last executing test programs: 5m7.281602507s ago: executing program 2 (id=987): syz_open_procfs(0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x116b, &(0x7f0000002240)=ANY=[@ANYBLOB], 0x0) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x50) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a3000000100090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 5m6.73814388s ago: executing program 2 (id=988): socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5601, 0xfffffffffffffffc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xa9}}, &(0x7f0000000480)='GPL\x00'}, 0x90) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000700), &(0x7f0000000780), 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)={'blake2s-128-generic\x00'}, &(0x7f0000000800)="16488a99a96b2b2862ca51fd34fbe6bb6cc4828fa5258d60c7c0b7ed804474b8237f458e0547090878c78ee564f9019c8cc77517486bffae55160b769cd9b44d061db1177f05ae87948702105448de8e102c34bfa82c4a81126a13dff8f69c5c01d9e59e499f410de14a1bcb18ee20796bbdf082da634deead0ea8c67eed3dfff019a4d215cee97358493d241ee782c7c201a48b8091362c8d0133000fac8085397c9b907565836d465e001298ca4515ee01fae816", 0xb5}) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0xc) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, 0x0, 0x4000) r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, 0x0, 0x37) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote, @local}, &(0x7f0000000240)=0xc) sendmsg$nl_route_sched_retired(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x44005) write$cgroup_subtree(r6, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 5m5.667743487s ago: executing program 2 (id=992): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f000000d379)={&(0x7f0000000440)=ANY=[@ANYBLOB="180000001400010300000000000000001e000000c1"], 0x18}}, 0x0) r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff]) setgroups(0x0, 0x0) keyctl$chown(0x4, r5, 0xee01, r6) keyctl$setperm(0x5, r5, 0x30925) keyctl$KEYCTL_MOVE(0x3, r5, 0x0, 0x0, 0x0) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='.\x00', &(0x7f0000000000)='exfat\x00', 0x401, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000dc0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GET(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000fbfbdf25270000000e0001006e655f64657673696d0000000f0002006e657464657673696d3000001c0053"], 0x50}, 0x1, 0x0, 0x0, 0x24040011}, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60) 5m4.288710178s ago: executing program 2 (id=994): syz_open_procfs(0x0, 0x0) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x4) syz_open_dev$vbi(0x0, 0x1, 0x2) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000080000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x1) 4m58.099071716s ago: executing program 2 (id=1015): r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) accept4(r1, 0x0, 0x0, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb) unshare(0x2040400) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000100)=@o_path={0x0, r4}, 0x18) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x8040ae9f, &(0x7f0000000300)=@arm64) ioctl$KVM_X86_SET_MSR_FILTER(r3, 0x4188aec6, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4m51.437652282s ago: executing program 2 (id=1032): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x4, 0x10000, 0x100, 0x9004, 0x0, 0x8, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x1, 0x20002, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x2, 0x888f, 0x1, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x0, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0x2, 0x2b, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x2, 0x3, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xc9, 0x0, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x10000003]}) 4m35.599844078s ago: executing program 32 (id=1032): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x4, 0x10000, 0x100, 0x9004, 0x0, 0x8, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x1, 0x20002, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x3, 0x2, 0x888f, 0x1, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x0, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0x2, 0x2b, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x2, 0x3, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xc9, 0x0, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x10000003]}) 14.116288704s ago: executing program 4 (id=1730): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x9, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xb0}}, 0x20040010) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000140)=@ethtool_eee={0x44, 0x4, 0x9, 0x7, 0x1, 0xfffffe00, 0x5, 0x80000000, [0x6, 0xfffffffd]}}) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) r5 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r5, &(0x7f000001aa40)=""/102400, 0x19000) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000f40)={0xffffffffffffffff}) sendmsg$sock(r6, &(0x7f0000001480)={0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001000)='z', 0x101d0}], 0x1}, 0x0) close(0x3) recvmsg(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000007c0), 0x1000013b}, 0x2001) fsopen(&(0x7f00000000c0)='virtiofs\x00', 0x0) ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000480)) recvmsg(r4, &(0x7f0000000440)={&(0x7f0000000200)=@nfc, 0xffffffffffffff82, &(0x7f0000000180)=[{&(0x7f00000002c0)=""/78, 0x4e}, {&(0x7f0000000340)=""/227, 0xe1}, {&(0x7f0000000580)=""/133, 0x9b}], 0x3, &(0x7f0000000680)=""/174, 0xae}, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0x5, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5, 0x7ff}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) 14.04153912s ago: executing program 4 (id=1732): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() prctl$PR_MCE_KILL(0x21, 0x558f06e60675d7d5, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) 13.698320217s ago: executing program 4 (id=1734): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$sg(&(0x7f00000000c0), 0x80, 0xa81) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) socket$rxrpc(0x21, 0x2, 0xa) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) ioctl$TIOCSTI(r5, 0x5412, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r3, 0x0, 0xffffff6a) pipe2(&(0x7f0000000040), 0x4000) 13.514013902s ago: executing program 1 (id=1735): socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5601, 0xfffffffffffffffc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xa9}}, &(0x7f0000000480)='GPL\x00'}, 0x90) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000700), &(0x7f0000000780), 0x0, &(0x7f00000008c0)={0x0, &(0x7f0000000800)="16488a99a96b2b2862ca51fd34fbe6bb6cc4828fa5258d60c7c0b7ed804474b8237f458e0547090878c78ee564f9019c8cc77517486bffae55160b769cd9b44d061db1177f05ae87948702105448de8e102c34bfa82c4a81126a13dff8f69c5c01d9e59e499f410de14a1bcb18ee20796bbdf082da634deead0ea8c67eed3dfff019a4d215cee97358493d241ee782c7c201a48b8091362c8d0133000fac8085397c9b907565836d465e001298ca4515ee01fae816", 0xb5}) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0xc) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, 0x0, 0x4000) r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, 0x0, 0x37) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote, @local}, &(0x7f0000000240)=0xc) sendmsg$nl_route_sched_retired(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x44005) write$cgroup_subtree(r6, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 11.894005073s ago: executing program 1 (id=1740): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, 0x0) pipe(0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r2, 0x6, 0x24, 0x0, &(0x7f0000002000)) fcntl$setownex(r1, 0xf, &(0x7f00000003c0)={0x2}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x8) timer_gettime(0x0, &(0x7f00000001c0)) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 9.523475974s ago: executing program 5 (id=1743): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r3, &(0x7f0000004180)={0x2020}, 0x2020) r4 = syz_pidfd_open(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0), 0x1004001, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000003497266446e6f3d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',\x00']) 8.922816102s ago: executing program 1 (id=1746): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2000, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) r2 = getpid() kcmp(r2, r2, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) fcntl$getflags(r1, 0xb) bind$phonet(r1, &(0x7f0000000040)={0x23, 0x19, 0x6, 0x7}, 0x10) getrlimit(0xd, &(0x7f0000000100)) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x0, @local}, 0x10, 0x0, 0x0, &(0x7f0000000400)=[@mask_cswp={0x58, 0x114, 0x9, {{0x8, 0x8}, &(0x7f0000000140)=0x6, 0x0, 0x6, 0x2, 0x7ff, 0x4, 0x22, 0xfffffffffffffffa}}], 0x58, 0x8004}, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0x0, 0xffffffff}, 0x1c) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, &(0x7f0000000140)={0x0, 0x10}}, 0x0) io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000280)={r1}) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) 8.086692829s ago: executing program 1 (id=1748): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="720ad1ff000000007110ae00000000000000000000000000474628d3ea16ee5876beccd399770c7f5a3b159068119157a197f6b77ae4d8f078af543172a4ec478159fca95b108e7f4a190301f58cdab770a3dc066ccb78cefc468d216df78dcbe77e45445045ab86c74c21d6374359cc108ecb89f192369e0bd08fc63a05076c715155ad1549405d558c1982113d2f660009ea8f7486c88a9adbc614a7237d119a02065f7c30aeaca8a858b9e5807d9c73bea422857159dd8189a4150d068f"], &(0x7f0000000480)='GPL\x00'}, 0x94) sendmmsg$inet6(r3, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0x1, @dev={0xfe, 0x80, '\x00', 0x34}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x0, @remote, 0x200}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)="02", 0x1}], 0x1}}], 0x2, 0x40c5) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="84010000", @ANYRES16=r4, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054010b800800090000000000080009000000fffe"], 0x184}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r6, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfd, 0x2000000}, 0xc) fsopen(0x0, 0xb4144cd82476cadd) close(r5) r7 = socket$kcm(0xa, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff050000", @ANYRES32=0x1], 0x48) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x8916, &(0x7f0000000000)={r7}) syz_open_dev$vim2m(&(0x7f00000001c0), 0x440ec63, 0x2) socket$kcm(0xa, 0x5, 0x0) close(r9) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000200)={@local, @random="d8be17d19221", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x23, 0x28, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2, 0x0, 0xe7}}}}}}, 0x0) 7.312930002s ago: executing program 5 (id=1751): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r0, &(0x7f0000001340)=[{&(0x7f00000001c0)=""/144, 0x90}], 0x1) 6.415534304s ago: executing program 5 (id=1754): r0 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r4 = memfd_create(0x0, 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) 5.554069643s ago: executing program 3 (id=1755): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() prctl$PR_MCE_KILL(0x21, 0x558f06e60675d7d5, 0x1) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r1}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38) 5.412879745s ago: executing program 0 (id=1756): socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0) mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, 0x0) pipe(0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r2, 0x6, 0x24, 0x0, &(0x7f0000002000)) fcntl$setownex(r1, 0xf, &(0x7f00000003c0)={0x2}) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x8) timer_gettime(0x0, &(0x7f00000001c0)) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 5.412448995s ago: executing program 5 (id=1757): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0x6aba, 0x4) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x121a02, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000b80)=ANY=[@ANYBLOB="12010000000000406d041fc7000000000001090224000100000000090400000103000000092100001634543300090581030000060000"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYRESDEC=r2], 0x120}}, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) kexec_load(0xff0e, 0x1, &(0x7f0000000900)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) preadv(r1, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/219, 0xdb}, {&(0x7f0000000680)=""/213, 0xd5}, {&(0x7f0000000dc0)=""/210, 0xd2}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000180)=""/5, 0x5}, {&(0x7f0000000940)=""/203, 0xcb}, {&(0x7f0000000bc0)=""/210, 0xd2}, {&(0x7f0000000cc0)=""/204, 0xcc}], 0x8, 0x1, 0x7ffffff0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r4, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2400000}, 0x18) 5.268595476s ago: executing program 3 (id=1758): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="0500000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a01010100", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 4.616688849s ago: executing program 0 (id=1759): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r2, 0xa, 0x13) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x80}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x19383fb31bd4d798}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0xffffff7d, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) fcntl$setlease(r2, 0x400, 0x0) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)=0x0) timer_settime(r6, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) 4.514050127s ago: executing program 3 (id=1760): socket$can_bcm(0x1d, 0x2, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r3, 0x5601, 0xfffffffffffffffc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x7, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x0, 0x71, 0x10, 0xa9}}, &(0x7f0000000480)='GPL\x00'}, 0x90) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) keyctl$dh_compute(0x17, &(0x7f0000000700), &(0x7f0000000780), 0x0, &(0x7f00000008c0)={0x0, &(0x7f0000000800)="16488a99a96b2b2862ca51fd34fbe6bb6cc4828fa5258d60c7c0b7ed804474b8237f458e0547090878c78ee564f9019c8cc77517486bffae55160b769cd9b44d061db1177f05ae87948702105448de8e102c34bfa82c4a81126a13dff8f69c5c01d9e59e499f410de14a1bcb18ee20796bbdf082da634deead0ea8c67eed3dfff019a4d215cee97358493d241ee782c7c201a48b8091362c8d0133000fac8085397c9b907565836d465e001298ca4515ee01fae816", 0xb5}) fsconfig$FSCONFIG_SET_BINARY(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0xc) sendmsg$RDMA_NLDEV_CMD_DELLINK(r5, 0x0, 0x4000) r6 = openat$cgroup_subtree(r5, &(0x7f0000000100), 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, 0x0, 0x37) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000001c0)={0x0, @remote, @local}, &(0x7f0000000240)=0xc) sendmsg$nl_route_sched_retired(r5, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x44005) write$cgroup_subtree(r6, &(0x7f0000000980)={[{0x2d, 'pids'}]}, 0x1f) 3.711862442s ago: executing program 0 (id=1761): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="05000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff31151da7c57628327841e9"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce07", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.612837509s ago: executing program 3 (id=1762): r0 = socket$nl_rdma(0x10, 0x3, 0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a0000", 0x3) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)='cpu.weight.nice\x00', 0x2, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000001114"], 0x10}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 2.528598367s ago: executing program 4 (id=1763): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x2) readv(r1, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r2, 0xa, 0x13) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000400000004"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x80}, 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x19383fb31bd4d798}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0xffffff7d, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r5}, 0x10) fcntl$setlease(r2, 0x400, 0x0) timer_create(0x0, &(0x7f00000005c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) truncate(&(0x7f0000000040)='./file0\x00', 0x0) fcntl$setlease(r2, 0x400, 0x2) 2.292383566s ago: executing program 1 (id=1764): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r0, &(0x7f0000001340)=[{&(0x7f00000001c0)=""/144, 0x90}], 0x1) 1.965597212s ago: executing program 0 (id=1765): signalfd(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6, 0x7, 0x5, 0x180, 0x0, 0x0, 0xf1, 0x0, 0x8, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0xbd5], 0x1, 0x3c4212}) syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_WRITE_SCAN_ENABLE={{0x9}, 0x3}}}, 0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.709971353s ago: executing program 4 (id=1766): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)=ANY=[@ANYBLOB='0\x00\x00', @ANYRES16, @ANYBLOB="010007bd7000fddbdfb2d0465a460c0e670064000000a9000300", @ANYRES32, @ANYBLOB="0c0099000b00000043000000"], 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) socket$unix(0x1, 0x5, 0x0) 1.487328681s ago: executing program 3 (id=1767): openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) openat$comedi(0xffffffffffffff9c, 0x0, 0x80600, 0x0) syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000180)=0x1b) ioctl$TIOCVHANGUP(r5, 0x5437, 0x2) r6 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r6, 