1398.933409][T19035] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 1399.091111][T19035] usb 6-1: Using ep0 maxpacket: 8 [ 1399.107187][T19035] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1399.128652][T19035] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1399.160938][T19035] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1399.181077][T19035] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1399.201036][T19035] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1399.232983][T19035] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1399.250965][T19035] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1399.483848][T19035] usb 6-1: usb_control_msg returned -32 [ 1399.496372][T19035] usbtmc 6-1:16.0: can't read capabilities [ 1399.987780][T21414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.25472'. [ 1400.019559][T21414] netlink: 16 bytes leftover after parsing attributes in process `syz.3.25472'. [ 1400.109105][T21421] loop4: detected capacity change from 0 to 2560 [ 1400.139717][T21421] buffer_io_error: 10 callbacks suppressed [ 1400.139736][T21421] Buffer I/O error on dev loop4, logical block 0, lost async page write [ 1400.155700][T21421] Buffer I/O error on dev loop4, logical block 1, lost async page write [ 1400.165120][T21421] Buffer I/O error on dev loop4, logical block 2, lost async page write [ 1400.177238][T21421] Buffer I/O error on dev loop4, logical block 3, lost async page write [ 1400.188027][T21421] Buffer I/O error on dev loop4, logical block 4, lost async page write [ 1400.197312][T21421] Buffer I/O error on dev loop4, logical block 5, lost async page write [ 1400.207078][T21421] Buffer I/O error on dev loop4, logical block 6, lost async page write [ 1400.218453][T21421] Buffer I/O error on dev loop4, logical block 7, lost async page write [ 1400.229215][T21421] Buffer I/O error on dev loop4, logical block 8, lost async page write [ 1400.229920][T21424] usbtmc 6-1:16.0: usb_clear_halt returned -32 [ 1400.239804][T21421] Buffer I/O error on dev loop4, logical block 9, lost async page write [ 1400.430289][T28871] usb 6-1: USB disconnect, device number 20 [ 1400.458881][T21432] netlink: 4 bytes leftover after parsing attributes in process `syz.3.25474'. [ 1401.510084][T21495] kvm: Disabled LAPIC found during irq injection [ 1401.914840][T21527] netlink: 'syz.0.25499': attribute type 8 has an invalid length. [ 1401.958598][T21527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25499'. [ 1401.977855][T21527] bond0: entered promiscuous mode [ 1401.987863][T21527] bond0: left promiscuous mode [ 1402.110258][T21541] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25504'. [ 1402.368152][T21562] syzkaller1: entered promiscuous mode [ 1402.374006][T21562] syzkaller1: entered allmulticast mode [ 1402.522519][T21574] netlink: 'syz.2.25516': attribute type 2 has an invalid length. [ 1402.532080][T21574] netlink: 40 bytes leftover after parsing attributes in process `syz.2.25516'. [ 1402.853457][T21594] netlink: 212324 bytes leftover after parsing attributes in process `syz.2.25525'. [ 1403.151442][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 1403.151458][ T30] audit: type=1326 audit(1764844290.811:8425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21607 comm="syz.4.25530" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7ff3045865e7 code=0x0 [ 1403.218011][T21620] netlink: 'syz.0.25534': attribute type 15 has an invalid length. [ 1403.232967][T21620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25534'. [ 1403.253394][T20177] netdevsim netdevsim0 netdevsim0: set [0, 1] type 1 family 0 port 2816 - 0 [ 1403.262570][T20177] netdevsim netdevsim0 netdevsim1: set [0, 1] type 1 family 0 port 2816 - 0 [ 1403.273642][T21620] netlink: 'syz.0.25534': attribute type 15 has an invalid length. [ 1403.285886][T20177] netdevsim netdevsim0 netdevsim2: set [0, 1] type 1 family 0 port 2816 - 0 [ 1403.296959][T21620] netlink: 4 bytes leftover after parsing attributes in process `syz.0.25534'. [ 1403.306219][T20177] netdevsim netdevsim0 netdevsim3: set [0, 1] type 1 family 0 port 2816 - 0 [ 1404.261403][T28871] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1404.441032][T28871] usb 4-1: Using ep0 maxpacket: 16 [ 1404.468220][T28871] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1404.483810][T28871] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1404.503371][T28871] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1404.526220][T28871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.535732][T28871] usb 4-1: Product: syz [ 1404.540425][T28871] usb 4-1: Manufacturer: syz [ 1404.545140][T28871] usb 4-1: SerialNumber: syz [ 1404.741976][T21692] netlink: 52 bytes leftover after parsing attributes in process `syz.5.25551'. [ 1404.776685][T28871] usb 4-1: 0:2 : does not exist [ 1404.793965][T28871] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 1404.840769][T28871] usb 