last executing test programs: 7.231393543s ago: executing program 0 (id=58): r0 = syz_usb_connect(0x3, 0x62, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d2406010103020001000600060924030505030605810924030601030405050724040501", @ANYRESHEX=0x0], 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000040)={0x14, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003311b7f1f7e0017b4"]}, 0x0) 6.405916337s ago: executing program 4 (id=61): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7b2"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x3, [{0x4, &(0x7f0000000000)=@lang_id={0x4, 0x3, 0x41e}}, {0xffffffffffffffc5, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x83e}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x445}}]}) syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0xf7fa, 0x8000, 0x8000, 0x15e}, 0x0, 0x0) 6.316448165s ago: executing program 2 (id=63): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x723080, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000017c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r2, @ANYBLOB="07b0cf"], 0x0) 5.713795225s ago: executing program 0 (id=65): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='debugfs\x00', 0x1214040, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1100034, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 5.592306103s ago: executing program 0 (id=66): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x4}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000900)={0x10, 0x0, &(0x7f0000000740)=[@clear_death], 0x4, 0x0, &(0x7f0000000800)="8af1dee7"}) 5.238637714s ago: executing program 3 (id=67): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) syz_usb_connect$uac2(0x2, 0x9f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201100300000008d118042d40000102030109028d00030101900e080b0101010b200009040000000101200009240106000a1500500c2403030703390208090080090401000001022000090401010101022000082402010303010210240103c101040000000801000080b70905010908000678010825010133040000090402000001022000090402010101022000090556d7fb6d6778ab999ceb7bb6"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$SIOCGETNODEID(0xffffffffffffffff, 0x89e1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.90204955s ago: executing program 2 (id=68): syz_usb_connect$uac1(0x5, 0x87, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000300000010e4086301400001020301090275000301c630020904000000010100000a240102000a000201020904010000010200000904010101010200000905010920000507090704000000080009040200000103"], &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0}) 4.864835457s ago: executing program 4 (id=69): dup(0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0xd9e, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) socket$tipc(0x1e, 0x5, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x14, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4040081}, 0x0) syz_open_procfs(0x0, &(0x7f0000000300)='uid_map\x00') r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x44805}, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r3, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x300) 4.634546569s ago: executing program 0 (id=70): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r4, &(0x7f0000004200)='t', 0x1) sendfile(r4, r3, 0x0, 0x7fffffff) ftruncate(r2, 0x2007ffb) sendfile(r2, r2, 0x0, 0x1000000201005) syz_usb_connect(0x3, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010002e80c1e10e80401a148040102031109021200011c07"], 0xfffffffffffffffe) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000240)='#]//^&\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./bus\x00', 0xa0580, 0x84) 3.996338111s ago: executing program 1 (id=72): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_connect$uac2(0x3, 0x9d, 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, 0x0, 0x0) 3.642937006s ago: executing program 3 (id=73): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2}) mremap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x400000, 0x7, &(0x7f0000000000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 3.341470938s ago: executing program 2 (id=74): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x88603, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x40000081, 0x0, 0x8000000000000}]}) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x339) close_range(r0, 0xffffffffffffffff, 0x0) 3.213904784s ago: executing program 3 (id=75): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aeb2, &(0x7f0000000900)={0x0, 0x0, @ioapic={0x200000, 0x4, 0xff, 0xb7, 0x0, [{0x0, 0x9, 0xc8, '\x00', 0x2}, {0x40, 0x8, 0x7d, '\x00', 0x13}, {0x2, 0x0, 0x3, '\x00', 0xf}, {0xd1, 0x1, 0x7f}, {0xd8, 0x1, 0xc, '\x00', 0x5}, {0x8, 0x2, 0x81, '\x00', 0x55}, {0x9, 0x40, 0x3, '\x00', 0x4}, {0x80, 0x4, 0x8, '\x00', 0x1}, {0x1, 0x80, 0x90, '\x00', 0xc9}, {0x9, 0x2, 0x4, '\x00', 0x3}, {0x3, 0x5, 0x2, '\x00', 0x7}, {0x4, 0x8, 0x9, '\x00', 0x9}, {0x7, 0x3, 0xd, '\x00', 0x6}, {0x1, 0x4, 0x3, '\x00', 0x3}, {0x6, 0x0, 0x5, '\x00', 0x9}, {0xf9, 0x8, 0x5, '\x00', 0x13}, {0xec, 0x45, 0xf9, '\x00', 0x7}, {0x8, 0x7, 0xc5, '\x00', 0x8}, {0xff, 0x1, 0x7, '\x00', 0x8}, {0x2, 0x1, 0x5, '\x00', 0x5c}, {0x7, 0x9, 0x20, '\x00', 0xe}, {0x4, 0x3, 0x6, '\x00', 0x7}, {0x2, 0x6, 0xd, '\x00', 0x79}, {0x2e, 0x79, 0x2, '\x00', 0x7}]}}) 3.034370171s ago: executing program 2 (id=76): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f00000004c0)=0x1, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) fstat(r1, 0x0) setreuid(0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe2$9p(&(0x7f0000000180), 0x4c00) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000080)=0x200ffff, 0x4) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r3, &(0x7f0000000700)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff959bcecc7a95425a3a07e758044ab4ea6f7c555d88fecf90b037511bf746bec66ba", 0x994b6e03113064ae, 0x0, 0x0, 0x0) recvmsg(r3, &(0x7f0000000100)={0x0, 0xa, &(0x7f0000002200)=[{&(0x7f0000000780)=""/4108, 0x437aba2}], 0x1, 0x0, 0xfffffdee, 0x407006}, 0x104) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfd000/0x400000)=nil) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d01, 0xec000000, 0x3}]}) 2.925242641s ago: executing program 3 (id=77): r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000400800000008000000000000", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="0000000001000000030019e00302"], 0x80}, 0x1, 0x0, 0x0, 0x8004}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="010000000b0e00000300000000000000", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x80}}, 0x11) 2.780592856s ago: executing program 3 (id=78): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0xf0, 0xc9, "", [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x3, 0x6, {0x9, 0x21, 0xfffc, 0x77, 0x1, {0x22, 0xfb1}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x3, 0x5, 0x48}}}}}]}}]}}, 0x0) 1.622701546s ago: executing program 2 (id=79): open(0x0, 0x4008040, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x6, 0x90, 0xd, "", {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xf}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x7fff, 0x8, 0x3}, {0x6, 0x24, 0x1a, 0x0, 0x8}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x10, 0x0, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x0, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x5, 0x81, 0x4}}}}}}}]}}, 0x0) syz_usb_connect$cdc_ncm(0x6, 0x9b, &(0x7f0000000040)=ANY=[@ANYBLOB="12015002020000002505a1a44000010203010902890002010420040904000001020d0000052406000105240006000d240f0106000000020006000606241a05ed0d0724140e00400005241500001524120004a317a88b045e4f01a607c0ffcb7e392a0c"], 0x0) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042402024424"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 