0x1, 0x3e, &(0x7f0000000100)=r7, 0x4) ioctl$TCSETSF(r5, 0x5404, 0x0) sendmsg$inet(r6, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x18) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c000000210001002cbd7000fddbbcfe0a800004ff000000040001001400010000000000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4000841}, 0x20040000) 1.332136163s ago: executing program 5 (id=1768): r0 = syz_io_uring_setup(0x10c6, &(0x7f0000000b40)={0x0, 0xbdee, 0x800, 0x400001, 0x1ef}, &(0x7f0000000200)=0x0, &(0x7f0000000280)=0x0) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r4 = memfd_create(0x0, 0x3) ftruncate(r4, 0xffff) fcntl$addseals(r4, 0x409, 0x7) r5 = ioctl$UDMABUF_CREATE(r3, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000}) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r5, 0x0, 0x0, 0x0, {0x414}, 0x1}) io_uring_enter(r0, 0x3f72, 0x74f1, 0xc00000000000000, 0x0, 0x39) 685.944295ms ago: executing program 4 (id=1769): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000580)={'\x00', 0x240, 0x9, 0x8, 0x0, 0x10}) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000004340)=""/102376, 0x18fe8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xe, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) r4 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0) write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './file0'}, 0xb) execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$BLKTRACESTART(r0, 0x1274, 0x0) syz_usb_connect$uac1(0x5, 0xe4, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd2, 0x3, 0x1, 0xfd, 0x0, 0x19, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x5}, [@feature_unit={0xf, 0x24, 0x6, 0x6, 0x6, 0x4, [0x2, 0x2, 0x3, 0x9], 0x7f}, @mixer_unit={0x9, 0x24, 0x4, 0x5, 0x4, "6e0403e6"}, @feature_unit={0xf, 0x24, 0x6, 0x1, 0x1, 0x4, [0x8, 0x2, 0xa, 0x2], 0x4}, @extension_unit={0x9, 0x24, 0x8, 0x3, 0x81, 0xd, "9d3e"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x201, 0x5, 0xd9, 0x4, 0x9, 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x8, 0x3, 0x5, {0x7, 0x25, 0x1, 0x80, 0xbb, 0xc83}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x2, 0x25, 0x2}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x3, 0x2, 0x4, 0xc0}, @as_header={0x7, 0x24, 0x1, 0x1, 0x4, 0x5}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x6, 0x1, 0x9, 0x9, "42de3d2855d8"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x9, 0x1}, @format_type_i_continuous={0xc, 0x24, 0x2, 0x1, 0x1, 0x3, 0x3, 0x6, "97", "22e67d"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x3, 0x3, 0x1, {0x7, 0x25, 0x1, 0x1, 0x0, 0x1}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x250, 0x3, 0xab, 0x7, 0x20, 0x7}, 0x48, &(0x7f0000000380)={0x5, 0xf, 0x48, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "11f35f244f0bbb3568e7a46862b69421"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0xe4, 0x4, 0x8}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x3, 0x4}, @ssp_cap={0x10, 0x10, 0xa, 0xfe, 0x1, 0x3, 0xf0f, 0x1, [0xff3f30]}, @wireless={0xb, 0x10, 0x1, 0xf6959c61b84b1cd0, 0xd0, 0x6, 0x5, 0x7}]}, 0x3, [{0x2, &(0x7f0000000400)=@string={0x2}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x1809}}, {0x3e, &(0x7f0000000480)=@string={0x3e, 0x3, "43381e7758e1c174b98243f323cdd2e461f1ef43a7e7a0d4533c3ff98621a175588f9f175de0cc05cd52c418d6c8f67165ccacba4c9a9ddf96895b0b"}}]}) 253.01038ms ago: executing program 3 (id=1770): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="0500000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a01010100", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 233.702622ms ago: executing program 1 (id=1771): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r3 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(r3, 0x0, 0x0) clock_gettime(0x0, 0x0) openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x1) fchdir(r5) lseek(0xffffffffffffffff, 0x2, 0x0) 198.465295ms ago: executing program 0 (id=1772): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, 0x0, &(0x7f0000000100)) 167.829747ms ago: executing program 5 (id=1773): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="0500000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7a"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a01010100", @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffffffffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 0s ago: executing program 0 (id=1774): syz_emit_ethernet(0x1e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @random="a0725ce9403b", @void, {@can={0xc, {{0x4, 0x1, 0x1, 0x1}, 0x8, 0x1, 0x0, 0x0, "daaccb05b786bb81"}}}}, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d", @ANYRES64], 0xf8) kernel console output (not intermixed with test programs): ./syz-executor exec"[6999] [ 306.530328][ T7005] input: syz1 as /devices/virtual/input/input27 [ 306.707029][ T7002] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 306.719343][ T7002] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 307.844205][ T4185] Bluetooth: hci5: command 0x1003 tx timeout [ 308.487935][ T7011] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 308.498451][ T7011] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 308.815156][ T7044] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 308.821811][ T7044] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 308.834257][ T7044] vhci_hcd vhci_hcd.0: Device attached [ 308.908123][ T7045] vhci_hcd: connection closed [ 308.909135][ T5628] vhci_hcd: stop threads [ 308.960452][ T5628] vhci_hcd: release socket [ 309.004882][ T7043] overlayfs: missing 'workdir' [ 309.040539][ T5628] vhci_hcd: disconnect device [ 309.863334][ T1108] Bluetooth: hci5: command 0x1001 tx timeout [ 309.936800][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 310.483250][ T7065] tipc: Enabled bearer , priority 0 [ 311.198972][ T7050] tipc: Disabling bearer [ 312.025309][ T4185] Bluetooth: hci5: command 0x1009 tx timeout [ 313.819258][ T7096] overlayfs: missing 'workdir' [ 315.392292][ T4247] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 316.592436][ T4247] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 316.871572][ T7123] Can't find ip_set type has [ 317.049324][ T4247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.060533][ T4247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.254697][ T4185] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 317.281529][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.287925][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.323505][ T4247] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 317.683376][ T4247] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 317.733683][ T4247] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 317.762707][ T4247] usb 5-1: Manufacturer: syz [ 317.800581][ T4247] usb 5-1: config 0 descriptor?? [ 317.872774][ T4185] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 317.887870][ T4185] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 317.908032][ T4185] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 317.924885][ T4185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.948619][ T4185] usb 1-1: config 0 descriptor?? [ 318.142510][ T4247] usbhid 5-1:0.0: can't add hid device: -71 [ 318.150760][ T4247] usbhid: probe of 5-1:0.0 failed with error -71 [ 318.216631][ T4247] usb 5-1: USB disconnect, device number 12 [ 318.222332][ T4185] Bluetooth: Can't get state to change to load ram patch err [ 318.234224][ T4185] Bluetooth: Loading patch file failed [ 318.255533][ T4185] ath3k: probe of 1-1:0.0 failed with error -71 [ 318.298859][ T4185] usb 1-1: USB disconnect, device number 17 [ 318.733256][ T7146] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 323.192303][ T4225] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 323.676057][ T4225] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 323.697166][ T4225] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.113102][ T4225] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.135467][ T4225] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 324.232451][ T4225] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 324.457262][ T4225] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 324.475705][ T4225] usb 1-1: Manufacturer: syz [ 324.497666][ T4225] usb 1-1: config 0 descriptor?? [ 324.697447][ T7197] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 325.622572][ T4225] usbhid 1-1:0.0: can't add hid device: -71 [ 325.628538][ T4225] usbhid: probe of 1-1:0.0 failed with error -71 [ 325.678901][ T4225] usb 1-1: USB disconnect, device number 18 [ 327.614017][ T7221] netlink: 40 bytes leftover after parsing attributes in process `syz.0.865'. [ 329.093199][ T7244] netlink: 8 bytes leftover after parsing attributes in process `syz.0.871'. [ 332.532425][ T4226] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 332.812262][ T4226] usb 2-1: device descriptor read/64, error -71 [ 333.092336][ T4226] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 333.852301][ T4226] usb 2-1: device descriptor read/64, error -71 [ 333.972465][ T4226] usb usb2-port1: attempt power cycle [ 334.382347][ T4226] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 334.473313][ T4226] usb 2-1: device descriptor read/8, error -71 [ 334.772325][ T4226] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 334.862520][ T4226] usb 2-1: device descriptor read/8, error -71 [ 334.993212][ T4226] usb usb2-port1: unable to enumerate USB device [ 337.077355][ T7309] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 337.084009][ T7309] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 337.214993][ T7309] vhci_hcd vhci_hcd.0: Device attached [ 337.250000][ T7310] vhci_hcd: connection closed [ 337.251950][ T4302] vhci_hcd: stop threads [ 337.283160][ T4302] vhci_hcd: release socket [ 337.287786][ T4302] vhci_hcd: disconnect device [ 337.652531][ T7327] Can't find ip_set type hash:net,n [ 338.201967][ T7338] process 'syz.4.894' launched './file2' with NULL argv: empty string added [ 340.682302][ T4247] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 341.318366][ T7362] fuse: Invalid rootmode [ 341.782476][ T4247] usb 5-1: no configurations [ 341.789584][ T4247] usb 5-1: can't read configurations, error -22 [ 342.049265][ T4247] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 342.862995][ T7366] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11) [ 342.869655][ T7366] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 342.877552][ T7366] vhci_hcd vhci_hcd.0: Device attached [ 342.914958][ T7368] vhci_hcd: connection closed [ 342.916127][ T156] vhci_hcd: stop threads [ 342.981955][ T156] vhci_hcd: release socket [ 343.030325][ T156] vhci_hcd: disconnect device [ 343.232524][ T4247] usb 5-1: device descriptor read/all, error -71 [ 343.239205][ T4247] usb usb5-port1: attempt power cycle [ 343.626437][ T7378] Can't find ip_set type hash:net,n [ 348.954986][ T7415] device syzkaller0 entered promiscuous mode [ 351.046557][ T7412] fuse: Invalid rootmode [ 352.299107][ T7429] Can't find ip_set type hash:net,n [ 352.350088][ T7434] netlink: zone id is out of range [ 352.689084][ T4226] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 353.751090][ T7443] netlink: 12 bytes leftover after parsing attributes in process `syz.1.920'. [ 353.990606][ T7435] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 353.997223][ T7435] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 354.021643][ T7435] vhci_hcd vhci_hcd.0: Device attached [ 354.022529][ T4226] usb 3-1: no configurations [ 354.031802][ T4226] usb 3-1: can't read configurations, error -22 [ 354.092316][ T7446] vhci_hcd: connection closed [ 354.092692][ T4275] vhci_hcd: stop threads [ 354.212834][ T4275] vhci_hcd: release socket [ 354.222481][ T4226] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 354.235219][ T4275] vhci_hcd: disconnect device [ 354.336162][ T4233] vhci_hcd: vhci_device speed not set [ 354.593388][ T4226] usb 3-1: no configurations [ 355.148284][ T4226] usb 3-1: can't read configurations, error -22 [ 355.176289][ T4226] usb usb3-port1: attempt power cycle [ 357.134104][ T7480] device syzkaller0 entered promiscuous mode [ 358.197544][ T7483] Can't find ip_set type hash:net,ne [ 358.762314][ T7469] fuse: Invalid rootmode [ 360.562551][ T7492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.932'. [ 361.035140][ T7499] qnx4: no qnx4 filesystem (no root dir). [ 361.303534][ T4247] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 361.632414][ T4247] usb 1-1: no configurations [ 361.832887][ T4247] usb 1-1: can't read configurations, error -22 [ 362.039693][ T4247] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 362.101149][ T4275] Bluetooth: hci5: Frame reassembly failed (-84) [ 362.565249][ T4247] usb 1-1: no configurations [ 362.580356][ T4247] usb 1-1: can't read configurations, error -22 [ 362.700661][ T4247] usb usb1-port1: attempt power cycle [ 363.517718][ T4247] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 363.852367][ T4247] usb 1-1: device descriptor read/8, error -71 [ 364.004366][ T7534] device syzkaller0 entered promiscuous mode [ 364.188540][ T4226] Bluetooth: hci5: command 0x1003 tx timeout [ 364.195143][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 364.997224][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.945'. [ 365.521312][ T7553] overlayfs: failed to resolve './file1': -2 [ 365.772308][ T4247] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 365.992275][ T4247] usb 1-1: device descriptor read/64, error -71 [ 366.380338][ T4247] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 366.435654][ T7562] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11) [ 366.442303][ T7562] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 366.450690][ T7562] vhci_hcd vhci_hcd.0: Device attached [ 366.570571][ T4226] Bluetooth: hci5: command 0x1001 tx timeout [ 366.602426][ T4247] usb 1-1: device descriptor read/64, error -71 [ 366.722907][ T4247] usb usb1-port1: attempt power cycle [ 366.732362][ T4333] usb 37-1: new high-speed USB device number 2 using vhci_hcd [ 367.132450][ T4247] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 367.193588][ T7563] vhci_hcd: connection reset by peer [ 367.200954][ T4301] vhci_hcd: stop threads [ 367.206329][ T4301] vhci_hcd: release socket [ 367.222947][ T4247] usb 1-1: device descriptor read/8, error -71 [ 367.250884][ T4301] vhci_hcd: disconnect device [ 367.492553][ T4247] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 367.587845][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 367.592593][ T4247] usb 1-1: device descriptor read/8, error -71 [ 367.750807][ T4247] usb usb1-port1: unable to enumerate USB device [ 367.936749][ T7573] Can't find ip_set type hash:net,ne [ 369.077209][ T21] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 369.850271][ T4185] Bluetooth: hci5: command 0x1009 tx timeout [ 370.346453][ T7602] fuse: Bad value for 'rootmode' [ 370.363407][ T21] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 370.514550][ T21] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 370.562735][ T21] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 370.592328][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.674457][ T21] usb 3-1: config 0 descriptor?? [ 370.932731][ T21] usb 3-1: USB disconnect, device number 13 [ 371.681444][ T7614] netlink: 'syz.3.962': attribute type 1 has an invalid length. [ 371.789640][ T7614] device bond1 entered promiscuous mode [ 371.805271][ T7614] 8021q: adding VLAN 0 to HW filter on device bond1 [ 371.864130][ T4333] vhci_hcd: vhci_device speed not set [ 373.867848][ T7620] 8021q: adding VLAN 0 to HW filter on device bond1 [ 373.881059][ T7620] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 373.918859][ T7620] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode [ 373.930813][ T7620] bond1: (slave vcan1): Error -22 calling dev_set_mtu [ 373.997525][ T4226] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 374.242266][ T4226] usb 3-1: device descriptor read/64, error -71 [ 375.703484][ T4226] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 377.234417][ T151] block nbd3: Attempted send on invalid socket [ 377.240735][ T151] blk_update_request: I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 378.695804][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.702138][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.282536][ T7702] netlink: 16 bytes leftover after parsing attributes in process `syz.1.981'. [ 380.472385][ T4225] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 380.763243][ T4307] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 381.443435][ T4225] usb 2-1: Using ep0 maxpacket: 32 [ 381.663868][ T7717] atomic_op ffff88807cfc0998 conn xmit_atomic 0000000000000000 [ 381.982252][ T4307] usb 5-1: device descriptor read/64, error -71 [ 381.992489][ T4225] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 382.011052][ T4225] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 382.024760][ T4225] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 382.036957][ T4225] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 382.049635][ T4225] usb 2-1: config 1 has no interface number 0 [ 382.069880][ T4225] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 382.079994][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.134305][ T4225] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 382.252252][ T4307] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 382.342624][ T4225] snd_usb_pod 2-1:1.1: endpoint not available, using fallback