last executing test programs: 1m59.576353296s ago: executing program 1 (id=1481): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020700000a00000000000000000000000500051f000000000a00005f00000000fc02000000000000000000000000000000eaff0000000000030005000000000002"], 0x50}}, 0x20000) 1m58.682781024s ago: executing program 1 (id=1483): mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f0000000100)='memory.current\x00', 0x0, 0x0) 1m58.564690981s ago: executing program 1 (id=1484): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa02, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000d00)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x810) r3 = creat(0x0, 0xc) prlimit64(0x0, 0x7, 0x0, 0x0) pipe2(0x0, 0x0) fadvise64(r0, 0x1000, 0x1, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x4580b000) read$FUSE(r3, &(0x7f0000001180)={0x2020}, 0x2020) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) futex(&(0x7f000000cffc), 0x3, 0x0, 0x0, &(0x7f0000048000), 0x2) 1m58.496847773s ago: executing program 1 (id=1486): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x20a00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x5, 0x1, 0x801, 0x0, 0x0, {0x5, 0x0, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x4000084}, 0x80) userfaultfd(0x0) r2 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) connect$802154_dgram(r2, &(0x7f0000000180)={0x27, @long={0x3, 0x2, {0xaaaaaaaaaaaa0102}}}, 0x14) 1m58.352708087s ago: executing program 1 (id=1488): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_NODE_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x800) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$NFC_CMD_LLC_SDREQ(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x10c, r1, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@NFC_ATTR_LLC_SDP={0x80, 0x13, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [{0x7, 0x1, '(\xe7!'}, {0x7, 0x1, 'ib\x00'}, {0x7, 0x1, '@:.'}, {0x8, 0x1, 'eth\x00'}, {0x8, 0x1, 'eth\x00'}, {0x5, 0x1, '\xc2'}]}, {0x1c, 0x0, 0x0, 0x1, [{0x8, 0x1, 'eth\x00'}, {0x8, 0x1, 'eth\x00'}, {0x7, 0x1, 'ib\x00'}]}, {0x2c, 0x0, 0x0, 0x1, [{0x4}, {0x4}, {0x4}, {0x7, 0x1, '$.W'}, {0x7, 0x1, 'ib\x00'}, {0x9, 0x1, '}*#(-'}]}]}, @NFC_ATTR_LLC_SDP={0x78, 0x13, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [{0x6, 0x1, '[}'}, {0x8, 0x1, 'eth\x00'}]}, {0xc, 0x0, 0x0, 0x1, [{0x8, 0x1, 'a,\xe7:'}]}, {0x18, 0x0, 0x0, 0x1, [{0x6, 0x1, '.B'}, {0x9, 0x1, '&+],-'}]}, {0xc, 0x0, 0x0, 0x1, [{0x6, 0x1, '{$'}]}, {0x30, 0x0, 0x0, 0x1, [{0x6, 0x1, '\\]'}, {0x7, 0x1, '/:&'}, {0x7, 0x1, 'ib\x00'}, {0x7, 0x1, 'ib\x00'}, {0x9, 0x1, ',@.*\\'}]}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x80}, 0x10) (async) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}, @ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) setrlimit(0x0, &(0x7f0000000480)={0x4}) (async, rerun: 32) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (rerun: 32) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r2, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x10, 0x140a, 0x2, 0x70bd2a, 0x25dfdbfd}, 0x10}, 0x1, 0x0, 0x0, 0x20040051}, 0x80) (async) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x1c, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_PAUSE_RX={0x5, 0x3, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_LISTALL(r3, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000700)={0x9c, 0x0, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x54, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0xc}, {0x5, 0x3, 0x1}, {0x5}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x6}, {0x5}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x2}, {0x5}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x20, 0xc, 0x0, 0x1, [{0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3dd0016a}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xbc9f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfb46}]}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) sendmsg$NLBL_CALIPSO_C_ADD(r3, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x54, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x80c0}, 0x4004004) (async) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000980)={0x0, @initdev, @private}, &(0x7f00000009c0)=0xc) (async, rerun: 64) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000a40), r3) (rerun: 64) sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, &(0x7f0000000b80)={&(0x7f0000000a00), 0xc, &(0x7f0000000b40)={&(0x7f0000000a80)={0x84, r5, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:etc_runtime_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x35, 0x7, 'system_u:object_r:systemd_passwd_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x84}, 0x1, 0x0, 0x0, 0x40090}, 0x4000040) (async, rerun: 64) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) (rerun: 64) sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000c80)={&(0x7f0000000c40)={0x28, r6, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x7f, 0x48}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20004820}, 0x4008100) (async) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000d40), r0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000e80)={&(0x7f0000000d00)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000e40)={&(0x7f0000000d80)={0xc0, r7, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_DEST={0x5c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x20}}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7ff}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0xc0}}, 0x40001) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000f00)=0x0) (async, rerun: 32) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000f40)=0x0) (rerun: 32) sendmsg$NFC_CMD_DEACTIVATE_TARGET(r3, &(0x7f0000001000)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0xa00}, 0xc, &(0x7f0000000fc0)={&(0x7f0000000f80)={0x34, r1, 0xa800d9731a4fafe9, 0x70bd2b, 0x25dfdbff, {}, [@NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}, @NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0xffffffffffffffff}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r9}]}, 0x34}, 0x1, 0x0, 0x0, 0x44005}, 0x40810) (async) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000001040)={0x392b, 0x3, 0x7, 0x2}, 0x10) r10 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000010c0), r3) sendmsg$NLBL_MGMT_C_PROTOCOLS(r3, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x14, r10, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x20008020) (async) r11 = openat$fuse(0xffffffffffffff9c, &(0x7f00000011c0), 0x2, 0x0) read$FUSE(r11, &(0x7f0000001200)={0x2020}, 0x2020) (async, rerun: 32) r12 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000003280), r3) (rerun: 32) sendmsg$NLBL_MGMT_C_REMOVEDEF(r3, &(0x7f0000003380)={&(0x7f0000003240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000003340)={&(0x7f00000032c0)={0x5c, r12, 0x20, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x1}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @private0}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010102}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x4800) 1m57.912572416s ago: executing program 1 (id=1492): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0xfffffffffffffffd, 0x733400) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x0, 0x7, &(0x7f0000000140)={0xc, "b7fc741714bd8325de9540e3cfc840d0b9358338de5fdb7ad189aa80277f6cd2e2"}}) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000) 1m42.858558632s ago: executing program 32 (id=1492): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0xfffffffffffffffd, 0x733400) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x1, 0x0, 0x7, &(0x7f0000000140)={0xc, "b7fc741714bd8325de9540e3cfc840d0b9358338de5fdb7ad189aa80277f6cd2e2"}}) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) (async) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x22052, r0, 0x2000) 3.356396132s ago: executing program 2 (id=2255): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioprio_set$pid(0x2, 0x0, 0x0) io_setup(0x4, &(0x7f00000001c0)=0x0) r1 = eventfd2(0x0, 0x0) io_submit(r0, 0x1, &(0x7f0000002200)=[&(0x7f0000000040)={0x40000000, 0x0, 0x30, 0x1, 0x1a5, r1, 0x0, 0x0, 0x1, 0x0, 0x1, r1}]) 3.188320807s ago: executing program 2 (id=2258): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000000000)={0x0, 0xffffffff, 0x800, 0x401, 0x3, 0xc, 0x7f18, 0x7, 0x7, 0x10000009, 0x7, 0x6, 