last executing test programs: 8.237754632s ago: executing program 2 (id=3306): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(r0, 0x0, 0x8, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000180)={0x0}) 7.258527443s ago: executing program 2 (id=3310): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x10040) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000280)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010005081000418e00000004fcff", 0x58}], 0x1) 6.300967455s ago: executing program 2 (id=3311): write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070001040000000000040002000600030000000903000038000104ce0000000e0000000b"], 0x58) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x10000}, 0x48) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000007600010001000000000000000300"], 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x48, 0x0, 0x0, 0x80, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x4000, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.926828135s ago: executing program 2 (id=3314): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0xf1, @empty, 0x19f49a9}], 0x1c) listen(r0, 0x100) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = dup(r1) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r3 = dup(r2) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x0, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r3, &(0x7f0000000140)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0xbc2}}, 0x10) shutdown(r3, 0x1) 5.773268103s ago: executing program 0 (id=3316): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) capset(0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000016d0cffbfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000003704000000ffffffdd4005000000000034000000016d00007b130000000000001d440100000000007a0a00fe00ffffffdb03000051000000e5000000000000009500000000000000023bc065b70300c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc20eec363e4a8f6456e5ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a277c7a775d55dfc28abbe9b5ea62d84f3a10746443d64364f56e24e6d2105bd901128c7e0ec82770c8206b1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009df5daf87068a602a018628efc56c752af4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7c3abee0712f5f6b4ee5e459493113d8697502c7596566d674e425da5e87e59602a9f6590521d36f38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eeeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca5f1380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7bea19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f80724a5bfc1e8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f068840a754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecfd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98c2c73e1661261173f359e93d2c80000000999d09ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebccbaf1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac494e0b32fc7741c7e3f426b9ed20debd883593ff5d691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a42b46979f99f6a1527f004f1e37a3926937e84fb478199dc1ac486e2ea6020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d0f086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2245e761f5a3bfdcdc18ac27db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680e7f13a65dbaa1af102d97681656bf56ff0cf36518f674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ffbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0, 0x4b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0xe9b, 0xc, 0xd, 0x7f, 0x44233, 0x7, 0x81, 0x941, 0x8001, 0x1005, 0xc, 0x5, 0x0, 0xfffffdfffffffffd], 0x2, 0x80300}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.850007892s ago: executing program 0 (id=3318): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008008) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f0000000180)=r6}, 0x20) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 4.769756466s ago: executing program 2 (id=3320): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x5) socket$nl_route(0x10, 0x3, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5cee313670d5fda3}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x65) socket$inet_tcp(0x2, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_genetlink_get_family_id$gtp(&(0x7f0000000100), r3) bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x1b) getsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000001c0), &(0x7f0000000240)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x0, r2}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1805000000000000000000000000000085000000a8"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x95) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4}) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x40080) connect$netrom(r0, &(0x7f0000000080)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast]}, 0x48) 4.679852531s ago: executing program 3 (id=3321): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x1, 0xffffffffffffffff}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.600744685s ago: executing program 1 (id=3322): mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x109) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006200)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x40080000, 0xfffd, 0x0, 0x7, 0xa15, 0x0, 0x0, 0x1}}, 0x50) llistxattr(&(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000900)='./file0/file0\x00', 0x62) syz_fuse_handle_req(r0, &(0x7f0000004200)="0aca6c6a1bafd2989666a6014bd5e9e63945bda64c1239d970f0d349110c18fe029ac3e29dc9ff9ead2ed3cef0fe77ef8348a82d3da186ce2140d53dfeb34dc1e128dca5a5225db8052bd348c2d1a3de224233032fff8b85c85885c90e9d0c205001db3dfc55d17a7dab1761c1733c465113c056d3bcbaf6a52dbda820a1db5e7d777f6c716e5f60b04cc1c6a362d891cb08fa109c5a00e427f8636059d934f255021cf13d2bc9cff93f049018b8e48f6480d324f08eb83655d3eb5a379ec18c861f596db17bcc23ada65f26a02c4c0c9e3167cc582e93661cdd0dc7581ac1958d9cd08104af251d87d8b5d82150b8cc4ca6d23475f259a8b7d69839cf728a6c478eec56135bdfc6428a318cf2b838d16984d0498d33ac41fe67361bdf5752db6a5ae32979463b60ad6b99527affdcb2b4a0f23b2f140c981b00c99cd25d563ff6c3308b048371eb2e599880a2b67ef9a2282947dbb23a3f1944193a801187f206587a52ee7a33032a842b31fcc0db079c554c97a09e3812aea45702099ab648888d08ae48a187a5acee7b9a2edbc320c64514554e540286053dd2acb9f9ec83435f43193b45b324c8406cdf976bc7607cf9385e99bf5f5205110d0c27abcac49e7ec7deef560f953d2c64bfd014ddcb1b2cbccbe401a312436799235807f4fdf52a9f894656fcbe1e971163e8d743450c49875379522df77d5e8910df837701d135f4589d4d15355e1638eff568a18a0d6217a11acf8fdf0fed0216635215d248aff37d85b62edbc989bc6d4757e6347ec971ae2b1e0d194e6c11dd8f7c108219569e157eceb7c14a288aad98a24de9a81f9ba1dd5271c17adfdf41f3393789c30f9345f6ad4ad1a6bf46640f69f7c038c4fec6652853a3f4fece3c3d15bfdea15f37e961a03de54181724801808a3a9030ba4650ce6fa9e6822c794d7b9da548a2eab977ab0c08b2d985957d5cd70ec677637219c6ca7c7c4d0a7a7ca38c1862583735b46b3addfd1c72cf7f63f11bd85ed59b9ba94db5c2fbd48461ab735b439a992e3a4462545e042e3c863199c006ef3a3be4473b24b782f86a3c1dca9848283bc47f4322273681efa1c8c413dc81a459e4e755846a094971708eb7f428aa67d0c81ce7f33d856e13a342b05eb403af7b4cab191c4ab9d650158808ec74d04f4b765e513b94f10345322e48485d29eb8b1408d7776f98e3625a20220e94789476affdbd19b44bac6bd2fa2b0ba10e93582178a3ef4938dcda25bc6245621b1ced780ca089010e8e51493c1ac7747e949b67fe6e3858e60a1e45a657c080fdc0bcbfcac2ba9d027f02ce30cc7440ce71eac66bb2eb264dcb1306a6054fde6640ca51ec4ccaf500a87f073b58ab286daeefd8d3ec7ee882551f7b6a36ab79a8e10d1d3c234ffaa33e95026025cc39a057efe7823dcb689131b1e83572b4dd1f49097580976c046424618fd6047d46928087d483df952738448d164c9288b15a4982493bf7ebc1976d0942846c8310556732b4cabff937a51e926caa37ae54dea339c2a2a8d73be2ca3a39edcb4ef8bd58a3c4c98c48b9f37a1424b6a54919921d4429611d0dd585d1d357c3c1ad1cf68f36907f8d9c28a14ec2cf2510fe54510111ddd7a67fb8d2f449227da397c32b8dca19971ab9d76e1f6ce0c54c9de1cb1daa1936b62f838170b8b6e7f34168a099619a113c83347ce2c0f6086855385062b6e074b68391e59430236f9ec687a265072f7a40efbef3cfe5bc1cfb364d87a597507811d2bf6af59e20fcf4703caa63285decabcc367ccfb8e27efecb14db8b1167938f457d4117c62f440d807b5482bb223b4b14e9526f9ede33631cdf9fcab53b3fbebc9344ab130d793dad610f2fe41ef388acaebd6cf26aedf7c7c6aaee956cf92c14583bd45b189d43f7b44419df1e0adecc8fbedb357656b7649721f81c2207ebb37e3ae21bdce8c982cbbdec012c7fe587161ff741610fb8ea5883c758527873ca2197b5f1058083c40203cc4dbdf7f4f1388f2309d22a6a1767137703296ad3aeabdbb3529a290da9c6cc5631b2f1ad25c766e3cbd8d9f588bafd17495f572bf1cfe1e8b5bb22130963cca8832f846300bb6dc0baec85b500e1a48fdd14cf0442fe4d441821d7e46fb5e2220c96bfb16ab8ca883a4477bc756dfc6622f320a648cfb57f9de9aef33f9986c6517d1a7eb59348541d6d3494ebe7bc1ed4a86f06411491d176da36de8c8a8d8ea28928bda63fe863277e4325b756421d4d2042428250ed526e538fb930671e9ad517aac494a58aecbc908b512016fe4d8f60b576e230b3206a0c7bd4fef717a8cda0029d13ecc3c8f8686f717adc1440353c236aa71f842839c5ce92c83fbfb57b221271aa6f4029219c3c2ed7a3a53d8ff065ce30d403c95cf69e7963d5bfb63bccb5b28ca125f0d7094072273ce3108093d0ff83ab98393b8e9a87117f4933a8c8ecf353931da3b8dacb20685a65dd865bd6031cd2b0b7e237901c782c6e6ea8742e89dbb01eb925dd6e74c53bd28d3c424cee35eb29823f2138b92516075e00342fa4dbc5b27675a651032c8ffb3da6c5349d0f9b2779778d0cfa1c8d4cc34d4fe95fc435e4768e93d56d2c142f25df1b9afa7d103486842372b36261b96b7b3acc0e78ff20a535ed515ace0cf3300168a7ef42d6bd511c019d0ccd7599ba70cbabc95f34a052fe9d6f97b49dc1cde40d5ebf305797d7d572a61cd38a0cf85f28c5d018648b769327bd9559722d5422754f26c9e5439b42bedf34e31bbc845b99ce315eeeb0383fb3ae021084cedcd843b86831c78441ccc0d2c23de528e53cff785816a3a3d99b4a4684df9546a285203bb615eb480fa8385e90226b27b39a7d50c83babf5ba890da1a8848ba372971347dc34b76370544feb183b9292043f2ef072b69bcff45b1917c073222d50bd585f2173bdae673198b95b67f8387f6d2b2934597c5ce165fd420ddcc01d29d71d532b5d127afc98657845230e363cbb9ecc05b247996ecbfce0e8215ec7dc5e9be115de2e7ebe8fe3e191f455d244ad1ce75c828a2adbbe509589f389936e62dfd1ecdef105162d357cfb22412b64570dcb04fe18bbbe5518985d7316a75a19a16a482105b7fac923e1eefd780d036ccc39e3cc53d2002ccd10004be1694be4110fb062110e1a44ba88acfa282d9c7cdae0cb55f48f7caa3c324d9f52265d21606a20779accdc9f69dd0fc49e4bc2c49891e526561569abe5673533c8a9b6a3004c809d3f7452b02787047d4442df3f4cc5d47e5aa73b7994c113541ea312970f2e741d4fd50a83f5a0293fbd56d619aa4bb3b491606642fcb922b5ccd6bedb442e450609343e18f61abb3a4b2fc69e06a72edc7bcba0da06da3e80f59b737f088d01f0dbcad89003b505fe29bdc8118e3fbcdb90a4f464e0e70d20f093790ae1b9f6f8a904a268cb4bb116404de1bd4c3f9522c36893a902a3a90f52670b7ff2074815329f3fe2c8ccfabe2d812394e6b0e34741abece71b7db0fbf0a80e6c13bc7bba89a4ee01cad9dd76e49cd91690db6fe402640db8b3523c49bcf611a9da991123edcb64ef505906d8ab4b8586e631828402105f045cff3681f2f36e3713be5bcb6af157278b194a51f04d04507231aa6f4d77b4065f2a97894c201b23f7b5f79b029c74fc4c57fff87c03e01210674417c1297155ca7a7fbe855fdcf65561619ffca0099fa08ddc8ddd7f713b2b0c6af0fcc4bd4cba9e9f47debdc6d9e6e2dce63fec20efc51e15d013fadba2707a449dbfd025f1a7c329282c797b2071afb37a89f8d58c1e3b4f06586f00a433161373548b699fabd92771346a25ff10789ca89cbf00f92248c6b8468f22aa4cf7ba90aea16a3cc2b1ee598609dfbe75fb8e11c5003ad0c9ac7205cd35552a53703f06e465633f9653cd670952feb9e77db960ea18914235af757e75204d1f74de9829dfac217d87aecc1c80066426f12e52883bfcd982e54bfdae8ef55f3b70f78bae9e6a1e24388c642cba3b3215602294bb7d68bb6f8e0b24c0b6e99df504c30beb2a7f47b02f9af6511eda25407c30dfdee39ec8db32d93e1e09472474883a87b7b4664bef06d5c0a43793237187acaaa9654f74e5d3bf1ce389befc139fba61378e7b66b4b0d87334732592ebd0e4989373ca541b92d003e67e0292256c256344dbf03ad24540f11cdc174b45d3781c1da793a460ba671373a0fa082ba63f5418733c9907d360c9bc54ba0e2b374de7965a87316df1c7af17164e1b6dfe32d71fb5ba641bb8d6cd6299473f37e44a69e90a87cd2f8a486a0db4eb104bf87d9f7cc87dc294e6debec7e5819f3f26bdf4cac91f8ee94a826df99da39a4bd6d476943428e3f5009546ee569d6273f7ecb115538c6ce8fe150249c89452c2f0cf0796208a216fc2cb55e1b6c892778f15e7f8b78e6e97093572a29ca3600c72feb4e1ef42a225da695b3111777f3833e306f2a90b8ed6095127b0f13be495a3321bf8201955d40f6b486904a4e1f4c9965563d30277b30cb0d1ef375338a25314fc5abce41f1e95118e89455af9e786cdc460e4e48fda5f21cece9b4e5276523d6919e165df5efe59aff13067d3ef0e82259305942b5f25e831dcb72f5c7fa67ceba7678078d8311aefdc91916f8c1db2ac61188b46825707dd26d29aec734df8bebd7474277908b2ba9e77daea20c395253b3cc876e5dcac960556072bec36e14da26c335b509a38dbf3037d620f4765e63b946ef8ada1729b1323acc8b5e436f3967ab7cc033ccb7d0c9cc74d3a3faa2ff2afb1cd571e3749cb0203e70756273fc6a4d80cf646d551f3a801ca513ac587f0ddc8c58870d817ea2671b2ef30be91a45dc730c6636e7de2ec235044b837ed9861dc89e4df342cff52a29ae6b8d5817fe31bb3a74d0202efca5d94b4d232f3dff885bf52f8d43097d069ce81220e8578c630d496b01fc60562bfbfda22fce6ce68564ab31d1a3d38af2d7b73a970b9b30f6c48dc38991da402491b2d643e0f5e71bb9c0aa834006ddf24b7dbb180f68751535d8cc34823ba3d1ddfbfeb6a15655118d4e1e11b255b998006906017ad9978d6cf4a45a669eabf653363391e77a82a9da14d184a50f1421eeb61411e859cf6f98ab0846ed5345b63e3ad004d1ffd1e48e6574ba7d832f7ad1345b8df27f7707245b335ddff2e4ca1430ec44af208e633c25678b3cfee96424ca026b159bb18c1bdc51db6c66e8788e5aadce1d3e531c9b02edc65b846763ee64113c0cd0d23824c4baf3516e2c8e5192afb9fcd390e51b3bcdcc0a49f932a6907b38713e2229aaa9abc5305420f50a2016429012e835407dee7d8d0b8404655620c3df407e7be2a5a1e668341dd91224509ffd48db6861f558d098954f83aeb6e426099cc4291da311c37bd46c8d80c3ea975e0db6ce12dbdae9116bf08909431fd5483f7cb3076d33a900d56c26d6f151386abb32ea335f5337683201a1ce5d9df25c5df29a375d2680827e182b1aa0813ee7f9d273d7ce1b86194a8cf48d630a5be0b947245c1ee0a0645500ce2ced6dade1b63c0e7572260cce25636778d79ef11ed5e3c42835c8e53a6d26cf85293050cedee2a116e5f38b9cae91a503ec9e0cf784d9cfdccedf95971540ec37926eb43b27cbff1d96b83f80018e6afec70523b6672111a47f9922db34da15d7ca3cc3a77f1abe7221b72d43d2cb4c23fd2bff6cd5ef6b31b6a4c65babcdc918b0d99fad656e471a20a8f4b66d6e37877da1a8b7fb7a8692d6d578ff953b18deebea1353f915102e4d2064dcf8eb0965a2f4c2eeda70b4177dedd7597797ec76bb72ee422ec4d16e494ed77c9bd843ee01885cc3aba1f77806e8f501b856935494918ef83379ac5ae1e06697606053a8c5c880975d1f085c93f2adb1bd2c6ae07c29bbb245cac4726a20a2f61ded013722eee8878933a90319cc8cab7a2bc69dbc79767ba18fcdd8f9ba7de44e9f0575994b28aa9e3e7b4c1f2ce0eee264dfefe3e1600cd969683551894d28b690122093105133b22ee04a50f4883274cb929beb1bb45444ca5d470c0ac611c4990eefea25526f590b269ad40d23842c5b5996c1cb393dbff28a7e2f7cf04ac30fbc2d29ece6708fad830bc523fa52d2ebbfda27379e8c48d085b260a2dfc2e8d7e1a94a245b518612bfc9ca0260c8fdede5298bf584e5d71fc131f5eb6ad2dd7bfd42a77f523eb0aaa787003fb71b9a64fa783e918595af0413fcc0d7818a514c055a48ba9b1bbc6c974f7cb55c3af3edf117835d169e5e2b31e4278d0419b23625ae004171eb2ef8c231a61331886234b402886b4993ca6376f8664134cead1bea142bbed5d46e3bb71b0f8a4cec0c79a9b5f6c823128d02063967a5363b6bd6e242fa3fd21953fdb57725f1eda22984bcff8e40f2076fc0a462706dc2bd95dc447a2aec2a8a4808f2930ff1353348942e28204af42141fa120c8e5fa9c225d16f3624deb2ce178fdf594db504159bbf475e8bee281e3c8ebb29b404b3fbd13dea76df5aee05ad6a85054b838e149d0ebfabe61dcbda6c3494e170e75633843a01e2458b526ac5424177d6bc4706a09694be1c372cc79cf7c4d82ff4e62489d1fc7819d749710035a6fac239d716b57a1af1346c1e8420dc8ae46fd18245160d43a40c564bf11f0232bfd1fed67ba1aebce120ee93a0a000570b808d9fcd60b622c59ad53ef535c1db7de15b52ed2540708eb5baa7195e1a86990b6611ad5c50127f7e876f8031856e9a2c0566f357d6c75e6ca5f217d428602fa7c8f7fb9f3abbefee76d88b3b08c3be2f0d093ce96c6a00f3a157dc0a05e1fc5d8de583c25e09c77348f5825fcd4631396f3e8c26f5c1432784eb8c377fb520d28aedcaa5addfda6eed11da4d2cc91c2e3c3728c763c9d58283af32d00aa1910011a552adabee99d1387d14e582cf68fea46b729eddd0d3ad8eb9125d5fb060f4d6f70a166cc3ce9b02a7bc65200399fc2a47b90039ac23afb853925195e8079da20cbffea72365158fbd94a6e0a654f6c09a8032fb26df99913c2300e03428ab3cd1b3f7aee15460732d445b4797673b47a93a325b2e5157106ade0959be9c4562d5a4292a9ac94940c66375e559f34e57a1158b5d77a5dc9515bdab63799627301f19398d84c7afde812100a65a1642e9515a30434d344b380a92eeb2013a0f63cba648c37095bfd985c607b120f1769a79f1fd7c03f09f966b72945606ade67f9aaa631948bb82f9ae3f89ecf6db12c02d174f62ad6e1b60f4819ae19f4979e0f9dcf51bedf4b1bd1de73bc2adb1923544ede6dbd40ed4c559cf1f079f5dc8986691540e13f5a2505cc0923ca8fe2608ec92b95dbb5facc320e43b2049b79eb02618f6fab08b7e9dbe00fcd69b338b1bb6a9beae531972e16a19d94bd2273c4d042eca34dd7c5aebfbf16552681ad4e243824a9c5d0d8b8d3aba4c102fb76c216c230c2ec34838a0817b03a04480c61c899b2e442bcf2567d4e73000d9c9d4d0acb712df0183fc288634cfde234b94fdbbc0b7e66ea5b6437f312167b1ea93e2a6b2105308d8198a2d4054ba2ff2855250e0e6c952364056e2d3d09e5a2c578837d6521ffb82780f169d07f2f032b34d62f2712a77a56175017257ea1caea41acbbc520b429bd4e3ec3f9a6eafce46731dd3396f1ce1a6198927fd2dbefb3f77c9173be0934747ca47b98c6548c8cd07249d9715414b8a8ddc8430575d8b8903d3923089282a3ccead6e11044c67f3d5d8ed8cc0c0331f2dc09e1bae77ab55307e6445ad382451eff64faca8a4c0cba7cfa2fc9b087afb040e594115c35ce1dbec69ef1e5af8003339afda5faa1be1a3da7c5cb84273009c32d300fba7d222d2dc783241a9414ee30c8bd7e655c09a7f50dfb249ae9b15284b971503f6ce8866a1b36f993acf28d387da88c8defd323d1cd91d4eb46ff87458269a134675556b067a1b71829b7706ba58c93a919884089dc333c9b5d8279dbcc20071991762d2569c8ff5f21783e2961228b2006f8805750c0f9f4f9dc3df86dae1ab98af22122966a6ba04ccbb2bdf90e91e1f2595b979b6934fe132eda34cec0f83132f3867a197a6dfd0d43528bd56613732704bb62b12f4ede7439b2150384fa04db658fda2ddf97ab571f02d150c50c95009d0aa2e553019ac1cf9bbaf15474bf66d69224913b11080badb47d4a085fa13e965de6e95b7aa6e07bb212774d0240738cc07ccc1670d33c100cead3fb99c3f32fdd97c9b16956b1c22a90cd5c7aa0d920dae9e2b149fb5f9870129a0e97d1edba0dbf8fc4fcca6c65c639dd3eaa8803b1e9e601907e086ed1079ff6bc6de941c91df0634ce3730b8035bfdfa699304666920bfb092354da1f0bdd28c9023bd2e152e931e82eeabb86b0323c789daac94422eb7855f18775917e12feb85019e2e017303002ff8e04513ae0fb03f334a76addd8fcbd69ed25931f44044eeffb5d66cab5a22b21e85324946ab15408dd5d68b17727d2e4779bc378750eaa6ef6e943966c0dc4d066c6b8b8945023a0fc49f81a9c15a35d350e3d741652b8a8014b3649dcfd028f25c0b38b7cc14f7e375acfd3960af2eefc49ac6589f38791c9c0b0ea4e55992274052eed15cb8de213794636c4db2385eb9bcfc28f8a97e7c7ac949cd519ab62d1ab10d855a7ac6acda00b78d35d80a9ab4b7099603782384c461dee90abcc14a539779435cf0677eb0b6ff7e47488667788f9b0fd7d5e0cf53aee5ca0071fa30c062da3c44e79096e24594c6e202b7cdbdc49be2ddac8058c7ded15f07d4c413886fdd7017b9fedb86e39917fd1e81b294675bde06c8fac0dbce7f4b90b3859c66f9f6fec640c6781728a8b347da28b4360924ef68c3c740ed5ddbf013720c6de54d9bce5232864f9e80a652cd778641c327876b2a3e1049355a58fb5054aa17064e97142d64be9daf5d1b162566a009c69133f60e3d4c2a53c153185c659d16236fcc1690eed8c6c2e4f8b172eec457a9407003ddad723e3b183e81b17ddbe46ba368ab3e3ff574d9e3fb82e102ab46d7f608e235d064ea963fdf1622ed7278a27fd8210ad39c3acd9069abba71ca051b64561683068ca6a1be906c196ddde1839b3897d5af8fee51614d73e51511b03a5763f3ed3e64bf7293118dc321cf5e940a2829c6b8550083d66d31680fb55af098d9ccebde9882f818c29f4cbb55c26a97c359d8606bff3744ff3efc22e8d34e67b7c97b567483963c574bd1dac8c46c911c48b6e29e73e52f8c9385729a73b70d2ebba9e744247d9003a962fd607686e6c5972b59616acfe327d8b736f38c703832d7690c6474641bf87538e785353c1fd7df1b5ecb1200eed8c5857abd16c26ae72d0147de475b0c4bc98dbff530b334c9c50607bd46ddbcb1ffebf7513cc842e4cdd6c8c00a284e81cb531a04f75210add4f73db3da9783694fc541cd470368c8776973f02835dc355ef54ca90a580a45a2df6137