values [ 382.375829][ T4225] snd_usb_pod 2-1:1.1: invalid control EP [ 382.401913][ T4225] snd_usb_pod 2-1:1.1: cannot start listening: -22 [ 382.442897][ T4225] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 382.462311][ T4307] usb 5-1: device descriptor read/64, error -71 [ 382.484582][ T4225] snd_usb_pod: probe of 2-1:1.1 failed with error -22 [ 382.774363][ T4307] usb usb5-port1: attempt power cycle [ 382.803294][ T4233] usb 2-1: USB disconnect, device number 18 [ 384.379354][ T7745] blk_update_request: I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 384.391544][ T7745] exFAT-fs (loop2): unable to read boot sector [ 384.398012][ T7745] exFAT-fs (loop2): failed to read boot sector [ 384.404286][ T7745] exFAT-fs (loop2): failed to recognize exfat type [ 384.573259][ T7745] netlink: 'syz.2.992': attribute type 83 has an invalid length. [ 385.184484][ T4226] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 385.602469][ T4226] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 385.610835][ T4226] usb 4-1: config 0 has no interface number 0 [ 385.864912][ T4226] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 385.891320][ T4226] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.935928][ T4226] usb 4-1: Product: syz [ 385.959897][ T4226] usb 4-1: Manufacturer: syz [ 385.980626][ T4226] usb 4-1: SerialNumber: syz [ 386.258224][ T4226] usb 4-1: config 0 descriptor?? [ 386.743818][ T4225] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 386.767649][ T4225] Bluetooth: hci1: Injecting HCI hardware error event [ 386.848943][ T147] Bluetooth: hci1: hardware error 0x00 [ 386.952406][ T4226] usb 4-1: atusb_control_msg: req 0x21 val 0x0 idx 0x1f, error -71 [ 386.970105][ T7782] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.982062][ T4226] usb 4-1: Firmware version (0.0) predates our first public release. [ 387.003631][ T7782] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.042438][ T4226] usb 4-1: Please update to version 0.2 or newer [ 387.092367][ T4226] usb 4-1: atusb_probe: initialization failed, error = -71 [ 387.138008][ T4226] atusb: probe of 4-1:0.128 failed with error -71 [ 387.191267][ T4226] usb 4-1: USB disconnect, device number 14 [ 388.462363][ T4226] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 388.732303][ T4226] usb 4-1: Using ep0 maxpacket: 32 [ 389.022453][ T4226] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 389.050478][ T4226] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.255347][ T4226] usb 4-1: Product: syz [ 389.263682][ T4226] usb 4-1: Manufacturer: syz [ 389.273941][ T4226] usb 4-1: SerialNumber: syz [ 389.317264][ T4226] usb 4-1: config 0 descriptor?? [ 389.396887][ T4226] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 389.968679][ T7833] udc-core: couldn't find an available UDC or it's busy [ 389.999670][ T7833] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 390.143389][ T4226] gspca_ov534_9: reg_w failed -110 [ 391.552375][ T4226] gspca_ov534_9: Unknown sensor 0000 [ 391.552443][ T4226] ov534_9: probe of 4-1:0.0 failed with error -22 [ 393.145682][ T7860] vivid-001: kernel_thread() failed [ 394.878860][ T7871] UBIFS error (pid: 7871): cannot open "(null)", error -22 [ 395.212263][ T4233] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 395.482296][ T4233] usb 2-1: Using ep0 maxpacket: 8 [ 395.602457][ T4233] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 395.626375][ T4233] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 395.670945][ T4233] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 395.719267][ T4233] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 395.767067][ T4233] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.843160][ T4233] hub 2-1:1.0: bad descriptor, ignoring hub [ 395.859408][ T4233] hub: probe of 2-1:1.0 failed with error -5 [ 395.872097][ T4233] cdc_wdm 2-1:1.0: skipping garbage [ 395.878355][ T4233] cdc_wdm 2-1:1.0: skipping garbage [ 395.905376][ T4233] cdc_wdm: probe of 2-1:1.0 failed with error -22 [ 396.052357][ T7871] udc-core: couldn't find an available UDC or it's busy [ 396.093358][ T7871] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 396.185148][ T4307] usb 4-1: USB disconnect, device number 15 [ 396.606533][ T4226] usb 2-1: USB disconnect, device number 19 [ 397.914522][ T7906] device syzkaller0 entered promiscuous mode [ 398.582997][ T7921] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1030'. [ 399.745941][ T7921] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.921817][ T7921] bridge0: port 2(bridge_slave_1) entered disabled state [ 400.402712][ T7949] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1037'. [ 406.986061][ T8015] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1051'. [ 408.032328][ T4307] Bluetooth: hci5: command 0x1003 tx timeout [ 408.038835][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 408.791270][ T8032] input: syz1 as /devices/virtual/input/input28 [ 410.463562][ T4307] Bluetooth: hci5: command 0x1001 tx timeout [ 410.469704][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 412.502457][ T4226] Bluetooth: hci5: command 0x1009 tx timeout [ 412.687211][ T8060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1064'. [ 413.422235][ T8064] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 413.430712][ T8064] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 413.439758][ T8064] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 415.090256][ T8071] wlan0 speed is unknown, defaulting to 1000 [ 415.196431][ T8083] netlink: 'syz.4.1069': attribute type 29 has an invalid length. [ 415.204580][ T8083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1069'. [ 415.723226][ T8083] netlink: 'syz.4.1069': attribute type 29 has an invalid length. [ 415.741526][ T8083] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1069'. [ 416.048262][ T8071] chnl_net:caif_netlink_parms(): no params data found [ 417.003689][ T4247] Bluetooth: hci6: command 0x0409 tx timeout [ 417.043397][ T8071] bridge0: port 1(bridge_slave_0) entered blocking state [ 417.092616][ T8071] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.114505][ T8071] device bridge_slave_0 entered promiscuous mode [ 417.155878][ T8102] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 417.244157][ T8071] bridge0: port 2(bridge_slave_1) entered blocking state [ 417.270751][ T8071] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.273507][ T8102] CIFS mount error: No usable UNC path provided in device string! [ 417.273507][ T8102] [ 417.305947][ T8071] device bridge_slave_1 entered promiscuous mode [ 417.348561][ T8102] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 417.426616][ T8071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.473648][ T8071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 418.208639][ T8071] team0: Port device team_slave_0 added [ 418.251584][ T8071] team0: Port device team_slave_1 added [ 418.397464][ T8116] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1076'. [ 418.417803][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.451368][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.742503][ T8071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 418.912376][ T8071] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 418.920937][ T8071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.954415][ T8071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 419.072765][ T4226] Bluetooth: hci6: command 0x041b tx timeout [ 419.336945][ T8071] device hsr_slave_0 entered promiscuous mode [ 419.350419][ T8071] device hsr_slave_1 entered promiscuous mode [ 419.458931][ T8071] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 419.855777][ T8071] Cannot create hsr debugfs directory [ 420.426554][ T8071] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 420.535787][ T8071] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 420.581509][ T8071] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 420.601496][ T8071] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 421.236166][ T4226] Bluetooth: hci6: command 0x040f tx timeout [ 421.641666][ T8071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 421.670788][ T8071] 8021q: adding VLAN 0 to HW filter on device team0 [ 421.768788][ T8071] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 421.814625][ T8071] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 421.851246][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 421.869535][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 421.896230][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 421.921715][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 421.942346][ T4307] Bluetooth: hci4: command 0x1003 tx timeout [ 421.948557][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 421.962559][ T7748] bridge0: port 1(bridge_slave_0) entered blocking state [ 421.969834][ T7748] bridge0: port 1(bridge_slave_0) entered forwarding state [ 422.010122][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 422.043973][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 422.066405][ T7748] bridge0: port 2(bridge_slave_1) entered blocking state [ 422.073592][ T7748] bridge0: port 2(bridge_slave_1) entered forwarding state [ 422.105075][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 422.130744][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 422.150231][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 422.170572][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 422.190729][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 422.202767][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 422.221922][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 422.238278][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 422.250624][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 422.259658][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 422.303730][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 422.336776][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 422.350264][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 423.205332][ T144] Bluetooth: hci5: Frame reassembly failed (-84) [ 423.350478][ T4226] Bluetooth: hci6: command 0x0419 tx timeout [ 424.143885][ T4185] Bluetooth: hci4: command 0x1001 tx timeout [ 424.151351][ T4192] Bluetooth: hci4: sending frame failed (-49) [ 424.357526][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 424.365813][ T7748] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 424.389514][ T8071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.673014][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 424.682059][ T145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 424.891012][ T8071] device veth0_vlan entered promiscuous mode [ 424.908065][ T8071] device veth1_vlan entered promiscuous mode [ 424.956480][ T8071] device veth0_macvtap entered promiscuous mode [ 424.977200][ T8071] device veth1_macvtap entered promiscuous mode [ 425.011961][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.029707][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.041204][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.059939][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.073755][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.091648][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.102215][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.119913][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.194188][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.206857][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 425.232484][ T4233] Bluetooth: hci5: command 0x1003 tx timeout [ 425.239729][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 425.256849][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 425.265353][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 425.303014][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 425.339651][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 425.401588][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 425.459848][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 425.509326][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 425.926063][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.042452][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.062311][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.082419][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.093293][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.104591][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.115660][ T8071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 426.152392][ T8071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 426.187352][ T4225] Bluetooth: hci4: command 0x1009 tx timeout [ 426.187486][ T8071] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 426.205526][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 426.244798][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 426.306132][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 426.411654][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 426.466340][ T4303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 426.642658][ T8071] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.674305][ T8071] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.685825][ T8071] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.697250][ T8071] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.800378][ T4303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.857058][ T4303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.885749][ T4302] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 426.904005][ T6866] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.941095][ T6866] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.998400][ T6866] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 427.319731][ T4333] Bluetooth: hci5: command 0x1001 tx timeout [ 427.330694][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 429.556362][ T4233] Bluetooth: hci5: command 0x1009 tx timeout [ 431.372296][ T4225] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 431.829489][ T4225] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 431.849681][ T4225] usb 5-1: config 0 has no interface number 0 [ 431.878361][ T4225] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 431.915723][ T4225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.973399][ T4225] usb 5-1: config 0 descriptor?? [ 432.050390][ T4225] usb 5-1: selecting invalid altsetting 1 [ 432.062284][ T4225] dvb_ttusb_budget: ttusb_init_controller: error [ 432.089221][ T4225] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 432.348425][ T4225] DVB: Unable to find symbol cx22700_attach() [ 432.635408][ T4225] DVB: Unable to find symbol tda10046_attach() [ 432.641796][ T4225] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 433.381265][ T4225] usb 5-1: USB disconnect, device number 19 [ 434.743642][ T8311] device syzkaller0 entered promiscuous mode [ 436.810921][ T4247] Process accounting resumed [ 439.249815][ T4327] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 439.631330][ T8379] device syzkaller0 entered promiscuous mode [ 440.193120][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.233792][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 447.256148][ T8440] device syzkaller0 entered promiscuous mode [ 448.464749][ T8448] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 449.503781][ T8452] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1153'. [ 450.784248][ T8467] device syzkaller0 entered promiscuous mode [ 451.151155][ T8469] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1158'. [ 452.362831][ T8481] device syzkaller0 entered promiscuous mode [ 452.591057][ T8490] netlink: set zone limit has 8 unknown bytes [ 452.612505][ T4225] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 452.692407][ T7] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 453.322451][ T4225] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 453.373905][ T4225] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 453.412472][ T7] usb 4-1: config 36 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 453.433560][ T4225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.493504][ T4225] usb 5-1: config 0 descriptor?? [ 453.527662][ T8505] netlink: 188 bytes leftover after parsing attributes in process `syz.0.1168'. [ 453.650368][ T4225] usbhid 5-1:0.0: can't add hid device: -22 [ 453.657344][ T4225] usbhid: probe of 5-1:0.0 failed with error -22 [ 453.683103][ T7] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 453.694861][ T7] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 454.490759][ T7] usb 4-1: Manufacturer: syz [ 454.496503][ T7] usb 4-1: SerialNumber: syz [ 454.532595][ T8487] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 454.842001][ T7] usbhid 4-1:36.0: couldn't find an input interrupt endpoint [ 455.466829][ T8517] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0 [ 455.839329][ T7] usb 4-1: USB disconnect, device number 16 [ 457.472341][ T4225] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 457.852647][ T4225] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 457.872766][ T4225] usb 2-1: config 0 has no interface number 0 [ 457.920248][ T4225] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 457.974570][ T4307] usb 5-1: USB disconnect, device number 20 [ 458.034386][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.304482][ T4225] usb 2-1: config 0 descriptor?? [ 458.714017][ T4225] usb 2-1: selecting invalid altsetting 