1.454588465s ago: executing program 4 (id=80): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000100)={0x5}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x20, 0x3, 0x1, 0x106e, 0xc, 0x8000000000000, 0x80000004000080, 0x0, 0xfffffffffffffff9, 0x4, 0x4, 0x6, 0x7ffd], 0x41000, 0x3c4210}) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r3, &(0x7f0000000780)=[{&(0x7f00000003c0)}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.336464466s ago: executing program 3 (id=81): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x3445}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x21, @string={0x21, 0x3, "21be19fe6f39b5e61433cba91045051b5675a550f705a0da85f8b107677399"}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000b80)={0x2c, 0x0, &(0x7f0000000580)={0x0, 0x3, 0x5f, @string={0x5f, 0x3, "248acdebe2fcb742eb92ceb792d11fb4f285b3a5c8267d53dbc74453343a2890c939b0707f8666783d1f262b069019b18c9ddf73daf76fbc0f7df2631e502e556979eab7fdded33023490b942dd2c726d7fe92d1d3ed7e3cabfd207fb6"}}, 0x0, 0x0, 0x0}, 0x0) 1.240693682s ago: executing program 1 (id=82): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1, 0x151, 0x6) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.238456689s ago: executing program 0 (id=83): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000040)="660f38817d64652e450f01ca67670f35362ef20f2ca803900000400f6f4c7200420fc79a007800000f01d142790066bad104ed2e0f7898c2000000", 0x3b}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x6000, {}, 0x0, 0xc}, {"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000"}}) bind$802154_raw(0xffffffffffffffff, &(0x7f0000000000)={0x24, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x14) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.070629577s ago: executing program 4 (id=84): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000280)={@fd, @fd={0x66642a85, 0x0, r0}, @fda={0x66646185, 0x20000000007, 0x1, 0x1c}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 1.053978613s ago: executing program 0 (id=85): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) 1.024858838s ago: executing program 4 (id=86): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) writev(r0, &(0x7f00000005c0)=[{&(0x7f0000000100)="2e1221b23bb601c477d3df163e75963d86ddf06712e9000d2f8db0049d90491c3248040000dbb8a10000", 0x2a}, {&(0x7f0000000200)='$\x00\x00\x00\x00\x00', 0x6}, {&(0x7f0000000240)="0000000000000000000000008100", 0x38}], 0x3) 977.589701ms ago: executing program 1 (id=87): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) r1 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x95, 0x4) connect$inet6(r1, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x5}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r1, 0x1, 0x19, &(0x7f0000000000)='wg2\x00', 0x4) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d351986bfea9f83ab68c6cd4aef7b34d7ddd4d28e76ae1f9a3e25dfa62cc88982901f0ba5cc95053b0d72eaf11759fc3100f8362ec61c7d35aa4e33d8dd8515b2449517c5d03ee76f03bfcfd151a6d1abf0fd2e6e42c72d83db57b1bbd8c219610649081220d83d2140b61c9736d8108ef7fbf96aee5b2bbfae5abc605c837aa20eeebf3fa88c2d761beeaba2209", 0x8e}, {&(0x7f0000000080)="2d7768da99bf0733", 0x8}], 0x2}}], 0x1, 0x4800) recvmmsg(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 811.096195ms ago: executing program 1 (id=88): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe) 700.335874ms ago: executing program 1 (id=89): syz_io_uring_setup(0x2421, &(0x7f0000000380)={0x0, 0x0, 0x13090, 0x0, 0x4000}, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, 0x0, 0x4, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x3, 0x2, 0x41, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x1ff, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0x1000b, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xa, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x7, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x132, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2c0, 0x5, 0x1000, 0xfffffffc, 0x0, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x5, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0x4, 0x1, 0x2, 0x2, 0x20009, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0xfffffffc, 0x80000001, 0x2, 0xff, 0x40000100, 0x8d2, 0x9, 0x5, 0x8002, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x2007, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x2, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x203, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0xffff, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 698.923338ms ago: executing program 4 (id=90): openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) syz_usb_connect(0x0, 0x51, &(0x7f0000000180)=ANY=[@ANYBLOB="120101024cf1c50863070210845f0102030109023f0001000000000904000005ff87e7000905880f020000000009050300000000000009050cfeffff01060209050f0000000000000905"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) 275.33994ms ago: executing program 1 (id=91): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000240)="b8010000000f01c1b99b0800000f3266bad10466b8bf0066ef0f01eec744240084ee1a1dc744240269660000c7442406000000000f011c24b8000000000f23c00f21f835020003000f23f80f01c466baf80cb847827c80ef66bafc0cb0f3ee0f30c4c2e1be7305", 0xab}], 0x1, 0x15, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 2 (id=92): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000340)={[0x40000000002, 0x4, 0xfffffffffffffff8, 0xffffffff7ffffffd, 0x800000020bd, 0xfffffffffffffffd, 0x67, 0x225561e6, 0x40049, 0x1, 0xb800000000000000, 0x40000000014d7, 0x80000002, 0x2, 0x251, 0x20], 0x2, 0x4382}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.207' (ED25519) to the list of known hosts. [ 66.260313][ T5827] cgroup: Unknown subsys name 'net' [ 66.397466][ T5827] cgroup: Unknown subsys name 'cpuset' [ 66.405604][ T5827] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 67.791017][ T5827] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 69.990699][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.007283][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.016125][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.025027][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.034758][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 70.035934][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.043491][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.058421][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.058511][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.073730][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.075579][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.088167][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 70.096918][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.097215][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.105171][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.113392][ T5859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 70.120252][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.125900][ T5856] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.133845][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.140226][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.150633][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 70.157991][ T5859] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.160998][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 70.169443][ T5859] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.183504][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.791803][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 70.844651][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 70.861685][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 71.010055][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 