4-1: USB disconnect, device number 75 [ 1404.890436][T21669] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1404.891174][ T4654] udevd[4654]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1405.047051][T21717] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1405.379406][T21736] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1406.904579][T21812] netlink: 'syz.2.25580': attribute type 1 has an invalid length. [ 1406.969463][T21812] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1407.045901][T21827] bond8: (slave geneve5): making interface the new active one [ 1407.058939][T21827] bond8: (slave geneve5): Enslaving as an active interface with an up link [ 1407.070421][ T933] netdevsim netdevsim2 : set [1, 1] type 2 family 0 port 20000 - 0 [ 1407.079445][ T933] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1407.097384][ T933] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1407.107081][ T933] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1408.529893][T21912] input: syz0 as /devices/virtual/input/input234 [ 1409.072792][T32467] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1409.234615][T32467] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1409.255926][T32467] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1409.273795][T32467] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1409.296125][T32467] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1409.313324][T32467] usb 4-1: Product: syz [ 1409.319590][T32467] usb 4-1: Manufacturer: syz [ 1409.325609][T32467] usb 4-1: SerialNumber: syz [ 1409.333587][T32467] usb 4-1: config 0 descriptor?? [ 1409.355497][T32467] usb 4-1: selecting invalid altsetting 0 [ 1409.432542][T21965] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1409.567047][T28871] usb 4-1: USB disconnect, device number 76 [ 1409.731382][T32467] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 1409.772399][T21994] netlink: 12 bytes leftover after parsing attributes in process `syz.0.25613'. [ 1409.838248][T21872] Bluetooth: hci1: command 0x0406 tx timeout [ 1409.925612][T32467] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1409.946409][T32467] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1409.961535][T32467] usb 6-1: Product: syz [ 1409.971904][T32467] usb 6-1: Manufacturer: syz [ 1409.976543][T32467] usb 6-1: SerialNumber: syz [ 1409.992244][T32467] usb 6-1: config 0 descriptor?? [ 1410.000027][T32467] ch341 6-1:0.0: ch341-uart converter detected [ 1410.699809][T22036] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.25624'. [ 1411.014166][T32467] usb 6-1: ch341-uart converter now attached to ttyUSB0 [ 1411.220204][T19035] usb 6-1: USB disconnect, device number 21 [ 1411.251368][T19035] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 1411.272450][T19035] ch341 6-1:0.0: device disconnected [ 1411.421315][ T57] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1411.611115][ T57] usb 4-1: Using ep0 maxpacket: 16 [ 1411.624933][ T57] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 1411.680998][ T57] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1411.690081][ T57] usb 4-1: Product: syz [ 1411.698768][ T57] usb 4-1: Manufacturer: syz [ 1411.705446][ T57] usb 4-1: SerialNumber: syz [ 1411.730229][ T57] usb 4-1: config 0 descriptor?? [ 1411.774247][ T57] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 1412.292786][T22109] netlink: 'syz.0.25639': attribute type 1 has an invalid length. [ 1412.413232][T22109] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1412.477986][T22114] bond2: (slave geneve3): making interface the new active one [ 1412.502256][T22114] bond2: (slave geneve3): Enslaving as an active interface with an up link [ 1412.526854][ T933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.554204][ T933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.583457][ T933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.613386][ T933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.676191][T22148] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25641'. [ 1413.007696][ T57] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 1413.029266][ T57] usb 4-1: USB disconnect, device number 77 [ 1413.273985][T22191] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25652'. [ 1413.283294][T22191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25652'. [ 1413.307433][T21829] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1413.317027][T22191] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25652'. [ 1413.327538][T21829] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1413.338380][T22191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.25652'. [ 1413.347904][T21829] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1413.357496][T21829] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1413.428229][T22201] tls_set_device_offload_rx: netdev not found [ 