1 [ 458.719966][ T4225] dvb_ttusb_budget: ttusb_init_controller: error [ 459.311409][ T4225] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 459.409789][ T4225] DVB: Unable to find symbol cx22700_attach() [ 461.044833][ T4225] DVB: Unable to find symbol tda10046_attach() [ 461.511367][ T4225] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 461.537733][ T4225] usb 2-1: USB disconnect, device number 20 [ 463.342549][ T8599] device syzkaller0 entered promiscuous mode [ 464.183652][ T26] audit: type=1326 audit(1756255082.332:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8596 comm="syz.4.1195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f513f5bcbe9 code=0x7fc00000 [ 465.314179][ T1324] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 465.732496][ T1324] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 465.768985][ T1324] usb 2-1: config 0 has no interface number 0 [ 465.854935][ T1324] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 465.982755][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.110761][ T1324] usb 2-1: config 0 descriptor?? [ 466.227104][ T1324] usb 2-1: selecting invalid altsetting 1 [ 466.262461][ T1324] dvb_ttusb_budget: ttusb_init_controller: error [ 466.289314][ T1324] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 466.520622][ T1324] DVB: Unable to find symbol cx22700_attach() [ 466.610679][ T1324] DVB: Unable to find symbol tda10046_attach() [ 466.621003][ T1324] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 466.660815][ T1324] usb 2-1: USB disconnect, device number 21 [ 466.672391][ T4225] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 467.042517][ T4225] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 467.056313][ T4225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.294643][ T4225] usb 5-1: config 0 descriptor?? [ 467.767678][ T4225] gspca_main: spca508-2.14.0 probing 8086:0110 [ 468.590066][ T4225] gspca_spca508: reg_read err -32 [ 469.012361][ T4225] gspca_spca508: reg_read err -71 [ 469.417278][ T4225] gspca_spca508: reg_read err -71 [ 469.422449][ T7] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 469.442358][ T4225] gspca_spca508: reg_read err -71 [ 469.462498][ T4225] gspca_spca508: reg write: error -71 [ 469.468069][ T4225] spca508: probe of 5-1:0.0 failed with error -71 [ 469.478397][ T4225] usb 5-1: USB disconnect, device number 21 [ 469.582231][ T1324] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 469.802580][ T7] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 469.823007][ T7] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 469.844999][ T7] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 469.864383][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.903248][ T8648] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 469.964033][ T1324] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 469.989004][ T1324] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.997623][ T4225] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 470.032088][ T1324] usb 2-1: config 0 descriptor?? [ 470.084083][ T1324] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 470.138761][ T7] usb 6-1: USB disconnect, device number 2 [ 470.393354][ T4225] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 470.401918][ T4225] usb 5-1: config 0 has no interface number 0 [ 470.405677][ T8673] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1216'. [ 470.452225][ T4225] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 470.466360][ T4225] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.592927][ T1324] gspca_cpia1: usb_control_msg 03, error -71 [ 470.618491][ T4225] usb 5-1: config 0 descriptor?? [ 470.642341][ T1324] gspca_cpia1: usb_control_msg 01, error -71 [ 470.648455][ T1324] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0) [ 470.664304][ T4225] usb 5-1: selecting invalid altsetting 1 [ 470.670191][ T4225] dvb_ttusb_budget: ttusb_init_controller: error [ 470.715375][ T4225] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 470.972732][ T1324] usb 2-1: USB disconnect, device number 22 [ 471.050912][ T4225] DVB: Unable to find symbol cx22700_attach() [ 471.732322][ T4302] Bluetooth: hci4: Frame reassembly failed (-84) [ 472.004302][ T4225] DVB: Unable to find symbol tda10046_attach() [ 472.011235][ T4225] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 472.021008][ T4225] usb 5-1: USB disconnect, device number 22 [ 473.837904][ T4307] Bluetooth: hci4: command 0x1003 tx timeout [ 473.845252][ T147] Bluetooth: hci4: sending frame failed (-49) [ 476.072019][ T1108] Bluetooth: hci6: command 0x0405 tx timeout [ 477.787076][ T4307] Bluetooth: hci4: command 0x1001 tx timeout [ 477.793674][ T147] Bluetooth: hci4: sending frame failed (-49) [ 477.937136][ T8733] Set syz0 is full, maxelem 0 reached [ 479.137075][ T4307] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 479.914714][ T4185] Bluetooth: hci4: command 0x1009 tx timeout [ 480.072263][ T4185] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 480.252368][ T4307] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 480.268277][ T4307] usb 2-1: config 0 has no interface number 0 [ 480.281922][ T8751] wlan0 speed is unknown, defaulting to 1000 [ 480.288076][ T4307] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 480.318022][ T4307] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 480.343599][ T4307] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 480.361787][ T4307] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.393963][ T4307] usb 2-1: config 0 descriptor?? [ 480.418029][ T8733] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 480.454691][ T4307] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 480.472583][ T4185] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 480.486404][ T4185] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.523430][ T4185] usb 4-1: config 0 descriptor?? [ 480.615073][ T8754] input: syz1 as /devices/virtual/input/input29 [ 480.699685][ T8733] udc-core: couldn't find an available UDC or it's busy [ 480.731857][ T8733] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 480.757655][ T1108] usb 2-1: USB disconnect, device number 23 [ 483.022715][ T4185] usb 4-1: Cannot set autoneg [ 483.034732][ T4185] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 483.258243][ T4185] usb 4-1: USB disconnect, device number 17 [ 486.074346][ T8794] input: syz1 as /devices/virtual/input/input30 [ 487.952321][ T1108] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 489.132397][ T1108] usb 6-1: device descriptor read/all, error -71 [ 492.782992][ T8836] tipc: Enabling of bearer rejected, failed to enable media [ 493.210582][ T8843] tipc: Enabled bearer , priority 0 [ 493.218273][ T8843] device syzkaller0 entered promiscuous mode [ 493.872465][ T21] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 494.132311][ T21] usb 1-1: Using ep0 maxpacket: 32 [ 494.285479][ T8840] tipc: Resetting bearer [ 494.294218][ T8250] tipc: Node number set to 2903798867 [ 494.360468][ T8840] tipc: Disabling bearer [ 494.412494][ T21] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 494.524013][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.578250][ T21] usb 1-1: Product: syz [ 494.590514][ T21] usb 1-1: Manufacturer: syz [ 494.600091][ T21] usb 1-1: SerialNumber: syz [ 494.645842][ T21] usb 1-1: config 0 descriptor?? [ 494.818039][ T21] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 495.622337][ T21] gspca_ov534_9: reg_w failed -110 [ 495.672315][ T1108] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 495.922463][ T23] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 496.072448][ T1108] usb 6-1: config index 0 descriptor too short (expected 45, got 36) [ 496.092369][ T1108] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 496.120030][ T1108] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 496.172249][ T21] gspca_ov534_9: Unknown sensor 0000 [ 496.184318][ T21] ov534_9: probe of 1-1:0.0 failed with error -22 [ 496.281029][ T1108] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 496.321590][ T1108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.351527][ T1108] usb 6-1: config 0 descriptor?? [ 496.362403][ T23] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 496.392294][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.403619][ T8852] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 496.424628][ T1108] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 496.454395][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.473685][ T23] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 496.490238][ T1324] usb 1-1: USB disconnect, device number 27 [ 496.682460][ T23] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 496.708159][ T23] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 497.612592][ T8875] trusted_key: encrypted_key: insufficient parameters specified [ 497.954212][ T8875] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 498.363169][ T23] usb 4-1: Manufacturer: syz [ 498.370418][ T23] usb 4-1: config 0 descriptor?? [ 498.713691][ T8884] tipc: Enabled bearer , priority 0 [ 498.802588][ T8884] device syzkaller0 entered promiscuous mode [ 499.272314][ T23] usbhid 4-1:0.0: can't add hid device: -71 [ 499.278676][ T23] usbhid: probe of 4-1:0.0 failed with error -71 [ 499.346753][ T23] usb 4-1: USB disconnect, device number 18 [ 499.539879][ T1324] usb 6-1: USB disconnect, device number 5 [ 499.882021][ T8909] atomic_op ffff8880223c2198 conn xmit_atomic 0000000000000000 [ 500.268641][ T8890] tipc: Resetting bearer [ 500.301984][ T8890] tipc: Disabling bearer [ 501.554521][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.561011][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.722393][ T23] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 501.978312][ T8072] Bluetooth: Frame is too long (len 10, expected len 4) [ 502.612370][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 503.102311][ T23] usb 4-1: config 1 has an invalid interface number: 98 but max is 0 [ 503.133579][ T23] usb 4-1: config 1 has no interface number 0 [ 503.312535][ T23] usb 4-1: New USB device found, idVendor=04e8, idProduct=8001, bcdDevice=1f.78 [ 503.351210][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.392201][ T23] usb 4-1: Product: syz [ 503.417692][ T23] usb 4-1: Manufacturer: syz [ 503.446345][ T23] usb 4-1: SerialNumber: syz [ 503.482217][ T7] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 503.636900][ T23] usb 4-1: USB disconnect, device number 19 [ 503.852316][ T7] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 505.132939][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 505.145194][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 505.162662][ T7] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 505.312521][ T7] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 506.251547][ T7] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 506.283818][ T7] usb 2-1: Manufacturer: syz [ 506.416075][ T7] usb 2-1: config 0 descriptor?? [ 506.443209][ T7] usb 2-1: can't set config #0, error -71 [ 506.471255][ T7] usb 2-1: USB disconnect, device number 24 [ 506.649166][ T8956] tipc: Enabled bearer , priority 0 [ 506.657072][ T8956] device syzkaller0 entered promiscuous mode [ 507.277581][ T8954] tipc: Resetting bearer [ 507.613827][ T8954] tipc: Disabling bearer [ 509.651437][ T8976] serio: Serial port ptm0 [ 510.652311][ T23] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 511.092392][ T23] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 511.191679][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.294208][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 511.314861][ T23] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 511.412454][ T23] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 511.459638][ T23] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 511.506070][ T23] usb 4-1: Manufacturer: syz [ 511.554970][ T23] usb 4-1: config 0 descriptor?? [ 511.722214][ T7] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 511.819077][ T8982] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1299'. [ 512.042241][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 512.143374][ T23] appleir 0003:05AC:8243.000E: unknown main item tag 0x0 [ 512.154369][ T23] appleir 0003:05AC:8243.000E: No inputs registered, leaving [ 512.222594][ T7] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 512.342552][ T7] usb 1-1: config 0 has no interface number 0 [ 512.379198][ T7] usb 1-1: config 0 interface 184 has no altsetting 0 [ 512.446836][ T7748] Bluetooth: hci4: Frame reassembly failed (-84) [ 512.583903][ T7] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 512.642616][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.709222][ T7] usb 1-1: Product: syz [ 512.873412][ T7] usb 1-1: Manufacturer: syz [ 512.873846][ T23] appleir 0003:05AC:8243.000E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 512.883350][ T7] usb 1-1: SerialNumber: syz [ 512.910427][ T7] usb 1-1: config 0 descriptor?? [ 512.959130][ T7] smsc75xx v1.0.0 [ 513.972502][ T7] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 513.994723][ T7] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 514.138128][ T9012] device syzkaller0 entered promiscuous mode [ 514.202756][ T4233] usb 4-1: USB disconnect, device number 20 [ 514.505318][ T1324] Bluetooth: hci4: command 0x1003 tx timeout [ 514.515464][ T4327] Bluetooth: hci4: Frame reassembly failed (-84) [ 514.533097][ T9017] serio: Serial port ptm1 [ 516.684647][ T4247] Bluetooth: hci4: command 0x1001 tx timeout [ 516.898653][ T9028] netlink: 'syz.0.1313': attribute type 12 has an invalid length. [ 516.922227][ T147] Bluetooth: Frame is too long (len 10, expected len 4) [ 516.984013][ T7] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 516.995891][ T147] Bluetooth: hci4: sending frame failed (-49) [ 516.995895][ T7] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 517.002038][ T7] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 517.003432][ T7] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 517.032755][ T7] usb 1-1: USB disconnect, device number 28 [ 517.369700][ T26] audit: type=1804 audit(1756255135.572:5): pid=9033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1313" name="bus" dev="ramfs" ino=52373 res=1 errno=0 [ 517.406320][ T26] audit: type=1804 audit(1756255135.582:6): pid=9033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1313" name="bus" dev="ramfs" ino=52373 res=1 errno=0 [ 518.672232][ T7] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 519.579729][ T23] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 519.588188][ T1108] Bluetooth: hci4: command 0x1009 tx timeout [ 519.796509][ T9062] serio: Serial port ptm1 [ 519.882426][ T7] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 519.895152][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 519.906258][ T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.916113][ T7] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 519.972498][ T23] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 519.981008][ T23] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 519.991746][ T23] usb 2-1: config 220 has no interface number 2 [ 519.998184][ T23] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 520.002302][ T7] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 520.011832][ T23] usb 2-1: config 220 interface 0 has no altsetting 0 [ 520.026714][ T7] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 520.027725][ T23] usb 2-1: config 220 interface 76 has no altsetting 0 [ 520.036057][ T7] usb 1-1: Manufacturer: syz [ 520.048230][ T23] usb 2-1: config 220 interface 1 has no altsetting 0 [ 520.053649][ T7] usb 1-1: config 0 descriptor?? [ 520.242340][ T23] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 520.251794][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.259905][ T23] usb 2-1: Product: syz [ 520.264207][ T23] usb 2-1: Manufacturer: syz [ 520.268814][ T23] usb 2-1: SerialNumber: syz [ 520.300707][ T9046] netlink: 320 bytes leftover after parsing attributes in process `syz.0.1319'. [ 520.628745][ T7] appleir 0003:05AC:8243.000F: unknown main item tag 0x0 [ 520.637083][ T7] appleir 0003:05AC:8243.000F: No inputs registered, leaving [ 520.643399][ T23] usb 2-1: selecting invalid altsetting 0 [ 520.647160][ T7] appleir 0003:05AC:8243.000F: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 521.508460][ T23] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 522.126308][ T23] usb 2-1: No valid video chain found. [ 522.248605][ T23] usb 2-1: selecting invalid altsetting 0 [ 522.274393][ T23] usbtest: probe of 2-1:220.1 failed with error -22 [ 522.284691][ T26] audit: type=1326 audit(1756255140.492:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.349965][ T23] usb 2-1: USB disconnect, device number 25 [ 522.356057][ T26] audit: type=1326 audit(1756255140.552:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.442752][ T26] audit: type=1326 audit(1756255140.552:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.491958][ T26] audit: type=1326 audit(1756255140.552:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.534427][ T26] audit: type=1326 audit(1756255140.552:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.559665][ T26] audit: type=1326 audit(1756255140.552:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f5eedc68de9 code=0x7ffc0000 [ 522.742441][ T26] audit: type=1326 audit(1756255140.552:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 522.795234][ T9092] Set syz0 is full, maxelem 0 reached [ 522.822609][ T4185] usb 1-1: USB disconnect, device number 29 [ 523.393475][ T9103] tipc: Enabled bearer , priority 0 [ 523.401008][ T9103] device syzkaller0 entered promiscuous mode [ 523.520139][ T8072] Bluetooth: Frame is too long (len 10, expected len 4) [ 523.522272][ T1108] usb 6-1: new low-speed USB device number 6 using dummy_hcd [ 523.530397][ T26] audit: type=1326 audit(1756255140.552:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 523.680281][ T9096] tipc: Resetting bearer [ 523.695854][ T9096] tipc: Disabling bearer [ 523.892343][ T26] audit: type=1326 audit(1756255140.552:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 523.964506][ T1108] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 524.065425][ T1108] usb 6-1: config 0 has no interface number 0 [ 524.089720][ T1108] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 524.132425][ T26] audit: type=1326 audit(1756255140.552:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 524.162335][ T1108] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 524.178596][ T1108] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 524.190638][ T1108] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.219984][ T26] audit: type=1326 audit(1756255140.552:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 524.249383][ T1108] usb 6-1: config 0 descriptor?? [ 524.272907][ T9092] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 524.319090][ T26] audit: type=1326 audit(1756255140.562:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9075 comm="syz.5.