c43b151ade1e51bc879e7fb43141541bfab79b3eaf0eab323c7147ecce6eb3eb3eb02a204755cdcc7405ad903b91fa4d297262cf77fe395a18e269ec36bd534d4939e78719d7c312ce5205979b2fb92fbf9e1d1effb0f663b9361893fcb11bfd66c92af3394e899876990883e9f5374b5642c68e8468498612e3848d367598c2cb0806b7f0c7f4b004dde2b4cc50161a4d293f2ec89c4cd35a767736f9282f848b9d1cdf405f61abcb3e50ff4092d2afb86fdceeec4791d892546e29495f97876cd8015f193113f1b8584a9ff3f32650e29126b81254961e677b6f67023295567f574364b7320313db988616ac123368179beaabb5a56257f0b6df8f6956324ac31d3e8db83dc994425ad80e235051af62ec79a6dc4bfa36283af72af26136c8f5eeb32e1fa1b9e21a228a2a12aed39e717e8f404334d8367ef3edceab1f3e250ab9dc1e89f9b84e658d38806f4d4a09ff07ca539077a5a496699a9d7d4aafa78120eb90f404c2a6ae00aa1c813b25cb6ff9dab8b66b1dd83c80c1225aa24a47df3cbff7f6842d9486bbcd4179150e1bcad3caa604ac1db71aac913c9d3cbc154182187e2aeb852011b22e40b25f9cb31ab7f458a11b1836085c4a99a633215684e7fc70646ee2158faf8329c320a3bc050cdbbac216a18a88af2dd1bb4d648110c5c90f7f5948128eafbe36c01ea709ca8b5fb8ad9eb7384feb7055220aed45690664b0312052792a5b9dfc90a1248995cf68f80b7822fa577724ad143b1d987d2fae7992d3ad270e6b1fc4f1bb3130f134607e8129a6b1442ac05f114062be3604d7cf1595022f49e7cc55282f0f666ad6ff3b03d692c2a66fc2eb5fd0751e4514229861e2343d43162dcbdec156aa5f2c5f9aafaf470f17e5ed688b3516647b9a1a220e843791ddda20fcc444ef63ba31fc27e62fee4676f097f3fecc625755b26ad48dc7ceec1920443c6c466c7bb36e91082f115f4e563a562af1ce5cf37c45bb2da72ab39ecf00e0349eed7e87994b6670e8bde4f4f9142cb99f6bf36eb41bb4dc72b6c6a6686b63fa21c167b1ba5ff481abcc2ca29905d6b75eff932296d75a90080f3a727690eab0e804aa95b545f55107d308f4cd9884d75c28388151a72e82291f79eb52921718903a8bf029a3e7c0ce28f204926dc221f78711a08834a917a0843d8249ca317c7154b88a5a10a09d7477fcf2d6296725bb6a69c2739964a768cd6ae51d7e7de63bb17fe7fabebb0ee46c285c683a41203d059a5c89024a7f3c59915121921000075ed397d30ada6d56e6caa685cb98cc0bf279fa2d96408611ae7e43c3bf70f73148c6615f20060b5c337c6555a3bdb1870bededac9eff951cf1c7fd4f0046d7661789bcfd56fe6198b502e01f90333ad6e9354db449435d0506526bb0c65595dead87be428eb1b988906de152f9a7f126ede6b933c2de1f7d20ec3e64c7468906fba2bdea8b300bab203542dec13a90e4195b3f7da1b669bfe9e8989440b24807ffd44d9e3d61e098caaa029a7063d25604cbacc5f2b3671a163b80a440948230ae90dc3bd7fd46b667cc7d6dba2f53775e9a2180ced0e1cdc6e1275e741607d6dfe40f91ec81602f9bc7c26c322b82114949fd17a9284dd2918326b7880f42db6e468b80f980db98e31ad57be1f131407a0d099cbad9eff25916048e4210c0eb0b68d4d11cc1545cb46114b3969ad0d7a6570b7571c877ed8060cf8b736f8c82ddb64d19fc29af3453f0efe33c68c21c7c8c054707790cf5c056d0ba408d077fb65cef8fb071398ce35cc95c48ba546230f4dd60ad633f81478c87019736044783599a17d4dafd30cc6f4278cae2384763ff2ef395b8e7265ebf0453cef5c98e62a0e48ad422af17a4eee1acc10a51a3fb6e98594309e4976f71027dfe7a9593cdb6860cba745f2346c8d4868b07f381d3c137b396780545e0ea331e586b176821e45f67761fd8b4c6cbbecfd34b72201f6145a6b06eaa8fa9872a54734acbccad497390ff69f676c496258479aa06d9fd1ecec02a01216fd66554afbd5e728608f4572a4d485e57ff5bfc3df", 0x2000, &(0x7f0000000940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x90, 0x0, 0xfffffffffffffffd, {0x1, 0x0, 0x0, 0x3, 0x0, 0x0, {0x0, 0x0, 0x5, 0x8, 0x0, 0x4, 0x1, 0x5, 0x0, 0x2000, 0x8, 0x0, 0xffffffffffffffff, 0x40, 0x20000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.677727704s ago: executing program 1 (id=3323): write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x58) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x80}, 0x10}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x10000}, 0x48) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000007600010001000000000000000300"], 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x48, 0x0, 0x0, 0x80, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x4000, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.649094856s ago: executing program 0 (id=3324): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000180)=0x10000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f000001a400)=""/102384, 0x18ff0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) 3.513545753s ago: executing program 2 (id=3325): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x8401) r4 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0) r5 = fcntl$dupfd(r3, 0x406, r3) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x3, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) readv(r4, 0x0, 0x0) 3.441608727s ago: executing program 3 (id=3326): connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x20, @loopback, 0x23}, 0x1c) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x701, 0x0, 0xffffffff, {0x41}}, 0x14}}, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1) 2.731276415s ago: executing program 0 (id=3327): bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x80}, 0x10}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x10000}, 0x48) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000007600010001000000000000000300"], 0x20}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x48, 0x0, 0x0, 0x80, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x4000, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.499405417s ago: executing program 1 (id=3328): r0 = fanotify_init(0x10, 0x2) r1 = syz_open_procfs(0x0, &(0x7f00000044c0)='stat\x00') fanotify_mark(r0, 0x11, 0x8000013, r1, 0x0) preadv2(r1, &(0x7f0000001d00)=[{&(0x7f0000000500)=""/247, 0xf7}], 0x1, 0x7e2b, 0x5, 0x1) 2.329089906s ago: executing program 1 (id=3329): socket(0xa, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x1, 0xffffffffffffffff}}) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000890}, 0x4000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000006000000040000e4f310000200001308000000240000000538120fd00ebeb01881b30000010f"], 0x0, 0x42}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.025506852s ago: executing program 1 (id=3330): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x720, 0x0, 0x0) 1.769429306s ago: executing program 3 (id=3331): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d05805063967de38327e", 0x9e}, {&(0x7f0000000480)}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba5", 0xc2}, {&(0x7f00000000c0)}], 0x6}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa4", 0xc}], 0x1}}], 0x2, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff0802110000"], 0x6f4}}, 0x0) 1.706700879s ago: executing program 3 (id=3332): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20008008) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000080), &(0x7f0000000180)=r6}, 0x20) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="1400000010000100f7000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000144c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100d10300000c000440000000000000000114000000110001"], 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.680376771s ago: executing program 0 (id=3333): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$int_in(r0, 0x5421, &(0x7f0000000100)=0x5) socket$nl_route(0x10, 0x3, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5cee313670d5fda3}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x65) socket$inet_tcp(0x2, 0x1, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_genetlink_get_family_id$gtp(&(0x7f0000000100), r3) bind$inet6(r3, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x1b) getsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f00000001c0), &(0x7f0000000240)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x0, r2}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1805000000000000000000000000000085000000a8"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x95) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc) r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000100)={0x4}) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x40080) connect$netrom(r0, &(0x7f0000000080)={{0x6, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast]}, 0x48) 730.162491ms ago: executing program 3 (id=3334): socket(0xa, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x48, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x4000890}, 0x4000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000006000000040000e4f310000200001308000000240000000538120fd00ebeb01881b30000010f"], 0x0, 0x42}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) 174.174911ms ago: executing program 0 (id=3335): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x8031, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15) mount_setattr(0xffffffffffffffff, 0x0, 0x8800, &(0x7f0000000000)={0x0, 0xe2, 0x80000}, 0x20) 166.990721ms ago: executing program 1 (id=3336): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)) 0s ago: executing program 3 (id=3337): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x181041, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000008c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000300)={0x28, 0x3, r1, 0x0, &(0x7f000000d000/0x1000)=nil, 0x1000, 0x662c}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000200)={0x28, 0x5, r1, 0x0, &(0x7f0000000a40)="7f", 0x1, 0x4}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x7}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000001c0)={0x28, 0x2, r1, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x70c}) ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, 0x0) kernel console output (not intermixed with test programs): r: 12003:12005 ioctl c0285840 200000000500 returned -22 [ 625.581287][ T5775] Bluetooth: hci0: command tx timeout [ 625.788844][ T5803] usb 1-1: USB disconnect, device number 36 [ 627.213232][T11965] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 627.336509][T11965] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 627.567272][T11965] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 627.599891][T11965] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 627.633674][ T5775] Bluetooth: hci0: command tx timeout [ 627.801609][T12036] Bluetooth: MGMT ver 1.22 [ 628.045316][T11965] 8021q: adding VLAN 0 to HW filter on device bond0 [ 628.166167][T11965] 8021q: adding VLAN 0 to HW filter on device team0 [ 628.578893][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 628.586090][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 628.939003][ T59] hsr_slave_0: left promiscuous mode [ 629.008770][ T59] hsr_slave_1: left promiscuous mode [ 629.018697][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 629.040028][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.206388][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 629.642601][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 630.903932][T11787] Bluetooth: hci0: command tx timeout [ 630.924378][ T5775] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 630.964032][ T59] bridge_slave_1: left allmulticast mode [ 630.984430][ T59] bridge_slave_1: left promiscuous mode [ 631.800900][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 632.068682][ T59] bridge_slave_0: left allmulticast mode [ 632.083561][ T59] bridge_slave_0: left promiscuous mode [ 632.089650][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 632.914258][ T5775] Bluetooth: hci0: command 0x0419 tx timeout [ 634.050968][ T59] veth1_macvtap: left promiscuous mode [ 634.225383][ T59] veth0_macvtap: left promiscuous mode [ 634.248913][ T59] veth1_vlan: left promiscuous mode [ 634.273923][ T59] veth0_vlan: left promiscuous mode [ 634.993631][ T5775] Bluetooth: hci0: command 0x0419 tx timeout [ 638.926403][ T59] team0 (unregistering): Port device team_slave_1 removed [ 638.993235][ T59] team0 (unregistering): Port device team_slave_0 removed [ 639.064977][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 639.135383][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 639.639071][ T59] bond0 (unregistering): Released all slaves [ 639.731397][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.738572][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 640.101337][T12137] 9pnet_fd: p9_fd_create_tcp (12137): problem connecting socket to 127.0.0.1 [ 640.153598][ T5841] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 641.368679][T11965] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 641.476949][T11965] veth0_vlan: entered promiscuous mode [ 641.504631][T11965] veth1_vlan: entered promiscuous mode [ 641.525785][ T5841] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 122, changing to 7 [ 641.547493][ T5841] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 641.564570][ T5841] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.582432][ T5841] usb 1-1: Product: syz [ 641.585144][T11965] veth0_macvtap: entered promiscuous mode [ 641.598680][ T5841] usb 1-1: Manufacturer: syz [ 641.603297][ T5841] usb 1-1: SerialNumber: syz [ 641.624824][T11965] veth1_macvtap: entered promiscuous mode [ 641.664991][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.693712][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.713781][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.733523][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.743366][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 641.761803][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.781487][T11965] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 641.811262][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.839439][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.852202][ T5841] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 641.860518][ T5841] usb 1-1: 2:1 : unknown format tag 0x3 is detected. processed as MPEG. [ 641.870852][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.881825][ T5841] usb 1-1: found format II with max.bitrate = 13, frame size=7 [ 641.890116][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.900533][ T5841] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 641.911042][T11965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 641.939558][T11965] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 641.953854][ T5841] usb 1-1: USB disconnect, device number 37 [ 641.971049][T11965] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 642.001463][T11965] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.008649][T11143] udevd[11143]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 642.032153][T11965] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.049732][T11965] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.059420][T11965] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 642.206621][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 642.221444][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 643.438492][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 643.446908][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 650.960072][T12233] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR [ 652.815748][T12259] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2102'. [ 653.356297][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2102'. [ 655.823820][ T787] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 656.033644][ T745] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 1 [ 656.049690][ T787] usb 1-1: unable to get BOS descriptor or descriptor too short [ 656.052549][ T9640] Bluetooth: hci4: Frame reassembly failed (-84) [ 656.065569][ T9640] Bluetooth: hci4: Frame reassembly failed (-84) [ 656.077609][ T787] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 656.091753][ T787] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 656.117658][ T787] usb 1-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 656.134645][ T787] usb 1-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 656.151788][ T787] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 656.180442][ T787] usb 1-1: config 1 interface 1 has no altsetting 0 [ 657.375428][ T787] usb 1-1: string descriptor 0 read error: -22 [ 657.381890][ T787] usb 1-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 657.396511][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.625423][ T787] usb 1-1: 2:0: failed to get current value for ch 0 (-32) [ 657.631423][T12297] sctp: [Deprecated]: syz.2.2116 (pid 12297) Use of struct sctp_assoc_value in delayed_ack socket option. [ 657.631423][T12297] Use struct sctp_sack_info instead [ 658.048509][T11787] Bluetooth: hci4: command 0x1003 tx timeout [ 658.080279][ T5775] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 658.189247][T12305] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 659.164906][ T787] usb 1-1: 2:0: failed to get current value for ch 1 (-71) [ 659.217932][T12310] comedi comedi0: Minor 5 could not be opened [ 659.334561][ T787] usb 1-1: USB disconnect, device number 38 [ 659.363576][T12312] nbd0: detected capacity change from 0 to 63 [ 659.390550][ T5775] block nbd0: Receive control failed (result -104) [ 662.359390][T12347] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.2132'. [ 662.464520][ T5775] Bluetooth: hci3: unexpected event for opcode 0x2035 [ 665.382844][T12380] netlink: 76 bytes leftover after parsing attributes in process `syz.1.2143'. [ 665.621870][ T5775] Bluetooth: hci3: unexpected event for opcode 0x2035 [ 665.828364][T12399] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2152'. [ 666.065999][ T9663] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 667.713622][ T9663] usb 4-1: Using ep0 maxpacket: 32 [ 667.721752][ T9663] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 667.734661][ T9663] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 668.352289][ T9663] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 668.360579][ T9663] usb 4-1: Product: syz [ 668.364793][ T9663] usb 4-1: Manufacturer: syz [ 668.369398][ T9663] usb 4-1: SerialNumber: syz [ 668.385048][ T9663] usb 4-1: config 0 descriptor?? [ 668.484375][T12387] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 668.651766][ T787] usb 4-1: USB disconnect, device number 40 [ 668.691530][T12425] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2161'. [ 669.478125][ T5775] Bluetooth: hci1: unexpected event for opcode 0x2035 [ 669.691967][ T27] audit: type=1326 audit(1777737213.407:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12443 comm="syz.1.2168" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f12bfd96597 code=0x0 [ 669.741484][T12446] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2170'. [ 669.803916][ T5819] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 669.863625][T12451] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2172'. [ 670.005055][ T5819] usb 3-1: Using ep0 maxpacket: 32 [ 670.038613][ T5819] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 670.060498][ T5819] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 670.089307][ T5819] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 670.103157][ T5819] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 670.111844][ T5819] usb 3-1: Product: syz [ 670.117495][ T5819] usb 3-1: Manufacturer: syz [ 670.130194][ T5819] hub 3-1:4.0: USB hub found [ 