71.114590][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.122357][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.129806][ T5843] bridge_slave_0: entered allmulticast mode [ 71.137134][ T5843] bridge_slave_0: entered promiscuous mode [ 71.152280][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.159588][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.166831][ T5843] bridge_slave_1: entered allmulticast mode [ 71.174785][ T5843] bridge_slave_1: entered promiscuous mode [ 71.210043][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 71.242808][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.249683][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.295527][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.302783][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.310311][ T5841] bridge_slave_0: entered allmulticast mode [ 71.317673][ T5841] bridge_slave_0: entered promiscuous mode [ 71.367355][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.377453][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.385244][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.392522][ T5841] bridge_slave_1: entered allmulticast mode [ 71.399882][ T5841] bridge_slave_1: entered promiscuous mode [ 71.406750][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.413909][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.421605][ T5840] bridge_slave_0: entered allmulticast mode [ 71.429323][ T5840] bridge_slave_0: entered promiscuous mode [ 71.461109][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.491713][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.499823][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.507106][ T5840] bridge_slave_1: entered allmulticast mode [ 71.514524][ T5840] bridge_slave_1: entered promiscuous mode [ 71.526598][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.533836][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.541229][ T5839] bridge_slave_0: entered allmulticast mode [ 71.548671][ T5839] bridge_slave_0: entered promiscuous mode [ 71.595138][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.602447][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.609905][ T5839] bridge_slave_1: entered allmulticast mode [ 71.617134][ T5839] bridge_slave_1: entered promiscuous mode [ 71.626987][ T5843] team0: Port device team_slave_0 added [ 71.636928][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.673259][ T5843] team0: Port device team_slave_1 added [ 71.682118][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.708749][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.765646][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.790145][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.812558][ T5841] team0: Port device team_slave_0 added [ 71.828059][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.835379][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.842534][ T5842] bridge_slave_0: entered allmulticast mode [ 71.850163][ T5842] bridge_slave_0: entered promiscuous mode [ 71.860334][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.871915][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.879243][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 71.905172][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.919729][ T5841] team0: Port device team_slave_1 added [ 71.950642][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.958477][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.966011][ T5842] bridge_slave_1: entered allmulticast mode [ 71.973193][ T5842] bridge_slave_1: entered promiscuous mode [ 71.990840][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.997839][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.023966][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.050134][ T5840] team0: Port device team_slave_0 added [ 72.089822][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.096836][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.122864][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.137565][ T5840] team0: Port device team_slave_1 added [ 72.155742][ T5839] team0: Port device team_slave_0 added [ 72.164226][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.171229][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.197799][ T5859] Bluetooth: hci2: command tx timeout [ 72.203233][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.204919][ T5859] Bluetooth: hci1: command tx timeout [ 72.237096][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.248980][ T5839] team0: Port device team_slave_1 added [ 72.274948][ T5859] Bluetooth: hci0: command tx timeout [ 72.274969][ T5847] Bluetooth: hci4: command tx timeout [ 72.275234][ T5853] Bluetooth: hci3: command tx timeout [ 72.303337][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.344339][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.351364][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.377862][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.401080][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.408331][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.434347][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.452325][ T5843] hsr_slave_0: entered promiscuous mode [ 72.459106][ T5843] hsr_slave_1: entered promiscuous mode [ 72.478114][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.485277][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.511215][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.533896][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.540963][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.567123][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.595183][ T5841] hsr_slave_0: entered promiscuous mode [ 72.601731][ T5841] hsr_slave_1: entered promiscuous mode [ 72.608229][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 72.614017][ T5841] Cannot create hsr debugfs directory [ 72.629087][ T5842] team0: Port device team_slave_0 added [ 72.637984][ T5842] team0: Port device team_slave_1 added [ 72.687322][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.694338][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.720567][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.772518][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.779550][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 72.805606][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.893873][ T5839] hsr_slave_0: entered promiscuous mode [ 72.900630][ T5839] hsr_slave_1: entered promiscuous mode [ 72.907178][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 72.912904][ T5839] Cannot create hsr debugfs directory [ 72.932601][ T5840] hsr_slave_0: entered promiscuous mode [ 72.939164][ T5840] hsr_slave_1: entered promiscuous mode [ 72.945942][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 72.951663][ T5840] Cannot create hsr debugfs directory [ 73.083013][ T5842] hsr_slave_0: entered promiscuous mode [ 73.089768][ T5842] hsr_slave_1: entered promiscuous mode [ 73.096264][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 73.101984][ T5842] Cannot create hsr debugfs directory [ 73.544928][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.558448][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.576419][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.598445][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.670434][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.685446][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.696087][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.709800][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.788845][ T5839] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.803894][ T5839] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.813974][ T5839] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.830206][ T5839] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.946858][ T5841] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.958251][ T5841] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 73.970744][ T5841] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 73.982407][ T5841] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.076872][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.123030][ T5842] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 74.143645][ T5842] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 74.163415][ T5842] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 74.186183][ T5842] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 74.201705][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.237128][ T1125] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.244634][ T1125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.272659][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.279789][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.287319][ T5853] Bluetooth: hci1: command tx timeout [ 74.287454][ T5859] Bluetooth: hci2: command tx timeout [ 74.354795][ T5859] Bluetooth: hci3: command tx timeout [ 74.355182][ T5847] Bluetooth: hci0: command tx timeout [ 74.367674][ T5853] Bluetooth: hci4: command tx timeout [ 74.375737][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.412294][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.449737][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.483296][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.490429][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.526168][ T1348] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.533353][ T1348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.543269][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.588771][ T1125] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.596078][ T1125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.632918][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.640146][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.663311][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.776120][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.811401][ T1348] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.818520][ T1348] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.880690][ T1348] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.887916][ T1348] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.942841][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.963288][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.125925][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.173956][ T136] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.181149][ T136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.218457][ T136] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.225673][ T136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.311901][ T5843] veth0_vlan: entered promiscuous mode [ 75.336831][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.373414][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.405582][ T5843] veth1_vlan: entered promiscuous mode [ 75.595206][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.623744][ T5840] veth0_vlan: entered promiscuous mode [ 75.648860][ T5843] veth0_macvtap: entered promiscuous mode [ 75.679246][ T5839] veth0_vlan: entered promiscuous mode [ 75.691663][ T5843] veth1_macvtap: entered promiscuous mode [ 75.721109][ T5840] veth1_vlan: entered promiscuous mode [ 75.746895][ T5839] veth1_vlan: entered promiscuous mode [ 75.788091][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.839097][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.850140][ T5841] veth0_vlan: entered promiscuous mode [ 75.881788][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.902062][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.911601][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.939198][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.948759][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.963298][ T5841] veth1_vlan: entered promiscuous mode [ 75.989480][ T5840] veth0_macvtap: entered promiscuous mode [ 76.030996][ T5840] veth1_macvtap: entered promiscuous mode [ 76.042354][ T5839] veth0_macvtap: entered promiscuous mode [ 76.090624][ T5839] veth1_macvtap: entered promiscuous mode [ 76.182963][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.229846][ T5841] veth0_macvtap: entered promiscuous mode [ 76.253792][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.266351][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.286108][ T5841] veth1_macvtap: entered promiscuous mode [ 76.297740][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.300585][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.313141][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.340899][ T185] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.354515][ T5853] Bluetooth: hci1: command tx timeout [ 76.365105][ T5853] Bluetooth: hci2: command tx timeout [ 76.396092][ T185] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.405054][ T185] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.430386][ T1125] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.430940][ T185] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.438741][ T5847] Bluetooth: hci4: command tx timeout [ 76.438772][ T5847] Bluetooth: hci0: command tx timeout [ 76.438874][ T5853] Bluetooth: hci3: command tx timeout [ 76.449733][ T1125] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.456771][ T185] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.505284][ T185] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.514057][ T185] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.543181][ T185] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.589378][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.619251][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 76.622628][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.691183][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.707272][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.751481][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.768227][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.789812][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.798033][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.816742][ T5842] veth0_vlan: entered promiscuous mode [ 76.898674][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.922385][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.934199][ T5842] veth1_vlan: entered promiscuous mode [ 76.979643][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.997684][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.121908][ T1348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.137783][ T1348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.189896][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.222827][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.316322][ T1877] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 77.397939][ T1348] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.422603][ T1348] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.463962][ T5842] veth0_macvtap: entered promiscuous mode [ 77.505246][ T5842] veth1_macvtap: entered promiscuous mode [ 77.523281][ T1877] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 77.573457][ T1877] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 77.615288][ T1877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.681964][ T1877] usb 2-1: Product: syz [ 77.695214][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 