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f5eedcccbe9 code=0x7ffc0000 [ 524.323628][ T1108] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 524.546808][ T9092] udc-core: couldn't find an available UDC or it's busy [ 524.713902][ T9092] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 525.420141][ T4247] usb 6-1: USB disconnect, device number 6 [ 525.426112][ C0] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 525.716718][ T9140] Set syz1 is full, maxelem 65536 reached [ 530.369714][ T9199] Set syz0 is full, maxelem 0 reached [ 530.532936][ T4333] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 530.901478][ T4333] usb 1-1: Using ep0 maxpacket: 32 [ 531.006625][ T4337] Bluetooth: hci4: Frame reassembly failed (-84) [ 531.516973][ T4185] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 531.554054][ T4333] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 531.583786][ T4333] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.595728][ T4333] usb 1-1: Product: syz [ 531.602605][ T4333] usb 1-1: Manufacturer: syz [ 531.607317][ T4333] usb 1-1: SerialNumber: syz [ 531.635213][ T4333] usb 1-1: config 0 descriptor?? [ 531.694033][ T4333] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 531.912358][ T4185] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 531.930626][ T4185] usb 4-1: config 0 has no interface number 0 [ 531.936873][ T4185] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 531.959423][ T4185] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 531.996504][ T4185] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 532.006022][ T4185] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.035255][ T4185] usb 4-1: config 0 descriptor?? [ 532.062573][ T9199] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 532.182419][ C1] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:17 [ 532.370685][ T4185] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 532.444772][ T9198] udc-core: couldn't find an available UDC or it's busy [ 532.559352][ T4333] gspca_ov534_9: reg_w failed -110 [ 532.573948][ T9198] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 532.612906][ T9199] udc-core: couldn't find an available UDC or it's busy [ 532.622622][ T9199] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 533.152300][ T4333] gspca_ov534_9: Unknown sensor 0000 [ 533.152648][ T4333] ov534_9: probe of 1-1:0.0 failed with error -22 [ 533.528707][ T4333] Bluetooth: hci4: command 0x1003 tx timeout [ 533.544280][ T147] Bluetooth: hci4: sending frame failed (-49) [ 533.557141][ T4333] usb 4-1: USB disconnect, device number 21 [ 533.572164][ C1] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 534.607499][ T9232] tipc: Enabled bearer , priority 0 [ 534.615247][ T9232] device syzkaller0 entered promiscuous mode [ 535.821745][ T4225] Bluetooth: hci4: command 0x1001 tx timeout [ 535.828362][ T147] Bluetooth: hci4: sending frame failed (-49) [ 535.840164][ T9229] tipc: Resetting bearer [ 535.892260][ T9022] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 535.914247][ T9229] tipc: Disabling bearer [ 536.252955][ T9022] usb 5-1: config 127 has an invalid interface number: 127 but max is 0 [ 536.281775][ T9022] usb 5-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config [ 536.349102][ T9022] usb 5-1: config 127 has no interface number 0 [ 536.426609][ T9022] usb 5-1: New USB device found, idVendor=1bc7, idProduct=9201, bcdDevice=12.f5 [ 536.507119][ T9022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.603912][ T9022] option 5-1:127.127: GSM modem (1-port) converter detected [ 536.810774][ T9022] usb 5-1: USB disconnect, device number 23 [ 536.844674][ T9022] option 5-1:127.127: device disconnected [ 536.896538][ T4185] usb 1-1: USB disconnect, device number 30 [ 537.950910][ T4225] Bluetooth: hci4: command 0x1009 tx timeout [ 538.894965][ T9270] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 538.906289][ T9270] exFAT-fs (loop4): unable to read boot sector [ 538.912560][ T9270] exFAT-fs (loop4): failed to read boot sector [ 538.918773][ T9270] exFAT-fs (loop4): failed to recognize exfat type [ 538.939563][ T9270] netlink: 'syz.4.1373': attribute type 83 has an invalid length. [ 539.172222][ T4226] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 540.462442][ T4226] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 540.481022][ T4226] usb 2-1: config 0 has no interface number 0 [ 540.490063][ T9284] fuse: Unknown parameter 'ÿÿÿÿ0x0000000000000005ÿÿÿÿÿÿÿÿ00000000000000000000' [ 540.612016][ T4226] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 540.613287][ T4226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.661107][ T4226] usb 2-1: config 0 descriptor?? [ 541.040761][ T4226] usb 2-1: selecting invalid altsetting 1 [ 541.078357][ T4226] dvb_ttusb_budget: ttusb_init_controller: error [ 541.085288][ T4226] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 541.236623][ T4226] DVB: Unable to find symbol cx22700_attach() [ 542.261826][ T4226] DVB: Unable to find symbol tda10046_attach() [ 542.269997][ T4226] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 542.400767][ T4226] usb 2-1: USB disconnect, device number 26 [ 544.367255][ T9307] device syzkaller0 entered promiscuous mode [ 546.712569][ T4225] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 548.713374][ T9022] Bluetooth: hci4: command 0x1003 tx timeout [ 548.725155][ T147] Bluetooth: hci4: sending frame failed (-49) [ 548.762525][ T4225] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 548.777474][ T4225] usb 2-1: config 0 has no interface number 0 [ 548.786429][ T9356] Set syz0 is full, maxelem 0 reached [ 548.791622][ T4225] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 548.813682][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.858957][ T4225] usb 2-1: config 0 descriptor?? [ 548.904133][ T4225] usb 2-1: selecting invalid altsetting 1 [ 549.015863][ T4225] dvb_ttusb_budget: ttusb_init_controller: error [ 549.025893][ T4225] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 549.202846][ T9360] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1395'. [ 549.962189][ T9022] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 549.969937][ T4225] DVB: Unable to find symbol cx22700_attach() [ 550.012277][ T4225] DVB: Unable to find symbol tda10046_attach() [ 550.020234][ T4225] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 550.059461][ T4225] usb 2-1: USB disconnect, device number 27 [ 550.222427][ T1108] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 550.342551][ T9022] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 550.357193][ T9022] usb 1-1: config 0 has no interface number 0 [ 550.364091][ T9022] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 550.382002][ T9022] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 550.399526][ T9022] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 550.418432][ T9022] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 550.443557][ T9022] usb 1-1: config 0 descriptor?? [ 550.463135][ T9356] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 550.463325][ T21] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 550.487252][ T9022] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 550.602215][ T1108] usb 4-1: Using ep0 maxpacket: 16 [ 550.686054][ T9356] udc-core: couldn't find an available UDC or it's busy [ 550.693348][ T9356] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 550.701822][ T9022] usb 1-1: USB disconnect, device number 31 [ 550.707849][ C0] iowarrior 1-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 550.723195][ T1108] usb 4-1: config 1 has an invalid interface number: 214 but max is 0 [ 550.731724][ T1108] usb 4-1: config 1 has no interface number 0 [ 550.732544][ T21] usb 6-1: Using ep0 maxpacket: 16 [ 550.744508][ T1108] usb 4-1: config 1 interface 214 has no altsetting 0 [ 550.752458][ T4225] Bluetooth: hci4: command 0x1001 tx timeout [ 550.758770][ T147] Bluetooth: hci4: sending frame failed (-49) [ 550.862391][ T21] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 550.912496][ T1108] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02 [ 550.923508][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.931668][ T1108] usb 4-1: Product: syz [ 550.935948][ T1108] usb 4-1: Manufacturer: syz [ 550.940559][ T1108] usb 4-1: SerialNumber: syz [ 550.983112][ T1108] ums-alauda 4-1:1.214: USB Mass Storage device detected [ 551.042479][ T21] usb 6-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 551.051659][ T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 551.060236][ T21] usb 6-1: Product: syz [ 551.064754][ T21] usb 6-1: Manufacturer: syz [ 551.069484][ T21] usb 6-1: SerialNumber: syz [ 551.078020][ T21] usb 6-1: config 0 descriptor?? [ 551.125285][ T21] usb 6-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 551.228505][ T9022] usb 4-1: USB disconnect, device number 22 [ 551.341249][ T21] usb 6-1: USB disconnect, device number 7 [ 551.342492][ T4302] usb 6-1: Failed to submit usb control message: -71 [ 551.355343][ T4302] usb 6-1: unable to send the bmi data to the device: -71 [ 551.362757][ T4302] usb 6-1: unable to get target info from device [ 551.369113][ T4302] usb 6-1: could not get target info (-71) [ 551.375565][ T4302] usb 6-1: could not probe fw (-71) [ 551.532313][ T4225] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 551.912501][ T4225] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 551.921630][ T4225] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 551.932533][ T4225] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 551.943345][ T4225] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 551.954998][ T4225] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 552.084431][ T4225] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 552.101320][ T4225] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 552.118903][ T4225] usb 2-1: Product: syz [ 552.124770][ T4225] usb 2-1: Manufacturer: syz [ 552.183079][ T9395] serio: Serial port ptm1 [ 552.193390][ T4225] cdc_wdm 2-1:1.0: skipping garbage [ 552.202327][ T4225] cdc_wdm 2-1:1.0: skipping garbage [ 552.220014][ T4225] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 552.230126][ T4225] cdc_wdm 2-1:1.0: Unknown control protocol [ 552.456555][ T4225] usb 2-1: USB disconnect, device number 28 [ 552.774191][ T9401] block device autoloading is deprecated and will be removed. [ 553.506650][ T4256] Bluetooth: hci4: command 0x1009 tx timeout [ 553.742278][ T4225] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 553.869507][ T9411] Set syz0 is full, maxelem 0 reached [ 554.102870][ T4225] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 554.120677][ T4225] usb 4-1: config 0 has no interface number 0 [ 554.142345][ T4247] usb 1-1: new low-speed USB device number 32 using dummy_hcd [ 554.153720][ T4225] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 554.190353][ T4225] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.231738][ T4225] usb 4-1: config 0 descriptor?? [ 554.301688][ T4225] usb 4-1: selecting invalid altsetting 1 [ 554.310231][ T4225] dvb_ttusb_budget: ttusb_init_controller: error [ 554.319229][ T4225] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 554.563304][ T4225] DVB: Unable to find symbol cx22700_attach() [ 554.602225][ T4225] DVB: Unable to find symbol tda10046_attach() [ 554.608711][ T4225] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 554.617321][ T4247] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 554.631916][ T4247] usb 1-1: config 0 has no interface number 0 [ 554.638367][ T4247] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 554.670645][ T4225] usb 4-1: USB disconnect, device number 23 [ 554.719502][ T4247] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 554.743297][ T4247] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 554.752987][ T4247] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.803746][ T4247] usb 1-1: config 0 descriptor?? [ 554.855800][ T9411] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 554.982326][ T7] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 555.006060][ T4247] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 555.164362][ T9411] udc-core: couldn't find an available UDC or it's busy [ 555.268738][ T9411] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 555.302361][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 555.432576][ T7] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 555.453381][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.491442][ T7] usb 2-1: config 0 descriptor?? [ 555.677040][ T4247] usb 1-1: USB disconnect, device number 32 [ 555.714196][ T7] gspca_main: sq930x-2.14.0 probing 041e:403c [ 556.232540][ T7] gspca_sq930x: reg_r 001f failed -110 [ 556.238631][ T7] sq930x: probe of 2-1:0.0 failed with error -110 [ 556.665811][ T1324] usb 2-1: USB disconnect, device number 29 [ 557.612395][ T9443] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1420'. [ 557.616201][ T9445] serio: Serial port ptm0 [ 558.215218][ T9443] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1420'. [ 558.234090][ T9453] tipc: Enabling of bearer rejected, failed to enable media [ 558.645128][ T4247] usb 2-1: new full-speed USB device number 30 using dummy_hcd [ 558.842276][ T4247] usb 2-1: device descriptor read/64, error -71 [ 558.880859][ T9473] Set syz0 is full, maxelem 0 reached [ 559.024922][ T21] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 559.032704][ T4226] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 559.242022][ T4247] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 559.249751][ T1324] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 559.272283][ T21] usb 1-1: Using ep0 maxpacket: 32 [ 559.413046][ T4226] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 559.445486][ T4226] usb 4-1: config 0 has no interface number 0 [ 559.491775][ T4226] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 559.503967][ T4226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.592560][ T21] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 559.603097][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.611245][ T21] usb 1-1: Product: syz [ 559.625539][ T6866] Bluetooth: hci4: Frame reassembly failed (-84) [ 559.661261][ T4226] usb 4-1: config 0 descriptor?? [ 559.669867][ T21] usb 1-1: Manufacturer: syz [ 559.698830][ T21] usb 1-1: SerialNumber: syz [ 559.737182][ T4226] usb 4-1: selecting invalid altsetting 1 [ 559.797945][ T4226] dvb_ttusb_budget: ttusb_init_controller: error [ 559.814525][ T21] usb 1-1: config 0 descriptor?? [ 559.851232][ T4226] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 559.905907][ T21] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 559.985594][ T4226] DVB: Unable to find symbol cx22700_attach() [ 560.009038][ T4226] DVB: Unable to find symbol tda10046_attach() [ 560.012378][ T4247] usb 2-1: device descriptor read/64, error -71 [ 560.015448][ T4226] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 560.040907][ T4226] usb 4-1: USB disconnect, device number 24 [ 560.142464][ T4247] usb usb2-port1: attempt power cycle [ 560.182376][ T1324] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 560.190448][ T1324] usb 6-1: config 0 has no interface number 0 [ 560.196971][ T1324] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 560.208077][ T1324] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 560.218888][ T1324] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 560.227990][ T1324] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 560.239335][ T1324] usb 6-1: config 0 descriptor?? [ 560.262830][ T9473] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 560.286109][ T1324] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 560.430787][ T9480] udc-core: couldn't find an available UDC or it's busy [ 560.441413][ T9480] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 560.488509][ T9473] udc-core: couldn't find an available UDC