1414.161429][T32467] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1414.334175][T32467] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1414.343870][T32467] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1414.357705][T32467] usb 4-1: config 0 descriptor?? [ 1414.374925][T32467] cp210x 4-1:0.0: cp210x converter detected [ 1414.478068][T22264] input: syz0 as /devices/virtual/input/input235 [ 1414.484795][T22264] input: failed to attach handler leds to device input235, error: -6 [ 1414.781644][T32467] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1414.790005][T22243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1414.813039][T22243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1414.879073][T32467] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1415.076637][T19035] usb 4-1: USB disconnect, device number 78 [ 1415.096195][T19035] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1415.120499][T19035] cp210x 4-1:0.0: device disconnected [ 1416.010191][T22329] netlink: 24 bytes leftover after parsing attributes in process `syz.4.25685'. [ 1416.023488][T22329] netlink: 24 bytes leftover after parsing attributes in process `syz.4.25685'. [ 1416.296626][T22348] netlink: 'syz.5.25692': attribute type 1 has an invalid length. [ 1416.363198][T22348] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1416.394128][T22386] bond2: (slave ip6gretap1): making interface the new active one [ 1416.404205][T22386] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 1417.434436][ T30] audit: type=1326 audit(1764844305.091:8426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22439 comm="syz.5.25708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0dc618f749 code=0x7fc00000 [ 1418.101250][ T30] audit: type=1326 audit(1764844305.761:8427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22439 comm="syz.5.25708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0dc618f749 code=0x7fc00000 [ 1420.191081][T19035] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1420.216264][T22570] netlink: 'syz.4.25740': attribute type 4 has an invalid length. [ 1420.237026][T22570] netlink: 'syz.4.25740': attribute type 4 has an invalid length. [ 1420.362488][T19035] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1420.393585][T19035] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1420.421751][T19035] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1420.433986][T19035] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.442983][T19035] usb 4-1: Product: syz [ 1420.457758][T19035] usb 4-1: Manufacturer: syz [ 1420.464281][T19035] usb 4-1: SerialNumber: syz [ 1420.483879][T19035] cdc_mbim 4-1:1.0: skipping garbage [ 1420.680326][T22561] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1420.923400][ T30] audit: type=1326 audit(1764844308.571:8428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22591 comm="syz.5.25746" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0dc618f749 code=0x0 [ 1421.293055][T22561] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1421.300728][T19035] cdc_mbim 4-1:1.0: setting tx_max = 16384 [ 1421.308026][T19035] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 1421.321942][T19035] wwan wwan0: port wwan0mbim0 attached [ 1421.343884][T19035] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, e6:ad:c2:20:23:73 [ 1421.538339][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.545080][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.552068][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.558786][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.565159][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.571861][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.578262][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.584962][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.592466][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.599183][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.605703][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.612403][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.619011][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.625720][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.632540][ C0] cdc_mbim 4-1:1.0: nonzero urb status received: -71 [ 1421.639241][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - 0 bytes [ 1421.645489][ C0] cdc_mbim 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 1421.655601][T19035] usb 4-1: USB disconnect, device number 79 [ 1421.695872][T19035] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 1422.032894][T19035] wwan wwan0: port wwan0mbim0 disconnected [ 1422.389687][T22660] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1422.492381][T22666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.25757'. [ 