77.711973][ T1877] usb 2-1: Manufacturer: syz [ 77.733498][ T1877] usb 2-1: SerialNumber: syz [ 77.754510][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.792322][ T1877] usb 2-1: config 0 descriptor?? [ 77.862401][ T1125] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.879671][ T5967] libceph: resolve '0..' (ret=-3): failed [ 77.911051][ T1125] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.933527][ T1125] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.948347][ T1125] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.059838][ T5979] netlink: 'syz.3.4': attribute type 2 has an invalid length. [ 78.423381][ T136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.446851][ T5859] Bluetooth: hci2: command tx timeout [ 78.452293][ T5859] Bluetooth: hci1: command tx timeout [ 78.485805][ T136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.514868][ T5853] Bluetooth: hci3: command tx timeout [ 78.520314][ T5859] Bluetooth: hci0: command tx timeout [ 78.525844][ T5859] Bluetooth: hci4: command tx timeout [ 78.594775][ T1229] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 78.743941][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.759151][ T1229] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 78.780048][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.820797][ T1229] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 78.846603][ T1229] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.886699][ T1229] usb 1-1: Product: syz [ 78.900035][ T1229] usb 1-1: Manufacturer: syz [ 78.931951][ T1229] usb 1-1: SerialNumber: syz [ 78.953916][ T1229] usb 1-1: config 0 descriptor?? [ 79.910221][ T5997] kAFS: unable to lookup cell 'ÿ' [ 80.012539][ T5995] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.232798][ T5971] usb 2-1: USB disconnect, device number 2 [ 81.581445][ T1877] usb 1-1: USB disconnect, device number 2 [ 82.229173][ T6016] openvswitch: netlink: IP tunnel dst address not specified [ 83.889419][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 83.931544][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 83.949599][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 83.966359][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 83.985314][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 83.995370][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 84.022606][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 84.085802][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 84.149191][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 84.162265][ T6032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.15'. [ 84.231435][ T6042] openvswitch: netlink: IP tunnel dst address not specified [ 84.364963][ T5852] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 84.385109][ T6032] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 84.540460][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 84.561985][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 84.590007][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 84.615304][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 84.642245][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 84.695837][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 84.779559][ T5852] usb 5-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 84.810229][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.830403][ T5852] usb 5-1: Product: syz [ 84.878972][ T5852] usb 5-1: Manufacturer: syz [ 84.890249][ T5852] usb 5-1: SerialNumber: syz [ 84.966138][ T5852] usb 5-1: config 0 descriptor?? [ 85.031341][ T5852] ti_usb_3410_5052 5-1:0.0: TI USB 5052 2 port adapter converter detected [ 85.066618][ T5852] ti_usb_3410_5052 5-1:0.0: missing endpoints [ 86.204457][ T6072] libceph: resolve '0..' (ret=-3): failed [ 86.324379][ T5852] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 86.414442][ T1229] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 86.530382][ T5852] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 86.577120][ T5852] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 86.620019][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.623458][ T1568] cfg80211: failed to load regulatory.db [ 86.634074][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 86.634107][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 86.711657][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 86.732065][ T5852] usb 1-1: Product: syz [ 86.739581][ T5852] usb 1-1: Manufacturer: syz [ 86.746002][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 86.755985][ T5852] usb 1-1: SerialNumber: syz [ 86.780752][ T5852] usb 1-1: config 0 descriptor?? [ 86.788793][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 86.802670][ T1229] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 86.861436][ T1229] usb 2-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 86.899940][ T1229] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.928940][ T1229] usb 2-1: Product: syz [ 86.946632][ T1229] usb 2-1: Manufacturer: syz [ 86.965224][ T1229] usb 2-1: SerialNumber: syz [ 87.030963][ T1229] usb 2-1: config 0 descriptor?? [ 87.107666][ T1229] ti_usb_3410_5052 2-1:0.0: TI USB 5052 2 port adapter converter detected [ 87.150323][ T1229] ti_usb_3410_5052 2-1:0.0: missing endpoints [ 87.425044][ T6077] hsr_slave_0: left promiscuous mode [ 87.478110][ T6077] hsr_slave_1: left promiscuous mode [ 87.737766][ T1877] usb 5-1: USB disconnect, device number 2 [ 88.604732][ T1229] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 88.826285][ T1229] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 88.875731][ T1877] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 88.954170][ T1229] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 88.969187][ T1229] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.095019][ T1229] usb 3-1: Product: syz [ 89.116155][ T1229] usb 3-1: Manufacturer: syz [ 89.164800][ T1229] usb 3-1: SerialNumber: syz [ 89.189898][ T1229] usb 3-1: config 0 descriptor?? [ 89.242064][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 89.271635][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 89.309574][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 89.351107][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 89.392449][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 89.434202][ T1877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 89.451663][ T1878] usb 1-1: USB disconnect, device number 3 [ 89.484060][ T1877] usb 5-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 89.528856][ T1877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.556201][ T1877] usb 5-1: Product: syz [ 89.564175][ T1877] usb 5-1: Manufacturer: syz [ 89.600962][ T1877] usb 5-1: SerialNumber: syz [ 89.618235][ T5852] usb 2-1: USB disconnect, device number 3 [ 89.649038][ T1877] usb 5-1: config 0 descriptor?? [ 89.713835][ T1877] ti_usb_3410_5052 5-1:0.0: TI USB 5052 2 port adapter converter detected [ 89.740770][ T1877] ti_usb_3410_5052 5-1:0.0: missing endpoints [ 90.028045][ T6105] __nla_validate_parse: 9 callbacks suppressed [ 90.028090][ T6105] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.30'. [ 90.662911][ T6109] syz.1.30 uses obsolete (PF_INET,SOCK_PACKET) [ 90.791610][ T6109] dummy0: entered allmulticast mode [ 91.567279][ T5912] usb 3-1: USB disconnect, device number 2 [ 92.048267][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 92.203445][ T1878] usb 5-1: USB disconnect, device number 3 [ 92.584555][ T6131] kAFS: unable to lookup cell 'ÿ' [ 94.513239][ T6170] syz.4.46 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 94.535642][ T6171] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 94.846619][ T6180] Falling back ldisc for ttyS3. [ 94.865420][ T5912] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 95.027965][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.039213][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.049703][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 95.063952][ T5912] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 95.073502][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.100256][ T5912] usb 2-1: config 0 descriptor?? [ 95.194372][ T1568] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 95.244653][ T1878] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 95.365178][ T1568] usb 5-1: Using ep0 maxpacket: 16 [ 95.371955][ T1568] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.383360][ T1568] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.393165][ T1568] usb 5-1: config 0 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 12 [ 95.407601][ T1568] usb 5-1: config 0 interface 0 has no altsetting 0 [ 95.414860][ T1568] usb 5-1: New USB device found, idVendor=056a, idProduct=002a, bcdDevice= 0.00 [ 95.424153][ T1568] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.433189][ T1878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.445763][ T1878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.456688][ T1568] usb 5-1: config 0 descriptor?? [ 95.474411][ T1878] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 95.487195][ T1878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.497566][ T1878] usb 3-1: config 0 descriptor?? [ 95.539245][ T5912] plantronics 0003:047F:FFFF.0001: reserved main item tag 0xd [ 95.561499][ T5912] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 95.647809][ T5988] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.667084][ T6182] Zero length message leads to an empty skb [ 95.817795][ T5988] usb 4-1: unable to get BOS descriptor or descriptor too short [ 95.818942][ T5852] usb 2-1: USB disconnect, device number 4 [ 95.835611][ T5988] usb 4-1: config 129 has an invalid interface number: 122 but max is 0 [ 95.853032][ T5988] usb 4-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 95.868603][ T5988] usb 4-1: config 129 has no interface number 0 [ 95.888785][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 95.897437][ T5988] usb 4-1: config 129 interface 122 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 64 [ 95.907921][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 95.915938][ T5988] usb 4-1: config 129 interface 122 altsetting 7 endpoint 0xA has invalid wMaxPacketSize 0 [ 95.929207][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 95.938318][ T1878] logitech-djreceiver 0003:046D:C71F.0003: unbalanced delimiter at end of report description [ 95.948825][ T5988] usb 4-1: config 129 interface 122 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 95.962233][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 95.969871][ T1878] logitech-djreceiver 0003:046D:C71F.0003: logi_dj_probe: parse failed [ 95.978240][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 95.985483][ T5988] usb 4-1: config 129 interface 122 has no altsetting 0 [ 95.992522][ T1878] logitech-djreceiver 0003:046D:C71F.0003: probe with driver logitech-djreceiver failed with error -22 [ 96.003668][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 96.012275][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 96.022436][ T5988] usb 4-1: New USB device found, idVendor=3980, idProduct=0003, bcdDevice=c9.07 [ 96.033185][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 96.040485][ T5988] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.048805][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 96.055888][ T5988] usb 4-1: Product: syz [ 96.060117][ T1568] wacom 0003:056A:002A.0002: unknown main item tag 0x0 [ 96.067177][ T5988] usb 4-1: Manufacturer: syz [ 96.071798][ T5988] usb 4-1: SerialNumber: syz [ 96.081895][ T1568] usb 5-1: USB disconnect, device number 4 [ 96.096646][ T6188] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 96.115252][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 96.136739][ T5912] usb 3-1: USB disconnect, device number 3 [ 96.276542][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 96.284946][ T24] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 96.293043][ T24] usb 1-1: config 0 has no interface number 0 [ 96.301433][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 96.310547][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.323334][ T24] usb 1-1: Product: syz [ 96.327008][ T5988] rtl8150 4-1:129.122: couldn't find required endpoints [ 96.328312][ T24] usb 1-1: Manufacturer: syz [ 96.338914][ T5988] rtl8150 4-1:129.122: probe with driver rtl8150 failed with error -5 [ 96.339515][ T24] usb 1-1: SerialNumber: syz [ 96.360583][ T5988] usb 4-1: USB disconnect, device number 2 [ 96.366058][ T24] usb 1-1: config 0 descriptor?? [ 96.779759][ T24] uvcvideo 1-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 96.787182][ T24] uvcvideo 1-1:0.31: No valid video chain found. [ 96.800011][ T24] usb 1-1: USB disconnect, device number 4 [ 96.944388][ T5988] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 96.951983][ T1568] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 96.984436][ T1229] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 97.134437][ T1568] usb 5-1: Using ep0 maxpacket: 8 [ 97.134441][ T1229] usb 3-1: Using ep0 maxpacket: 16 [ 97.142609][ T5988] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.149510][ T1229] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 97.159456][ T5988] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 97.171439][ T1229] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 97.178779][ T1568] usb 5-1: unable to get BOS descriptor or descriptor too short [ 97.188447][ T1229] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 97.193885][ T5988] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 97.204042][ T1229] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.221501][ T1229] usb 3-1: Product: syz [ 97.221607][ T1568] usb 5-1: config 0 has an invalid interface number: 88 but max is 0 [ 97.221629][ T1568] usb 5-1: config 0 has no interface number 0 [ 97.222310][ T1568] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 97.226591][ T1229] usb 3-1: Manufacturer: syz [ 97.236926][ T1568] usb 5-1: config 0 interface 88 has no altsetting 0 [ 97.247661][ T1229] usb 3-1: SerialNumber: syz [ 97.254316][ T5988] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.267767][ T1229] usb 3-1: 0:2 : does not exist [ 97.287354][ T1568] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 97.314077][ T5988] usb 2-1: config 0 descriptor?? [ 97.330897][ T1568] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 97.356895][ T1568] usb 5-1: Product: syz [ 97.361885][ T1568] usb 5-1: SerialNumber: syz [ 97.367580][ T6211] ======================================================= [ 97.367580][ T6211] WARNING: The mand mount option has been deprecated and [ 97.367580][ T6211] and is ignored by this kernel. Remove the mand [ 97.367580][ T6211] option from the mount to silence this warning. [ 97.367580][ T6211] ======================================================= [ 97.371877][ T1568] usb 5-1: config 0 descriptor?? [ 97.480292][ T1229] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 97.535268][ T1229] usb 3-1: USB disconnect, device number 4 [ 97.581633][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 97.637169][ T1568] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input6 [ 97.684932][ T1568] usb 5-1: USB disconnect, device number 5 [ 97.684932][ C1] usb_acecad 5-1:0.88: can't resubmit intr, dummy_hcd.4-1/input0, status -19 [ 97.765523][ T5988] pyra 0003:1E7D:2CF6.