or it's busy [ 560.507244][ T9473] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 560.613685][ T4247] usb 2-1: new full-speed USB device number 32 using dummy_hcd [ 560.642691][ T21] gspca_ov534_9: reg_w failed -110 [ 560.658994][ T4226] usb 6-1: USB disconnect, device number 8 [ 560.664938][ C1] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 561.222295][ T21] gspca_ov534_9: Unknown sensor 0000 [ 561.222647][ T21] ov534_9: probe of 1-1:0.0 failed with error -22 [ 561.472286][ T21] Bluetooth: hci4: command 0x1003 tx timeout [ 561.478511][ T4192] Bluetooth: hci4: sending frame failed (-49) [ 561.490121][ T9488] tipc: Failed to remove unknown binding: 66,1,1/2723373956:1616451030/1616451032 [ 561.500145][ T9488] tipc: Failed to remove unknown binding: 66,1,1/2723373956:1616451030/1616451032 [ 561.642544][ T4247] usb 2-1: device not accepting address 32, error -71 [ 562.225197][ T4226] usb 1-1: USB disconnect, device number 33 [ 562.914708][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.923306][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.139416][ T21] Bluetooth: hci5: command 0x1003 tx timeout [ 563.148537][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 563.160818][ T9506] tipc: Started in network mode [ 563.166811][ T9506] tipc: Node identity fa204e518b98, cluster identity 4711 [ 563.174977][ T9506] tipc: Enabled bearer , priority 0 [ 563.182883][ T9506] device syzkaller0 entered promiscuous mode [ 563.244137][ T9506] tipc: Resetting bearer [ 563.268831][ T9504] tipc: Resetting bearer [ 563.329933][ T9504] tipc: Disabling bearer [ 563.800938][ T4226] Bluetooth: hci4: command 0x1001 tx timeout [ 563.807113][ T4192] Bluetooth: hci4: sending frame failed (-49) [ 563.816583][ T9509] serio: Serial port ptm2 [ 564.202339][ T1324] usb 1-1: new full-speed USB device number 34 using dummy_hcd [ 564.517225][ T9523] Set syz0 is full, maxelem 0 reached [ 564.562344][ T1324] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 564.570627][ T1324] usb 1-1: config 0 has no interface number 0 [ 564.576943][ T1324] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 564.586184][ T1324] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.597449][ T1324] usb 1-1: config 0 descriptor?? [ 564.644110][ T1324] usb 1-1: selecting invalid altsetting 1 [ 564.650012][ T1324] dvb_ttusb_budget: ttusb_init_controller: error [ 564.657990][ T1324] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 564.688574][ T1324] DVB: Unable to find symbol cx22700_attach() [ 564.712024][ T1324] DVB: Unable to find symbol tda10046_attach() [ 564.718371][ T1324] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 564.809718][ T4226] usb 2-1: new low-speed USB device number 34 using dummy_hcd [ 564.861617][ T7] usb 1-1: USB disconnect, device number 34 [ 565.132243][ T21] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 565.203014][ T4226] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 565.211177][ T4226] usb 2-1: config 0 has no interface number 0 [ 565.217505][ T4226] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 565.228624][ T4226] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 565.239399][ T4226] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 565.248563][ T4226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.259580][ T4185] Bluetooth: hci5: command 0x1001 tx timeout [ 565.266943][ T4226] usb 2-1: config 0 descriptor?? [ 565.272239][ T4192] Bluetooth: hci5: sending frame failed (-49) [ 565.282484][ T9523] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 565.308714][ T4226] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 565.372300][ T21] usb 6-1: Using ep0 maxpacket: 32 [ 565.516147][ T9523] udc-core: couldn't find an available UDC or it's busy [ 565.523279][ T9523] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 565.534113][ T4226] usb 2-1: USB disconnect, device number 34 [ 566.390181][ T1108] Bluetooth: hci4: command 0x1009 tx timeout [ 566.552808][ T21] usb 6-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 566.589864][ T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.628890][ T21] usb 6-1: Product: syz [ 566.652929][ T21] usb 6-1: Manufacturer: syz [ 566.676547][ T21] usb 6-1: SerialNumber: syz [ 566.739443][ T21] usb 6-1: config 0 descriptor?? [ 566.836624][ T21] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 567.383926][ T9544] tipc: Enabled bearer , priority 0 [ 567.391766][ T9544] device syzkaller0 entered promiscuous mode [ 567.548273][ T9547] udc-core: couldn't find an available UDC or it's busy [ 567.569287][ T9547] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 567.837578][ T4226] Bluetooth: hci5: command 0x1009 tx timeout [ 567.852305][ T21] gspca_ov534_9: reg_w failed -110 [ 567.906509][ T9554] tipc: Enabled bearer , priority 0 [ 567.914839][ T9554] device syzkaller0 entered promiscuous mode [ 567.933027][ T9554] tipc: Resetting bearer [ 567.940360][ T9553] tipc: Resetting bearer [ 567.954443][ T9553] tipc: Disabling bearer [ 568.148050][ T9541] tipc: Resetting bearer [ 568.279476][ T9541] tipc: Disabling bearer [ 568.512414][ T21] gspca_ov534_9: Unknown sensor 0000 [ 568.512487][ T21] ov534_9: probe of 6-1:0.0 failed with error -22 [ 568.536292][ T21] usb 6-1: USB disconnect, device number 9 [ 568.582006][ T9570] Set syz0 is full, maxelem 0 reached [ 568.862223][ T7] usb 2-1: new low-speed USB device number 35 using dummy_hcd [ 568.912619][ T21] usb 6-1: new full-speed USB device number 10 using dummy_hcd [ 569.222461][ T7] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 569.235664][ T7] usb 2-1: config 0 has no interface number 0 [ 569.242503][ T7] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 569.254784][ T7] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 569.265585][ T7] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 569.275214][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.293357][ T7] usb 2-1: config 0 descriptor?? [ 569.300929][ T4327] Bluetooth: hci7: Frame reassembly failed (-84) [ 569.312674][ T9570] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 569.322308][ T21] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 569.330470][ T21] usb 6-1: config 0 has no interface number 0 [ 569.336969][ T21] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 569.346773][ T21] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.352709][ T7] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 569.366431][ T21] usb 6-1: config 0 descriptor?? [ 569.403991][ T21] usb 6-1: selecting invalid altsetting 1 [ 569.409852][ T21] dvb_ttusb_budget: ttusb_init_controller: error [ 569.416732][ T21] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 569.449865][ T21] DVB: Unable to find symbol cx22700_attach() [ 569.482558][ T21] DVB: Unable to find symbol tda10046_attach() [ 569.488937][ T21] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 569.550718][ T9570] udc-core: couldn't find an available UDC or it's busy [ 569.559905][ T9570] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 569.584748][ T7] usb 2-1: USB disconnect, device number 35 [ 569.609888][ T21] usb 6-1: USB disconnect, device number 10 [ 571.049295][ T9590] tipc: Enabled bearer , priority 0 [ 571.057402][ T9590] device syzkaller0 entered promiscuous mode [ 571.079817][ T9590] tipc: Resetting bearer [ 571.106761][ T9589] tipc: Resetting bearer [ 571.140845][ T9589] tipc: Disabling bearer [ 571.302292][ T7] Bluetooth: hci7: command 0x1003 tx timeout [ 571.403401][ T147] Bluetooth: hci7: sending frame failed (-49) [ 571.631578][ T9605] tipc: Enabled bearer , priority 0 [ 571.639214][ T9605] device syzkaller0 entered promiscuous mode [ 571.872177][ T21] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 572.212291][ T21] usb 4-1: Using ep0 maxpacket: 32 [ 572.374344][ T9601] tipc: Resetting bearer [ 572.423831][ T9601] tipc: Disabling bearer [ 572.493002][ T21] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 572.515525][ T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.528659][ T21] usb 4-1: Product: syz [ 572.533189][ T21] usb 4-1: Manufacturer: syz [ 572.537914][ T21] usb 4-1: SerialNumber: syz [ 572.662768][ T21] usb 4-1: config 0 descriptor?? [ 572.704637][ T21] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 573.587953][ T1108] Bluetooth: hci7: command 0x1001 tx timeout [ 573.602286][ T21] gspca_ov534_9: reg_w failed -110 [ 573.608007][ T147] Bluetooth: hci7: sending frame failed (-49) [ 573.721331][ T9615] udc-core: couldn't find an available UDC or it's busy [ 573.753840][ T9615] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 574.144810][ T21] gspca_ov534_9: Unknown sensor 0000 [ 574.144879][ T21] ov534_9: probe of 4-1:0.0 failed with error -22 [ 575.638700][ T21] Bluetooth: hci7: command 0x1009 tx timeout [ 575.642254][ T7] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 575.865855][ T21] usb 4-1: USB disconnect, device number 25 [ 576.102625][ T7] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 576.134985][ T7] usb 6-1: config 0 has no interface number 0 [ 576.142171][ T7] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 576.221375][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 576.300109][ T7] usb 6-1: config 0 descriptor?? [ 576.595489][ T7] usb 6-1: selecting invalid altsetting 1 [ 576.668045][ T7] dvb_ttusb_budget: ttusb_init_controller: error [ 576.888794][ T1108] Bluetooth: hci4: command 0x1003 tx timeout [ 576.904242][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 576.951289][ T7] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 576.995645][ T7] DVB: Unable to find symbol cx22700_attach() [ 577.047928][ T7] DVB: Unable to find symbol tda10046_attach() [ 577.062250][ T7] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 577.092249][ T7] usb 6-1: USB disconnect, device number 11 [ 577.300447][ T9642] tipc: Enabled bearer , priority 0 [ 577.307879][ T9642] device syzkaller0 entered promiscuous mode [ 577.324264][ T9642] tipc: Resetting bearer [ 577.332209][ T9641] tipc: Resetting bearer [ 577.346748][ T9641] tipc: Disabling bearer [ 578.982296][ T1108] Bluetooth: hci4: command 0x1001 tx timeout [ 578.990626][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 581.062206][ T1108] Bluetooth: hci4: command 0x1009 tx timeout [ 581.434849][ T7] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 581.496723][ T9688] tipc: Enabled bearer , priority 0 [ 581.862656][ T7] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 581.887135][ T7] usb 4-1: config 0 has no interface number 0 [ 581.945124][ T7] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 582.024878][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.141083][ T7] usb 4-1: config 0 descriptor?? [ 582.191291][ T9688] device syzkaller0 entered promiscuous mode [ 582.219778][ T7] usb 4-1: selecting invalid altsetting 1 [ 582.229545][ T9688] tipc: Resetting bearer [ 582.250432][ T7] dvb_ttusb_budget: ttusb_init_controller: error [ 582.264859][ T7] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 582.328284][ T9687] tipc: Resetting bearer [ 582.415683][ T9687] tipc: Disabling bearer [ 582.458424][ T7] DVB: Unable to find symbol cx22700_attach() [ 582.476219][ T9691] device syzkaller0 entered promiscuous mode [ 582.588042][ T7] DVB: Unable to find symbol tda10046_attach() [ 582.600735][ T7] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 582.613944][ T7] usb 4-1: USB disconnect, device number 26 [ 583.093398][ T9] Bluetooth: hci5: Frame reassembly failed (-84) [ 583.386983][ T9704] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 583.443296][ T9704] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 585.248552][ T1108] Bluetooth: hci5: command 0x1003 tx timeout [ 585.277014][ T147] Bluetooth: hci5: sending frame failed (-49) [ 586.045455][ T9732] tipc: Enabled bearer , priority 0 [ 586.082973][ T9732] device syzkaller0 entered promiscuous mode [ 586.130939][ T9732] tipc: Resetting bearer [ 586.159257][ T9730] tipc: Resetting bearer [ 586.192029][ T9730] tipc: Disabling bearer [ 586.490416][ T9741] device syzkaller0 entered promiscuous mode [ 586.688243][ T4226] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 586.912356][ T9746] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1510'. [ 587.102271][ T4226] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 587.110416][ T4226] usb 2-1: config 0 has no interface number 0 [ 587.149438][ T4226] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 587.175148][ T4226] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.430718][ T1108] Bluetooth: hci5: command 0x1001 tx timeout [ 587.439356][ T8072] Bluetooth: hci5: sending frame failed (-49) [ 587.867901][ T6866] Bluetooth: hci4: Frame reassembly failed (-84) [ 587.902964][ T4226] usb 2-1: config 0 descriptor?? [ 587.954707][ T4226] usb 2-1: selecting invalid altsetting 1 [ 587.960551][ T4226] dvb_ttusb_budget: ttusb_init_controller: error [ 587.967116][ T4226] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 588.096234][ T4226] DVB: Unable to find symbol cx22700_attach() [ 588.140087][ T4226] DVB: Unable to find symbol tda10046_attach() [ 588.152864][ T4226] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 588.201214][ T4226] usb 2-1: USB disconnect, device number 36 [ 589.180454][ T4225] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 589.253548][ T9769] comedi comedi0: board detection failed [ 589.425199][ T9771] device syzkaller0 entered promiscuous mode [ 589.472401][ T4185] Bluetooth: hci5: command 0x1009 tx timeout [ 589.478627][ T4185] Bluetooth: hci4: command 0x1003 tx timeout [ 589.486200][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 589.572197][ T4225] usb 1-1: Using ep0 maxpacket: 32 [ 589.692407][ T4225] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 589.701722][ T4225] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.712053][ T4225] usb 1-1: config 0 descriptor?? [ 590.472347][ T4225] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 590.501789][ T4225] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 590.558903][ T4225] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 590.577269][ T4225] usb 1-1: media controller created [ 590.611045][ T4225] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 590.692392][ T4225] az6027: usb out operation failed. (-71) [ 590.701261][ T9778] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 590.709347][ T9778] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 590.718313][ T4225] az6027: usb out operation failed. (-71) [ 590.724456][ T4225] stb0899_attach: Driver disabled by Kconfig [ 590.730469][ T4225] az6027: no front-end attached [ 590.730469][ T4225] [ 590.755242][ T4225] az6027: usb out operation failed. (-71) [ 590.761132][ T4225] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 590.777651][ T4225] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input32 [ 590.805040][ T4225] dvb-usb: schedule remote query interval to 400 msecs. [ 590.815611][ T4225] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 590.847716][ T4225] usb 1-1: USB disconnect, device number 35 [ 590.943942][ T4225] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 591.542204][ T4185] Bluetooth: hci4: command 0x1001 tx timeout [ 591.569687][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 592.106834][ T4327] Bluetooth: hci7: Frame reassembly failed (-84) [ 592.226417][ T4327] Bluetooth: hci7: Frame reassembly failed (-84) [ 593.575153][ T9809] misc userio: Invalid payload size [ 593.589010][ T9807] syz.5.1529 sent an empty control message without MSG_MORE. [ 593.625264][ T4185] Bluetooth: hci4: command 0x1009 tx timeout [ 594.102316][ T21] Bluetooth: hci7: command 0x1003 tx timeout [ 594.109988][ T4192] Bluetooth: hci7: sending frame failed (-49) [ 594.562471][ T7] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 594.573396][ T9823] tipc: Enabled bearer , priority 0 [ 594.591509][ T9823] device syzkaller0 entered promiscuous mode [ 594.616619][ T9823] tipc: Resetting bearer [ 594.630371][ T9822] tipc: Resetting bearer [ 594.653627][ T9822] tipc: Disabling bearer [ 594.978507][ T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.998656][ T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.028088][ T7] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 595.051667][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.078045][ T7] usb 6-1: config 0 descriptor?? [ 595.858433][ T7] usbhid 6-1:0.0: can't add hid device: -71 [ 595.880554][ T7] usbhid: probe of 6-1:0.0 failed with error -71 [ 595.905890][ T7] usb 6-1: USB disconnect, device number 12 [ 596.191288][ T7] Bluetooth: hci7: command 0x1001 tx timeout [ 596.240491][ T4192] Bluetooth: hci7: sending frame failed (-49) [ 597.058574][ T9849] Set syz0 is full, maxelem 0 reached [ 597.183364][ T4303] Bluetooth: hci5: Frame reassembly failed (-84) [ 597.342618][ T7] usb 5-1: new low-speed USB device number 24 using dummy_hcd [ 597.914278][ T7] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 597.949451][ T7] usb 5-1: config 0 has no interface number 0 [ 597.950965][ T9855] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1546'. [ 597.960845][ T7] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 597.986762][ T7] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 598.008887][ T7] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 598.047814][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.096013][ T7] usb 5-1: config 0 descriptor?? [ 598.132592][ T9849] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 598.317978][ T7] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 