1423.114846][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.122013][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.351727][T22706] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1423.396280][T22706] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1423.434204][T22706] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1423.461262][T22706] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1423.659364][T22708] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 1424.049944][T22742] input: syz1 as /devices/virtual/input/input236 [ 1426.141731][ T706] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 1426.304790][ T706] usb 4-1: config 4 has an invalid interface number: 28 but max is 0 [ 1426.328806][ T706] usb 4-1: config 4 has no interface number 0 [ 1426.337989][ T706] usb 4-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 1426.347784][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1426.357981][ T706] usb 4-1: Product: syz [ 1426.362505][ T706] usb 4-1: Manufacturer: syz [ 1426.367136][ T706] usb 4-1: SerialNumber: syz [ 1426.387066][ T706] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.28/input/input237 [ 1426.613617][ T5188] bcm5974 4-1:4.28: could not read from device [ 1426.629330][ T706] bcm5974 4-1:4.28: could not read from device [ 1426.650249][ T5188] bcm5974 4-1:4.28: could not read from device [ 1426.661446][ T706] input: failed to attach handler mousedev to device input237, error: -5 [ 1426.682337][ T5188] bcm5974 4-1:4.28: could not read from device [ 1426.689060][ T706] usb 4-1: USB disconnect, device number 80 [ 1426.709274][ T5188] bcm5974 4-1:4.28: could not read from device [ 1426.934189][T22878] kvm: user requested TSC rate below hardware speed [ 1426.942850][T22878] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2182154216 (4364308432 ns) > initial count (507749598 ns). Using initial count to start timer. [ 1427.439800][T22910] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25817'. [ 1428.281065][ T57] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 1428.430981][ T57] usb 6-1: Using ep0 maxpacket: 32 [ 1428.437687][ T57] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 1428.448124][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1428.466551][ T57] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 1428.795560][T22977] loop2: detected capacity change from 0 to 7 [ 1428.804128][T22977] Dev loop2: unable to read RDB block 7 [ 1428.810177][T22977] loop2: unable to read partition table [ 1428.830553][T22977] loop2: partition table beyond EOD, truncated [ 1428.847177][T22977] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1428.969411][T22988] autofs4:pid:22988:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(0.0), cmd(0xc018937e) [ 1428.984102][T22988] autofs4:pid:22988:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 1429.665167][ T30] audit: type=1326 audit(1764844317.321:8429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23015 comm="syz.2.25840" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9c3f8f749 code=0x0 [ 1429.694877][ T57] gspca_nw80x: reg_w err -71 [ 1429.699656][ T57] nw80x 6-1:3.0: probe with driver nw80x failed with error -71 [ 1429.738742][ T57] usb 6-1: USB disconnect, device number 22 [ 1430.159821][ T57] IPVS: starting estimator thread 0... [ 1430.286211][T23041] IPVS: using max 30 ests per chain, 72000 per kthread [ 1430.604011][T23072] netlink: 14 bytes leftover after parsing attributes in process `syz.0.25852'. [ 1430.677053][T23072] bond0 (unregistering): Released all slaves [ 1430.959729][T23129] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1431.170967][T32467] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1431.236071][T23153] vivid-000: disconnect [ 1431.332822][T32467] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1431.345143][T32467] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1431.356353][T32467] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1431.365925][T32467] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1431.376114][T32467] usb 6-1: config 0 descriptor?? [ 1431.816044][T32467] hid-steam 0003:28DE:1142.00D3: unknown main item tag 0x0 [ 1431.829651][T32467] hid-steam 0003:28DE:1142.00D3: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 1431.901231][T32467] hid-steam 0003:28DE:1142.00D3: Steam wireless receiver connected [ 1431.910211][T32467] hid-steam 0003:28DE:1142.00D3: No HID_FEATURE_REPORT submitted - nothing to read [ 1431.927778][T32467] hid-steam 0003:28DE:1142.00D4: unknown main item tag 0x0 [ 1431.937717][T32467] hid-steam 0003:28DE:1142.00D4: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 1432.004894][T23150] vivid-000: reconnect [ 1432.064353][ T706] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1432.221008][ T706] usb 4-1: Using ep0 maxpacket: 8 [ 1432.234272][ T706] usb 4-1: config 0 has no interfaces? [ 1432.275230][ T706] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 1432.288371][ T706] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1432.311071][ T706] usb 4-1: Product: syz [ 1432.315306][ T706] usb 4-1: Manufacturer: syz [ 1432.331069][ T706] usb 4-1: SerialNumber: syz [ 1432.348598][ T706] usb 4-1: config 0 descriptor?? [ 1432.574469][ T706] usb 4-1: USB disconnect, device number 81 [ 1432.589282][ T57] usb 6-1: USB disconnect, device number 23 [ 1432.612497][ T57] hid-steam 0003:28DE:1142.00D3: Steam wireless receiver disconnected [ 1433.113788][T23227] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1433.185691][ T30] audit: type=1326 audit(1764844320.841:8430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23237 comm="syz.3.25879" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f329538f749 code=0x0 [ 1433.258929][T23242] loop3: detected capacity change from 0 to 1 [ 1433.268905][ T4654] Dev loop3: unable to read RDB block 1 [ 1433.275781][ T4654] loop3: unable to read partition table [ 1433.282595][ T4654] loop3: partition table beyond EOD, truncated [ 1433.290066][T23242] Dev loop3: unable to read RDB block 1 [ 1433.296776][T23242] loop3: unable to read partition table [ 1433.303038][T23242] loop3: partition table beyond EOD, truncated [ 1433.309349][T23242] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1433.401136][ T706] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 1433.561158][ T706] usb 6-1: Using ep0 maxpacket: 32 [ 1433.570804][ T706] usb 6-1: config 0 has an invalid interface number: 16 but max is 0 [ 1433.579417][ T706] usb 6-1: config 0 has no interface number 0 [ 1433.605562][ T706] usb 6-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1433.633568][ T706] usb 6-1: config 0 interface 16 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1433.659027][ T706] usb 6-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1433.700072][ T706] usb 6-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d [ 1433.723715][ T706] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1433.741163][ T706] usb 6-1: Product: syz [ 1433.745379][ T706] usb 6-1: Manufacturer: syz [ 1433.750006][ T706] usb 6-1: SerialNumber: syz [ 1433.791410][ T706] usb 6-1: config 0 descriptor?? [ 1433.797132][T23233] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1433.830464][ T706] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1433.926950][ T706] snd-usb-audio 6-1:0.16: probe with driver snd-usb-audio failed with error -12 [ 1434.064001][ T5534] udevd[5534]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1434.395567][ T30] audit: type=1326 audit(1764844322.051:8431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23298 comm="syz.2.25889" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9c3f8f749 code=0x0 [ 1434.955338][T23320] netlink: 8 bytes leftover after parsing attributes in process `syz.5.25895'. [ 1434.965345][T23320] netlink: 'syz.5.25895': attribute type 20 has an invalid length. [ 1434.974296][T23320] netlink: 'syz.5.25895': attribute type 21 has an invalid length. [ 1435.233042][T23332] netlink: 12 bytes leftover after parsing attributes in process `syz.4.25898'. [ 1435.365638][T23332] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1435.394707][T23373] input: syz0 as /devices/virtual/input/input238 [ 1435.412325][T23340] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1435.419715][T23340] bond9: (slave ip6gre2): The slave device specified does not support setting the MAC address [ 1435.431980][T23340] bond9: (slave ip6gre2): Error -95 calling set_mac_address [ 1435.502544][T19035] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 1435.572180][T19035] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 1435.619161][T19035] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 1436.840923][T32467] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1437.030932][T32467] usb 4-1: Using ep0 maxpacket: 8 [ 1437.037938][T32467] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 1437.054680][T32467] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1437.068281][T32467] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1437.077071][T32467] usb 4-1: Product: syz [ 1437.082214][T32467] usb 4-1: Manufacturer: syz [ 1437.086829][T32467] usb 4-1: SerialNumber: syz [ 1437.112091][T32467] usb 4-1: config 0 descriptor?? [ 1437.141677][T32467] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1437.149758][T32467] usb 4-1: setting power ON [ 1437.157157][T32467] dvb-usb: bulk message failed: -22 (2/0) [ 1437.176097][T32467] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1437.196301][T32467] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1437.218768][T32467] usb 4-1: media controller created [ 1437.251758][ T30] audit: type=1326 audit(1764844324.911:8432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23488 comm="syz.4.25926" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff30458f749 code=0x0 [ 1437.297925][T32467] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1437.325421][T23460] batman_adv: batadv0: Removing interface: virt_wifi0 [ 1437.336560][T32467] usb 4-1: selecting invalid altsetting 6 [ 1437.342815][T32467] usb 4-1: digital interface selection failed (-22) [ 1437.402713][T32467] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1437.423360][T32467] usb 4-1: setting power OFF [ 1437.436480][T32467] dvb-usb: bulk message failed: -22 (2/0) [ 1437.448315][T32467] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1437.476904][T32467] (NULL device *): no alternate interface [ 1437.640779][T32467] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1437.680514][T32467] usb 4-1: USB disconnect, device number 82 [ 1437.751010][T19035] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 1437.762155][ T6199] Bluetooth: hci2: command 0x0c1a tx timeout [ 1437.857655][T19035] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 1437.915560][T23524] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1438.345380][ T30] audit: type=1326 audit(1764844326.001:8433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.418702][ T30] audit: type=1326 audit(1764844326.021:8434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.528246][ T30] audit: type=1326 audit(1764844326.021:8435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.592509][ T30] audit: type=1326 audit(1764844326.021:8436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.676499][ T30] audit: type=1326 audit(1764844326.021:8437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.806525][ T30] audit: type=1326 audit(1764844326.021:8438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.879744][ T30] audit: type=1326 audit(1764844326.021:8439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1438.928750][T23560] netlink: 'syz.5.25938': attribute type 13 has an invalid length. [ 1438.951247][T23560] netlink: 'syz.5.25938': attribute type 17 has an invalid length. [ 1438.984326][ T30] audit: type=1326 audit(1764844326.021:8440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1439.042362][ T30] audit: type=1326 audit(1764844326.021:8441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23537 comm="syz.2.25933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa9c3f2b829 code=0x7ffc0000 [ 1439.270817][T23560] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1440.151406][ T6199] Bluetooth: hci1: command 0x0406 tx timeout [ 1440.155141][T19035] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 1440.200984][T19035] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 1441.739574][T23724] netlink: 16 bytes leftover after parsing attributes in process `syz.4.25978'. [ 1442.448333][T23751] loop9: detected capacity change from 0 to 7 [ 1442.846711][T23759] Invalid logical block size (1) [ 1442.846859][T23751] Dev loop9: unable to read RDB block 7 [ 1442.854847][T23751] loop9: unable to read partition table [ 1442.865363][T23751] loop9: partition table beyond EOD, truncated [ 1442.874300][T23751] loop_reread_partitions: partition scan of loop9 (úù) failed (rc=-5) [ 1443.138928][T23793] input: syz1 as /devices/virtual/input/input239 [ 1444.151122][T19035] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1444.301011][T19035] usb 4-1: Using ep0 maxpacket: 32 [ 1444.308135][T19035] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 1444.316703][T19035] usb 4-1: config 0 has no interface number 0 [ 1444.326934][T19035] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1444.338946][T19035] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1444.348337][T19035] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1444.356468][T19035] usb 4-1: Product: syz [ 1444.361722][T19035] usb 4-1: Manufacturer: syz [ 1444.366347][T19035] usb 4-1: SerialNumber: syz [ 1444.373847][T19035] usb 4-1: config 0 descriptor?? [ 1444.379708][T23826] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1444.596752][T23826] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1444.709007][T23853] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1444.892771][T23865] loop2: detected capacity change from 0 to 7 [ 1444.901112][ T4570] loop2: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 [ 1444.908882][ T4570] loop2: p1 start 3018249949 is beyond EOD, truncated [ 1444.916289][ T4570] loop2: p2 start 1879129398 is beyond EOD, truncated [ 1444.924832][ T4570] loop2: p3 start 4093120540 is beyond EOD, truncated [ 1444.932175][ T4570] loop2: p4 start 2524654898 is beyond EOD, truncated [ 1444.938979][ T4570] loop2: p5 start 674059 is beyond EOD, truncated [ 1444.945933][ T4570] loop2: p6 start 57445 is beyond EOD, truncated [ 1444.954127][ T4570] loop2: p7 start 1646166690 is beyond EOD, truncated [ 1444.962824][ T4570] loop2: p8 start 3277892638 is beyond EOD, truncated [ 1444.969705][ T4570] loop2: p9 start 4163259941 is beyond EOD, truncated [ 1444.978449][T23865] loop2: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 [ 1444.990611][T23865] loop2: p1 start 3018249949 is beyond EOD, truncated [ 