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0 [ 97.961011][ T5988] pyra 0003:1E7D:2CF6.0004: couldn't init struct pyra_device [ 97.968689][ T5988] pyra 0003:1E7D:2CF6.0004: couldn't install mouse [ 97.978471][ T5988] pyra 0003:1E7D:2CF6.0004: probe with driver pyra failed with error -71 [ 97.991535][ T5988] usb 2-1: USB disconnect, device number 5 [ 98.074360][ T1229] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 98.227194][ T1229] usb 4-1: unable to get BOS descriptor or descriptor too short [ 98.236341][ T1229] usb 4-1: not running at top speed; connect to a high speed hub [ 98.245991][ T1229] usb 4-1: config 1 has an invalid descriptor of length 153, skipping remainder of the config [ 98.257420][ T1229] usb 4-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x56, changing to 0x6 [ 98.270854][ T1229] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid maxpacket 28155, setting to 64 [ 98.290349][ T1229] usb 4-1: New USB device found, idVendor=18d1, idProduct=2d04, bcdDevice= 0.40 [ 98.299872][ T1229] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.308364][ T1229] usb 4-1: Product: syz [ 98.312787][ T1229] usb 4-1: Manufacturer: syz [ 98.317550][ T1229] usb 4-1: SerialNumber: syz [ 98.385157][ T5852] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 98.414220][ T29] audit: type=1804 audit(1774029267.179:2): pid=6223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.70" name="bus" dev="ramfs" ino=9876 res=1 errno=0 [ 98.464681][ T29] audit: type=1804 audit(1774029267.189:3): pid=6223 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.70" name="bus" dev="ramfs" ino=9876 res=1 errno=0 [ 98.546211][ T5852] usb 3-1: Using ep0 maxpacket: 16 [ 98.571134][ T5852] usb 3-1: unable to get BOS descriptor or descriptor too short [ 98.606910][ T1229] usb 4-1: parse_audio_format_rates_v2v3(): unable to find clock source (clock -22) [ 98.630228][ T5852] usb 3-1: config 1 has an invalid interface descriptor of length 7, skipping [ 98.660680][ T5852] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 98.679084][ T1229] usb 4-1: failed to enable PITCH for EP 0x1 [ 98.687301][ T1229] usb 4-1: unit 2 not found! [ 98.692012][ T1229] usb 4-1: unit 8 not found! [ 98.701307][ T5852] usb 3-1: New USB device found, idVendor=08e4, idProduct=0163, bcdDevice= 0.40 [ 98.716951][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.735765][ T5852] usb 3-1: Product: syz [ 98.746607][ T5852] usb 3-1: Manufacturer: syz [ 98.772030][ T5852] usb 3-1: SerialNumber: syz [ 98.785275][ T1568] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 98.905780][ T1229] usb 4-1: USB disconnect, device number 3 [ 98.975633][ T1568] usb 1-1: Using ep0 maxpacket: 16 [ 99.010872][ T1568] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 99.019358][ T6231] udevd[6231]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 99.062384][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.099734][ T5852] usb 3-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 99.113446][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.128195][ T5852] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 99.156774][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.162994][ T5852] usb 3-1: MIDIStreaming interface descriptor not found [ 99.178341][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.220302][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.260098][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.298347][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.341412][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.370914][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.406503][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.435873][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.468551][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.485922][ T5852] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 99.509347][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.527708][ T5852] usb 3-1: USB disconnect, device number 5 [ 99.546401][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.577173][ T1568] usb 1-1: config 28 has an invalid descriptor of length 0, skipping remainder of the config [ 99.620483][ T1568] usb 1-1: config 28 has 0 interfaces, different from the descriptor's value: 1 [ 99.630956][ T6232] udevd[6232]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 100.594541][ T5988] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 100.776600][ T5988] usb 4-1: config 1 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 100.801467][ T5988] usb 4-1: config 1 interface 0 has no altsetting 0 [ 100.822745][ T5988] usb 4-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40 [ 100.837706][ T5988] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.869049][ T5988] usb 4-1: Product: syz [ 100.878548][ T5988] usb 4-1: Manufacturer: syz [ 100.888816][ T5988] usb 4-1: SerialNumber: syz [ 100.911317][ T6254] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 101.168434][ T5988] usbhid 4-1:1.0: can't add hid device: -71 [ 101.190899][ T5988] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 101.227097][ T5988] usb 4-1: USB disconnect, device number 4 [ 101.443294][ T1568] usb 1-1: string descriptor 0 read error: -71 [ 101.471635][ T1568] usb 1-1: New USB device found, idVendor=04e8, idProduct=a101, bcdDevice= 4.48 [ 101.484620][ T1568] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.501088][ T1568] r8152-cfgselector 1-1: Unknown version 0x0000 [ 101.516150][ T1568] r8152-cfgselector 1-1: can't set config #28, error -71 [ 101.541843][ T1568] r8152-cfgselector 1-1: USB disconnect, device number 5 [ 101.795609][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 101.959809][ T24] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 101.998310][ T24] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 102.015030][ T5852] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 102.030413][ T24] usb 3-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config [ 102.043762][ T24] usb 3-1: config 220 has no interface number 2 [ 102.051328][ T24] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 102.067426][ T24] usb 3-1: config 220 interface 0 has no altsetting 0 [ 102.074241][ T24] usb 3-1: config 220 interface 76 has no altsetting 0 [ 102.095873][ T24] usb 3-1: config 220 interface 1 has no altsetting 0 [ 102.110008][ T24] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 102.132776][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.148679][ T24] usb 3-1: Product: syz [ 102.155012][ T24] usb 3-1: Manufacturer: syz [ 102.171266][ T24] usb 3-1: SerialNumber: syz [ 102.196298][ T5852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.222355][ T5852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.255332][ T5852] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 102.274539][ T5852] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 102.282660][ T5852] usb 4-1: Manufacturer: syz [ 102.308373][ T5852] usb 4-1: config 0 descriptor?? [ 102.423970][ T24] usb 3-1: selecting invalid altsetting 0 [ 102.452439][ T24] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 102.491111][ T24] uvcvideo 3-1:220.0: No valid video chain found. [ 102.506129][ T24] usb 3-1: selecting invalid altsetting 0 [ 102.512927][ T24] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 102.525620][ T24] usb 3-1: USB disconnect, device number 6 [ 103.401514][ T5852] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0005/input/input7 [ 103.424050][ T6272] node ffff888057480840 offset 0 parent ffff888057480580 shift 0 count 64 values 0 array ffff888054d5df40 list ffff888057480858 ffff888057480858 marks 0 0 0 [ 103.467838][ T6272] ------------[ cut here ]------------ [ 103.473438][ T6272] kernel BUG at ./include/linux/xarray.h:1441! [ 103.515238][ T5852] uclogic 