598.331865][ T7] Bluetooth: hci7: command 0x1009 tx timeout [ 598.393780][ T9849] udc-core: couldn't find an available UDC or it's busy [ 598.400788][ T9849] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 598.663110][ T4185] usb 5-1: USB disconnect, device number 24 [ 598.672159][ C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19 [ 599.232208][ T7] Bluetooth: hci5: command 0x1003 tx timeout [ 599.238964][ T147] Bluetooth: hci5: sending frame failed (-49) [ 599.517425][ T9867] tipc: Enabled bearer , priority 0 [ 599.543650][ T9867] device syzkaller0 entered promiscuous mode [ 599.691017][ T9867] tipc: Resetting bearer [ 599.699131][ T9866] tipc: Resetting bearer [ 599.718366][ T9866] tipc: Disabling bearer [ 601.003261][ T4225] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 601.302371][ T7] Bluetooth: hci5: command 0x1001 tx timeout [ 601.310186][ T147] Bluetooth: hci5: sending frame failed (-49) [ 601.399129][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.441249][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.452219][ T4225] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 601.466470][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.506604][ T4225] usb 2-1: config 0 descriptor?? [ 602.482436][ T4225] usbhid 2-1:0.0: can't add hid device: -71 [ 602.662199][ T4225] usbhid: probe of 2-1:0.0 failed with error -71 [ 602.687122][ T4225] usb 2-1: USB disconnect, device number 37 [ 603.164585][ T8388] Bluetooth: hci4: Frame reassembly failed (-84) [ 603.629905][ T7] Bluetooth: hci5: command 0x1009 tx timeout [ 604.038357][ T9900] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1558'. [ 605.082487][ T9909] serio: Serial port ptm2 [ 605.148361][ T1108] Bluetooth: hci4: command 0x1003 tx timeout [ 605.168565][ T147] Bluetooth: hci4: sending frame failed (-49) [ 605.541283][ T9916] serio: Serial port ptm2 [ 605.592874][ T9918] tipc: Enabled bearer , priority 0 [ 605.604790][ T9918] device syzkaller0 entered promiscuous mode [ 606.186962][ T9913] tipc: Resetting bearer [ 606.209620][ T9913] tipc: Disabling bearer [ 606.252389][ T4225] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 606.638841][ T4225] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 606.700938][ T4225] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 606.723826][ T4225] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 606.752236][ T4225] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 606.784508][ T4225] usb 4-1: config 0 descriptor?? [ 607.426122][ T1108] Bluetooth: hci4: command 0x1001 tx timeout [ 607.671566][ T147] Bluetooth: hci4: sending frame failed (-49) [ 608.462348][ T4225] usbhid 4-1:0.0: can't add hid device: -71 [ 608.536650][ T4225] usbhid: probe of 4-1:0.0 failed with error -71 [ 608.695710][ T9947] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1572'. [ 610.058882][ T4225] usb 4-1: USB disconnect, device number 27 [ 610.147155][ T4307] Bluetooth: hci4: command 0x1009 tx timeout [ 610.361153][ T9955] serio: Serial port ptm1 [ 612.246085][ T6866] Bluetooth: hci5: Frame reassembly failed (-84) [ 613.082198][ T4247] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 613.552577][ T4247] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 613.602960][ T9993] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1584'. [ 614.412293][ T9886] Bluetooth: hci5: command 0x1003 tx timeout [ 614.418463][ T8072] Bluetooth: hci5: sending frame failed (-49) [ 614.480007][ T4247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 614.843213][ T1108] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 615.117718][ T4247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.168268][ T4247] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 615.272394][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.283636][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.535620][ T4247] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 615.566153][ T4247] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 615.580867][ T1108] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 615.595823][ T4247] usb 6-1: Manufacturer: syz [ 615.650146][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.133429][ T1108] usb 5-1: config 0 descriptor?? [ 616.168513][ T4247] usb 6-1: config 0 descriptor?? [ 616.232348][ T4247] usb 6-1: can't set config #0, error -71 [ 616.278864][ T4247] usb 6-1: USB disconnect, device number 13 [ 616.502549][ T9886] Bluetooth: hci5: command 0x1001 tx timeout [ 616.523327][ T8072] Bluetooth: hci5: sending frame failed (-49) [ 616.872245][ T1108] usbhid 5-1:0.0: can't add hid device: -71 [ 616.878302][ T1108] usbhid: probe of 5-1:0.0 failed with error -71 [ 616.911889][ T1108] usb 5-1: USB disconnect, device number 25 [ 617.175247][T10015] tipc: Enabled bearer , priority 0 [ 617.190817][T10015] device syzkaller0 entered promiscuous mode [ 617.243578][T10015] tipc: Resetting bearer [ 617.253589][T10014] tipc: Resetting bearer [ 617.288832][T10014] tipc: Disabling bearer [ 618.683726][ T4307] Bluetooth: hci5: command 0x1009 tx timeout [ 620.282368][ T7] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 620.793428][ T7] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 620.874119][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 620.937505][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 620.975770][ T7] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 621.145243][ T7] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 621.392873][ T7] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 621.413625][ T7] usb 5-1: Manufacturer: syz [ 621.727175][T10050] atomic_op ffff888041731998 conn xmit_atomic 0000000000000000 [ 621.778631][ T7] usb 5-1: config 0 descriptor?? [ 621.840856][T10053] tipc: Enabled bearer , priority 0 [ 621.848829][T10053] device syzkaller0 entered promiscuous mode [ 622.032443][T10047] tipc: Resetting bearer [ 622.067682][T10044] netlink: 320 bytes leftover after parsing attributes in process `syz.4.1600'. [ 622.097649][T10047] tipc: Disabling bearer [ 622.354086][ T7] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 622.361434][ T7] appleir 0003:05AC:8243.0010: No inputs registered, leaving [ 622.385680][ T7] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 622.642189][ T4307] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 622.864117][T10069] serio: Serial port ptm0 [ 623.842588][ T4307] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.854672][ T4307] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.865160][ T4307] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 623.874433][ T4307] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.895782][ T4307] usb 2-1: config 0 descriptor?? [ 624.182374][ T9886] usb 5-1: reset high-speed USB device number 26 using dummy_hcd [ 624.242963][T10076] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 624.355903][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.364397][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.392297][ T4307] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 624.409781][ T4307] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 624.427953][ T4307] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 624.438097][ T4307] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 624.456312][ T4307] cm6533_jd 0003:0D8C:0022.0011: unknown main item tag 0x0 [ 624.466773][ T4307] cm6533_jd 0003:0D8C:0022.0011: No inputs registered, leaving [ 624.481900][ T4307] cm6533_jd 0003:0D8C:0022.0011: hiddev1,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 624.591393][ T7] usb 2-1: USB disconnect, device number 38 [ 624.817250][ T9022] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 624.873484][T10091] atomic_op ffff888074c19998 conn xmit_atomic 0000000000000000 [ 625.275368][ T4226] usb 5-1: USB disconnect, device number 26 [ 625.292671][T10087] fido_id[10087]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 625.572436][ T9022] usb 1-1: config 0 has an invalid interface number: 29 but max is 0 [ 625.610641][ T9022] usb 1-1: config 0 has no interface number 0 [ 625.961322][ T9022] usb 1-1: config 0 interface 29 has no altsetting 0 [ 626.252259][ T9022] usb 1-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 626.264846][ T9022] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.193505][ T9022] usb 1-1: Product: syz [ 627.212213][ T9022] usb 1-1: Manufacturer: syz [ 627.226658][ T9022] usb 1-1: SerialNumber: syz [ 627.532952][ T9022] usb 1-1: config 0 descriptor?? [ 627.834554][ T9022] peak_usb 1-1:0.29 can0: unable to request usb[type=0 value=1] err=-71 [ 627.876678][T10107] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1618'. [ 627.917221][ T8388] Bluetooth: hci4: Frame reassembly failed (-84) [ 627.917228][ T9022] peak_usb 1-1:0.29: unable to read PCAN-USB X6 firmware info (err -71) [ 628.012620][ T9022] peak_usb: probe of 1-1:0.29 failed with error -71 [ 628.068273][ T9022] usb 1-1: USB disconnect, device number 36 [ 628.447388][T10119] serio: Serial port ptm1 [ 629.257697][T10131] serio: Serial port ptm1 [ 629.272202][ T9022] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 629.942359][ T4226] Bluetooth: hci4: command 0x1003 tx timeout [ 629.965019][ T8072] Bluetooth: hci4: sending frame failed (-49) [ 630.401399][ T8388] Bluetooth: hci5: Frame reassembly failed (-84) [ 630.432180][ T9022] usb 1-1: Using ep0 maxpacket: 16 [ 631.062409][ T9022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 631.079444][ T9022] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 631.089613][ T9022] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 631.107759][ T9022] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 631.132460][ T9022] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.138804][T10142] block device autoloading is deprecated and will be removed. [ 631.144243][ T9022] usb 1-1: config 0 descriptor?? [ 631.801807][ T9022] hid-generic 0003:0955:7214.0012: unknown main item tag 0x0 [ 631.811358][ T9022] hid-generic 0003:0955:7214.0012: unknown main item tag 0x0 [ 631.819474][ T9022] hid-generic 0003:0955:7214.0012: unknown main item tag 0x0 [ 631.827219][ T9022] hid-generic 0003:0955:7214.0012: unknown main item tag 0x0 [ 631.834775][ T9022] hid-generic 0003:0955:7214.0012: unknown main item tag 0x0 [ 631.844303][ T9022] hid-generic 0003:0955:7214.0012: hidraw0: USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 631.984698][ T9022] usb 1-1: USB disconnect, device number 37 [ 632.027133][T10154] fido_id[10154]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 632.043074][ T9886] Bluetooth: hci4: command 0x1001 tx timeout [ 632.066466][ T147] Bluetooth: hci4: sending frame failed (-49) [ 632.433157][ T1108] Bluetooth: hci5: command 0x1003 tx timeout [ 632.442730][ T6866] Bluetooth: hci5: Frame reassembly failed (-84) [ 634.770412][ T4226] Bluetooth: hci4: command 0x1009 tx timeout [ 634.833087][ T9886] Bluetooth: hci5: command 0x1001 tx timeout [ 634.839667][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 635.604430][ T9886] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 635.791576][T10185] block device autoloading is deprecated and will be removed. [ 635.811365][T10182] md: md2 stopped. [ 636.072380][ T9886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.086973][ T9886] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 636.107380][ T9886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.143308][ T9886] usb 6-1: config 0 descriptor?? [ 636.185184][ T9886] usbhid 6-1:0.0: can't add hid device: -22 [ 636.202894][ T9886] usbhid: probe of 6-1:0.0 failed with error -22 [ 637.283134][ T9886] Bluetooth: hci6: command 0x0406 tx timeout [ 637.310919][ T1108] Bluetooth: hci5: command 0x1009 tx timeout [ 637.677696][T10204] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1643'. [ 637.710529][ T9022] usb 6-1: USB disconnect, device number 14 [ 639.419846][T10220] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1647'. [ 640.525826][T10230] device syzkaller0 entered promiscuous mode [ 641.072567][ T9886] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 641.312270][ T9886] usb 4-1: Using ep0 maxpacket: 32 [ 641.593006][ T9886] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 641.602747][ T4256] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 641.612403][ T9886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.616302][ T9886] usb 4-1: Product: syz [ 641.616645][ T9886] usb 4-1: Manufacturer: syz [ 641.616738][ T9886] usb 4-1: SerialNumber: syz [ 641.752743][ T9886] usb 4-1: config 0 descriptor?? [ 641.794257][ T9886] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 641.884279][T10242] block device autoloading is deprecated and will be removed. [ 641.910489][T10234] md: md2 stopped. [ 642.022692][ T4256] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 642.034077][ T4256] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.050139][ T4256] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 642.060542][ T4256] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 642.172463][ T4256] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 642.184126][ T4256] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 642.212364][ T4256] usb 2-1: Manufacturer: syz [ 642.285321][ T4256] usb 2-1: config 0 descriptor?? [ 642.324386][T10248] udc-core: couldn't find an available UDC or it's busy [ 642.333283][T10248] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 642.552300][ T9886] gspca_ov534_9: reg_w failed -110 [ 642.591745][T10243] netlink: 320 bytes leftover after parsing attributes in process `syz.1.1655'. [ 642.651433][ T4337] Bluetooth: hci4: Frame reassembly failed (-84) [ 642.874920][ T4256] appleir 0003:05AC:8243.0013: unknown main item tag 0x0 [ 642.893815][ T4256] appleir 0003:05AC:8243.0013: No inputs registered, leaving [ 642.961751][ T4256] appleir 0003:05AC:8243.0013: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 643.072286][ T9886] gspca_ov534_9: Unknown sensor 0000 [ 643.072354][ T9886] ov534_9: probe of 4-1:0.0 failed with error -22 [ 645.253850][ T4256] Bluetooth: hci4: command 0x1003 tx timeout [ 645.260643][ T4184] Bluetooth: hci4: sending frame failed (-49) [ 645.264117][ T9022] usb 2-1: USB disconnect, device number 39 [ 645.555753][T10266] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1661'. [ 646.552252][ T4256] usb 4-1: USB disconnect, device number 28 [ 646.775865][ T4307] Bluetooth: hci5: command 0x1003 tx timeout [ 646.781982][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 647.140894][ T4275] Bluetooth: hci7: Frame reassembly failed (-84) [ 647.169820][T10283] tipc: Enabled bearer , priority 0 [ 647.177729][T10283] device syzkaller0 entered promiscuous mode [ 647.192616][T10283] tipc: Resetting bearer [ 647.217542][T10282] tipc: Resetting bearer [ 647.303130][ T9886] Bluetooth: hci4: command 0x1001 tx timeout [ 647.326389][T10282] tipc: Disabling bearer [ 647.338690][ T147] Bluetooth: hci4: sending frame failed (-49) [ 647.344936][T10286] atomic_op ffff888059c91998 conn xmit_atomic 0000000000000000 [ 648.949001][ T1108] Bluetooth: hci5: command 0x1001 tx timeout [ 648.955426][ T147] Bluetooth: hci5: sending frame failed (-49) [ 649.764250][ T1108] Bluetooth: hci7: command 0x1003 tx timeout [ 649.770315][ T1108] Bluetooth: hci4: command 0x1009 tx timeout [ 649.802915][T10303] serio: Serial port ptm4 [ 650.982347][ T9886] Bluetooth: hci5: command 0x1009 tx timeout [ 651.002313][ T4225] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 651.372343][ T4225] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 651.383277][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 651.394207][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 651.404008][ T4225] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 651.492284][ T4225] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 651.501384][ T4225] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 651.509678][ T4225] usb 2-1: Manufacturer: syz [ 651.517659][ T4225] usb 2-1: config 0 descriptor?? [ 651.768681][T10315] netlink: 320 bytes leftover after parsing attributes in process `syz.1.1674'. [ 651.862508][ T9022] Bluetooth: hci7: command 0x1001 tx timeout [ 651.868619][T10301] Bluetooth: hci7: sending frame failed (-49) [ 652.003779][ T4225] appleir 0003:05AC:8243.0014: unknown main item tag 0x0 [ 652.011348][ T4225] appleir 0003:05AC:8243.0014: No inputs registered, leaving [ 652.026439][ T4225] appleir 0003:05AC:8243.0014: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 653.702795][ T1108] usb 2-1: USB disconnect, device number 40 [ 653.943670][ T4225] Bluetooth: hci7: command 0x1009 tx timeout [ 654.506650][T10326] tipc: Enabled bearer , priority 0 [ 654.514262][T10326] device syzkaller0 entered promiscuous mode [ 654.525636][T10325] tipc: Resetting bearer [ 654.551928][T10325] tipc: Disabling bearer [ 656.071207][T10338] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 656.082631][T10338] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 656.298110][ T4256] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 656.672447][ T4256] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 656.684081][ T4256] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 656.705034][ T4256] usb 1-1: config 220 has no interface number 2 [ 656.711873][ T4256] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 656.741325][ T4256] usb 1-1: config 220 interface 0 has no altsetting 0 [ 656.751758][ T4256] usb 1-1: config 220 interface 76 has no altsetting 0 [ 656.760877][ T4256] usb 1-1: config 220 interface 1 has no