1444.998083][T23865] loop2: p2 start 1879129398 is beyond EOD, truncated [ 1445.005555][T23865] loop2: p3 start 4093120540 is beyond EOD, truncated [ 1445.013001][T23865] loop2: p4 start 2524654898 is beyond EOD, truncated [ 1445.019859][T23865] loop2: p5 start 674059 is beyond EOD, truncated [ 1445.026861][T23865] loop2: p6 start 57445 is beyond EOD, truncated [ 1445.033864][T23865] loop2: p7 start 1646166690 is beyond EOD, truncated [ 1445.040731][T23865] loop2: p8 start 3277892638 is beyond EOD, truncated [ 1445.048934][T23865] loop2: p9 start 4163259941 is beyond EOD, truncated [ 1445.614267][T19035] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1445.640368][T19035] asix 4-1:0.188: probe with driver asix failed with error -71 [ 1445.663900][T19035] usb 4-1: USB disconnect, device number 83 [ 1446.070982][T23903] syzkaller1: entered promiscuous mode [ 1446.076706][T23903] syzkaller1: entered allmulticast mode [ 1446.651291][T32467] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1446.814150][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1446.839692][T32467] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1446.884362][T32467] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1446.923503][T32467] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1446.955044][T32467] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1447.022299][T32467] usb 4-1: config 0 descriptor?? [ 1447.516176][T32467] plantronics 0003:047F:FFFF.00D5: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1447.753998][ T706] usb 4-1: USB disconnect, device number 84 [ 1448.417183][T24032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1448.443287][T24032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1448.468850][T24032] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1448.482653][T24032] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1448.681073][ T706] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1448.862816][ T706] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1448.872092][ T706] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 1448.883095][ T706] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1448.892375][ T706] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 1448.903631][ T706] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 1448.916587][ T706] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1448.926012][ T706] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1448.934191][ T706] usb 4-1: Product: syz [ 1448.938465][ T706] usb 4-1: Manufacturer: syz [ 1448.950622][ T706] cdc_wdm 4-1:1.0: skipping garbage [ 1448.956108][ T706] cdc_wdm 4-1:1.0: skipping garbage [ 1448.963388][ T706] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1448.969311][ T706] cdc_wdm 4-1:1.0: Unknown control protocol [ 1449.225488][T24067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1449.235369][T24067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1449.266237][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1449.266728][ T706] usb 4-1: USB disconnect, device number 85 [ 1449.272898][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1449.272921][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1449.295036][T24034] cdc_wdm 4-1:1.0: Tx URB error: -19 [ 1449.563475][T24082] dummy0: Caught tx_queue_len zero misconfig [ 1450.314246][T24136] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1450.336907][T24136] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1450.482270][ T30] kauditd_printk_skb: 384 callbacks suppressed [ 1450.482286][ T30] audit: type=1326 audit(1764844338.141:8826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24147 comm="syz.0.26070" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd09e18f749 code=0x0 [ 1451.368868][T24176] input: syz1 as /devices/virtual/input/input240 [ 1451.943454][T24219] ip6gretap0: entered promiscuous mode [ 1451.950111][T24219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.26087'. [ 1452.109724][T24219] ip6gretap0 (unregistering): left promiscuous mode [ 1452.416573][ T30] audit: type=1326 audit(1764844340.071:8827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24243 comm="syz.0.26095" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd09e18f749 code=0x0 [ 1452.618898][T24261] netlink: 16 bytes leftover after parsing attributes in process `syz.3.26101'. [ 1452.642849][T24261] netlink: 'syz.3.26101': attribute type 1 has an invalid length. [ 1452.930149][T24283] netlink: 16 bytes leftover after parsing attributes in process `syz.3.26109'. [ 1452.942646][T24283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26109'. [ 1452.953521][T24283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26109'. [ 1453.569402][T24319] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer. [ 1454.044994][T24347] netlink: 'syz.5.26124': attribute type 13 has an invalid length. [ 1454.053923][T24347] veth0_macvtap: left promiscuous mode [ 