670.229779][T12465] binder: BINDER_SET_CONTEXT_MGR already set [ 670.245906][T12465] binder: 12464:12465 ioctl 4018620d 200000000100 returned -16 [ 670.258495][T12465] binder: BINDER_SET_CONTEXT_MGR already set [ 670.267395][T12465] binder: 12464:12465 ioctl 4018620d 200000004a80 returned -16 [ 670.338295][ T5819] hub 3-1:4.0: 2 ports detected [ 670.451811][T12474] binder: 12473:12474 unknown command 1074553619 [ 670.462370][T12474] binder: 12473:12474 ioctl c0306201 200000000040 returned -22 [ 670.506797][ T5775] Bluetooth: hci1: unexpected event for opcode 0x2035 [ 671.583553][ T967] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 671.659761][ T787] hub 3-1:4.0: activate --> -90 [ 671.773584][ T967] usb 2-1: Using ep0 maxpacket: 32 [ 671.780684][ T967] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 671.836280][ T967] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 671.845486][ T967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.864115][ T967] usb 2-1: config 0 descriptor?? [ 671.871658][T12509] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 671.883134][ T967] hub 2-1:0.0: bad descriptor, ignoring hub [ 671.893400][ T967] hub: probe of 2-1:0.0 failed with error -5 [ 671.905099][ T967] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 671.913679][ T5775] Bluetooth: hci2: unexpected event for opcode 0x2035 [ 672.068596][ T787] usb 3-1: USB disconnect, device number 6 [ 673.752798][T12528] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2208'. [ 673.764491][T12528] netlink: 'syz.2.2208': attribute type 39 has an invalid length. [ 674.082978][ T5775] Bluetooth: hci2: unexpected event for opcode 0x2035 [ 677.235356][T12565] binder: 12558:12565 ioctl 4018620d 0 returned -22 [ 677.653772][ T5775] Bluetooth: hci2: unexpected event for opcode 0x2035 [ 677.747867][ T5841] usb 2-1: USB disconnect, device number 38 [ 679.219276][ T27] audit: type=1326 audit(1777737222.927:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12584 comm="syz.0.2226" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fadbc59c819 code=0x0 [ 679.333980][T12587] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 679.341845][T12587] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 679.351031][T12587] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 679.359123][T12587] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 679.592861][ T5841] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 680.766389][ T5775] Bluetooth: hci1: unexpected event for opcode 0x2035 [ 681.963790][T11166] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 682.140631][ T27] audit: type=1326 audit(1777737225.857:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12612 comm="syz.0.2237" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fadbc596597 code=0x0 [ 682.206801][T11166] usb 4-1: Using ep0 maxpacket: 16 [ 682.214069][T11166] usb 4-1: config 2 has an invalid interface number: 184 but max is 0 [ 682.227043][T11166] usb 4-1: config 2 has no interface number 0 [ 682.246245][T11166] usb 4-1: config 2 interface 184 altsetting 7 endpoint 0x5 has an invalid bInterval 237, changing to 11 [ 682.273395][T11166] usb 4-1: config 2 interface 184 altsetting 7 has an invalid endpoint with address 0x9A, skipping [ 682.304654][T11166] usb 4-1: config 2 interface 184 has no altsetting 0 [ 682.323052][T11166] usb 4-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=29.42 [ 682.361718][T11166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.380045][T11166] usb 4-1: Product: syz [ 682.390155][T11166] usb 4-1: Manufacturer: syz [ 682.403768][T11166] usb 4-1: SerialNumber: syz [ 682.635144][T11166] option 4-1:2.184: GSM modem (1-port) converter detected [ 682.668597][T11166] usb 4-1: USB disconnect, device number 41 [ 682.689024][T11166] option 4-1:2.184: device disconnected [ 683.303721][ T787] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 684.198805][ T787] usb 2-1: unable to get BOS descriptor or descriptor too short [ 684.208094][ T787] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 684.250556][ T787] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 684.267020][ T787] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 684.899050][ T787] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 684.930967][ T787] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 685.249395][T12643] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/nullb0": -EINTR [ 685.250308][ T787] usb 2-1: config 1 interface 1 has no altsetting 0 [ 685.295635][ T787] usb 2-1: string descriptor 0 read error: -22 [ 685.313715][ T787] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 685.333526][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 685.834556][ T787] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2) [ 685.927910][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.065882][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.078960][ T787] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2) [ 687.103655][ T787] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2) [ 687.121761][ T787] usb 2-1: USB disconnect, device number 40 [ 689.748098][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 30 seconds [ 689.761218][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 30 seconds [ 690.353635][ T787] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 690.553525][ T787] usb 3-1: Using ep0 maxpacket: 32 [ 690.570271][ T787] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 690.591425][ T787] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 690.624608][ T787] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 690.645648][ T787] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 690.673727][ T787] usb 3-1: Product: syz [ 690.683561][ T787] usb 3-1: Manufacturer: syz [ 690.700039][ T787] hub 3-1:4.0: USB hub found [ 691.184921][T12716] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 691.906783][T12718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2268'. [ 692.033579][ T787] hub 3-1:4.0: 2 ports detected [ 692.572443][T12732] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 692.883630][ T967] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 693.089615][ T967] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 693.141360][ T967] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 693.181107][ T967] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 693.190658][ T967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 693.220110][ T967] usb 2-1: config 0 descriptor?? [ 693.253581][ T5801] hub 3-1:4.0: activate --> -90 [ 693.697365][T11166] usb 3-1: USB disconnect, device number 7 [ 693.932022][T12762] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2287'. [ 694.878720][T12803] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 695.419336][ T787] usb 2-1: USB disconnect, device number 41 [ 695.633571][T11166] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 696.628401][T11166] usb 3-1: Using ep0 maxpacket: 32 [ 696.635487][T11166] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 696.651339][T11166] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 696.724796][T11166] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 696.734262][T11166] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 696.742838][T11166] usb 3-1: Product: syz [ 696.747107][T11166] usb 3-1: Manufacturer: syz [ 696.760797][T11166] hub 3-1:4.0: USB hub found [ 698.279963][T11166] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 698.344980][T11166] usb 3-1: USB disconnect, device number 8 [ 698.663308][T12834] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 700.853583][ T5801] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 701.098170][ T5801] usb 1-1: Using ep0 maxpacket: 32 [ 701.119436][ T5801] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 701.150884][ T5801] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 701.880135][ T5801] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 701.889987][ T5801] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 701.912030][ T5801] usb 1-1: Product: syz [ 701.921399][ T5801] usb 1-1: Manufacturer: syz [ 701.943779][ T5801] hub 1-1:4.0: USB hub found [ 702.063186][T12887] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2338'. [ 702.160287][ T5801] hub 1-1:4.0: 2 ports detected [ 704.571664][T12913] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2348'. [ 704.648332][ T5801] hub 1-1:4.0: activate --> -90 [ 704.860325][T12923] GUP no longer grows the stack in syz.1.2353 (12923): 200000007000-200000008000 (200000004000) [ 704.872203][T12923] CPU: 1 PID: 12923 Comm: syz.1.2353 Not tainted syzkaller #0 [ 704.879702][T12923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 704.889785][T12923] Call Trace: [ 704.893097][T12923] [ 704.896047][T12923] dump_stack_lvl+0x18c/0x250 [ 704.900764][T12923] ? show_regs_print_info+0x20/0x20 [ 704.905992][T12923] ? load_image+0x420/0x420 [ 704.910514][T12923] ? find_vma+0x134/0x1b0 [ 704.914872][T12923] fixup_user_fault+0x642/0x700 [ 704.919754][T12923] fault_in_user_writeable+0x71/0xd0 [ 704.925064][T12923] futex_lock_pi+0x274/0x9b0 [ 704.929678][T12923] ? fixup_pi_state_owner+0x5e0/0x5e0 [ 704.935110][T12923] ? userfaultfd_unmap_prep+0x3d0/0x3d0 [ 704.940680][T12923] ? mas_find_setup+0x493/0x590 [ 704.945557][T12923] do_futex+0x23d/0x3e0 [ 704.949735][T12923] ? __ia32_sys_get_robust_list+0x110/0x110 [ 704.955656][T12923] __se_sys_futex+0x3a9/0x440 [ 704.960353][T12923] ? __x64_sys_futex+0xf0/0xf0 [ 704.965146][T12923] ? __x64_sys_futex+0x21/0xf0 [ 704.969927][T12923] do_syscall_64+0x55/0xa0 [ 704.974361][T12923] ? clear_bhb_loop+0x40/0x90 [ 704.979057][T12923] ? clear_bhb_loop+0x40/0x90 [ 704.983756][T12923] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 704.989684][T12923] RIP: 0033:0x7f12bfd9c819 [ 704.994126][T12923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 705.013747][T12923] RSP: 002b:00007f12c0b75028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 705.022178][T12923] RAX: ffffffffffffffda RBX: 00007f12c0015fa0 RCX: 00007f12bfd9c819 [ 705.030154][T12923] RDX: 0000000000000000 RSI: 000000000000008d RDI: 0000200000004000 [ 705.038124][T12923] RBP: 00007f12bfe32c91 R08: 0000000000000000 R09: 0000000000000000 [ 705.046088][T12923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.054057][T12923] R13: 00007f12c0016038 R14: 00007f12c0015fa0 R15: 00007ffea9aaef88 [ 705.058386][T11166] usb 1-1: USB disconnect, device number 39 [ 705.062035][T12923] [ 705.267043][T12933] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2357'. [ 705.309531][T12932] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 706.398485][T12957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2368'. [ 706.701718][T12963] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 706.963719][ T5752] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 707.214796][ T5752] usb 1-1: Using ep0 maxpacket: 32 [ 707.232605][ T5752] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.251930][ T5752] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 707.419103][ T5752] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 707.520032][ T5752] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 707.535162][ T5752] usb 1-1: Product: syz [ 707.543757][ T5752] usb 1-1: Manufacturer: syz [ 707.607248][ T5752] hub 1-1:4.0: USB hub found [ 707.740841][T12983] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2379'. [ 707.815628][ T5752] hub 1-1:4.0: 2 ports detected [ 708.109747][T12995] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 709.269006][ T967] hub 1-1:4.0: activate --> -90 [ 709.754147][ T967] usb 1-1: USB disconnect, device number 40 [ 709.839559][T13015] ieee802154 phy0 wpan0: encryption failed: -22 [ 709.932680][T13019] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2392'. [ 710.361031][T13028] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 711.145623][T13042] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2402'. [ 713.989830][ T5752] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 714.053706][ T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 714.063630][ T967] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 714.208182][ T5752] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 714.228925][ T5752] usb 4-1: config 0 has no interface number 0 [ 714.243810][ T5752] usb 4-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 714.261821][T13069] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2412'. [ 714.266151][ T5752] usb 4-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 714.292839][ T967] usb 2-1: Using ep0 maxpacket: 32 [ 714.311317][ T5752] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 714.326520][ T967] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 714.337812][ T5752] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 714.353887][ T967] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 714.373530][ T5752] usb 4-1: Product: syz [ 714.377778][ T5752] usb 4-1: Manufacturer: syz [ 714.382385][ T5752] usb 4-1: SerialNumber: syz [ 714.390773][ T967] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 714.411405][ T5752] usb 4-1: config 0 descriptor?? [ 714.416667][ T967] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 714.433768][ T967] usb 2-1: Product: syz [ 714.438384][T13054] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 714.446138][ T967] usb 2-1: Manufacturer: syz [ 714.452324][T13054] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 714.467683][ T967] hub 2-1:4.0: USB hub found [ 714.474346][ T5752] smsc95xx v2.0.0 [ 714.669587][ T967] hub 2-1:4.0: 2 ports detected [ 714.760423][T13054] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 714.780770][T13054] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 716.112463][ T5752] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 716.181563][ T5752] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 716.237577][ T967] usb 2-1: USB disconnect, device number 42 [ 716.262110][ T5752] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 716.318062][ T5752] smsc95xx: probe of 4-1:0.67 failed with error -71 [ 716.482252][ T5752] usb 4-1: USB disconnect, device number 42 [ 716.542853][T13094] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 717.605590][T13104] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2421'. [ 718.023816][ T787] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 718.663502][ T787] usb 3-1: Using ep0 maxpacket: 32 [ 718.675321][ T787] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 718.694800][ T787] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 718.741067][ T787] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 718.770826][ T787] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 718.794357][ T787] usb 3-1: Product: syz [ 718.804712][ T787] usb 3-1: Manufacturer: syz [ 718.835158][ T787] hub 3-1:4.0: USB hub found [ 719.073733][ T787] hub 3-1:4.0: 2 ports detected [ 720.396572][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 60 seconds [ 720.407586][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 60 seconds [ 720.913678][ T5752] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 721.590912][T13132] netlink: 'syz.1.2433': attribute type 1 has an invalid length. [ 721.647386][T13132] 8021q: adding VLAN 0 to HW filter on device bond1 [ 721.719866][T13135] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 721.828500][T13132] bond1: (slave ip6gretap1): making interface the new active one [ 721.849903][T13132] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 721.996789][ T787] hub 3-1:4.0: activate --> -90 [ 722.238723][ T787] usb 3-1: USB disconnect, device number 9 [ 724.051472][ T9] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 724.068109][ T9] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 724.250460][T13158] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 724.293684][T13158] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2442'. [ 724.542379][T13162] fido_id[13162]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 724.641634][T13175] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 725.289106][ T787] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 725.493648][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 725.507650][ T787] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 725.689648][ T787] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 725.896804][ T787] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 726.074442][ T787] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 726.082825][ T787] usb 4-1: Product: syz [ 726.095735][ T787] usb 4-1: Manufacturer: syz [ 726.126301][ T787] hub 4-1:4.0: USB hub found [ 726.185686][T11787] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 726.196819][T11787] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 726.205918][T11787] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 726.215520][T11787] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 726.223382][T11787] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 726.231646][T11787] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 726.339506][ T787] hub 4-1:4.0: 2 ports detected [ 726.477938][T13198] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2457'. [ 726.517064][T13198] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2457'. [ 727.315689][T13188] chnl_net:caif_netlink_parms(): no params data found [ 727.494576][T13188] bridge0: port 1(bridge_slave_0) entered blocking state [ 727.513702][T13188] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.520933][T13188] bridge_slave_0: entered allmulticast mode [ 727.536252][T13188] bridge_slave_0: entered promiscuous mode [ 727.649204][ T5969] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.690832][T13188] bridge0: port 2(bridge_slave_1) entered blocking state [ 727.710807][T13188] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.722382][T13188] bridge_slave_1: entered allmulticast mode [ 727.736125][T13188] bridge_slave_1: entered promiscuous mode [ 727.773001][ T5969] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.799862][ T787] hub 4-1:4.0: activate --> -90 [ 727.828443][T13188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.843900][T13188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.139071][ T9663] usb 4-1: USB disconnect, device number 43 [ 728.284636][T11787] Bluetooth: hci4: command tx timeout [ 728.460878][ T5969] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.515614][T13188] team0: Port device team_slave_0 added [ 728.538430][T13188] team0: Port device team_slave_1 added [ 728.630142][ T5969] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.798459][T13188] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 728.805479][T13188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.837376][T13188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 