0xfffffffc, 0x270f}) 2.536112699s ago: executing program 0 (id=2268): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache']) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22) 2.491955151s ago: executing program 0 (id=2270): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0xffffffffffffffff, 0x47, 0x5, 0x0, 0x5, 0x7, 0x4, 0x7]}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x46}], 0x1, 0x1a, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 2.379961527s ago: executing program 0 (id=2271): getrandom(&(0x7f0000000380)=""/288, 0xfffffffffffffd92, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) socket$packet(0x11, 0x2, 0x300) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00') writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)='4', 0x1}], 0x1) 2.236379827s ago: executing program 3 (id=2273): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8540, 0x0) r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x10, 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3) sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32=r2], 0x4) 2.006103848s ago: executing program 3 (id=2274): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0x4) copy_file_range(r1, &(0x7f0000000080), r0, 0x0, 0xfffffffffffffff8, 0x0) 1.884991781s ago: executing program 4 (id=2275): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'macvlan1\x00'}) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0xb8}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x9}, {0x0, 0x5}}}, 0xb8}}, 0x4000) 1.872259451s ago: executing program 3 (id=2276): unshare(0x22020600) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, 0x0) 1.732346152s ago: executing program 4 (id=2277): ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$UHID_INPUT(r1, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 1.669308426s ago: executing program 2 (id=2278): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15) r2 = dup(r1) open(&(0x7f0000000180)='./file0\x00', 0x440, 0xc2) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_DIRENTPLUS(r2, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=fscache']) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22) 1.651520385s ago: executing program 4 (id=2279): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4f549b, 0x0, [0xffffffffffffffff, 0x47, 0x5, 0x0, 0x5, 0x7, 0x4, 0x7]}) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x46}], 0x1, 0x1a, 0x0, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 1.504305233s ago: executing program 3 (id=2280): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) lseek(r0, 0x1002080000001, 0x0) 1.504087949s ago: executing program 4 (id=2281): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) fcntl$lock(r0, 0x24, &(0x7f0000000000)={0x2, 0x2, 0x0, 0x800003fffffffffd}) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.486579105s ago: executing program 2 (id=2282): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="700000000206010200000000000000000000000005000100070000000500050002000000120003006269746d61703a69702c6d61630000000900020073797a30000000000500040000000000240007800c"], 0x70}}, 0x0) 1.394099022s ago: executing program 3 (id=2283): r0 = inotify_init1(0x0) syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x403}}]}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000100)={0x0, 0x1, 0xe, 0x2}, 0x14) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28) close_range(r0, 0xffffffffffffffff, 0x0) 1.368322132s ago: executing program 2 (id=2284): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000640)=ANY=[@ANYRESHEX, @ANYRESOCT=0x0, @ANYRES32, @ANYRESOCT, @ANYBLOB="d2ed3e0d7d975b8693ccfd306fa694c348fa4c0ee8668cdd22b285080e2d8c25eb137d1c9ba1c425d4ef2511bace82475175609f8d1fc7e221e014b0f46f67f01bb31d5cbdb17446f2"], 0x90) 1.21628632s ago: executing program 4 (id=2285): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) fsopen(&(0x7f00000000c0)='cifs\x00', 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_create(0x1, 0x0, &(0x7f0000bbdffc)) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) 1.21605402s ago: executing program 2 (id=2286): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$packet(0x11, 0x2, 0x300) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2}) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000180)={0x8000000, 0x6000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000040)={0xdddd0000, 0x10000}) r3 = socket$alg(0x26, 0x5, 0x0) syz_usb_connect(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xd1, 0x2d, 0xd0, 0x20, 0x11f5, 0x5, 0x2780, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x62, 0x0, 0x2, 0x6e, 0xec, 0x61, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x80800) sendmmsg$alg(r4, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000008c0)="0928ffffff7f000000bc8f3939f631b83ecbac4500fdf4f2f78d9c26c6789d98feac621054c738dcd81e12d6cd88f9ca0429531b32f76876468253effdaeda1a06b48bddc25f4e2b0575fe2a30c682a714aed74b77d62b3a165438e4c2243ccfbc7090935d6c2a2e93d58d592e7b5a832e499f91aeda0235106a00f7cb9262e15f291af69ab6174ff582c04e21c7cb726c8e86667c8b97e072161507be709abeb7b807e7c9b6815fa4734bb1488891c04a74227bf8f6f42744216452d689376806ef6c540218bbba9401fb9edba3909e10b8cd4069bf3788d583a966fdabd553c7b0fd8039202522ac4c56350e1bee7dc17b7fece6a83898c525faa195ce489d23459d3b45a93c8483eefc2af1700115196f4a738b1d2827112e958280565d39e4790fe603e27ad0ced6b29fbb42b2c1ec55cba3317541e25934ace54d832770cc6c220988987114b761f6c74235c55d316178aea6", 0x155}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffe8d}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18, 0x800}], 0x1, 0x40800) 214.500104ms ago: executing program 3 (id=2287): sendmsg$NL80211_CMD_SET_POWER_SAVE(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4000000) r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0xffffff6a) sendfile(r0, 0xffffffffffffffff, 0x0, 0xffffffff000) recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, 0x0}, 0xffffffff}], 0x19, 0x0, 0x0) 170.427676ms ago: executing program 0 (id=2288): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="20000000021401040000000001dc"], 0x20}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810) 97.307512ms ago: executing program 0 (id=2289): openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000893000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000000)="0f20c06635000001000f22c00f01c36565d8046766660f388129a5660fd9430d0f3a0fcc35f20f38f14029f20fc24686490e", 0x32}], 0x1, 0x8, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 52.563872ms ago: executing program 4 (id=2290): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40081271, &(0x7f0000000980)=0x4000) mount(&(0x7f0000000040)=@nullb, &(0x7f0000000100)='.\x00', &(0x7f00000001c0)='ntfs3\x00', 0x8000, 0x0) 0s ago: executing program 0 (id=2291): mkdir(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x83) readahead(r0, 0x7fffffff, 0x10000) kernel console output (not intermixed with test programs): is 0 [ 270.937488][ T5848] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 270.947784][ T5848] usb 3-1: config 8 has no interface number 0 [ 270.953917][ T5848] usb 3-1: config 8 interface 80 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 270.965018][ T5848] usb 3-1: config 8 interface 80 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 270.966843][ T5918] usb 4-1: device descriptor read/64, error -71 [ 270.975280][ T5848] usb 3-1: config 8 interface 80 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 14 [ 270.984414][ T5905] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 270.994658][ T5848] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.6f [ 271.011652][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.040537][ T5905] usb 1-1: device descriptor read/8, error -71 [ 271.041544][ T5848] usb 3-1: NFC: intf ffff888025374000 id ffffffff8ef6c060 [ 271.244928][ T5848] usb 3-1: USB disconnect, device number 74 [ 271.257232][ T5918] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 271.296902][ T5905] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 271.337555][ T5905] usb 1-1: device descriptor read/8, error -71 [ 271.416870][ T5918] usb 4-1: device descriptor read/64, error -71 [ 271.457002][ T5905] usb usb1-port1: unable to enumerate USB device [ 271.546839][ T5918] usb usb4-port1: attempt power cycle [ 271.913286][T10803] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 271.917018][ T5918] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 271.932284][T10803] Error validating options; rc = [-22] [ 271.950407][ T5918] usb 4-1: device descriptor read/8, error -71 [ 272.001783][T10805] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 272.012524][T10805] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 272.021707][T10805] VFS: Can't find a romfs filesystem on dev rnullb0. [ 272.021707][T10805] [ 272.216970][ T5918] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 272.239436][ T5918] usb 4-1: device descriptor read/8, error -71 [ 272.349213][ T5918] usb usb4-port1: unable to enumerate USB device [ 272.356857][ T5848] usb 3-1: new full-speed USB device number 75 using dummy_hcd [ 272.509360][ T5848] usb 3-1: config 0 has an invalid interface number: 57 but max is 0 [ 272.527826][ T5848] usb 3-1: config 0 has no interface number 0 [ 272.543837][ T5848] usb 3-1: config 0 interface 57 altsetting 2 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 272.555085][ T5848] usb 3-1: config 0 interface 57 has no altsetting 0 [ 272.572143][ T5848] usb 3-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=c5.65 [ 272.581773][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.590377][ T5848] usb 3-1: Product: syz [ 272.595082][ T5848] usb 3-1: Manufacturer: syz [ 272.600233][ T5848] usb 3-1: SerialNumber: syz [ 272.609071][ T5848] usb 3-1: config 0 descriptor?? [ 272.615650][T10808] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 272.626116][ T5848] keyspan 3-1:0.57: Keyspan 1 port adapter converter detected [ 272.634271][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 87 [ 272.642263][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 7 [ 272.652645][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 81 [ 272.664187][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 1 [ 272.676129][T10819] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 272.683201][T10819] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 272.690279][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 2 [ 272.699056][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 85 [ 272.709487][ T5848] keyspan 3-1:0.57: found no endpoint descriptor for endpoint 5 [ 272.720175][ T5848] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 272.835337][ T5848] usb 3-1: USB disconnect, device number 75 [ 272.869504][ T5848] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 272.885533][ T5848] keyspan 3-1:0.57: device disconnected [ 273.171619][T10848] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.182250][T10848] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.388198][T10850] gfs2: not a GFS2 filesystem [ 274.041899][T10876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.051121][T10876] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.088365][T10876] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 274.125433][T10876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 274.153537][T10876] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1328'. [ 274.202375][T10879] qnx4: no qnx4 filesystem (no root dir). [ 274.360934][T10885] FAT-fs (rnullb0): bogus number of reserved sectors [ 274.375583][T10885] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 274.720530][T10905] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 274.729538][T10905] VFS: Can't find a romfs filesystem on dev rnullb0. [ 274.729538][T10905] [ 274.817575][ T5848] usb 3-1: new full-speed USB device number 76 using dummy_hcd [ 274.969584][ T5848] usb 3-1: device descriptor read/64, error -71 [ 275.216818][ T5848] usb 3-1: new full-speed USB device number 77 using dummy_hcd [ 275.366821][ T5848] usb 3-1: device descriptor read/64, error -71 [ 275.477096][ T5848] usb usb3-port1: attempt power cycle [ 275.526666][T10920] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1341'. [ 275.594763][T10921] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1341'. [ 275.604452][T10920] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1341'. [ 275.811435][T10932] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1345'. [ 275.826980][ T5848] usb 3-1: new full-speed USB device number 78 using dummy_hcd [ 275.847607][ T5848] usb 3-1: device descriptor read/8, error -71 [ 275.858453][T10932] NILFS (rnullb0): couldn't find nilfs on the device [ 276.035656][T10941] qnx4: no qnx4 filesystem (no root dir). [ 276.088758][ T5848] usb 3-1: new full-speed USB device number 79 using dummy_hcd [ 276.099319][T10941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.109922][T10941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.128925][T10941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.140494][ T5848] usb 3-1: device descriptor read/8, error -71 [ 276.151403][T10941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.258039][ T5848] usb usb3-port1: unable to enumerate USB device [ 276.626934][ T5848] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 276.779273][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.790841][ T5987] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 276.798907][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.811327][ T5848] usb 1-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 276.820909][ T5848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.832510][ T5848] usb 1-1: config 0 descriptor?? [ 276.834180][T10965] Can't find a SQUASHFS superblock on rnullb0 [ 276.961741][ T5987] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 276.971005][ T5987] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.981533][ T5987] usb 4-1: Product: syz [ 276.985779][ T5987] usb 4-1: Manufacturer: syz [ 276.990700][ T5987] usb 4-1: SerialNumber: syz [ 277.015435][ T5987] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 277.044442][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 277.056502][T10954] exFAT-fs (rnullb0): invalid boot record signature [ 277.063575][T10954] exFAT-fs (rnullb0): failed to read boot sector [ 277.077329][T10954] exFAT-fs (rnullb0): failed to recognize exfat type [ 277.096618][ T5848] usbhid 1-1:0.0: can't add hid device: -71 [ 277.103825][ T5848] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 277.124270][ T5848] usb 1-1: USB disconnect, device number 73 [ 277.143287][T10970] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 277.272107][ T5946] usb 4-1: USB disconnect, device number 63 [ 277.324294][T10977] syz.1.1358 (10977) used obsolete PPPIOCDETACH ioctl [ 277.661049][ T30] audit: type=1326 audit(1752562772.772:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10983 comm="syz.0.1361" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7eff6138e929 code=0x0 [ 277.956835][ T5918] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 278.117018][ T5918] usb 1-1: Using ep0 maxpacket: 32 [ 278.125411][ T5918] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 278.134972][ T5918] usb 1-1: config 0 has no interface number 0 [ 278.137370][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 278.144287][ T5918] usb 1-1: config 0 interface 86 has no altsetting 0 [ 278.155528][ T9] ath9k_htc: Failed to initialize the device [ 278.159046][ T5918] usb 1-1: New USB device found, idVendor=0af0, idProduct=7801, bcdDevice=c6.25 [ 278.175167][ T5946] usb 4-1: ath9k_htc: USB layer deinitialized [ 278.196873][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.204968][ T5918] usb 1-1: Product: syz [ 278.216020][ T5918] usb 1-1: Manufacturer: syz [ 278.223388][ T5918] usb 1-1: SerialNumber: syz [ 278.246179][ T5918] usb 1-1: config 0 descriptor?? [ 278.254025][ T5918] hso 1-1:0.86: Not our interface [ 278.487596][ T5946] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 278.519071][T10985] sp0: Synchronizing with TNC [ 278.542907][T10985] /dev/rnullb0: Can't open blockdev [ 278.651789][T11010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.661193][T11010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.671146][ T5946] usb 4-1: too many configurations: 57, using maximum allowed: 8 [ 278.682018][ T5946] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 278.691731][ T5946] usb 4-1: can't read configurations, error -22 [ 278.826892][ T5946] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 278.867003][ T5918] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 278.999980][ T5946] usb 4-1: too many configurations: 57, using maximum allowed: 8 [ 279.010118][ T5946] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 279.018843][ T5946] usb 4-1: can't read configurations, error -22 [ 279.025798][ T5946] usb usb4-port1: attempt power cycle [ 279.031968][ T5918] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 102, changing to 10 [ 279.044190][ T5918] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid maxpacket 24624, setting to 1024 [ 279.055540][ T5918] usb 3-1: config 0 interface 0 has no altsetting 0 [ 279.064534][ T5918] usb 3-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3 [ 279.073776][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.081835][ T5918] usb 3-1: Product: syz [ 279.086044][ T5918] usb 3-1: Manufacturer: syz [ 279.091307][ T5918] usb 3-1: SerialNumber: syz [ 279.100639][ T5918] usb 3-1: config 0 descriptor?? [ 279.110278][ T5918] keyspan 3-1:0.0: Keyspan 2 port adapter converter detected [ 279.117912][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 7 [ 279.127496][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 279.135264][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 279.142975][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 279.150818][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 85 [ 279.158843][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 5 [ 279.168496][ T5918] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 279.179359][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 279.187156][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 279.194798][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 4 [ 279.204947][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 86 [ 279.213097][ T5918] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 6 [ 279.223691][ T5918] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 279.377348][ T5946] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 279.419311][ T5946] usb 4-1: too many configurations: 57, using maximum allowed: 8 [ 279.437714][ T5946] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 279.456816][ T5946] usb 4-1: can't read configurations, error -22 [ 279.587136][ T5946] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 279.630101][ T5946] usb 4-1: too many configurations: 57, using maximum allowed: 8 [ 279.645988][ T5946] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 279.659910][ T5946] usb 4-1: can't read configurations, error -22 [ 279.677684][ T5946] usb usb4-port1: unable to enumerate USB device [ 279.707483][ T9] usb 3-1: USB disconnect, device number 80 [ 279.730894][ T9] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 279.761791][ T9] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 279.784961][ T9] keyspan 3-1:0.0: device disconnected [ 280.101261][T11038] netlink: 57 bytes leftover after parsing attributes in process `syz.1.1373'. [ 280.111354][T11038] Malformed UNC in devname [ 280.111354][T11038] [ 280.119616][T11038] CIFS: VFS: Malformed UNC in devname [ 280.298505][T11045] binder: 11044:11045 ioctl 400c620e 2000000014c0 returned -22 [ 280.335930][T11045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.355184][T11045] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 280.532570][T11054] /dev/rnullb0: Can't open blockdev [ 280.705102][T10983] [U] [ 280.732834][T11058] /dev/rnullb0: Can't open blockdev [ 280.766561][ T5848] usb 1-1: USB disconnect, device number 74 [ 280.829824][T11062] loop2: detected capacity change from 0 to 7 [ 281.033540][T11071] /dev/rnullb0: Can't open blockdev [ 281.177546][T11076] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1385'. [ 281.277362][T11076] netlink: 'syz.1.1385': attribute type 2 has an invalid length. [ 281.290534][T11076] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1385'. [ 281.930008][T11102] omfs: Invalid superblock (0) [ 282.464680][T11115] /dev/rnullb0: Can't open blockdev [ 282.568469][T11117] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 282.568498][T11117] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 282.568693][T11117] vhci_hcd vhci_hcd.0: Device attached [ 282.649528][T11118] vhci_hcd: connection closed [ 282.655256][ T36] vhci_hcd: stop threads [ 282.665085][ T5918] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 282.698199][ T36] vhci_hcd: release socket [ 282.713872][ T36] vhci_hcd: disconnect device [ 282.828318][ T5918] usb 1-1: device descriptor read/64, error -71 [ 283.033906][T11134] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1398'. [ 283.077258][ T5918] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 283.216973][ T5918] usb 1-1: device descriptor read/64, error -71 [ 283.328246][ T5918] usb usb1-port1: attempt power cycle [ 283.369617][T11143] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1400'. [ 283.676887][ T5918] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 283.705285][T11152] kvm: pic: non byte write [ 283.715988][ T5918] usb 1-1: device descriptor read/8, error -71 [ 283.894099][T11157] No control pipe specified [ 283.966904][ T5918] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 284.007560][ T5918] usb 1-1: device descriptor read/8, error -71 [ 284.131257][ T5918] usb usb1-port1: unable to enumerate USB device [ 284.947347][T11175] binder: 11174:11175 ioctl c018620b 200000000000 returned -14 [ 285.269500][T11193] program syz.1.1411 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.296899][T11192] program syz.1.1411 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.570000][T11202] /dev/rnullb0: Can't open blockdev [ 285.600223][T11201] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1412'. [ 285.691054][T11206] /dev/rnullb0: Can't open blockdev [ 286.022814][T11220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.057496][T11225] /dev/rnullb0: Can't open blockdev [ 286.090567][T11220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.104619][T11225] /dev/rnullb0: Can't open blockdev [ 286.137271][T11220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.157239][T11220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.357528][T11238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1422'. [ 286.369143][T11238] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1422'. [ 286.410875][T11242] binder: 11241:11242 ioctl c018620b 200000000000 returned -14 [ 286.582887][T11247] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1425'. [ 286.597598][T11248] netlink: 393 bytes leftover after parsing attributes in process `syz.2.1426'. [ 286.613824][T11249] /dev/rnullb0: Can't open blockdev [ 286.618700][T11250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1422'. [ 286.655176][T11250] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1422'. [ 286.669320][T11248] ./file0: Can't lookup blockdev [ 286.880283][T11257] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1427'. [ 287.314095][T11273] /dev/rnullb0: Can't open blockdev [ 288.164480][T11295] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 288.231259][T11295] /dev/rnullb0: Can't open blockdev [ 288.609031][T11305] /dev/rnullb0: Can't open blockdev [ 288.672465][T11307] /dev/rnullb0: Can't open blockdev [ 288.751476][T11310] netlink: 'syz.0.1442': attribute type 10 has an invalid length. [ 288.882206][T11319] /dev/rnullb0: Can't open blockdev [ 289.483017][T11310] team0 (unregistering): Port device team_slave_1 removed [ 289.862650][T11356] omfs: Invalid superblock (0) [ 290.388935][T11365] blkio.reset_stats is deprecated [ 290.560020][T11368] loop7: detected capacity change from 0 to 524255232 [ 290.751531][T11375] FAT-fs (rnullb0): bogus number of reserved sectors [ 290.770052][T11375] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 290.801925][T11379] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 290.971158][T11387] /dev/rnullb0: Can't open blockdev [ 291.169222][T11393] syzkaller1: entered promiscuous mode [ 291.174764][T11393] syzkaller1: entered allmulticast mode [ 291.901236][T11424] sctp: [Deprecated]: syz.3.1473 (pid 11424) Use of struct sctp_assoc_value in delayed_ack socket option. [ 291.901236][T11424] Use struct sctp_sack_info instead [ 291.989130][T11428] FAT-fs (rnullb0): bogus number of reserved sectors [ 292.006829][T11428] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 292.044255][T11431] RDS: rds_bind could not find a transport for ::ffff:100.1.1.1, load rds_tcp or rds_rdma? [ 292.146300][T11435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.157448][T11435] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.866984][ T5848] usb 3-1: new full-speed USB device number 81 using dummy_hcd [ 292.907223][ T9] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 293.054405][ T5848] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 293.078130][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.086192][ T5848] usb 3-1: Product: syz [ 293.104918][ T9] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 293.117108][ T5848] usb 3-1: Manufacturer: syz [ 293.121786][ T5848] usb 3-1: SerialNumber: syz [ 293.130226][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.141679][ T9] usb 1-1: Product: syz [ 293.146340][ T9] usb 1-1: Manufacturer: syz [ 293.153007][ T5848] usb 3-1: config 0 descriptor?? [ 293.165900][ T9] usb 1-1: SerialNumber: syz [ 293.189214][ T9] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 293.216067][ T5987] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 293.374252][ T5848] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 293.416560][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.536292][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.568197][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.603761][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.650197][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.714135][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.729528][T11500] /dev/rnullb0: Can't open blockdev [ 293.753356][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.802757][ T5918] usb 1-1: USB disconnect, device number 79 [ 293.863130][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.927989][T11464] XFS (rnullb0): Invalid superblock magic number [ 293.997618][T11464] XFS (rnullb0): Invalid superblock magic number [ 294.031355][ T5848] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 294.054847][T11533] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 294.081114][T11464] XFS (rnullb0): Invalid superblock magic number [ 294.088551][ T5848] usb 3-1: USB disconnect, device number 81 [ 294.101298][T11533] /dev/rnullb0: Can't open blockdev [ 294.153646][T11464] XFS (rnullb0): Invalid superblock magic number [ 294.216987][T11464] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/rnullb0": -EINTR [ 294.298684][ T5987] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 294.348942][ T5987] ath9k_htc: Failed to initialize the device [ 294.381106][ T5918] usb 1-1: ath9k_htc: USB layer deinitialized [ 294.549274][ T5848] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 294.652039][T11564] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1493'. [ 294.672641][T11564] /dev/rnullb0: Can't open blockdev [ 294.730607][ T5848] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 294.748415][ T5848] usb 3-1: config 0 has no interface number 1 [ 294.760408][ T5848] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 294.784653][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.828902][ T5848] usb 3-1: config 0 descriptor?? [ 294.853094][ T5848] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 294.874237][ T5848] usb 3-1: MIDIStreaming interface descriptor not found [ 294.993597][ T5848] gspca_main: spca561-2.14.0 probing abcd:cdee [ 295.037106][T11551] /dev/rnullb0: Can't open blockdev [ 295.045649][ T5848] spca561 3-1:0.0: probe with driver spca561 failed with error -22 [ 295.086026][ T5848] usb 3-1: USB disconnect, device number 82 [ 295.100704][T11570] /dev/rnullb0: Can't open blockdev [ 295.393723][T11582] /dev/rnullb0: Can't open blockdev [ 295.452234][T11585] netlink: 'syz.0.1497': attribute type 4 has an invalid length. [ 295.513467][T11591] /dev/rnullb0: Can't open blockdev [ 295.587184][ T5987] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 295.747354][ T5987] usb 4-1: Using ep0 maxpacket: 8 [ 295.755791][ T5987] usb 4-1: config 49 has an invalid interface number: 221 but max is 3 [ 295.764414][ T5987] usb 4-1: config 49 has an invalid interface number: 83 but max is 3 [ 295.772870][ T5987] usb 4-1: config 49 has an invalid interface number: 191 but max is 3 [ 295.781559][ T5987] usb 4-1: config 49 has an invalid interface number: 155 but max is 3 [ 295.794466][ T5987] usb 4-1: config 49 has an invalid descriptor of length 0, skipping remainder of the config [ 295.804925][ T5987] usb 4-1: config 49 has 5 interfaces, different from the descriptor's value: 4 [ 295.814141][ T5987] usb 4-1: config 49 has no interface number 0 [ 295.820932][ T5987] usb 4-1: config 49 has no interface number 1 [ 295.827591][ T5987] usb 4-1: config 49 has no interface number 3 [ 295.834133][ T5987] usb 4-1: config 49 has no interface number 4 [ 295.840507][ T5987] usb 4-1: config 49 interface 221 altsetting 68 has an invalid descriptor for endpoint zero, skipping [ 295.858957][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0x1 has invalid wMaxPacketSize 0 [ 295.882545][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has an invalid descriptor for endpoint zero, skipping [ 295.914907][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 295.926772][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has an invalid descriptor for endpoint zero, skipping [ 295.956843][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0xC has an invalid bInterval 127, changing to 10 [ 295.981669][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0xE has an invalid bInterval 80, changing to 7 [ 296.000252][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0xE has invalid maxpacket 42506, setting to 1024 [ 296.049134][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has a duplicate endpoint with address 0x1, skipping [ 296.062244][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has a duplicate endpoint with address 0x1, skipping [ 296.077103][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has a duplicate endpoint with address 0xA, skipping [ 296.108322][ T5987] usb 4-1: config 49 interface 83 altsetting 238 has a duplicate endpoint with address 0xC, skipping [ 296.121999][ T5987] usb 4-1: config 49 interface 83 altsetting 238 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 296.134789][ T5987] usb 4-1: config 49 interface 155 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 296.164684][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0x6, skipping [ 296.175974][ T5987] usb 4-1: config 49 interface 2 altsetting 16 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 296.187454][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0x2, skipping [ 296.205691][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0x2, skipping [ 296.222695][ T5987] usb 4-1: config 49 interface 2 altsetting 16 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 296.234305][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0xD, skipping [ 296.258693][ T5987] usb 4-1: config 49 interface 2 altsetting 16 bulk endpoint 0xF has invalid maxpacket 1023 [ 296.269607][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0xC, skipping [ 296.290580][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has a duplicate endpoint with address 0xC, skipping [ 296.302254][ T5987] usb 4-1: config 49 interface 2 altsetting 16 has 10 endpoint descriptors, different from the interface descriptor's value: 6 [ 296.316157][ T5987] usb 4-1: config 49 interface 221 has no altsetting 0 [ 296.332650][ T5987] usb 4-1: config 49 interface 83 has no altsetting 0 [ 296.339969][ T5987] usb 4-1: config 49 interface 191 has no altsetting 0 [ 296.347181][ T9] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 296.356454][ T5987] usb 4-1: config 49 interface 2 has no altsetting 0 [ 296.375470][ T5987] usb 4-1: New USB device found, idVendor=056c, idProduct=8100, bcdDevice=68.d1 [ 296.385383][ T5987] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.393845][ T5987] usb 4-1: Product: syz [ 296.398654][ T5987] usb 4-1: Manufacturer: 褠䦶⍺ጘ믃ⶥ鑅附豊￵价艷䪈ⶥ挰᭼왱羂㌓악㳉 [ 296.419357][ T5987] usb 4-1: SerialNumber: syz [ 296.497121][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 296.509299][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84 [ 296.533995][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 296.549034][ T9] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16 [ 296.562420][ T9] usb 3-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3 [ 296.582939][ T9] usb 3-1: Product: syz [ 296.587321][ T9] usb 3-1: Manufacturer: syz [ 296.592247][ T9] usb 3-1: SerialNumber: syz [ 296.626209][ T9] usb 3-1: config 0 descriptor?? [ 296.650340][T11579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.666320][T11579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.678893][ T9] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 296.789658][ T5987] cdc_subset 4-1:49.221: probe with driver cdc_subset failed with error -22 [ 296.864980][ T5987] cdc_subset 4-1:49.83: probe with driver cdc_subset failed with error -22 [ 296.904947][ T5987] cdc_subset 4-1:49.191: probe with driver cdc_subset failed with error -22 [ 296.926564][T11627] program syz.3.1505 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 296.960841][ T5987] cdc_subset 4-1:49.155: probe with driver cdc_subset failed with error -22 [ 296.983251][ T5987] cdc_subset 4-1:49.2: probe with driver cdc_subset failed with error -22 [ 296.990698][T11628] overlayfs: missing 'lowerdir' [ 297.031697][ T5987] usb 4-1: USB disconnect, device number 68 [ 297.190298][ T6599] usb 3-1: Failed to submit usb control message: -71 [ 297.198483][ T2156] usb 3-1: USB disconnect, device number 83 [ 297.206843][ T6599] usb 3-1: unable to send the bmi data to the device: -71 [ 297.216576][ T6599] usb 3-1: unable to get target info from device [ 297.229129][ T6599] usb 3-1: could not get target info (-71) [ 297.235293][ T6599] usb 3-1: could not probe fw (-71) [ 297.256934][ T5918] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 297.409894][ T5918] usb 1-1: Using ep0 maxpacket: 16 [ 297.424755][ T5918] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.437317][ T5918] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 297.451041][ T5918] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 297.460666][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.475333][ T5918] usb 1-1: config 0 descriptor?? [ 297.521050][T11639] /dev/rnullb0: Can't open blockdev [ 297.592245][T11642] /dev/rnullb0: Can't open blockdev [ 297.924922][ T5918] microsoft 0003:045E:07DA.000E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 297.951075][ T5918] microsoft 0003:045E:07DA.000E: no inputs found [ 297.962305][ T5918] microsoft 0003:045E:07DA.000E: could not initialize ff, continuing anyway [ 298.042757][T11650] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1513'. [ 298.054913][T11650] /dev/rnullb0: Can't open blockdev [ 298.204195][ T5848] usb 1-1: USB disconnect, device number 80 [ 298.399327][T11666] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 298.406541][T11666] /dev/rnullb0: Can't open blockdev [ 298.906819][ T5987] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 299.073687][ T5987] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.085378][ T5987] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.095231][ T5987] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 299.109221][ T5987] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.118624][ T5987] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.129743][ T5987] usb 3-1: config 0 descriptor?? [ 299.166921][ T5848] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 299.296959][ T5848] usb 1-1: device descriptor read/64, error -71 [ 299.537013][ T5848] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 299.559215][ T5987] plantronics 0003:047F:FFFF.000F: reserved main item tag 0xd [ 299.569777][T11692] binder: 11691:11692 ioctl c018620b 200000000000 returned -14 [ 299.607335][ T5987] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 299.716856][ T5848] usb 1-1: device descriptor read/64, error -71 [ 299.809541][T11680] /dev/rnullb0: Can't open blockdev [ 299.820060][ T5918] usb 3-1: USB disconnect, device number 84 [ 299.833650][T11699] vivid-007: kernel_thread() failed [ 299.841169][ T5848] usb usb1-port1: attempt power cycle [ 299.913531][T11705] /dev/rnullb0: Can't open blockdev [ 299.991979][T11707] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1528'. [ 300.001309][T11707] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1528'. [ 300.012009][T11707] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1528'. [ 300.021286][T11707] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1528'. [ 300.049510][T11707] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 300.056823][T11707] /dev/rnullb0: Can't open blockdev [ 300.188860][ T5848] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 300.203651][T11711] /dev/rnullb0: Can't open blockdev [ 300.209363][T11712] /dev/rnullb0: Can't open blockdev [ 300.219276][ T5848] usb 1-1: device descriptor read/8, error -71 [ 300.300841][T11715] /dev/rnullb0: Can't open blockdev [ 300.457337][ T5848] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 300.486674][ T5848] usb 1-1: device descriptor read/8, error -71 [ 300.597272][ T5848] usb usb1-port1: unable to enumerate USB device [ 300.677040][ T9] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 300.826827][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 300.833608][ T9] usb 4-1: config 0 has an invalid interface number: 234 but max is 0 [ 300.842115][ T9] usb 4-1: config 0 has no interface number 0 [ 300.851873][ T9] usb 4-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=3b.76 [ 300.861296][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.869587][ T9] usb 4-1: Product: syz [ 300.873865][ T9] usb 4-1: Manufacturer: syz [ 300.878614][ T9] usb 4-1: SerialNumber: syz [ 300.886375][ T9] usb 4-1: config 0 descriptor?? [ 300.894292][ T9] ftdi_sio 4-1:0.234: FTDI USB Serial Device converter detected [ 300.903541][ T9] ftdi_sio ttyUSB0: unknown device type: 0x3b76 [ 301.222143][T11731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1537'. [ 301.235771][T11731] syz.2.1537: attempt to access beyond end of device [ 301.235771][T11731] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 301.250071][T11731] XFS (nbd2): SB validate failed with error -5. [ 301.954815][T11744] /dev/rnullb0: Can't open blockdev [ 302.113503][T11751] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1544'. [ 302.126007][T11751] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1544'. [ 302.244301][T11759] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1546'. [ 302.437405][ T2156] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 302.475634][T11763] /dev/rnullb0: Can't open blockdev [ 302.609552][ T2156] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 302.625089][ T2156] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 302.637771][ T2156] usb 3-1: config 1 has no interface number 1 [ 302.644122][ T2156] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 302.663127][ T2156] usb 3-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x76, changing to 0x6 [ 302.676216][ T2156] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 101, changing to 7 [ 302.691629][ T2156] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x6 has invalid maxpacket 25951, setting to 1024 [ 302.708161][ T2156] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 302.721651][ T2156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.730233][ T2156] usb 3-1: Product: syz [ 302.735194][ T2156] usb 3-1: Manufacturer: syz [ 302.743588][ T2156] usb 3-1: SerialNumber: syz [ 302.759988][T11757] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 302.991092][T11757] /dev/rnullb0: Can't open blockdev [ 303.015346][ T2156] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 303.029482][ T2156] usb 3-1: 2:1: invalid format type 0x1001 is detected, processed as PCM [ 303.097444][ T2156] usb 3-1: USB disconnect, device number 85 [ 303.189757][ T6434] udevd[6434]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 303.402454][ T5987] usb 4-1: USB disconnect, device number 69 [ 303.415999][ T5987] ftdi_sio 4-1:0.234: device disconnected [ 303.518823][T11771] FAULT_INJECTION: forcing a failure. [ 303.518823][T11771] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.554037][T11771] CPU: 0 UID: 0 PID: 11771 Comm: syz.0.1549 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 303.554068][T11771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 303.554081][T11771] Call Trace: [ 303.554089][T11771] [ 303.554097][T11771] dump_stack_lvl+0x189/0x250 [ 303.554131][T11771] ? __pfx____ratelimit+0x10/0x10 [ 303.554161][T11771] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.554188][T11771] ? __pfx__printk+0x10/0x10 [ 303.554216][T11771] ? __might_fault+0xb0/0x130 [ 303.554257][T11771] should_fail_ex+0x414/0x560 [ 