0003:256C:006D.0005: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 103.527750][ T6272] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 103.534043][ T6272] CPU: 1 UID: 0 PID: 6272 Comm: syz.0.85 Tainted: G L syzkaller #0 PREEMPT(full) [ 103.544728][ T6272] Tainted: [L]=SOFTLOCKUP [ 103.549053][ T6272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 103.559127][ T6272] RIP: 0010:collapse_scan_file+0x4fba/0x5220 [ 103.565128][ T6272] Code: ff 4c 89 e7 48 c7 c6 60 b3 dc 8b e8 00 e4 f1 fe 90 0f 0b 48 85 db 0f 84 d1 00 00 00 e8 0f 10 90 ff 48 89 df e8 d7 e1 77 09 90 <0f> 0b e8 ff 0f 90 ff 48 89 df 48 c7 c6 60 b3 dc 8b e8 d0 e3 f1 fe [ 103.584566][ T5988] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 103.584732][ T6272] RSP: 0018:ffffc90006856e20 EFLAGS: 00010246 [ 103.598251][ T6272] RAX: 0000000000000000 RBX: ffff888057480840 RCX: 9d03af3f507fe000 [ 103.606236][ T6272] RDX: ffffc90003f1a000 RSI: 0000000000008e86 RDI: 0000000000008e87 [ 103.614210][ T6272] RBP: ffffc90006857130 R08: ffffc90006856ba7 R09: 1ffff92000d0ad74 [ 103.622189][ T6272] R10: dffffc0000000000 R11: fffff52000d0ad75 R12: dffffc0000000000 [ 103.630167][ T6272] R13: ffffea0001ab3430 R14: 0000000000000000 R15: ffffc90006857010 [ 103.638145][ T6272] FS: 00007efc49ae96c0(0000) GS:ffff888125549000(0000) knlGS:0000000000000000 [ 103.647084][ T6272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 103.653670][ T6272] CR2: 00007fb9bc25bf28 CR3: 000000007d266000 CR4: 00000000003526f0 [ 103.661646][ T6272] Call Trace: [ 103.664928][ T6272] [ 103.667858][ T6272] ? collapse_scan_file+0x1bf/0x5220 [ 103.673146][ T6272] ? __pfx_collapse_scan_file+0x10/0x10 [ 103.678688][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.683633][ T6272] ? schedule+0x90/0x360 [ 103.687872][ T6272] ? schedule+0x16e/0x360 [ 103.692194][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.697139][ T6272] ? __up_read+0x291/0x6b0 [ 103.701544][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.706476][ T6272] ? __pfx___up_read+0x10/0x10 [ 103.711229][ T6272] collapse_single_pmd+0x22b/0x4480 [ 103.716419][ T6272] ? do_raw_spin_lock+0x12b/0x2f0 [ 103.721438][ T6272] ? __flush_work+0x100/0xc50 [ 103.726189][ T6272] ? __flush_work+0x100/0xc50 [ 103.730859][ T6272] ? __flush_work+0x100/0xc50 [ 103.735520][ T6272] ? __flush_work+0xab9/0xc50 [ 103.740186][ T6272] ? __pfx_collapse_single_pmd+0x10/0x10 [ 103.745810][ T6272] ? __flush_work+0x100/0xc50 [ 103.750478][ T6272] ? madvise_collapse+0x18c/0x820 [ 103.755490][ T6272] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 103.761115][ T6272] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 103.767090][ T6272] madvise_collapse+0x34c/0x820 [ 103.771929][ T6272] madvise_vma_behavior+0x1094/0x4460 [ 103.777291][ T6272] ? __page_table_check_zero+0x6a/0x3e0 [ 103.782824][ T6272] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 103.788529][ T6272] ? __page_table_check_zero+0x6a/0x3e0 [ 103.794061][ T6272] ? __page_table_check_zero+0x6a/0x3e0 [ 103.799595][ T6272] ? __page_table_check_zero+0x397/0x3e0 [ 103.805257][ T6272] ? __page_table_check_zero+0x6a/0x3e0 [ 103.810793][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.815732][ T6272] ? fs_reclaim_acquire+0x7c/0x100 [ 103.820835][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.825764][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.830695][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.835629][ T6272] ? mas_prev_slot+0xb7b/0xbf0 [ 103.840386][ T6272] ? find_vma_prev+0x123/0x1b0 [ 103.845143][ T6272] ? __pfx_find_vma_prev+0x10/0x10 [ 103.850252][ T6272] madvise_walk_vmas+0x573/0xae0 [ 103.855174][ T6272] ? __lock_acquire+0x6b5/0x2cf0 [ 103.860111][ T6272] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 103.865557][ T6272] ? blk_start_plug+0x6e/0x1b0 [ 103.870312][ T6272] madvise_do_behavior+0x386/0x540 [ 103.875414][ T6272] ? __pfx_madvise_do_behavior+0x10/0x10 [ 103.881033][ T6272] ? down_read+0x270/0x2e0 [ 103.885440][ T6272] ? madvise_lock+0x146/0x2e0 [ 103.890109][ T6272] do_madvise+0x1fa/0x2e0 [ 103.894423][ T6272] ? __pfx_do_madvise+0x10/0x10 [ 103.899257][ T6272] ? lock_vma_under_rcu+0x45a/0x500 [ 103.904461][ T6272] __x64_sys_madvise+0xa6/0xc0 [ 103.909216][ T6272] do_syscall_64+0x14d/0xf80 [ 103.913798][ T6272] ? trace_irq_disable+0x3b/0x140 [ 103.918810][ T6272] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.924862][ T6272] ? clear_bhb_loop+0x40/0x90 [ 103.929536][ T6272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 103.935413][ T6272] RIP: 0033:0x7efc48b9c799 [ 103.939831][ T6272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 103.959420][ T6272] RSP: 002b:00007efc49ae9028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 103.967822][ T6272] RAX: ffffffffffffffda RBX: 00007efc48e15fa0 RCX: 00007efc48b9c799 [ 103.975777][ T6272] RDX: 0000000000000019 RSI: 0000000000600003 RDI: 0000200000000000 [ 103.983734][ T6272] RBP: 00007efc48c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 103.991690][ T6272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 103.999644][ T6272] R13: 00007efc48e16038 R14: 00007efc48e15fa0 R15: 00007fff0fc3edb8 [ 104.007611][ T6272] [ 104.010615][ T6272] Modules linked in: [ 104.017443][ T6272] ---[ end trace 0000000000000000 ]--- [ 104.042789][ T5912] usb 4-1: USB disconnect, device number 5 [ 104.054529][ T6272] RIP: 0010:collapse_scan_file+0x4fba/0x5220 [ 104.088448][ T6272] Code: ff 4c 89 e7 48 c7 c6 60 b3 dc 8b e8 00 e4 f1 fe 90 0f 0b 48 85 db 0f 84 d1 00 00 00 e8 0f 10 90 ff 48 89 df e8 d7 e1 77 09 90 <0f> 0b e8 ff 0f 90 ff 48 89 df 48 c7 c6 60 b3 dc 8b e8 d0 e3 f1 fe [ 104.111911][ T5988] usb 5-1: Using ep0 maxpacket: 8 [ 104.129603][ T6295] fido_id[6295]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 104.143781][ T5988] usb 5-1: unable to get BOS descriptor or descriptor too short [ 104.152155][ T6272] RSP: 0018:ffffc90006856e20 EFLAGS: 00010246 [ 104.158455][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 104.158484][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 104.158504][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 104.158528][ T5988] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 104.158550][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 104.158569][ T5988] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x75, changing to 0x5 [ 104.158591][ T5988] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 104.158610][ T5988] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 104.165132][ T5988] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 104.181944][ T6272] RAX: 0000000000000000 RBX: ffff888057480840 RCX: 9d03af3f507fe000 [ 104.216981][ T5988] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.267036][ T6272] RDX: ffffc90003f1a000 RSI: 0000000000008e86 RDI: 0000000000008e87 [ 104.283235][ T5988] usb 5-1: Product: syz [ 104.288199][ T5988] usb 5-1: Manufacturer: syz [ 104.292942][ T5988] usb 5-1: SerialNumber: syz [ 104.295927][ T6272] RBP: ffffc90006857130 R08: ffffc90006856ba7 R09: 1ffff92000d0ad74 [ 104.306790][ T6272] R10: dffffc0000000000 R11: fffff52000d0ad75 R12: dffffc0000000000 [ 104.310598][ T5988] usb 5-1: config 0 descriptor?? [ 104.321156][ T6272] R13: ffffea0001ab3430 R14: 0000000000000000 R15: ffffc90006857010 [ 104.323130][ T6281] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 104.330733][ T6272] FS: 00007efc49ae96c0(0000) GS:ffff888125549000(0000) knlGS:0000000000000000 [ 104.340506][ T5988] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 104.345327][ T6272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 104.345345][ T6272] CR2: 00007fb9bc5e92f8 CR3: 000000007d266000 CR4: 00000000003526f0 [ 104.345367][ T6272] Kernel panic - not syncing: Fatal exception [ 104.345638][ T6272] Kernel Offset: disabled