729.380140][T13188] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 729.616941][T13188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.758854][T13188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 729.859266][T13188] hsr_slave_0: entered promiscuous mode [ 729.873776][T13188] hsr_slave_1: entered promiscuous mode [ 730.348143][T13246] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 730.444234][T11787] Bluetooth: hci4: command tx timeout [ 731.346899][ T5969] bond1: (slave ip6gretap1): Releasing active interface [ 732.513551][T11787] Bluetooth: hci4: command tx timeout [ 732.810092][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2485'. [ 732.825589][T13293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2485'. [ 733.179201][ T5752] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 733.462917][ T5752] usb 3-1: unable to get BOS descriptor or descriptor too short [ 733.564593][ T5752] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 733.763834][ T5752] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 733.851384][ T5752] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 733.872027][ T5752] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 733.903074][ T5752] usb 3-1: Product: syz [ 733.934385][ T5752] usb 3-1: Manufacturer: syz [ 733.939028][ T5752] usb 3-1: SerialNumber: syz [ 734.111062][T13188] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 734.130874][T13188] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 734.179611][T13188] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 734.195167][ T5752] usb 3-1: 0:1 : does not exist [ 734.196335][T13188] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 734.261513][ T5752] usb 3-1: USB disconnect, device number 10 [ 734.304988][ T23] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 734.370717][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 734.411179][ T5969] hsr_slave_0: left promiscuous mode [ 734.447089][ T5969] hsr_slave_1: left promiscuous mode [ 734.457401][ T5969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 734.468746][ T5969] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 734.482167][ T5969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 734.491604][ T5969] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 734.503820][ T5969] bridge_slave_1: left allmulticast mode [ 734.504959][ T23] usb 4-1: device descriptor read/64, error -71 [ 734.509461][ T5969] bridge_slave_1: left promiscuous mode [ 734.529729][ T5969] bridge0: port 2(bridge_slave_1) entered disabled state [ 734.539861][ T5969] bridge_slave_0: left allmulticast mode [ 734.549976][ T5969] bridge_slave_0: left promiscuous mode [ 734.556792][ T5969] bridge0: port 1(bridge_slave_0) entered disabled state [ 734.593818][T11787] Bluetooth: hci4: command tx timeout [ 734.607913][ T5969] veth1_macvtap: left promiscuous mode [ 734.613528][ T5969] veth0_macvtap: left promiscuous mode [ 734.619157][ T5969] veth1_vlan: left promiscuous mode [ 734.624612][ T5969] veth0_vlan: left promiscuous mode [ 734.805169][ T23] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 734.988102][ T5969] bond1 (unregistering): Released all slaves [ 735.183681][ T23] usb 4-1: device descriptor read/64, error -71 [ 735.370458][ T23] usb usb4-port1: attempt power cycle [ 735.815807][T13347] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 735.903557][ T23] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 735.962247][ T23] usb 4-1: device descriptor read/8, error -71 [ 736.244342][ T23] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 736.285612][ T23] usb 4-1: device descriptor read/8, error -71 [ 736.415135][ T23] usb usb4-port1: unable to enumerate USB device [ 736.784415][ T5969] team0 (unregistering): Port device team_slave_1 removed [ 736.822243][ T5969] team0 (unregistering): Port device team_slave_0 removed [ 736.886768][ T5969] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 736.950665][ T5969] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 737.403286][ T5969] bond0 (unregistering): Released all slaves [ 737.582515][T13188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 737.617776][T13366] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 737.652694][T13188] 8021q: adding VLAN 0 to HW filter on device team0 [ 737.670706][ T5934] bridge0: port 1(bridge_slave_0) entered blocking state [ 737.677912][ T5934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 737.712446][ T5934] bridge0: port 2(bridge_slave_1) entered blocking state [ 737.720643][ T5934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 738.167460][T13188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 738.828490][T13188] veth0_vlan: entered promiscuous mode [ 738.887473][T13188] veth1_vlan: entered promiscuous mode [ 738.940075][T13188] veth0_macvtap: entered promiscuous mode [ 738.950392][T13188] veth1_macvtap: entered promiscuous mode [ 739.009899][T13188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.066459][T13188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.113844][T13188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.141408][T13188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.152625][T13188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 739.179067][T13188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 739.189723][T13188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.200120][T13188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 739.285516][T13188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.422951][T13188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 739.723740][T13188] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.725108][T11166] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 739.751932][T13188] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.776868][T11143] udevd[11143]: inotify_add_watch(7, /dev/nbd1, 10) failed: No such file or directory [ 739.804975][T13188] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.825081][T13188] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 739.924121][T11166] usb 4-1: device descriptor read/64, error -71 [ 739.943156][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 739.970725][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 740.041299][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 740.041576][T13400] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2516'. [ 740.054882][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 740.067855][T13400] 0ªî{X¹¦: renamed from gretap0 (while UP) [ 740.077944][T13400] 0ªî{X¹¦: entered allmulticast mode [ 740.085942][T13400] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 740.214384][T11166] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 741.713315][T13416] bridge0: port 3(syz_tun) entered blocking state [ 741.733626][T13416] bridge0: port 3(syz_tun) entered disabled state [ 741.751506][T11166] usb 4-1: device descriptor read/64, error -71 [ 741.758687][T13416] syz_tun: entered allmulticast mode [ 741.771204][T13416] syz_tun: entered promiscuous mode [ 741.780119][T13416] bridge0: port 3(syz_tun) entered blocking state [ 741.787001][T13416] bridge0: port 3(syz_tun) entered forwarding state [ 741.799621][T13419] syz_tun: left allmulticast mode [ 741.806706][T13419] syz_tun: left promiscuous mode [ 741.812040][T13419] bridge0: port 3(syz_tun) entered disabled state [ 741.828953][T13419] bridge_slave_0: left allmulticast mode [ 741.839864][T13419] bridge_slave_0: left promiscuous mode [ 741.846434][T13419] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.865698][T13419] bridge_slave_1: left allmulticast mode [ 741.871367][T13419] bridge_slave_1: left promiscuous mode [ 741.882897][T11166] usb usb4-port1: attempt power cycle [ 741.888650][T13419] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.905707][T13419] bond0: (slave bond_slave_0): Releasing backup interface [ 741.934745][T13419] bond0: (slave bond_slave_1): Releasing backup interface [ 741.961229][T13419] team_slave_0: left allmulticast mode [ 742.040221][T13419] team0: Port device team_slave_0 removed [ 742.067647][T13419] team_slave_1: left allmulticast mode [ 742.143795][T13419] team0: Port device team_slave_1 removed [ 742.167624][T13419] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 742.176146][T13419] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 742.825423][T13419] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 742.832858][T13419] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 742.913630][T13419] bond1: (slave ip6gretap1): Removing an active aggregator [ 742.938235][T13419] bond1: (slave ip6gretap1): Releasing backup interface [ 744.719766][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 744.730316][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 744.789396][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 744.801646][ T5775] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 744.810262][ T5775] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 744.818622][ T5775] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 745.689983][T13455] chnl_net:caif_netlink_parms(): no params data found [ 745.809973][ T745] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 745.994222][ T745] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.224880][ T5752] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 746.543714][ T5752] usb 2-1: Using ep0 maxpacket: 16 [ 746.558764][ T745] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.571209][ T5752] usb 2-1: config 2 has an invalid interface number: 184 but max is 0 [ 746.582251][ T5752] usb 2-1: config 2 has no interface number 0 [ 746.603624][ T5752] usb 2-1: config 2 interface 184 has no altsetting 0 [ 746.613339][T13455] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.639464][ T5752] usb 2-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=29.42 [ 746.656545][ T5752] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.686781][ T5752] usb 2-1: Product: syz [ 746.701408][ T5752] usb 2-1: Manufacturer: syz [ 746.712523][ T27] audit: type=1326 audit(1777737290.427:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13489 comm="syz.2.2542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbda4d9c819 code=0x0 [ 746.722697][T13455] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.741815][ T5752] usb 2-1: SerialNumber: syz [ 746.778758][T13455] bridge_slave_0: entered allmulticast mode [ 746.790962][T13455] bridge_slave_0: entered promiscuous mode [ 746.823950][ T745] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 746.844335][T13455] bridge0: port 2(bridge_slave_1) entered blocking state [ 746.852053][T13455] bridge0: port 2(bridge_slave_1) entered disabled state [ 746.869141][T13455] bridge_slave_1: entered allmulticast mode [ 746.890246][T13455] bridge_slave_1: entered promiscuous mode [ 746.915084][T11787] Bluetooth: hci3: command tx timeout [ 747.189034][ T5752] option 2-1:2.184: GSM modem (1-port) converter detected [ 747.317022][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.336798][ T5752] usb 2-1: USB disconnect, device number 43 [ 747.356975][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.570672][ T5752] option 2-1:2.184: device disconnected [ 748.020860][T13455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 748.032552][ T967] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 748.247369][T13455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 748.303750][ T967] usb 1-1: device descriptor read/64, error -71 [ 749.629183][ T5775] Bluetooth: hci3: command tx timeout [ 749.629202][ T5770] Bluetooth: hci0: command 0x0419 tx timeout [ 749.639319][T13455] team0: Port device team_slave_0 added [ 749.700319][T13455] team0: Port device team_slave_1 added [ 749.783707][ T967] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 749.806048][T13455] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 749.813000][T13455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 749.870873][T13455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 749.892885][T13455] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 749.901237][T13455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 749.936800][T13455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 749.953757][ T967] usb 1-1: device descriptor read/64, error -71 [ 750.030021][ T27] audit: type=1326 audit(1777737293.747:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13515 comm="syz.2.2552" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbda4d9c819 code=0x0 [ 750.091947][ T967] usb usb1-port1: attempt power cycle [ 750.103067][T13455] hsr_slave_0: entered promiscuous mode [ 750.129582][T13455] hsr_slave_1: entered promiscuous mode [ 750.136472][T13455] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 750.144695][T13455] Cannot create hsr debugfs directory [ 750.523730][ T787] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 750.557982][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 90 seconds [ 750.570234][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 90 seconds [ 750.733769][ T787] usb 3-1: device descriptor read/64, error -71 [ 751.034217][ T787] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 751.309483][ T787] usb 3-1: device descriptor read/64, error -71 [ 751.506553][ T787] usb usb3-port1: attempt power cycle [ 751.713869][T11787] Bluetooth: hci3: command tx timeout [ 751.949286][ T787] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 751.995524][ T787] usb 3-1: device descriptor read/8, error -71 [ 752.023571][ T967] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 752.245122][ T967] usb 1-1: unable to get BOS descriptor or descriptor too short [ 752.272068][ T967] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 752.273581][ T787] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 752.284334][ T967] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 752.312111][ T967] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 752.324984][ T967] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.333119][ T967] usb 1-1: Product: syz [ 752.339630][ T967] usb 1-1: Manufacturer: syz [ 752.342945][ T787] usb 3-1: device descriptor read/8, error -71 [ 752.350880][ T967] usb 1-1: SerialNumber: syz [ 752.355764][ T27] audit: type=1326 audit(1777737296.077:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13557 comm="syz.1.2560" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c8fd9c819 code=0x0 [ 752.493811][ T787] usb usb3-port1: unable to enumerate USB device [ 752.600666][ T967] usb 1-1: 0:1 : does not exist [ 752.648553][ T967] usb 1-1: USB disconnect, device number 46 [ 752.716180][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 752.824058][ T787] usb 2-1: new full-speed USB device number 44 using dummy_hcd [ 752.956775][ T745] hsr_slave_0: left promiscuous mode [ 752.978339][ T745] hsr_slave_1: left promiscuous mode [ 752.984494][ T787] usb 2-1: device descriptor read/64, error -71 [ 753.023683][ T745] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 753.031108][ T745] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 753.042897][ T745] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 753.056899][ T745] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 753.067048][ T745] bridge_slave_1: left allmulticast mode [ 753.072708][ T745] bridge_slave_1: left promiscuous mode [ 753.085650][ T745] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.098583][ T745] bridge_slave_0: left allmulticast mode [ 753.106961][ T745] bridge_slave_0: left promiscuous mode [ 753.112682][ T745] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.192599][ T745] veth1_macvtap: left promiscuous mode [ 753.201473][ T745] veth0_macvtap: left promiscuous mode [ 753.212504][ T745] veth1_vlan: left promiscuous mode [ 753.221117][ T745] veth0_vlan: left promiscuous mode [ 753.253941][ T787] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 753.804214][T11787] Bluetooth: hci3: command tx timeout [ 754.435282][ T787] usb 2-1: device descriptor read/64, error -71 [ 754.523278][ T27] audit: type=1326 audit(1777737298.237:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13586 comm="syz.0.2568" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fadbc59c819 code=0x0 [ 754.556278][ T787] usb usb2-port1: attempt power cycle [ 755.133773][ T787] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 755.312463][ T787] usb 2-1: device descriptor read/8, error -71 [ 755.863383][ T27] audit: type=1326 audit(1777737299.577:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13610 comm="syz.0.2576" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fadbc59c819 code=0x0 [ 757.727447][ T745] team0 (unregistering): Port device team_slave_1 removed [ 758.036390][ T745] team0 (unregistering): Port device team_slave_0 removed [ 758.612151][ T9] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 758.830482][ T745] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 758.925639][ T9] usb 1-1: device descriptor read/64, error -71 [ 758.964604][ T745] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 759.207219][ T9] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 759.393551][ T9] usb 1-1: device descriptor read/64, error -71 [ 759.518396][ T9] usb usb1-port1: attempt power cycle [ 759.671673][ T745] bond0 (unregistering): Released all slaves [ 759.809298][T13455] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 759.821431][T13455] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 759.864009][T13455] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 759.902248][T13651] bridge_slave_0: left allmulticast mode [ 759.923658][T13651] bridge_slave_0: left promiscuous mode [ 759.929457][T13651] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.933019][ T5137] udevd[5137]: worker [11366] /devices/virtual/block/nbd0 is taking a long time [ 759.944628][ T9] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 759.974265][T13651] bridge_slave_1: left allmulticast mode [ 759.994061][ T9] usb 1-1: device descriptor read/8, error -71 [ 760.000324][T13651] bridge_slave_1: left promiscuous mode [ 760.013702][T13651] bridge0: port 2(bridge_slave_1) entered disabled state [ 760.043017][T13651] bond0: (slave bond_slave_0): Releasing backup interface [ 760.074931][T13651] bond0: (slave bond_slave_1): Releasing backup interface [ 760.121143][T13651] team0: Port device team_slave_0 removed [ 760.166881][T13651] team0: Port device team_slave_1 removed [ 760.227563][T13455] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 760.563404][T13455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 760.633760][T13455] 8021q: adding VLAN 0 to HW filter on device team0 [ 760.668335][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state [ 760.675526][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 760.715180][ T3443] bridge0: port 2(bridge_slave_1) entered blocking state [ 