altsetting 0 [ 656.953762][ T4256] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 657.009721][ T4256] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.076094][ T4256] usb 1-1: Product: syz [ 657.103179][ T4256] usb 1-1: Manufacturer: syz [ 657.153873][ T4256] usb 1-1: SerialNumber: syz [ 657.886857][ T4256] usb 1-1: selecting invalid altsetting 0 [ 657.895968][ T4256] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 657.912395][ T4256] usb 1-1: No valid video chain found. [ 658.010455][ T4256] usb 1-1: selecting invalid altsetting 0 [ 658.017078][ T4256] usbtest: probe of 1-1:220.1 failed with error -22 [ 658.074571][ T4256] usb 1-1: USB disconnect, device number 38 [ 658.321761][T10358] atomic_op ffff888079f7b998 conn xmit_atomic 0000000000000000 [ 658.762231][ T7] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 659.912310][ T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 659.932253][ T7] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 659.952179][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 659.978814][ T7] usb 6-1: config 0 descriptor?? [ 660.024752][ T7] usbhid 6-1:0.0: can't add hid device: -22 [ 660.030772][ T7] usbhid: probe of 6-1:0.0 failed with error -22 [ 661.906484][ T4256] Bluetooth: hci4: command 0x1003 tx timeout [ 661.913306][T10382] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0 [ 661.973600][ T147] Bluetooth: hci4: sending frame failed (-49) [ 663.630038][ T4185] usb 6-1: USB disconnect, device number 15 [ 663.728524][T10389] serio: Serial port ptm1 [ 664.025723][T10397] serio: Serial port ptm1 [ 664.035421][ T9022] Bluetooth: hci4: command 0x1001 tx timeout [ 664.041708][ T147] Bluetooth: hci4: sending frame failed (-49) [ 666.102294][ T9022] Bluetooth: hci4: command 0x1009 tx timeout [ 666.741823][T10426] serio: Serial port ptm1 [ 666.961123][ T4185] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 667.879749][T10441] serio: Serial port ptm1 [ 668.132661][ T4185] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.152275][ T4185] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 668.164025][ T4185] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.304607][ T4185] usb 1-1: config 0 descriptor?? [ 668.359196][ T4185] usbhid 1-1:0.0: can't add hid device: -22 [ 668.384355][ T4185] usbhid: probe of 1-1:0.0 failed with error -22 [ 668.552339][T10450] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1715'. [ 670.463347][T10453] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0 [ 671.263547][T10459] Set syz0 is full, maxelem 0 reached [ 671.950720][T10463] device syzkaller0 entered promiscuous mode [ 672.084589][ T4256] usb 6-1: new low-speed USB device number 16 using dummy_hcd [ 672.376539][ T7] usb 1-1: USB disconnect, device number 39 [ 672.505822][T10474] serio: Serial port ptm0 [ 672.514062][ T4256] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 672.530967][ T4256] usb 6-1: config 0 has no interface number 0 [ 672.537997][ T4256] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 672.549549][ T4256] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 672.561722][ T4256] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 672.573529][ T4256] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 672.590734][ T4256] usb 6-1: config 0 descriptor?? [ 672.612391][T10462] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 672.639925][ T4256] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 672.652390][ T4185] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 672.840321][ T4256] usb 6-1: USB disconnect, device number 16 [ 674.011182][T10491] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1726'. [ 674.082717][ T4185] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 674.170919][ T4185] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 674.334097][ T4185] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 674.602163][ T4185] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 674.758811][ T4185] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 674.772711][ T4185] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 674.791937][ T4185] usb 4-1: Manufacturer: syz [ 674.808442][ T4185] usb 4-1: config 0 descriptor?? [ 675.167520][T10471] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1721'. [ 675.448770][T10508] serio: Serial port ptm0 [ 675.563932][ T4185] appleir 0003:05AC:8243.0015: unknown main item tag 0x0 [ 675.676488][T10525] atomic_op ffff88801fc2c198 conn xmit_atomic 0000000000000000 [ 675.742968][ T4185] appleir 0003:05AC:8243.0015: No inputs registered, leaving [ 675.754068][ T4185] appleir 0003:05AC:8243.0015: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 676.151179][ T4302] Bluetooth: hci4: Frame reassembly failed (-84) [ 676.274700][T10538] Set syz0 is full, maxelem 0 reached [ 677.367618][ T4307] usb 4-1: USB disconnect, device number 29 [ 677.472249][ T7] usb 1-1: new low-speed USB device number 40 using dummy_hcd [ 677.871415][T10561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1738'. [ 678.725827][ T4256] Bluetooth: hci4: command 0x1003 tx timeout [ 678.777647][ T4337] Bluetooth: hci4: Frame reassembly failed (-84) [ 678.992804][ T7] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 679.000820][ T7] usb 1-1: config 0 has no interface number 0 [ 679.012213][ T7] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 679.026201][ T7] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 679.158271][ T7] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 679.179401][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 680.023194][ T7] usb 1-1: config 0 descriptor?? [ 680.082284][ T7] usb 1-1: can't set config #0, error -71 [ 680.108801][T10575] serio: Serial port ptm1 [ 680.130596][ T7] usb 1-1: USB disconnect, device number 40 [ 680.752754][ T4256] Bluetooth: hci4: command 0x1001 tx timeout [ 680.800059][ T147] Bluetooth: hci4: sending frame failed (-49) [ 681.388963][T10591] atomic_op ffff88805741e998 conn xmit_atomic 0000000000000000 [ 681.648898][T10597] device syzkaller0 entered promiscuous mode [ 681.892157][ T1324] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 682.283133][ T1324] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 682.303741][ T1324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 682.315477][ T1324] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 682.326011][ T1324] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 682.483668][ T1324] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 682.557813][ T1324] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 682.638737][ T1324] usb 2-1: Manufacturer: syz [ 682.834471][ T1324] usb 2-1: config 0 descriptor?? [ 682.980501][ T4256] Bluetooth: hci4: command 0x1009 tx timeout [ 683.170955][T10614] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 683.173509][T10599] netlink: 320 bytes leftover after parsing attributes in process `syz.1.1748'. [ 683.181423][T10614] overlayfs: missing 'lowerdir' [ 683.379256][T10617] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1752'. [ 684.170501][ T1324] appleir 0003:05AC:8243.0016: unknown main item tag 0x0 [ 684.180180][ T1324] appleir 0003:05AC:8243.0016: No inputs registered, leaving [ 684.190609][ T1324] appleir 0003:05AC:8243.0016: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 684.832754][ T7] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 685.116675][T10633] serio: Serial port ptm1 [ 685.632337][ T7] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 685.642493][ T7] usb 6-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 685.651718][ T7] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.663086][ T7] usb 6-1: config 0 descriptor?? [ 685.724672][ T7] usbhid 6-1:0.0: can't add hid device: -22 [ 685.730636][ T7] usbhid: probe of 6-1:0.0 failed with error -22 [ 685.794557][ T1428] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.801370][ T1428] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.178026][T10650] serio: Serial port ptm0 [ 687.218307][ T4256] usb 2-1: USB disconnect, device number 41 [ 688.214829][ T4225] usb 6-1: USB disconnect, device number 17 [ 688.412620][T10667] tipc: Enabling of bearer rejected, failed to enable media [ 688.769174][T10672] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1767'. [ 689.517734][ T4184] Bluetooth: hci0: Unknown advertising packet type: 0xffff [ 689.517985][ T4184] ================================================================== [ 689.533748][ T4184] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12c0/0x3b80 [ 689.541593][ T4184] Read of size 1 at addr ffff88801f932c0a by task kworker/u5:1/4184 [ 689.549673][ T4184] [ 689.552050][ T4184] CPU: 1 PID: 4184 Comm: kworker/u5:1 Not tainted 5.15.189-syzkaller #0 [ 689.560392][ T4184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 689.570475][ T4184] Workqueue: hci0 hci_rx_work [ 689.575201][ T4184] Call Trace: [ 689.578512][ T4184] [ 689.581549][ T4184] dump_stack_lvl+0x168/0x230 [ 689.586254][ T4184] ? show_regs_print_info+0x20/0x20 [ 689.591558][ T4184] ? load_image+0x3b0/0x3b0 [ 689.596151][ T4184] ? _raw_spin_lock_irqsave+0xb0/0xf0 [ 689.601533][ T4184] print_address_description+0x60/0x2d0 [ 689.607173][ T4184] ? hci_le_meta_evt+0x12c0/0x3b80 [ 689.612285][ T4184] kasan_report+0xdf/0x130 [ 689.616712][ T4184] ? hci_le_meta_evt+0x12c0/0x3b80 [ 689.621824][ T4184] hci_le_meta_evt+0x12c0/0x3b80 [ 689.626780][ T4184] ? hci_event_packet+0x1f0/0x12f0 [ 689.631980][ T4184] ? hci_remote_host_features_evt+0x280/0x280 [ 689.638053][ T4184] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 689.643712][ T4184] ? mark_lock+0x94/0x320 [ 689.648217][ T4184] ? mutex_unlock+0x10/0x10 [ 689.652724][ T4184] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 689.658794][ T4184] ? lock_chain_count+0x20/0x20 [ 689.663645][ T4184] ? __rwlock_init+0x140/0x140 [ 689.668408][ T4184] hci_event_packet+0xe05/0x12f0 [ 689.673354][ T4184] ? lockdep_hardirqs_on+0x94/0x140 [ 689.678653][ T4184] ? rcu_lock_release+0x20/0x20 [ 689.683508][ T4184] ? hci_send_to_monitor+0x9c/0x4a0 [ 689.688711][ T4184] hci_rx_work+0x255/0xa10 [ 689.693147][ T4184] process_one_work+0x863/0x1000 [ 689.698108][ T4184] ? worker_detach_from_pool+0x240/0x240 [ 689.703828][ T4184] ? lockdep_hardirqs_off+0x70/0x100 [ 689.709135][ T4184] ? _raw_spin_lock_irq+0xab/0xe0 [ 689.714182][ T4184] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 689.719560][ T4184] ? wq_worker_running+0x97/0x170 [ 689.724596][ T4184] worker_thread+0xaa8/0x12a0 [ 689.729296][ T4184] kthread+0x436/0x520 [ 689.733367][ T4184] ? rcu_lock_release+0x20/0x20 [ 689.738328][ T4184] ? kthread_blkcg+0xd0/0xd0 [ 689.743099][ T4184] ret_from_fork+0x1f/0x30 [ 689.747538][ T4184] [ 689.750554][ T4184] [ 689.752873][ T4184] Allocated by task 10688: [ 689.757379][ T4184] __kasan_kmalloc+0xb5/0xf0 [ 689.761999][ T4184] __alloc_skb+0x22c/0x750 [ 689.766419][ T4184] vhci_write+0xbc/0x450 [ 689.770667][ T4184] vfs_write+0x712/0xd00 [ 689.774903][ T4184] ksys_write+0x14d/0x250 [ 689.779226][ T4184] do_syscall_64+0x4c/0xa0 [ 689.783728][ T4184] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 689.789651][ T4184] [ 689.792005][ T4184] Last potentially related work creation: [ 689.797729][ T4184] kasan_save_stack+0x35/0x60 [ 689.802429][ T4184] kasan_record_aux_stack+0xb8/0x100 [ 689.807896][ T4184] kvfree_call_rcu+0x10a/0x7c0 [ 689.812659][ T4184] neigh_periodic_work+0x407/0xc70 [ 689.817765][ T4184] process_one_work+0x863/0x1000 [ 689.822695][ T4184] worker_thread+0xaa8/0x12a0 [ 689.827368][ T4184] kthread+0x436/0x520 [ 689.831604][ T4184] ret_from_fork+0x1f/0x30 [ 689.836111][ T4184] [ 689.838432][ T4184] The buggy address belongs to the object at ffff88801f932800 [ 689.838432][ T4184] which belongs to the cache kmalloc-1k of size 1024 [ 689.852477][ T4184] The buggy address is located 10 bytes to the right of [ 689.852477][ T4184] 1024-byte region [ffff88801f932800, ffff88801f932c00) [ 689.866281][ T4184] The buggy address belongs to the page: [ 689.872055][ T4184] page:ffffea00007e4c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1f930 [ 689.882232][ T4184] head:ffffea00007e4c00 order:3 compound_mapcount:0 compound_pincount:0 [ 689.890561][ T4184] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 689.898563][ T4184] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016841dc0 [ 689.907147][ T4184] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 689.915902][ T4184] page dumped because: kasan: bad access detected [ 689.922309][ T4184] page_owner tracks the page as allocated [ 689.928037][ T4184] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 13, ts 56714147273, free_ts 56703131351 [ 689.944883][ T4184] get_page_from_freelist+0x1b77/0x1c60 [ 689.950433][ T4184] __alloc_pages+0x1e1/0x470 [ 689.955054][ T4184] new_slab+0xc0/0x4b0 [ 689.959124][ T4184] ___slab_alloc+0x81e/0xdf0 [ 689.963708][ T4184] __kmalloc+0x1cd/0x330 [ 689.967955][ T4184] ___neigh_create+0x6d2/0x2250 [ 689.972850][ T4184] ip6_finish_output2+0xa01/0x1500 [ 689.977996][ T4184] ndisc_send_skb+0xbea/0x14a0 [ 689.982840][ T4184] addrconf_dad_completed+0x798/0xca0 [ 689.988208][ T4184] addrconf_dad_work+0xc70/0x1520 [ 689.993228][ T4184] process_one_work+0x863/0x1000 [ 689.998165][ T4184] worker_thread+0xaa8/0x12a0 [ 690.002840][ T4184] kthread+0x436/0x520 [ 690.006925][ T4184] ret_from_fork+0x1f/0x30 [ 690.011339][ T4184] page last free stack trace: [ 690.016007][ T4184] free_unref_page_prepare+0x637/0x6c0 [ 690.021468][ T4184] free_unref_page+0x94/0x280 [ 690.026144][ T4184] __unfreeze_partials+0x1a5/0x200 [ 690.031249][ T4184] put_cpu_partial+0x12d/0x190 [ 690.036018][ T4184] qlist_free_all+0x35/0x90 [ 690.040518][ T4184] kasan_quarantine_reduce+0x150/0x160 [ 690.045977][ T4184] __kasan_slab_alloc+0x2f/0xd0 [ 690.050823][ T4184] slab_post_alloc_hook+0x4c/0x380 [ 690.055985][ T4184] kmem_cache_alloc_trace+0x103/0x2a0 [ 690.061358][ T4184] netdevice_event+0x324/0x900 [ 690.066119][ T4184] raw_notifier_call_chain+0xcb/0x160 [ 690.071492][ T4184] __dev_notify_flags+0x178/0x2d0 [ 690.076516][ T4184] dev_change_flags+0xe3/0x1a0 [ 690.081277][ T4184] do_setlink+0xc01/0x3980 [ 690.085691][ T4184] rtnl_newlink+0x1419/0x17d0 [ 690.090451][ T4184] rtnetlink_rcv_msg+0x9b9/0xe60 [ 690.095470][ T4184] [ 690.097788][ T4184] Memory state around the buggy address: [ 690.103409][ T4184] ffff88801f932b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 690.111482][ T4184] ffff88801f932b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 690.120429][ T4184] >ffff88801f932c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 690.128493][ T4184] ^ [ 690.132815][ T4184] ffff88801f932c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 690.140878][ T4184] ffff88801f932d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 690.149033][ T4184] ================================================================== [ 690.157109][ T4184] Disabling lock debugging due to kernel taint [ 690.174256][ T4184] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 690.180776][T10684] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 690.181499][ T4184] CPU: 1 PID: 4184 Comm: kworker/u5:1 Tainted: G B 5.15.189-syzkaller #0 [ 690.181524][ T4184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 690.181536][ T4184] Workqueue: hci0 hci_rx_work [ 690.204264][T10684] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 690.209320][ T4184] [ 690.209333][ T4184] Call Trace: [ 690.209351][ T4184] [ 690.209360][ T4184] dump_stack_lvl+0x168/0x230 [ 690.235949][ T4184] ? show_regs_print_info+0x20/0x20 [ 690.241180][ T4184] ? load_image+0x3b0/0x3b0 [ 690.245718][ T4184] panic+0x2c9/0x7f0 [ 690.249639][ T4184] ? bpf_jit_dump+0xd0/0xd0 [ 690.254174][ T4184] ? _raw_spin_unlock_irqrestore+0xf6/0x100 [ 690.260110][ T4184] ? _raw_spin_unlock+0x40/0x40 [ 690.264991][ T4184] ? hci_le_meta_evt+0x12c0/0x3b80 [ 690.270167][ T4184] check_panic_on_warn+0x80/0xa0 [ 690.275132][ T4184] ? hci_le_meta_evt+0x12c0/0x3b80 [ 690.280299][ T4184] end_report+0x6d/0xf0 [ 690.284501][ T4184] kasan_report+0x102/0x130 [ 690.289034][ T4184] ? hci_le_meta_evt+0x12c0/0x3b80 [ 690.294174][ T4184] hci_le_meta_evt+0x12c0/0x3b80 [ 690.299147][ T4184] ? hci_event_packet+0x1f0/0x12f0 [ 690.304280][ T4184] ? hci_remote_host_features_evt+0x280/0x280 [ 690.310351][ T4184] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 690.315982][ T4184] ? mark_lock+0x94/0x320 [ 690.320404][ T4184] ? mutex_unlock+0x10/0x10 [ 690.325169][ T4184] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 690.331141][ T4184] ? lock_chain_count+0x20/0x20 [ 690.336011][ T4184] ? __rwlock_init+0x140/0x140 [ 690.340772][ T4184] hci_event_packet+0xe05/0x12f0 [ 690.345882][ T4184] ? lockdep_hardirqs_on+0x94/0x140 [ 690.351093][ T4184] ? rcu_lock_release+0x20/0x20 [ 690.356036][ T4184] ? hci_send_to_monitor+0x9c/0x4a0 [ 690.361522][ T4184] hci_rx_work+0x255/0xa10 [ 690.366130][ T4184] process_one_work+0x863/0x1000 [ 690.371075][ T4184] ? worker_detach_from_pool+0x240/0x240 [ 690.376793][ T4184] ? lockdep_hardirqs_off+0x70/0x100 [ 690.382165][ T4184] ? _raw_spin_lock_irq+0xab/0xe0 [ 690.387291][ T4184] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 690.392681][ T4184] ? wq_worker_running+0x97/0x170 [ 690.397715][ T4184] worker_thread+0xaa8/0x12a0 [ 690.402391][ T4184] kthread+0x436/0x520 [ 690.406454][ T4184] ? rcu_lock_release+0x20/0x20 [ 690.411297][ T4184] ? kthread_blkcg+0xd0/0xd0 [ 690.415883][ T4184] ret_from_fork+0x1f/0x30 [ 690.420490][ T4184] [ 690.423735][ T4184] Kernel Offset: disabled [ 690.428067][ T4184] Rebooting in 86400 seconds..