303.554283][T11771] _copy_from_iter+0x1db/0x16f0 [ 303.554318][T11771] ? rcu_is_watching+0x15/0xb0 [ 303.554347][T11771] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 303.554380][T11771] ? __pfx__copy_from_iter+0x10/0x10 [ 303.554412][T11771] ? __build_skb_around+0x257/0x3e0 [ 303.554440][T11771] ? netlink_sendmsg+0x642/0xb30 [ 303.554462][T11771] ? skb_put+0x11b/0x210 [ 303.554491][T11771] netlink_sendmsg+0x6b2/0xb30 [ 303.554525][T11771] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.554553][T11771] ? aa_sock_msg_perm+0xf1/0x1d0 [ 303.554575][T11771] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 303.554600][T11771] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.554626][T11771] __sock_sendmsg+0x219/0x270 [ 303.554662][T11771] ____sys_sendmsg+0x505/0x830 [ 303.554696][T11771] ? __pfx_____sys_sendmsg+0x10/0x10 [ 303.554733][T11771] ? import_iovec+0x74/0xa0 [ 303.554756][T11771] ___sys_sendmsg+0x21f/0x2a0 [ 303.554786][T11771] ? __pfx____sys_sendmsg+0x10/0x10 [ 303.554852][T11771] ? __fget_files+0x2a/0x420 [ 303.554877][T11771] ? __fget_files+0x3a0/0x420 [ 303.554913][T11771] __x64_sys_sendmsg+0x19b/0x260 [ 303.554944][T11771] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 303.554982][T11771] ? __pfx_ksys_write+0x10/0x10 [ 303.555010][T11771] ? do_syscall_64+0xbe/0x3b0 [ 303.555037][T11771] do_syscall_64+0xfa/0x3b0 [ 303.555059][T11771] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.555080][T11771] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.555100][T11771] ? clear_bhb_loop+0x60/0xb0 [ 303.555125][T11771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.555155][T11771] RIP: 0033:0x7eff6138e929 [ 303.555180][T11771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.555198][T11771] RSP: 002b:00007eff621b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 303.555220][T11771] RAX: ffffffffffffffda RBX: 00007eff615b5fa0 RCX: 00007eff6138e929 [ 303.555236][T11771] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005 [ 303.555249][T11771] RBP: 00007eff621b0090 R08: 0000000000000000 R09: 0000000000000000 [ 303.555261][T11771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.555274][T11771] R13: 0000000000000000 R14: 00007eff615b5fa0 R15: 00007fff4b658358 [ 303.555306][T11771] [ 303.936242][T11781] netlink: 'syz.0.1550': attribute type 28 has an invalid length. [ 304.008086][T11775] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1551'. [ 304.045405][T11775] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1551'. [ 304.114581][T11783] syzkaller0: entered promiscuous mode [ 304.120187][T11783] syzkaller0: entered allmulticast mode [ 304.122827][T11775] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 304.133127][T11775] /dev/rnullb0: Can't open blockdev [ 304.386943][T11796] /dev/rnullb0: Can't open blockdev [ 304.952329][T11802] /dev/rnullb0: Can't open blockdev [ 305.387104][ T2156] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 305.539088][ T2156] usb 3-1: Using ep0 maxpacket: 8 [ 305.546053][ T2156] usb 3-1: config 8 has an invalid interface number: 148 but max is 0 [ 305.554592][ T2156] usb 3-1: config 8 has no interface number 0 [ 305.563411][ T2156] usb 3-1: config 8 interface 148 altsetting 6 endpoint 0x1 has an invalid bInterval 195, changing to 11 [ 305.574742][ T2156] usb 3-1: config 8 interface 148 altsetting 6 endpoint 0x1 has invalid maxpacket 10013, setting to 1024 [ 305.586239][ T2156] usb 3-1: config 8 interface 148 altsetting 6 endpoint 0xF has an invalid bInterval 251, changing to 11 [ 305.598192][ T2156] usb 3-1: config 8 interface 148 altsetting 6 endpoint 0xB has invalid wMaxPacketSize 0 [ 305.608320][ T2156] usb 3-1: config 8 interface 148 has no altsetting 0 [ 305.625772][ T2156] usb 3-1: New USB device found, idVendor=05ac, idProduct=0263, bcdDevice=fc.a9 [ 305.635028][ T2156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.643115][ T2156] usb 3-1: Product: syz [ 305.647372][ T2156] usb 3-1: Manufacturer: syz [ 305.652076][ T2156] usb 3-1: SerialNumber: syz [ 305.661876][T11805] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 305.742181][T11807] FAULT_INJECTION: forcing a failure. [ 305.742181][T11807] name failslab, interval 1, probability 0, space 0, times 0 [ 305.757543][T11807] CPU: 0 UID: 0 PID: 11807 Comm: syz.0.1558 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 305.757569][T11807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.757594][T11807] Call Trace: [ 305.757601][T11807] [ 305.757609][T11807] dump_stack_lvl+0x189/0x250 [ 305.757637][T11807] ? __pfx____ratelimit+0x10/0x10 [ 305.757671][T11807] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.757695][T11807] ? __pfx__printk+0x10/0x10 [ 305.757721][T11807] ? __pfx___might_resched+0x10/0x10 [ 305.757744][T11807] ? fs_reclaim_acquire+0x7d/0x100 [ 305.757767][T11807] should_fail_ex+0x414/0x560 [ 305.757790][T11807] should_failslab+0xa8/0x100 [ 305.757809][T11807] __kmalloc_noprof+0xcb/0x4f0 [ 305.757832][T11807] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 305.757864][T11807] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 305.757895][T11807] genl_family_rcv_msg_doit+0xb8/0x300 [ 305.757926][T11807] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 305.757953][T11807] ? rcu_is_watching+0x15/0xb0 [ 305.757978][T11807] ? apparmor_capable+0x137/0x1b0 [ 305.758001][T11807] ? bpf_lsm_capable+0x9/0x20 [ 305.758015][T11807] ? security_capable+0x7e/0x2e0 [ 305.758054][T11807] genl_rcv_msg+0x60e/0x790 [ 305.758085][T11807] ? __pfx_genl_rcv_msg+0x10/0x10 [ 305.758107][T11807] ? __pfx_netlbl_mgmt_adddef+0x10/0x10 [ 305.758142][T11807] netlink_rcv_skb+0x205/0x470 [ 305.758162][T11807] ? __pfx_genl_rcv_msg+0x10/0x10 [ 305.758186][T11807] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 305.758221][T11807] ? down_read+0x1ad/0x2e0 [ 305.758245][T11807] genl_rcv+0x28/0x40 [ 305.758265][T11807] netlink_unicast+0x759/0x8e0 [ 305.758293][T11807] netlink_sendmsg+0x805/0xb30 [ 305.758322][T11807] ? __pfx_netlink_sendmsg+0x10/0x10 [ 305.758344][T11807] ? aa_sock_msg_perm+0xf1/0x1d0 [ 305.758362][T11807] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 305.758383][T11807] ? __pfx_netlink_sendmsg+0x10/0x10 [ 305.758403][T11807] __sock_sendmsg+0x219/0x270 [ 305.758433][T11807] ____sys_sendmsg+0x505/0x830 [ 305.758461][T11807] ? __pfx_____sys_sendmsg+0x10/0x10 [ 305.758491][T11807] ? import_iovec+0x74/0xa0 [ 305.758511][T11807] ___sys_sendmsg+0x21f/0x2a0 [ 305.758536][T11807] ? __pfx____sys_sendmsg+0x10/0x10 [ 305.758593][T11807] ? __fget_files+0x2a/0x420 [ 305.758613][T11807] ? __fget_files+0x3a0/0x420 [ 305.758645][T11807] __x64_sys_sendmsg+0x19b/0x260 [ 305.758669][T11807] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 305.758701][T11807] ? __pfx_ksys_write+0x10/0x10 [ 305.758725][T11807] ? do_syscall_64+0xbe/0x3b0 [ 305.758748][T11807] do_syscall_64+0xfa/0x3b0 [ 305.758765][T11807] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.758786][T11807] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.758803][T11807] ? clear_bhb_loop+0x60/0xb0 [ 305.758824][T11807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.758840][T11807] RIP: 0033:0x7eff6138e929 [ 305.758856][T11807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.758870][T11807] RSP: 002b:00007eff621b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 305.758888][T11807] RAX: ffffffffffffffda RBX: 00007eff615b5fa0 RCX: 00007eff6138e929 [ 305.758900][T11807] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005 [ 305.758910][T11807] RBP: 00007eff621b0090 R08: 0000000000000000 R09: 0000000000000000 [ 305.758921][T11807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 305.758931][T11807] R13: 0000000000000000 R14: 00007eff615b5fa0 R15: 00007fff4b658358 [ 305.758958][T11807] [ 305.878766][T11805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 306.074980][T11816] /dev/rnullb0: Can't open blockdev [ 306.094391][T11805] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 306.171720][ T2156] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:8.148/input/input25 [ 306.206186][ T5203] bcm5974 3-1:8.148: could not read from device [ 306.250362][ T2156] usb 3-1: USB disconnect, device number 86 [ 306.258687][ T5203] bcm5974 3-1:8.148: could not read from device [ 306.370166][ T5860] udevd[5860]: Error opening device "/dev/input/event4": No such device [ 306.391650][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 