760.722351][ T3443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 761.046052][ T5768] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 761.172624][T13455] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 761.213799][ T5768] usb 3-1: device descriptor read/64, error -71 [ 761.223937][ T9] usb 1-1: new full-speed USB device number 50 using dummy_hcd [ 761.238127][T13455] veth0_vlan: entered promiscuous mode [ 761.257134][T13455] veth1_vlan: entered promiscuous mode [ 761.277857][ T9] usb 1-1: config 0 has an invalid interface number: 131 but max is 0 [ 761.294774][ T9] usb 1-1: config 0 has no interface number 0 [ 761.323652][ T9] usb 1-1: too many endpoints for config 0 interface 131 altsetting 152: 164, using maximum allowed: 30 [ 761.326208][T13455] veth0_macvtap: entered promiscuous mode [ 761.357956][ T9] usb 1-1: config 0 interface 131 altsetting 152 has 0 endpoint descriptors, different from the interface descriptor's value: 164 [ 761.378382][T13455] veth1_macvtap: entered promiscuous mode [ 761.382550][ T9] usb 1-1: config 0 interface 131 has no altsetting 0 [ 761.401094][ T9] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 761.405148][T13455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 761.420596][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.420617][ T9] usb 1-1: Product: syz [ 761.420630][ T9] usb 1-1: Manufacturer: syz [ 761.420643][ T9] usb 1-1: SerialNumber: syz [ 761.442334][T13455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 761.444514][ T9] usb 1-1: config 0 descriptor?? [ 761.459221][T13455] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 761.472489][T13455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 761.488015][ T5768] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 761.491105][T13455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 761.512106][T13455] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 761.531315][T13455] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.540332][T13455] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.552803][T13455] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.567005][T13455] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 761.633560][ T23] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 761.653709][ T5768] usb 3-1: device descriptor read/64, error -71 [ 761.682365][ T3443] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 761.707769][ T3443] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.729838][ T9] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 761.746831][ T9] gspca_stk1135: reg_w 0x2 err -71 [ 761.752445][ T2897] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 761.752996][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.763076][ T2897] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 761.777268][ T5768] usb usb3-port1: attempt power cycle [ 761.796229][ T9] gspca_stk1135: Sensor write failed [ 761.801552][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.809017][ T9] gspca_stk1135: Sensor write failed [ 761.818531][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.833604][ T9] gspca_stk1135: Sensor read failed [ 761.838840][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.847066][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 761.853671][ T9] gspca_stk1135: Sensor read failed [ 761.859968][ T9] gspca_stk1135: Detected sensor type unknown (0x0) [ 761.874182][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.880531][ T9] gspca_stk1135: Sensor read failed [ 761.895929][ T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 761.904337][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.910914][ T23] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 761.923571][ T9] gspca_stk1135: Sensor read failed [ 761.931042][ T23] usb 2-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 761.937586][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.944257][ T23] usb 2-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 761.964505][ T9] gspca_stk1135: Sensor write failed [ 761.974873][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 761.979533][ T23] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 761.992050][ T9] gspca_stk1135: Sensor write failed [ 762.002371][ T23] usb 2-1: config 1 interface 1 has no altsetting 0 [ 762.025639][ T23] usb 2-1: string descriptor 0 read error: -22 [ 762.031945][ T23] usb 2-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 762.052278][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 762.174005][ T9] stk1135: probe of 1-1:0.131 failed with error -71 [ 762.185212][ T9] usb 1-1: USB disconnect, device number 50 [ 762.233518][ T5768] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 762.664595][ T23] usb 2-1: 2:0: cannot get min/max values for control 2 (id 2) [ 762.895064][ T5768] usb 3-1: device descriptor read/8, error -71 [ 763.173536][ T5768] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 763.232600][ T5768] usb 3-1: device descriptor read/8, error -71 [ 763.335343][ T23] usb 2-1: 2:0: failed to get current value for ch 1 (-71) [ 763.391757][ T5768] usb usb3-port1: unable to enumerate USB device [ 763.419828][ T23] usb 2-1: USB disconnect, device number 48 [ 763.864327][ T5770] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 763.877935][ T5770] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 763.887911][ T5969] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 763.900646][ T5770] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 763.917162][ T5770] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 763.927046][ T5770] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 764.013871][ T5770] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 764.091097][ T23] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 764.124990][ T5969] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 765.174368][T13753] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 765.356125][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 765.370292][ T23] usb 4-1: config 2 has an invalid interface number: 184 but max is 0 [ 765.389043][ T23] usb 4-1: config 2 has no interface number 0 [ 765.410827][ T23] usb 4-1: config 2 interface 184 altsetting 7 endpoint 0x5 has an invalid bInterval 237, changing to 11 [ 765.458166][ T5969] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 765.469206][ T23] usb 4-1: config 2 interface 184 has no altsetting 0 [ 765.489747][ T23] usb 4-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=29.42 [ 765.504568][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 765.512583][ T23] usb 4-1: Product: syz [ 765.526542][ T23] usb 4-1: Manufacturer: syz [ 765.531521][ T23] usb 4-1: SerialNumber: syz [ 765.600752][ T5969] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 765.779510][ T23] option 4-1:2.184: GSM modem (1-port) converter detected [ 765.800419][T13741] chnl_net:caif_netlink_parms(): no params data found [ 765.847231][ T23] usb 4-1: USB disconnect, device number 51 [ 765.867274][ T23] option 4-1:2.184: device disconnected [ 765.893639][ T9663] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 765.991149][ T967] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 766.016948][T13741] bridge0: port 1(bridge_slave_0) entered blocking state [ 766.029316][T13741] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.039430][T13741] bridge_slave_0: entered allmulticast mode [ 766.050092][T13741] bridge_slave_0: entered promiscuous mode [ 766.053500][ T9663] usb 3-1: device descriptor read/64, error -71 [ 766.059413][T13741] bridge0: port 2(bridge_slave_1) entered blocking state [ 766.070162][T13741] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.077674][T13741] bridge_slave_1: entered allmulticast mode [ 766.085296][T13741] bridge_slave_1: entered promiscuous mode [ 766.119132][T11787] Bluetooth: hci1: command tx timeout [ 766.145924][T13741] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 766.158811][T13741] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 766.203976][ T967] usb 2-1: Using ep0 maxpacket: 16 [ 766.221296][ T967] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 766.257505][ T967] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 766.272214][ T967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.276883][T13741] team0: Port device team_slave_0 added [ 766.292812][ T967] usb 2-1: Product: syz [ 766.299236][ T967] usb 2-1: Manufacturer: syz [ 766.305553][ T967] usb 2-1: SerialNumber: syz [ 766.314650][ T967] usb 2-1: config 0 descriptor?? [ 766.353941][ T9663] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 766.377279][T13741] team0: Port device team_slave_1 added [ 766.523524][ T9663] usb 3-1: device descriptor read/64, error -71 [ 766.540952][T13741] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 766.561135][T13741] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.597420][T13741] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.664607][T13741] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.671764][T13741] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.698656][T13741] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.811827][T13741] hsr_slave_0: entered promiscuous mode [ 766.821424][ T9663] usb usb3-port1: attempt power cycle [ 766.827544][T13741] hsr_slave_1: entered promiscuous mode [ 766.849169][T13741] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 766.856831][T13741] Cannot create hsr debugfs directory [ 767.274339][ T9663] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 767.386054][ T9663] usb 3-1: device descriptor read/8, error -71 [ 767.713900][ T9663] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 767.754906][ T9663] usb 3-1: device descriptor read/8, error -71 [ 767.880162][ T9663] usb usb3-port1: unable to enumerate USB device [ 767.933396][ T5969] hsr_slave_0: left promiscuous mode [ 767.946482][ T5969] hsr_slave_1: left promiscuous mode [ 768.050274][ T5969] veth1_macvtap: left promiscuous mode [ 768.062379][ T5969] veth0_macvtap: left promiscuous mode [ 768.072936][ T5969] veth1_vlan: left promiscuous mode [ 768.090910][ T5969] veth0_vlan: left promiscuous mode [ 768.203709][T11787] Bluetooth: hci1: command tx timeout [ 768.829974][T11166] usb 2-1: USB disconnect, device number 49 [ 769.046830][ T5969] bond1 (unregistering): Released all slaves [ 770.286092][T11787] Bluetooth: hci1: command tx timeout [ 770.548951][ T5969] bond0 (unregistering): Released all slaves [ 770.652031][T13827] bridge_slave_0: left allmulticast mode [ 770.662465][T13827] bridge_slave_0: left promiscuous mode [ 770.668338][T13827] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.699076][T13827] bridge_slave_1: left allmulticast mode [ 770.704959][T13827] bridge_slave_1: left promiscuous mode [ 770.710619][T13827] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.721571][T13827] bond0: (slave bond_slave_0): Releasing backup interface [ 770.736875][T13827] bond0: (slave bond_slave_1): Releasing backup interface [ 770.761065][T13827] team0: Port device team_slave_0 removed [ 770.778862][T13827] team0: Port device team_slave_1 removed [ 770.787788][T13827] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 770.796145][T13827] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 770.804976][T13827] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 770.812369][T13827] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 771.283550][ T787] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 772.044116][ T787] usb 4-1: device descriptor read/64, error -71 [ 772.313557][ T787] usb 4-1: new full-speed USB device number 53 using dummy_hcd [ 772.354455][T11787] Bluetooth: hci1: command tx timeout [ 772.503893][ T787] usb 4-1: device descriptor read/64, error -71 [ 772.624125][ T787] usb usb4-port1: attempt power cycle [ 772.772523][T13741] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 772.783875][T13741] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 772.795054][T13741] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 772.811830][T13741] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 773.526647][ T787] usb 4-1: new full-speed USB device number 54 using dummy_hcd [ 773.565487][ T787] usb 4-1: device descriptor read/8, error -71 [ 773.641835][T13741] 8021q: adding VLAN 0 to HW filter on device bond0 [ 773.691362][T13741] 8021q: adding VLAN 0 to HW filter on device team0 [ 773.722991][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.730145][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.739257][T13891] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 773.757186][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.764464][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 773.843538][ T787] usb 4-1: new full-speed USB device number 55 using dummy_hcd [ 773.884947][ T787] usb 4-1: device descriptor read/8, error -71 [ 774.013785][ T787] usb usb4-port1: unable to enumerate USB device [ 774.835986][T13741] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 775.095078][T13741] veth0_vlan: entered promiscuous mode [ 775.107673][T13741] veth1_vlan: entered promiscuous mode [ 775.674294][T13741] veth0_macvtap: entered promiscuous mode [ 775.721531][T13741] veth1_macvtap: entered promiscuous mode [ 775.797050][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 775.831061][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 775.861602][T13741] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 775.915157][T13741] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 775.925798][T13741] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 775.946506][T13741] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 775.967663][T13741] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.984415][T13741] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.005070][T13741] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.016008][T13741] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 776.124816][ T967] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 776.139776][ T5969] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.157000][ T5969] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 776.164420][ T9663] usb 2-1: new full-speed USB device number 50 using dummy_hcd [ 776.315126][ T5969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 776.350397][ T5969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 777.536261][ T9663] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 777.572460][ T967] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 777.584764][ T9663] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 777.813818][ T967] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 777.831230][ T9663] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 777.870176][ T967] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 777.882433][ T9663] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.912839][ T9663] usb 2-1: Product: syz [ 777.917339][ T967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.937733][ T9663] usb 2-1: Manufacturer: syz [ 777.942354][ T9663] usb 2-1: SerialNumber: syz [ 778.089114][ T9663] usb 2-1: config 0 descriptor?? [ 778.096661][ T967] usb 3-1: config 0 descriptor?? [ 778.474694][ T5841] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 778.686747][ T5841] usb 4-1: unable to get BOS descriptor or descriptor too short [ 778.850893][ T5841] usb 4-1: config 114 has an invalid interface number: 240 but max is 0 [ 778.924831][ T967] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 779.025536][ T5841] usb 4-1: config 114 has no interface number 0 [ 779.049276][ T967] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 779.209137][ T5841] usb 4-1: config 114 interface 240 altsetting 232 bulk endpoint 0x1 has invalid maxpacket 1023 [ 779.219764][ T967] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 779.229768][ T5841] usb 4-1: config 114 interface 240 altsetting 232 has an invalid endpoint with address 0xCA, skipping [ 779.241982][ T967] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 779.249908][ T967] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 779.257542][ T5841] usb 4-1: config 114 interface 240 has no altsetting 0 [ 779.274842][ T5841] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice= 6.38 [ 779.286268][ T967] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 779.303501][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 779.321627][ T5841] usb 4-1: Product: syz [ 779.326197][ T5841] usb 4-1: Manufacturer: syz [ 779.335269][ T5841] usb 4-1: SerialNumber: syz [ 779.354912][T13965] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 779.362195][T13965] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 779.404510][ T967] playstation 0003:054C:0DF2.0003: Invalid byte count transferred, expected 20 got 0 [ 779.425034][ T967] playstation 0003:054C:0DF2.0003: Failed to retrieve DualSense pairing info: -22 [ 779.441790][ T967] playstation 0003:054C:0DF2.0003: Failed to get MAC address from DualSense [ 779.456222][ T967] playstation 0003:054C:0DF2.0003: Failed to create dualsense. [ 779.462961][ T787] usb 2-1: USB disconnect, device number 50 [ 779.504613][ T967] playstation: probe of 0003:054C:0DF2.0003 failed with error -22 [ 779.816127][ T5841] ir_usb 4-1:114.240: required endpoints missing [ 780.520890][ T5841] usb 4-1: USB disconnect, device number 56 [ 780.557578][ T967] usb 3-1: USB disconnect, device number 23 [ 780.596141][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 120 seconds [ 780.607286][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 120 seconds [ 781.593304][ T5841] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 782.443683][ T5841] usb 4-1: Using ep0 maxpacket: 16 [ 782.466217][ T5841] usb 4-1: config 2 has an invalid interface number: 184 but max is 0 [ 782.492892][ T5841] usb 4-1: config 2 has no interface number 0 [ 782.703142][ T5841] usb 4-1: config 2 interface 184 altsetting 7 endpoint 0x5 has an invalid bInterval 237, changing to 11 [ 782.728313][ T5841] usb 4-1: config 2 interface 184 has no altsetting 0 [ 784.978962][ T23] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 785.014504][ T5841] usb 4-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=29.42 [ 785.024797][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.032843][ T5841] usb 4-1: Product: syz [ 785.037149][ T5841] usb 4-1: Manufacturer: syz [ 785.044690][ T5841] usb 4-1: can't set config #2, error -71 [ 785.066598][ T5841] usb 4-1: USB disconnect, device number 57 [ 785.275196][ T23] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 785.288234][ T23] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 785.300449][ T23] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 785.309896][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.318767][ T23] usb 2-1: Product: syz [ 785.323029][ T23] usb 2-1: Manufacturer: syz [ 785.511658][ T23] usb 2-1: SerialNumber: syz [ 785.534204][ T23] usb 2-1: config 0 descriptor?? [ 786.683646][ T23] usb 2-1: can't set config #0, error -71 [ 786.695988][ T23] usb 2-1: USB disconnect, device number 51 [ 792.403513][T11166] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 792.605563][T11166] usb 1-1: Using ep0 maxpacket: 16 [ 792.640018][T11166] usb 1-1: config 2 has an invalid interface number: 184 but max is 0 [ 792.658980][T11166] usb 1-1: config 2 has no interface number 0 [ 792.688904][T11166] usb 1-1: config 2 interface 184 has no altsetting 0 [ 792.719032][T11166] usb 1-1: New USB device found, idVendor=1c9e, idProduct=9b02, bcdDevice=29.42 [ 793.408997][T11166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 793.417369][T11166] usb 1-1: Product: syz [ 793.421583][T11166] usb 1-1: Manufacturer: syz [ 793.426584][T11166] usb 1-1: SerialNumber: syz [ 793.824479][T11166] option 1-1:2.184: GSM modem (1-port) converter detected [ 793.841744][T11166] usb 1-1: USB disconnect, device number 51 [ 793.861551][T11166] option 1-1:2.184: device disconnected [ 795.437425][T14140] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2694'. [ 796.951082][T11166] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 797.245726][T11166] usb 1-1: unable to get BOS descriptor or descriptor too short [ 797.260683][T11166] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 797.279504][T11166] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 797.309898][T11166] usb 1-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 797.347911][T11166] usb 1-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 797.364522][T14152] bridge0: port 1(syz_tun) entered blocking state [ 797.371510][T14152] bridge0: port 1(syz_tun) entered disabled state [ 797.384562][T11166] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 797.391472][T14152] syz_tun: entered allmulticast mode [ 797.403291][T14152] syz_tun: entered promiscuous mode [ 797.413557][T11166] usb 1-1: config 1 interface 1 has no altsetting 0 [ 797.418301][T14152] bridge0: port 1(syz_tun) entered blocking state [ 797.426731][T14152] bridge0: port 1(syz_tun) entered forwarding state [ 797.437092][T11166] usb 1-1: string descriptor 0 read error: -22 [ 797.443391][T11166] usb 1-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 797.473473][T11166] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.940497][T11166] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 798.629899][T14171] syzkaller0: entered promiscuous mode [ 798.660073][T14171] syzkaller0: entered allmulticast mode [ 799.654631][T11166] usb 1-1: 2:0: failed to get current value for ch 1 (-71) [ 799.711140][T11166] usb 1-1: USB disconnect, device number 52 [ 799.780759][T14181] bridge0: port 3(syz_tun) entered blocking state [ 799.790487][T14181] bridge0: port 3(syz_tun) entered disabled state [ 799.813706][T14181] syz_tun: entered allmulticast mode [ 799.821404][T14181] syz_tun: entered promiscuous mode [ 799.842015][T14181] bridge0: port 3(syz_tun) entered blocking state [ 799.849552][T14181] bridge0: port 3(syz_tun) entered forwarding state [ 800.784957][T14196] block device autoloading is deprecated and will be removed. [ 800.807985][T14196] syz.0.2720: attempt to access beyond end of device [ 800.807985][T14196] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 802.653508][ T5803] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 803.189914][T14215] syz.1.2714: attempt to access beyond end of device [ 803.189914][T14215] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 803.201165][ T5803] usb 4-1: unable to get BOS descriptor or descriptor too short [ 803.223100][ T5803] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 803.243071][ T5803] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 803.609482][ T5803] usb 4-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 803.646046][ T5803] usb 4-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 803.680552][ T5803] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 804.067729][ T5803] usb 4-1: config 1 interface 1 has no altsetting 0 [ 804.075026][T14221] bridge0: port 3(syz_tun) entered blocking state [ 804.081541][T14221] bridge0: port 3(syz_tun) entered disabled state [ 804.091259][ T5803] usb 4-1: string descriptor 0 read error: -22 [ 804.093793][T14221] syz_tun: entered allmulticast mode [ 804.101216][ T5803] usb 4-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 804.112154][ T5803] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 804.114847][T14221] syz_tun: entered promiscuous mode [ 804.154967][T14221] bridge0: port 3(syz_tun) entered blocking state [ 804.161516][T14221] bridge0: port 3(syz_tun) entered forwarding state [ 805.652469][ T5803] usb 4-1: 2:0: cannot get min/max values for control 2 (id 2) [ 806.167572][ T5803] usb 4-1: 2:0: failed to get current value for ch 1 (-71) [ 807.296726][ T5803] usb 4-1: USB disconnect, device number 58 [ 807.394857][T14260] syz_tun: left allmulticast mode [ 807.423797][T14260] syz_tun: left promiscuous mode [ 807.428998][T14260] bridge0: port 1(syz_tun) entered disabled state [ 808.768052][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.774513][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.766392][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 150 seconds [ 810.777255][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 150 seconds [ 811.091971][T14296] bridge0: port 1(syz_tun) entered blocking state [ 811.114871][T14296] bridge0: port 1(syz_tun) entered disabled state [ 811.121495][T14296] syz_tun: entered allmulticast mode [ 811.146724][T14296] syz_tun: entered promiscuous mode [ 811.161892][T14296] bridge0: port 1(syz_tun) entered blocking state [ 811.168491][T14296] bridge0: port 1(syz_tun) entered forwarding state [ 811.190400][T14298] syz_tun: left allmulticast mode [ 811.195742][T14298] syz_tun: left promiscuous mode [ 811.200953][T14298] bridge0: port 1(syz_tun) entered disabled state [ 811.209474][T14294] kvm: emulating exchange as write [ 811.600731][T14313] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 811.863604][ T5803] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 812.073482][ T5803] usb 1-1: unable to get BOS descriptor or descriptor too short [ 812.086615][ T5803] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 812.097526][ T5803] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 812.106714][ T5803] usb 1-1: too many endpoints for config 1 interface 1 altsetting 76: 188, using maximum allowed: 30 [ 812.123476][ T5803] usb 1-1: config 1 interface 1 altsetting 76 has 0 endpoint descriptors, different from the interface descriptor's value: 188 [ 812.139134][ T5803] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 812.151965][ T5803] usb 1-1: config 1 interface 1 has no altsetting 0 [ 812.174710][ T5803] usb 1-1: string descriptor 0 read error: -22 [ 812.181895][ T5803] usb 1-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 812.193482][ T5803] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 812.626212][ T5803] usb 1-1: 2:0: cannot get min/max values for control 2 (id 2) [ 813.072199][ T5803] usb 1-1: 2:0: failed to get current value for ch 1 (-71) [ 813.123766][ T5803] usb 1-1: USB disconnect, device number 53 [ 813.398306][T14347] syz.1.2766: attempt to access beyond end of device [ 813.398306][T14347] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 813.415312][T14347] netlink: 'syz.1.2766': attribute type 2 has an invalid length. [ 813.423589][T14347] netlink: 'syz.1.2766': attribute type 1 has an invalid length. [ 813.434058][T14347] netlink: 'syz.1.2766': attribute type 1 has an invalid length. [ 814.397407][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 814.438947][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 814.459829][T14370] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 814.484217][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 814.538096][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 814.587328][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 814.635584][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 814.654578][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 814.704901][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 814.724569][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 814.754914][T14353] kvm: kvm [14351]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 815.180034][T14388] syz.0.2780: attempt to access beyond end of device [ 815.180034][T14388] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 815.198268][T14388] netlink: 'syz.0.2780': attribute type 2 has an invalid length. [ 815.206104][T14388] netlink: 'syz.0.2780': attribute type 1 has an invalid length. [ 815.214008][T14388] netlink: 'syz.0.2780': attribute type 1 has an invalid length. [ 816.048085][T14398] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 816.445572][T14415] syz.1.2789: attempt to access beyond end of device [ 816.445572][T14415] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 816.463270][T14415] netlink: 'syz.1.2789': attribute type 2 has an invalid length. [ 816.471106][T14415] netlink: 'syz.1.2789': attribute type 1 has an invalid length. [ 816.479087][T14415] netlink: 'syz.1.2789': attribute type 1 has an invalid length. [ 818.316989][T14433] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 821.082227][T14454] syz.1.2805: attempt to access beyond end of device [ 821.082227][T14454] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 821.099237][T14454] netlink: 'syz.1.2805': attribute type 2 has an invalid length. [ 821.107086][T14454] netlink: 'syz.1.2805': attribute type 1 has an invalid length. [ 821.115014][T14454] netlink: 'syz.1.2805': attribute type 1 has an invalid length. [ 824.130557][T14480] syz.1.2814: attempt to access beyond end of device [ 824.130557][T14480] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 824.146245][T14480] netlink: 'syz.1.2814': attribute type 2 has an invalid length. [ 824.154301][T14480] netlink: 'syz.1.2814': attribute type 1 has an invalid length. [ 824.162204][T14480] netlink: 'syz.1.2814': attribute type 1 has an invalid length. [ 824.580220][T14482] syz.0.2815: attempt to access beyond end of device [ 824.580220][T14482] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 825.741278][T14499] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 826.523175][T14502] syzkaller0: entered promiscuous mode [ 826.532978][T14502] syzkaller0: entered allmulticast mode [ 826.703642][T14505] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2820'. [ 828.651844][T14536] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2832'. [ 829.686137][T14552] syz.3.2831: attempt to access beyond end of device [ 829.686137][T14552] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 829.701590][T14552] netlink: 'syz.3.2831': attribute type 2 has an invalid length. [ 829.709457][T14552] netlink: 'syz.3.2831': attribute type 1 has an invalid length. [ 829.717507][T14552] netlink: 'syz.3.2831': attribute type 1 has an invalid length. [ 830.579576][ T5768] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 831.116207][ T5768] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 831.132086][ T5768] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 831.156087][ T5768] usb 3-1: config 0 has no interface number 0 [ 831.169461][ T5768] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 831.190742][ T5768] usb 3-1: config 0 interface 67 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 831.222905][ T5768] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 831.239557][ T5768] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 831.427237][ T5768] usb 3-1: Product: syz [ 831.431946][ T5768] usb 3-1: Manufacturer: syz [ 831.436638][ T5768] usb 3-1: SerialNumber: syz [ 831.455710][ T5768] usb 3-1: config 0 descriptor?? [ 831.461470][T14559] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 831.474761][ T5768] smsc95xx v2.0.0 [ 831.478454][ T5768] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 831.513584][ T5768] smsc95xx: probe of 3-1:0.67 failed with error -22 [ 832.697240][T14592] syz_tun: left allmulticast mode [ 832.702323][T14592] syz_tun: left promiscuous mode [ 832.709450][T14592] bridge0: port 3(syz_tun) entered disabled state [ 832.720876][T14592] bridge_slave_0: left allmulticast mode [ 832.731600][T14592] bridge_slave_0: left promiscuous mode [ 832.738293][T14592] bridge0: port 1(bridge_slave_0) entered disabled state [ 832.750167][T14592] bridge_slave_1: left allmulticast mode [ 832.757006][T14592] bridge_slave_1: left promiscuous mode [ 832.762715][T14592] bridge0: port 2(bridge_slave_1) entered disabled state [ 832.776453][T14592] bond0: (slave bond_slave_0): Releasing backup interface [ 832.808384][ T787] usb 3-1: USB disconnect, device number 24 [ 832.854126][T14592] bond0: (slave bond_slave_1): Releasing backup interface [ 832.917433][T14592] team0: Port device team_slave_0 removed [ 833.655128][T14592] team0: Port device team_slave_1 removed [ 833.786714][T14592] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 833.895769][T14592] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 833.946263][T14592] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 833.979921][T14592] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 834.462628][T14609] syz.1.2855: attempt to access beyond end of device [ 834.462628][T14609] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 834.480201][T14609] netlink: 'syz.1.2855': attribute type 2 has an invalid length. [ 834.488156][T14609] netlink: 'syz.1.2855': attribute type 1 has an invalid length. [ 834.496068][T14609] netlink: 'syz.1.2855': attribute type 1 has an invalid length. [ 836.258961][T14615] kvm_pr_unimpl_wrmsr: 28 callbacks suppressed [ 836.258976][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 836.279854][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 836.291081][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 836.309224][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 836.318823][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 836.341736][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 836.350481][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 836.365575][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 836.375199][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 836.392222][T14615] kvm: kvm [14614]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 836.499465][ T787] usb 1-1: new full-speed USB device number 54 using dummy_hcd [ 837.247088][ T787] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 837.255552][ T787] usb 1-1: config 0 has no interface number 0 [ 837.261671][ T787] usb 1-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 837.284905][ T787] usb 1-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping [ 837.300183][ T787] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 837.323473][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 837.331480][ T787] usb 1-1: Product: syz [ 837.343322][ T787] usb 1-1: Manufacturer: syz [ 837.348024][ T787] usb 1-1: SerialNumber: syz [ 837.358129][ T787] usb 1-1: config 0 descriptor?? [ 837.376537][T14626] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 837.394956][ T787] smsc95xx v2.0.0 [ 837.398621][ T787] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 837.425691][ T787] smsc95xx: probe of 1-1:0.67 failed with error -22 [ 839.274907][ T5841] usb 1-1: USB disconnect, device number 54 [ 841.416338][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 180 seconds [ 841.428167][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 180 seconds [ 842.028855][T14705] syz.3.2881: attempt to access beyond end of device [ 842.028855][T14705] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 842.044861][T14705] netlink: 'syz.3.2881': attribute type 2 has an invalid length. [ 842.053032][T14705] netlink: 'syz.3.2881': attribute type 1 has an invalid length. [ 842.060856][T14705] netlink: 'syz.3.2881': attribute type 1 has an invalid length. [ 842.143615][ T787] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 842.848637][ T787] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 842.904564][ T787] usb 3-1: config 0 has no interface number 0 [ 843.011580][ T787] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 843.036253][ T787] usb 3-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping [ 843.209724][ T787] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 843.223510][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 843.233150][ T787] usb 3-1: Product: syz [ 843.237765][ T787] usb 3-1: Manufacturer: syz [ 843.242444][ T787] usb 3-1: SerialNumber: syz [ 843.258112][ T787] usb 3-1: config 0 descriptor?? [ 843.264038][T14700] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 843.284058][ T787] smsc95xx v2.0.0 [ 843.291006][ T787] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 843.316255][ T787] smsc95xx: probe of 3-1:0.67 failed with error -22 [ 843.368801][T14712] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 843.442501][T14717] syz.1.2887: attempt to access beyond end of device [ 843.442501][T14717] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 845.086927][ T5752] usb 3-1: USB disconnect, device number 25 [ 845.326245][T14747] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 846.168008][T14764] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 846.593932][ T787] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 846.877078][ T787] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 846.893458][ T787] usb 4-1: config 0 has no interface number 0 [ 846.899926][ T787] usb 4-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 846.912152][ T787] usb 4-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping [ 846.931117][ T787] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 846.967833][ T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 847.039532][ T787] usb 4-1: Product: syz [ 847.048040][T14775] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 847.071936][ T787] usb 4-1: Manufacturer: syz [ 847.127690][ T787] usb 4-1: SerialNumber: syz [ 847.220086][ T787] usb 4-1: config 0 descriptor?? [ 847.234867][T14769] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 847.260744][ T787] smsc95xx v2.0.0 [ 847.274096][ T787] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 847.323624][ T787] smsc95xx: probe of 4-1:0.67 failed with error -22 [ 848.064859][T14800] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 849.061365][T14811] syz.2.2916: attempt to access beyond end of device [ 849.061365][T14811] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 849.078978][T14811] netlink: 'syz.2.2916': attribute type 2 has an invalid length. [ 849.086915][T14811] netlink: 'syz.2.2916': attribute type 1 has an invalid length. [ 