1454.059536][T24347] macvtap0: entered promiscuous mode [ 1454.065978][T24347] macvtap0: entered allmulticast mode [ 1455.780962][ T57] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1455.934596][ T57] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1455.951177][ T57] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1455.959218][ T57] usb 4-1: Product: syz [ 1455.971589][ T57] usb 4-1: Manufacturer: syz [ 1455.981392][ T57] usb 4-1: SerialNumber: syz [ 1455.996139][ T57] usb 4-1: config 0 descriptor?? [ 1456.244827][ T57] usb 4-1: USB disconnect, device number 86 [ 1456.432964][T24485] kvm: requested 7542 ns i8254 timer period limited to 200000 ns [ 1456.564952][T24494] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000008: 0000 [#1] SMP KASAN PTI [ 1456.576886][T24494] KASAN: null-ptr-deref in range [0x0000000000000040-0x0000000000000047] [ 1456.585312][T24494] CPU: 1 UID: 0 PID: 24494 Comm: syz.0.26156 Not tainted syzkaller #0 PREEMPT(full) [ 1456.594772][T24494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1456.604840][T24494] RIP: 0010:fd_install+0x57/0x3d0 [ 1456.609879][T24494] Code: 48 81 c3 48 09 00 00 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 47 50 e6 ff 4c 8b 3b 49 8d 5e 40 48 89 d8 48 c1 e8 03 <0f> b6 04 28 84 c0 0f 85 29 03 00 00 8b 1b 89 de 81 e6 00 00 00 01 [ 1456.629481][T24494] RSP: 0018:ffffc9000bf0fca0 EFLAGS: 00010202 [ 1456.635547][T24494] RAX: 0000000000000008 RBX: 0000000000000041 RCX: 0000000000080000 [ 1456.643511][T24494] RDX: ffffc90004fa3000 RSI: 00000000000000a4 RDI: 00000000000000a5 [ 1456.651471][T24494] RBP: dffffc0000000000 R08: ffff88807cf6525b R09: 1ffff1100f9eca4b [ 1456.659431][T24494] R10: dffffc0000000000 R11: ffffed100f9eca4c R12: 0000000000000003 [ 1456.667388][T24494] R13: 0000000000000003 R14: 0000000000000001 R15: ffff8880347cda40 [ 1456.675346][T24494] FS: 00007fd09ef8b6c0(0000) GS:ffff8881261a6000(0000) knlGS:0000000000000000 [ 1456.684266][T24494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1456.690841][T24494] CR2: 0000200000000040 CR3: 00000000414ec000 CR4: 00000000003526f0 [ 1456.698804][T24494] DR0: 00000000ffffa75b DR1: 0000000000000000 DR2: 0000000000000000 [ 1456.706761][T24494] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1456.714717][T24494] Call Trace: [ 1456.717995][T24494] [ 1456.720916][T24494] ? do_mq_open+0x595/0x770 [ 1456.725415][T24494] do_mq_open+0x5a0/0x770 [ 1456.729735][T24494] ? __pfx_do_mq_open+0x10/0x10 [ 1456.734574][T24494] ? __pfx_do_futex+0x10/0x10 [ 1456.739330][T24494] __x64_sys_mq_open+0x16a/0x1c0 [ 1456.744263][T24494] ? __pfx___x64_sys_mq_open+0x10/0x10 [ 1456.749714][T24494] ? do_syscall_64+0xbe/0xf80 [ 1456.754381][T24494] do_syscall_64+0xfa/0xf80 [ 1456.758868][T24494] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1456.764922][T24494] ? clear_bhb_loop+0x60/0xb0 [ 1456.769590][T24494] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1456.775470][T24494] RIP: 0033:0x7fd09e18f749 [ 1456.779888][T24494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1456.799504][T24494] RSP: 002b:00007fd09ef8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 [ 1456.807909][T24494] RAX: ffffffffffffffda RBX: 00007fd09e3e5fa0 RCX: 00007fd09e18f749 [ 1456.815868][T24494] RDX: 000000000000000e RSI: 00000000000008c1 RDI: 0000200000000040 [ 1456.823826][T24494] RBP: 00007fd09e213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1456.831785][T24494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1456.839743][T24494] R13: 00007fd09e3e6038 R14: 00007fd09e3e5fa0 R15: 00007fd09e50fa28 [ 1456.847713][T24494] [ 1456.850737][T24494] Modules linked in: [ 1456.855270][T24494] ---[ end trace 0000000000000000 ]--- [ 1456.885953][T24494] RIP: 0010:fd_install+0x57/0x3d0 [ 1456.916659][T24494] Code: 48 81 c3 48 09 00 00 48 89 d8 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 47 50 e6 ff 4c 8b 3b 49 8d 5e 40 48 89 d8 48 c1 e8 03 <0f> b6 04 28 84 c0 0f 85 29 03 00 00 8b 1b 89 de 81 e6 00 00 00 01 [ 1456.938053][T24494] RSP: 0018:ffffc9000bf0fca0 EFLAGS: 00010202 [ 1456.944548][T24494] RAX: 0000000000000008 RBX: 0000000000000041 RCX: 0000000000080000 [ 1456.953452][T24494] RDX: ffffc90004fa3000 RSI: 00000000000000a4 RDI: 00000000000000a5 [ 1456.963403][T24494] RBP: dffffc0000000000 R08: ffff88807cf6525b R09: 1ffff1100f9eca4b [ 1456.972224][T24494] R10: dffffc0000000000 R11: ffffed100f9eca4c R12: 0000000000000003 [ 1456.980214][T24494] R13: 0000000000000003 R14: 0000000000000001 R15: ffff8880347cda40 [ 1456.989006][T24494] FS: 00007fd09ef8b6c0(0000) GS:ffff8881260a6000(0000) knlGS:0000000000000000 [ 1456.998628][T24494] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1457.005726][T24494] CR2: 000000110c361d19 CR3: 00000000414ec000 CR4: 00000000003526f0 [ 1457.013926][T24494] Kernel panic - not syncing: Fatal exception [ 1457.020373][T24494] Kernel Offset: disabled [ 1457.024686][T24494] Rebooting in 86400 seconds..