849.094923][T14811] netlink: 'syz.2.2916': attribute type 1 has an invalid length. [ 850.009899][ T5841] usb 4-1: USB disconnect, device number 59 [ 852.036227][T14844] syz.3.2926: attempt to access beyond end of device [ 852.036227][T14844] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 852.049640][T14841] syz.0.2925: attempt to access beyond end of device [ 852.049640][T14841] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 852.066496][T14841] netlink: 'syz.0.2925': attribute type 2 has an invalid length. [ 852.074273][T14841] netlink: 'syz.0.2925': attribute type 1 has an invalid length. [ 852.082397][T14841] netlink: 'syz.0.2925': attribute type 1 has an invalid length. [ 852.204329][ T5770] Bluetooth: hci4: command 0x0406 tx timeout [ 856.912509][ T5137] udevd[5137]: worker [11366] /devices/virtual/block/nbd0 timeout; kill it [ 856.951650][ T5137] udevd[5137]: seq 13945 '/devices/virtual/block/nbd0' killed [ 857.768057][T14866] kvm_intel: kvm [14865]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1 [ 858.033535][T14866] kvm_pr_unimpl_wrmsr: 1 callbacks suppressed [ 858.033584][T14866] kvm: kvm [14865]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81 [ 858.304740][T14866] kvm: kvm [14865]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 860.681723][T14912] syz.0.2946: attempt to access beyond end of device [ 860.681723][T14912] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 864.861304][ T5841] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 865.161747][ T5841] usb 3-1: unable to get BOS descriptor or descriptor too short [ 865.228060][ T5841] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 865.313830][ T5841] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 865.394992][ T5841] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 865.466448][ T5841] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 865.532742][ T5841] usb 3-1: Product: syz [ 865.557850][ T5841] usb 3-1: Manufacturer: syz [ 865.588017][ T5841] usb 3-1: SerialNumber: syz [ 865.958543][ T5841] usb 3-1: 0:1 : does not exist [ 866.015661][ T5841] usb 3-1: USB disconnect, device number 26 [ 866.096315][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 866.641964][T14988] syz.3.2972: attempt to access beyond end of device [ 866.641964][T14988] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 867.170501][T11787] Bluetooth: hci3: command 0x0406 tx timeout [ 869.208211][T15013] syz.2.2981: attempt to access beyond end of device [ 869.208211][T15013] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 869.503773][T15016] syz.0.2982: attempt to access beyond end of device [ 869.503773][T15016] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 869.518731][T15016] netlink: 'syz.0.2982': attribute type 2 has an invalid length. [ 869.526552][T15016] netlink: 'syz.0.2982': attribute type 1 has an invalid length. [ 869.534384][T15016] netlink: 'syz.0.2982': attribute type 1 has an invalid length. [ 870.227306][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.233731][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.573684][T15034] syz.0.2984: attempt to access beyond end of device [ 870.573684][T15034] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 871.533814][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 210 seconds [ 871.545428][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 210 seconds [ 874.141138][T15067] syz.2.2991: attempt to access beyond end of device [ 874.141138][T15067] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 874.156702][T15067] netlink: 'syz.2.2991': attribute type 2 has an invalid length. [ 874.164518][T15067] netlink: 'syz.2.2991': attribute type 1 has an invalid length. [ 874.172261][T15067] netlink: 'syz.2.2991': attribute type 1 has an invalid length. [ 878.002297][ T5768] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 878.193562][ T5768] usb 3-1: device descriptor read/64, error -71 [ 878.863582][ T5768] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 879.013812][ T5768] usb 3-1: device descriptor read/64, error -71 [ 879.144480][ T5768] usb usb3-port1: attempt power cycle [ 879.622779][ T5768] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 880.334574][ T5768] usb 3-1: device descriptor read/8, error -71 [ 880.452822][T15131] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3010'. [ 884.283674][ T5841] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 885.235422][ T5841] usb 4-1: device descriptor read/64, error -71 [ 885.535378][ T5841] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 885.784071][ T5841] usb 4-1: device descriptor read/64, error -71 [ 886.625632][ T5841] usb usb4-port1: attempt power cycle [ 887.643805][T11787] Bluetooth: hci1: command 0x0406 tx timeout [ 890.313511][T11166] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 890.513756][T11166] usb 1-1: device descriptor read/64, error -71 [ 890.670305][T15238] syz.1.3041: attempt to access beyond end of device [ 890.670305][T15238] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 891.371506][T11166] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 891.543472][T11166] usb 1-1: device descriptor read/64, error -71 [ 891.898366][T11166] usb usb1-port1: attempt power cycle [ 892.073567][T15247] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 892.107216][T15247] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 892.123004][T15247] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 892.131504][T15247] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 893.203799][T11166] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 894.056196][T11166] usb 1-1: device descriptor read/8, error -71 [ 897.189446][T15278] syz.3.3052: attempt to access beyond end of device [ 897.189446][T15278] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 901.553690][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 240 seconds [ 901.565067][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 240 seconds [ 904.015605][T15320] syz.1.3065: attempt to access beyond end of device [ 904.015605][T15320] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 904.030187][T15320] netlink: 'syz.1.3065': attribute type 2 has an invalid length. [ 904.038015][T15320] netlink: 'syz.1.3065': attribute type 1 has an invalid length. [ 904.045765][T15320] netlink: 'syz.1.3065': attribute type 1 has an invalid length. [ 904.461008][T15324] qrtr: Invalid version 0 [ 910.995356][T15386] syz.3.3082: attempt to access beyond end of device [ 910.995356][T15386] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 911.010643][T15386] netlink: 'syz.3.3082': attribute type 2 has an invalid length. [ 911.018500][T15386] netlink: 'syz.3.3082': attribute type 1 has an invalid length. [ 911.026366][T15386] netlink: 'syz.3.3082': attribute type 1 has an invalid length. [ 915.284617][T15422] qrtr: Invalid version 0 [ 916.057073][T15432] syz.3.3093: attempt to access beyond end of device [ 916.057073][T15432] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 916.082003][T15432] netlink: 'syz.3.3093': attribute type 2 has an invalid length. [ 916.090167][T15432] netlink: 'syz.3.3093': attribute type 1 has an invalid length. [ 916.097978][T15432] netlink: 'syz.3.3093': attribute type 1 has an invalid length. [ 917.220213][T15453] adf_ctl_ioctl: 15 callbacks suppressed [ 917.220225][T15453] QAT: Invalid ioctl 1075883590 [ 917.230940][T15453] QAT: Invalid ioctl 1075883590 [ 917.235958][T15453] QAT: Invalid ioctl 1075883590 [ 917.240896][T15453] QAT: Invalid ioctl 1075883590 [ 917.245850][T15453] QAT: Invalid ioctl 1075883590 [ 917.250775][T15453] QAT: Invalid ioctl 1075883590 [ 917.255785][T15453] QAT: Invalid ioctl 1075883590 [ 917.260713][T15453] QAT: Invalid ioctl 1075883590 [ 917.265666][T15453] QAT: Invalid ioctl 1075883590 [ 917.270698][T15453] QAT: Invalid ioctl 1075883590 [ 919.917486][T15476] syz.1.3106: attempt to access beyond end of device [ 919.917486][T15476] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 919.932862][T15476] netlink: 'syz.1.3106': attribute type 2 has an invalid length. [ 919.941406][T15476] netlink: 'syz.1.3106': attribute type 1 has an invalid length. [ 919.952495][T15476] netlink: 'syz.1.3106': attribute type 1 has an invalid length. [ 925.417661][T15526] qrtr: Invalid version 0 [ 931.226242][T15588] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 931.636083][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 270 seconds [ 931.647482][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 270 seconds [ 932.012889][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.019321][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 935.713576][ T967] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 936.223902][ T967] usb 3-1: unable to get BOS descriptor or descriptor too short [ 936.439865][ T967] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 936.451073][ T967] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 936.465365][ T967] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 936.474983][ T967] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 936.483086][ T967] usb 3-1: Product: syz [ 936.491933][ T967] usb 3-1: Manufacturer: syz [ 936.496622][ T967] usb 3-1: SerialNumber: syz [ 936.737685][ T967] usb 3-1: 0:1 : does not exist [ 936.779055][ T967] usb 3-1: USB disconnect, device number 31 [ 936.862151][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 938.951030][T15663] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 940.338315][T15677] syz.0.3160: attempt to access beyond end of device [ 940.338315][T15677] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 940.353920][T15677] netlink: 'syz.0.3160': attribute type 2 has an invalid length. [ 940.361700][T15677] netlink: 'syz.0.3160': attribute type 1 has an invalid length. [ 940.370668][T15677] netlink: 'syz.0.3160': attribute type 1 has an invalid length. [ 943.998951][T15704] syz.0.3168: attempt to access beyond end of device [ 943.998951][T15704] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 944.015601][T15704] netlink: 'syz.0.3168': attribute type 2 has an invalid length. [ 944.023415][T15704] netlink: 'syz.0.3168': attribute type 1 has an invalid length. [ 944.031247][T15704] netlink: 'syz.0.3168': attribute type 1 has an invalid length. [ 944.863461][ T787] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 945.173177][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 945.257475][ T787] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 945.317516][ T787] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 945.428899][ T787] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 945.487042][ T787] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 945.542003][ T787] usb 4-1: Product: syz [ 945.553492][ T787] usb 4-1: Manufacturer: syz [ 945.599450][ T787] hub 4-1:4.0: USB hub found [ 945.673459][ T5768] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 945.815846][ T787] hub 4-1:4.0: 2 ports detected [ 945.892282][ T5768] usb 3-1: unable to get BOS descriptor or descriptor too short [ 945.924843][ T5768] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 945.944597][ T5768] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 945.974988][ T5768] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 945.999168][ T5768] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 946.013437][ T5768] usb 3-1: Product: syz [ 946.023838][ T5768] usb 3-1: Manufacturer: syz [ 946.028495][ T5768] usb 3-1: SerialNumber: syz [ 946.294723][ T5768] usb 3-1: 0:1 : does not exist [ 946.349346][T15722] kvm_intel: kvm [15721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1 [ 946.353932][ T967] usb 2-1: new full-speed USB device number 52 using dummy_hcd [ 946.362429][T15722] kvm: kvm [15721]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81 [ 946.423932][T15722] kvm: kvm [15721]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 946.427584][ T5768] usb 3-1: USB disconnect, device number 32 [ 946.579681][ T967] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 946.587879][ T967] usb 2-1: config 0 has no interface number 0 [ 946.594454][ T967] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 946.606529][ T967] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 946.620163][ T967] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 946.630534][ T967] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 946.639502][ T967] usb 2-1: Product: syz [ 946.643958][ T967] usb 2-1: Manufacturer: syz [ 946.648587][ T967] usb 2-1: SerialNumber: syz [ 946.656167][ T967] usb 2-1: config 0 descriptor?? [ 946.661880][T15726] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 946.670267][T15726] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 946.679799][ T967] smsc95xx v2.0.0 [ 946.894668][T15726] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 946.901940][T15726] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 947.124888][ T967] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 947.136163][ T967] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 947.354605][ T5752] usb 4-1: USB disconnect, device number 63 [ 947.375248][ T967] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 947.471505][ T967] smsc95xx: probe of 2-1:0.67 failed with error -61 [ 949.115546][ T5768] usb 2-1: USB disconnect, device number 52 [ 950.683495][ T787] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 950.907528][ T787] usb 3-1: unable to get BOS descriptor or descriptor too short [ 950.923936][ T787] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 950.939776][ T787] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 950.975619][ T787] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 950.993418][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 951.020610][ T787] usb 3-1: Product: syz [ 951.035288][ T787] usb 3-1: Manufacturer: syz [ 951.047744][ T787] usb 3-1: SerialNumber: syz [ 951.924230][ T787] usb 3-1: 0:1 : does not exist [ 951.947845][ T787] usb 3-1: USB disconnect, device number 33 [ 952.142391][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 952.245675][T15783] syz.1.3189: attempt to access beyond end of device [ 952.245675][T15783] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 952.260791][T15783] netlink: 'syz.1.3189': attribute type 2 has an invalid length. [ 952.269185][T15783] netlink: 'syz.1.3189': attribute type 1 has an invalid length. [ 952.277128][T15783] netlink: 'syz.1.3189': attribute type 1 has an invalid length. [ 952.571693][T15786] kvm_intel: kvm [15784]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1 [ 952.581622][T15786] kvm: kvm [15784]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81 [ 952.591013][T15786] kvm: kvm [15784]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 952.703763][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 952.726722][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 952.752289][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 952.777403][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 952.833601][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 952.862581][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 952.888016][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 952.925002][T15789] kvm: kvm [15788]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 953.233431][ T787] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 954.605217][ T787] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 954.623191][ T787] usb 2-1: config 0 has no interface number 0 [ 954.630106][ T787] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 954.653427][ T787] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 954.685609][ T787] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 954.703386][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 954.721588][ T787] usb 2-1: Product: syz [ 954.731700][ T787] usb 2-1: Manufacturer: syz [ 954.741808][ T787] usb 2-1: SerialNumber: syz [ 954.759597][ T787] usb 2-1: config 0 descriptor?? [ 954.775159][T15794] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 954.785675][T15794] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 954.796758][ T787] smsc95xx v2.0.0 [ 955.025252][T15794] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 955.033884][T15794] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 955.135553][T15808] syz.2.3195: attempt to access beyond end of device [ 955.135553][T15808] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 955.158004][T15808] netlink: 'syz.2.3195': attribute type 2 has an invalid length. [ 955.180339][T15808] netlink: 'syz.2.3195': attribute type 1 has an invalid length. [ 955.198878][T15808] netlink: 'syz.2.3195': attribute type 1 has an invalid length. [ 955.244636][ T787] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 955.265690][ T787] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 955.484879][ T787] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 955.511635][ T787] smsc95xx: probe of 2-1:0.67 failed with error -61 [ 956.134025][ T5752] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 956.335602][ T5752] usb 1-1: unable to get BOS descriptor or descriptor too short [ 956.352878][ T5752] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 956.373459][ T5752] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 956.386043][ T5752] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 956.396255][ T5752] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 956.404361][ T5752] usb 1-1: Product: syz [ 956.408654][ T5752] usb 1-1: Manufacturer: syz [ 956.413255][ T5752] usb 1-1: SerialNumber: syz [ 956.820468][ T5752] usb 1-1: 0:1 : does not exist [ 957.181680][ T5752] usb 1-1: USB disconnect, device number 59 [ 957.230464][ T787] usb 2-1: USB disconnect, device number 53 [ 957.497052][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 959.998338][T15851] kvm_intel: kvm [15837]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1 [ 960.087654][T15851] kvm_pr_unimpl_wrmsr: 13 callbacks suppressed [ 960.087671][T15851] kvm: kvm [15837]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81 [ 960.123103][T15851] kvm: kvm [15837]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 962.227323][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 300 seconds [ 962.238125][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 300 seconds [ 962.985550][T15876] kvm_intel: kvm [15868]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x1 [ 963.001920][T15876] kvm: kvm [15868]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81 [ 963.030659][T15876] kvm: kvm [15868]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 963.202579][T15882] syz.1.3214: attempt to access beyond end of device [ 963.202579][T15882] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 963.995012][ T787] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 964.259134][T15894] syz.3.3219: attempt to access beyond end of device [ 964.259134][T15894] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 964.273913][T15894] netlink: 'syz.3.3219': attribute type 2 has an invalid length. [ 964.281701][T15894] netlink: 'syz.3.3219': attribute type 1 has an invalid length. [ 964.289719][T15894] netlink: 'syz.3.3219': attribute type 1 has an invalid length. [ 964.355280][ T787] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 964.406701][ T787] usb 3-1: config 0 has no interface number 0 [ 964.486347][ T787] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 964.526817][ T787] usb 3-1: config 0 interface 67 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 964.574195][ T787] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 964.604954][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.627835][ T787] usb 3-1: Product: syz [ 964.661251][ T787] usb 3-1: Manufacturer: syz [ 964.689723][ T787] usb 3-1: SerialNumber: syz [ 964.718463][ T787] usb 3-1: config 0 descriptor?? [ 964.755028][T15881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 964.776462][T15881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 964.818359][ T787] smsc95xx v2.0.0 [ 965.029864][T15881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 965.053121][T15881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 965.291295][ T787] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 965.372558][ T787] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 965.605085][ T787] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 965.618383][ T787] smsc95xx: probe of 3-1:0.67 failed with error -61 [ 966.685948][T15918] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3225'. [ 966.854324][ T5752] usb 3-1: USB disconnect, device number 34 [ 966.948375][T15926] syz.0.3227: attempt to access beyond end of device [ 966.948375][T15926] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 969.231677][T15949] netlink: 'syz.2.3233': attribute type 2 has an invalid length. [ 969.239518][T15949] netlink: 'syz.2.3233': attribute type 1 has an invalid length. [ 969.247344][T15949] netlink: 'syz.2.3233': attribute type 1 has an invalid length. [ 969.701431][T15954] syz.3.3234: attempt to access beyond end of device [ 969.701431][T15954] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 969.718634][T15954] netlink: 'syz.3.3234': attribute type 2 has an invalid length. [ 969.726534][T15954] netlink: 'syz.3.3234': attribute type 1 has an invalid length. [ 969.734486][T15954] netlink: 'syz.3.3234': attribute type 1 has an invalid length. [ 971.690343][T15974] syz.1.3238: attempt to access beyond end of device [ 971.690343][T15974] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 971.707506][T15974] netlink: 'syz.1.3238': attribute type 2 has an invalid length. [ 971.715381][T15974] netlink: 'syz.1.3238': attribute type 1 has an invalid length. [ 971.723241][T15974] netlink: 'syz.1.3238': attribute type 1 has an invalid length. [ 972.752493][T15983] syz.1.3241: attempt to access beyond end of device [ 972.752493][T15983] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 972.769628][T15983] netlink: 'syz.1.3241': attribute type 2 has an invalid length. [ 972.777484][T15983] netlink: 'syz.1.3241': attribute type 1 has an invalid length. [ 972.785400][T15983] netlink: 'syz.1.3241': attribute type 1 has an invalid length. [ 973.444334][ T5752] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 973.625632][ T5752] usb 4-1: unable to get BOS descriptor or descriptor too short [ 973.636550][ T5752] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 973.656942][ T5752] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 973.706009][ T5752] usb 4-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 973.715740][ T5752] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 973.725479][ T5752] usb 4-1: Product: syz [ 973.739832][ T5752] usb 4-1: Manufacturer: syz [ 973.744789][ T5752] usb 4-1: SerialNumber: syz [ 973.751571][T15993] syz.0.3245: attempt to access beyond end of device [ 973.751571][T15993] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 973.807422][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 973.822171][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 973.831388][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 973.848916][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 973.857978][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 973.877318][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 973.886276][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 973.905823][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 973.914813][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 973.932746][T15987] kvm: kvm [15986]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 973.980973][ T5752] usb 4-1: 0:1 : does not exist [ 974.010968][ T5752] usb 4-1: USB disconnect, device number 64 [ 974.053988][T10580] udevd[10580]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 974.511327][T15997] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3246'. [ 974.965335][T16009] syz.0.3249: attempt to access beyond end of device [ 974.965335][T16009] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 977.099011][T16034] syz.1.3255: attempt to access beyond end of device [ 977.099011][T16034] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 977.966827][T16046] trusted_key: encrypted_key: insufficient parameters specified [ 978.391633][T16051] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 978.638770][T16053] syz.3.3261: attempt to access beyond end of device [ 978.638770][T16053] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 978.656450][T16053] netlink: 'syz.3.3261': attribute type 2 has an invalid length. [ 978.664361][T16053] netlink: 'syz.3.3261': attribute type 1 has an invalid length. [ 978.672273][T16053] netlink: 'syz.3.3261': attribute type 1 has an invalid length. [ 978.892904][T16043] kvm_pr_unimpl_wrmsr: 28 callbacks suppressed [ 978.892920][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 978.930574][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 978.939331][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 978.959172][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 978.968056][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 979.145340][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 979.154011][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 979.185006][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 979.203755][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 979.220282][T16043] kvm: kvm [16042]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80 [ 979.434264][T16064] syz.1.3263: attempt to access beyond end of device [ 979.434264][T16064] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 981.132134][T16081] syz.3.3266: attempt to access beyond end of device [ 981.132134][T16081] md34: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 981.148830][T16081] netlink: 'syz.3.3266': attribute type 2 has an invalid length. [ 983.174678][T16097] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3273'. [ 990.664333][T16167] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3294'. [ 990.910405][T16172] trusted_key: encrypted_key: insufficient parameters specified [ 992.841818][ T55] block nbd0: Possible stuck request ffff888021f28000: control (read@0,1024B). Runtime 330 seconds [ 992.852640][ T55] block nbd0: Possible stuck request ffff888021f28200: control (read@1024,3072B). Runtime 330 seconds [ 993.091282][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.097752][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1001.400210][ T29] INFO: task udevd:11366 blocked for more than 144 seconds. [ 1001.413363][ T29] Not tainted syzkaller #0 [ 1001.418350][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1001.453405][ T29] task:udevd state:D stack:25680 pid:11366 ppid:5137 flags:0x00004006 [ 1001.467494][ T29] Call Trace: [ 1001.474027][ T29] [ 1001.477085][ T29] __schedule+0x1553/0x45a0 [ 1001.481712][ T29] ? asan.module_dtor+0x20/0x20 [ 1001.493737][ T29] ? mark_lock+0x94/0x320 [ 1001.498210][ T29] ? lock_chain_count+0x20/0x20 [ 1001.503207][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1001.510135][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1001.516098][ T29] schedule+0xbd/0x170 [ 1001.520288][ T29] io_schedule+0x80/0xd0 [ 1001.533445][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1001.538954][ T29] ? folio_wait_bit+0x30/0x30 [ 1001.545000][ T29] ? _compound_head+0x120/0x120 [ 1001.550034][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1001.560395][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1001.566108][ T29] ? blkdev_writepage+0x30/0x30 [ 1001.571151][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1001.576729][ T29] ? blkdev_writepage+0x30/0x30 [ 1001.581761][ T29] read_part_sector+0xd2/0x340 [ 1001.588558][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1001.594420][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1001.599811][ T29] ? put_partition+0x370/0x370 [ 1001.605093][ T29] ? alloc_pages+0x4dc/0x740 [ 1001.609815][ T29] bdev_disk_changed+0x740/0x1420 [ 1001.616524][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1001.621935][ T29] ? iput+0x343/0x920 [ 1001.626399][ T29] blkdev_get_whole+0x30d/0x390 [ 1001.631351][ T29] blkdev_get_by_dev+0x279/0x600 [ 1001.641974][ T29] blkdev_open+0x152/0x360 [ 1001.646776][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1001.651478][ T29] do_dentry_open+0x8c6/0x1500 [ 1001.658071][ T29] path_openat+0x27f1/0x3230 [ 1001.662800][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1001.668063][ T29] ? verify_lock_unused+0x140/0x140 [ 1001.673553][ T29] ? do_filp_open+0x430/0x430 [ 1001.678293][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1001.683469][ T29] do_filp_open+0x1f5/0x430 [ 1001.689054][ T29] ? vfs_tmpfile+0x490/0x490 [ 1001.693727][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1001.698595][ T29] ? alloc_fd+0x58f/0x630 [ 1001.702940][ T29] do_sys_openat2+0x134/0x1d0 [ 1001.707675][ T29] ? do_sys_open+0xe0/0xe0 [ 1001.712104][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1001.721957][ T29] ? lock_chain_count+0x20/0x20 [ 1001.727902][ T29] __x64_sys_openat+0x139/0x160 [ 1001.732802][ T29] do_syscall_64+0x55/0xa0 [ 1001.737287][ T29] ? clear_bhb_loop+0x40/0x90 [ 1001.742000][ T29] ? clear_bhb_loop+0x40/0x90 [ 1001.747631][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1001.753578][ T29] RIP: 0033:0x7fe3f48a7407 [ 1001.758000][ T29] RSP: 002b:00007ffdf68a85c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1001.766513][ T29] RAX: ffffffffffffffda RBX: 00007fe3f4f3d880 RCX: 00007fe3f48a7407 [ 1001.774528][ T29] RDX: 00000000000a0800 RSI: 000055ceb23a1340 RDI: ffffffffffffff9c [ 1001.782537][ T29] RBP: 000055ceb23a0910 R08: 0000000000000000 R09: 0000000000000000 [ 1001.791632][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055ceb23bdf10 [ 1001.802970][ T29] R13: 000055ceb23b8410 R14: 0000000000000000 R15: 000055ceb23bdf10 [ 1001.811045][ T29] [ 1001.814173][ T29] [ 1001.814173][ T29] Showing all locks held in the system: [ 1001.821917][ T29] 1 lock held by khungtaskd/29: [ 1001.829168][ T29] #0: ffffffff8d1320a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 1001.839501][ T29] 1 lock held by syslogd/5119: [ 1001.844585][ T29] #0: ffff8880b8e3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 1001.854736][ T29] 2 locks held by getty/5524: [ 1001.859420][ T29] #0: ffff8880313ea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1001.869238][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 1001.879551][ T29] 1 lock held by udevd/11366: [ 1001.884393][ T29] #0: ffff88814172d4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1001.894759][ T29] 4 locks held by kworker/u4:6/14098: [ 1001.900145][ T29] #0: ffff8880b8f3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 1001.910317][ T29] #1: ffff8880b8f289c0 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0 [ 1001.919138][ T29] #2: ffff888078cb0768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x35/0x260 [ 1001.929197][ T29] #3: ffff888079e10d40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xac/0x10f0 [ 1001.938856][ T29] 1 lock held by syz.1.3336/16317: [ 1001.943991][ T29] #0: ffffffff8d137940 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x580 [ 1001.954091][ T29] [ 1001.956433][ T29] ============================================= [ 1001.956433][ T29] [ 1001.968946][ T29] NMI backtrace for cpu 1 [ 1001.973335][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1001.980529][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1001.990594][ T29] Call Trace: [ 1001.993860][ T29] [ 1001.996788][ T29] dump_stack_lvl+0x18c/0x250 [ 1002.001459][ T29] ? show_regs_print_info+0x20/0x20 [ 1002.006642][ T29] ? load_image+0x420/0x420 [ 1002.011150][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 1002.016071][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 1002.022204][ T29] ? _printk+0xde/0x130 [ 1002.026344][ T29] ? load_image+0x420/0x420 [ 1002.030831][ T29] ? load_image+0x420/0x420 [ 1002.035320][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1002.041374][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 1002.047338][ T29] watchdog+0xf3d/0xf80 [ 1002.051494][ T29] ? watchdog+0x1e1/0xf80 [ 1002.055811][ T29] kthread+0x2fa/0x390 [ 1002.059861][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1002.064867][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1002.069433][ T29] ret_from_fork+0x48/0x80 [ 1002.073835][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1002.078405][ T29] ret_from_fork_asm+0x11/0x20 [ 1002.083155][ T29] [ 1002.087822][ T29] Sending NMI from CPU 1 to CPUs 0: [ 1002.094793][ C0] NMI backtrace for cpu 0 [ 1002.094803][ C0] CPU: 0 PID: 745 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 1002.094817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1002.094826][ C0] Workqueue: events_unbound cfg80211_wiphy_work [ 1002.094847][ C0] RIP: 0010:__sanitizer_cov_trace_cmp8+0x7e/0x80 [ 1002.094868][ C0] Code: c1 e1 05 4c 8d 51 28 4d 39 ca 77 1e 49 ff c0 4c 89 02 48 c7 44 0a 08 06 00 00 00 48 89 7c 0a 10 48 89 74 0a 18 48 89 44 0a 20 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 15 20 91 7c 7e 65 8b 0d 21 [ 1002.094880][ C0] RSP: 0018:ffffc90003986f50 EFLAGS: 00000293 [ 1002.094891][ C0] RAX: ffffffff813b3c78 RBX: ffffffff8ea2ffd8 RCX: ffff888021193c00 [ 1002.094902][ C0] RDX: 0000000000000000 RSI: ffffffff81df354e RDI: ffffffff81df3557 [ 1002.094912][ C0] RBP: ffffffff8ea2ffc0 R08: ffffc900039870f0 R09: 0000000000000001 [ 1002.094922][ C0] R10: 0000000000000004 R11: 0000000000000000 R12: ffffffff8ea2ffc0 [ 1002.094931][ C0] R13: ffffffff81df3557 R14: ffffffff81df354e R15: ffffffff8ea2ffcc [ 1002.094942][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1002.094954][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1002.094964][ C0] CR2: 00005640c5a1c168 CR3: 000000002bb89000 CR4: 00000000003526f0 [ 1002.094977][ C0] Call Trace: [ 1002.094982][ C0] [ 1002.094987][ C0] unwind_next_frame+0x4b8/0x2970 [ 1002.095005][ C0] ? __kasan_kmalloc+0x8e/0xa0 [ 1002.095022][ C0] ? __kasan_kmalloc+0x8f/0xa0 [ 1002.095038][ C0] ? __kasan_kmalloc+0x8f/0xa0 [ 1002.095052][ C0] ? stack_trace_save+0x100/0x100 [ 1002.095069][ C0] arch_stack_walk+0x144/0x190 [ 1002.095090][ C0] ? __kasan_kmalloc+0x8f/0xa0 [ 1002.095108][ C0] stack_trace_save+0xaa/0x100 [ 1002.095124][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 1002.095145][ C0] kasan_set_track+0x4e/0x70 [ 1002.095159][ C0] ? kasan_set_track+0x4e/0x70 [ 1002.095173][ C0] ? __kasan_kmalloc+0x8f/0xa0 [ 1002.095209][ C0] ? cfg80211_inform_bss_frame_data+0x7ae/0x13d0 [ 1002.095231][ C0] __kasan_kmalloc+0x8f/0xa0 [ 1002.095246][ C0] ? cfg80211_inform_bss_frame_data+0x7ae/0x13d0 [ 1002.095266][ C0] __kmalloc+0xb4/0x230 [ 1002.095287][ C0] cfg80211_inform_bss_frame_data+0x7ae/0x13d0 [ 1002.095316][ C0] ? cfg80211_parse_ml_sta_data+0x1ab0/0x1ab0 [ 1002.095355][ C0] ? ieee80211_bss_info_update+0x3ac/0x9b0 [ 1002.095376][ C0] ieee80211_bss_info_update+0x759/0x9b0 [ 1002.095397][ C0] ? ieee80211_inform_bss+0x1080/0x1080 [ 1002.095419][ C0] ? ieee80211_mandatory_rates+0x1cc/0x230 [ 1002.095438][ C0] ieee80211_ibss_rx_queued_mgmt+0x18ae/0x2c80 [ 1002.095461][ C0] ? ieee80211_ibss_rx_queued_mgmt+0xe9d/0x2c80 [ 1002.095477][ C0] ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0 [ 1002.095496][ C0] ? mark_lock+0x94/0x320 [ 1002.095513][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1002.095530][ C0] ? lock_chain_count+0x20/0x20 [ 1002.095544][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1002.095564][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1002.095582][ C0] ? skb_dequeue+0x124/0x160 [ 1002.095599][ C0] ieee80211_iface_work+0x717/0xc70 [ 1002.095614][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1002.095632][ C0] cfg80211_wiphy_work+0x225/0x260 [ 1002.095648][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 1002.095667][ C0] process_scheduled_works+0xa5d/0x15d0 [ 1002.095696][ C0] ? worker_attach_to_pool+0x380/0x380 [ 1002.095717][ C0] ? assign_work+0x3d2/0x5d0 [ 1002.095735][ C0] worker_thread+0xa55/0xfc0 [ 1002.095763][ C0] kthread+0x2fa/0x390 [ 1002.095776][ C0] ? pr_cont_work+0x560/0x560 [ 1002.095798][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1002.095811][ C0] ret_from_fork+0x48/0x80 [ 1002.095827][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1002.095840][ C0] ret_from_fork_asm+0x11/0x20 [ 1002.095865][ C0] [ 1002.099972][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 1002.469643][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1002.476828][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1002.486869][ T29] Call Trace: [ 1002.490144][ T29] [ 1002.493062][ T29] dump_stack_lvl+0x18c/0x250 [ 1002.497741][ T29] ? show_regs_print_info+0x20/0x20 [ 1002.502958][ T29] ? load_image+0x420/0x420 [ 1002.507497][ T29] panic+0x2dc/0x730 [ 1002.511405][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 1002.517046][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 1002.521538][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 1002.527075][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 1002.533216][ T29] watchdog+0xf7c/0xf80 [ 1002.537363][ T29] ? watchdog+0x1e1/0xf80 [ 1002.541778][ T29] kthread+0x2fa/0x390 [ 1002.545832][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1002.550844][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1002.555425][ T29] ret_from_fork+0x48/0x80 [ 1002.559832][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1002.564415][ T29] ret_from_fork_asm+0x11/0x20 [ 1002.569188][ T29] [ 1002.572497][ T29] Kernel Offset: disabled [ 1002.576808][ T29] Rebooting in 86400 seconds..