306.399890][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 306.411235][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 306.421730][ T5860] udevd[5860]: Unable to EVIOCGABS device "/dev/input/event4" [ 306.763485][T11826] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0 [ 307.090003][T11829] /dev/rnullb0: Can't open blockdev [ 307.335566][T11836] /dev/rnullb0: Can't open blockdev [ 307.391983][T11838] FAULT_INJECTION: forcing a failure. [ 307.391983][T11838] name failslab, interval 1, probability 0, space 0, times 0 [ 307.405643][T11838] CPU: 1 UID: 0 PID: 11838 Comm: syz.2.1567 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 307.405671][T11838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 307.405683][T11838] Call Trace: [ 307.405694][T11838] [ 307.405704][T11838] dump_stack_lvl+0x189/0x250 [ 307.405734][T11838] ? __pfx____ratelimit+0x10/0x10 [ 307.405751][T11838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 307.405772][T11838] ? __pfx__printk+0x10/0x10 [ 307.405798][T11838] ? __pfx___might_resched+0x10/0x10 [ 307.405817][T11838] ? fs_reclaim_acquire+0x7d/0x100 [ 307.405836][T11838] should_fail_ex+0x414/0x560 [ 307.405855][T11838] should_failslab+0xa8/0x100 [ 307.405871][T11838] __kmalloc_cache_noprof+0x70/0x3d0 [ 307.405907][T11838] ? netlbl_mgmt_add_common+0x57/0x13b0 [ 307.405938][T11838] netlbl_mgmt_add_common+0x57/0x13b0 [ 307.405973][T11838] ? apparmor_current_getlsmprop_subj+0xdd/0x190 [ 307.406007][T11838] netlbl_mgmt_adddef+0x2cd/0x310 [ 307.406028][T11838] ? __pfx_netlbl_mgmt_adddef+0x10/0x10 [ 307.406049][T11838] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 307.406078][T11838] genl_family_rcv_msg_doit+0x212/0x300 [ 307.406105][T11838] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 307.406135][T11838] ? bpf_lsm_capable+0x9/0x20 [ 307.406148][T11838] ? security_capable+0x7e/0x2e0 [ 307.406175][T11838] genl_rcv_msg+0x60e/0x790 [ 307.406201][T11838] ? __pfx_genl_rcv_msg+0x10/0x10 [ 307.406221][T11838] ? __pfx_netlbl_mgmt_adddef+0x10/0x10 [ 307.406250][T11838] netlink_rcv_skb+0x205/0x470 [ 307.406268][T11838] ? __pfx_genl_rcv_msg+0x10/0x10 [ 307.406289][T11838] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 307.406318][T11838] ? down_read+0x1ad/0x2e0 [ 307.406339][T11838] genl_rcv+0x28/0x40 [ 307.406357][T11838] netlink_unicast+0x759/0x8e0 [ 307.406381][T11838] netlink_sendmsg+0x805/0xb30 [ 307.406405][T11838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 307.406424][T11838] ? aa_sock_msg_perm+0xf1/0x1d0 [ 307.406439][T11838] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 307.406457][T11838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 307.406475][T11838] __sock_sendmsg+0x219/0x270 [ 307.406501][T11838] ____sys_sendmsg+0x505/0x830 [ 307.406526][T11838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 307.406552][T11838] ? import_iovec+0x74/0xa0 [ 307.406569][T11838] ___sys_sendmsg+0x21f/0x2a0 [ 307.406590][T11838] ? __pfx____sys_sendmsg+0x10/0x10 [ 307.406638][T11838] ? __fget_files+0x2a/0x420 [ 307.406656][T11838] ? __fget_files+0x3a0/0x420 [ 307.406689][T11838] __x64_sys_sendmsg+0x19b/0x260 [ 307.406718][T11838] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 307.406755][T11838] ? __pfx_ksys_write+0x10/0x10 [ 307.406782][T11838] ? do_syscall_64+0xbe/0x3b0 [ 307.406808][T11838] do_syscall_64+0xfa/0x3b0 [ 307.406830][T11838] ? lockdep_hardirqs_on+0x9c/0x150 [ 307.406851][T11838] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.406871][T11838] ? clear_bhb_loop+0x60/0xb0 [ 307.406987][T11838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.407009][T11838] RIP: 0033:0x7fdb7318e929 [ 307.407029][T11838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 307.407046][T11838] RSP: 002b:00007fdb740d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 307.407069][T11838] RAX: ffffffffffffffda RBX: 00007fdb733b5fa0 RCX: 00007fdb7318e929 [ 307.407084][T11838] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005 [ 307.407097][T11838] RBP: 00007fdb740d1090 R08: 0000000000000000 R09: 0000000000000000 [ 307.407109][T11838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 307.407122][T11838] R13: 0000000000000000 R14: 00007fdb733b5fa0 R15: 00007ffe84a03528 [ 307.407156][T11838] [ 307.830974][T11840] /dev/rnullb0: Can't open blockdev [ 308.766999][ T5848] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 308.926907][ T5848] usb 3-1: Using ep0 maxpacket: 8 [ 308.934261][ T5848] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 308.943582][ T5848] usb 3-1: config 179 has no interface number 0 [ 308.950285][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 308.962611][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 308.974602][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 308.987092][ T5848] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 309.001403][ T5848] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 309.019165][ T5848] usb 3-1: config 179 interface 65 has no altsetting 0 [ 309.030519][ T5848] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 309.041350][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.077255][ T5848] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input26 [ 309.139338][ T5203] input input26: unable to receive magic message: -110 [ 309.237418][ T5203] input input26: unable to receive magic message: -32 [ 309.265168][T11850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 309.275588][T11850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 309.309530][ T5203] input input26: unable to receive magic message: -32 [ 309.378084][ T5203] input input26: unable to receive magic message: -32 [ 309.459336][ T5203] input input26: unable to receive magic message: -32 [ 309.559524][ T5203] input input26: unable to receive magic message: -32 [ 309.666261][ T2156] usb 2-1: USB disconnect, device number 17 [ 309.814562][ T5918] usb 3-1: USB disconnect, device number 87 [ 309.814647][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 309.940954][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 309.952228][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 309.963935][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 309.975399][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 309.986431][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 310.526215][T11862] /dev/rnullb0: Can't open blockdev [ 311.381487][T11864] FAULT_INJECTION: forcing a failure. [ 311.381487][T11864] name failslab, interval 1, probability 0, space 0, times 0 [ 311.394385][T11864] CPU: 0 UID: 0 PID: 11864 Comm: syz.2.1576 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 311.394413][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 311.394426][T11864] Call Trace: [ 311.394436][T11864] [ 311.394445][T11864] dump_stack_lvl+0x189/0x250 [ 311.394479][T11864] ? __pfx____ratelimit+0x10/0x10 [ 311.394500][T11864] ? __pfx_dump_stack_lvl+0x10/0x10 [ 311.394529][T11864] ? __pfx__printk+0x10/0x10 [ 311.394563][T11864] ? __pfx___might_resched+0x10/0x10 [ 311.394584][T11864] ? fs_reclaim_acquire+0x7d/0x100 [ 311.394607][T11864] should_fail_ex+0x414/0x560 [ 311.394629][T11864] should_failslab+0xa8/0x100 [ 311.394650][T11864] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 311.394682][T11864] ? __alloc_skb+0x112/0x2d0 [ 311.394711][T11864] __alloc_skb+0x112/0x2d0 [ 311.394740][T11864] netlink_ack+0x146/0xa50 [ 311.394760][T11864] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.394808][T11864] netlink_rcv_skb+0x28c/0x470 [ 311.394831][T11864] ? __pfx_genl_rcv_msg+0x10/0x10 [ 311.394861][T11864] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 311.394903][T11864] ? down_read+0x1ad/0x2e0 [ 311.394931][T11864] genl_rcv+0x28/0x40 [ 311.394957][T11864] netlink_unicast+0x759/0x8e0 [ 311.394989][T11864] netlink_sendmsg+0x805/0xb30 [ 311.395024][T11864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.395051][T11864] ? aa_sock_msg_perm+0xf1/0x1d0 [ 311.395073][T11864] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 311.395098][T11864] ? __pfx_netlink_sendmsg+0x10/0x10 [ 311.395122][T11864] __sock_sendmsg+0x219/0x270 [ 311.395158][T11864] ____sys_sendmsg+0x505/0x830 [ 311.395191][T11864] ? __pfx_____sys_sendmsg+0x10/0x10 [ 311.395225][T11864] ? import_iovec+0x74/0xa0 [ 311.395245][T11864] ___sys_sendmsg+0x21f/0x2a0 [ 311.395268][T11864] ? __pfx____sys_sendmsg+0x10/0x10 [ 311.395335][T11864] ? __fget_files+0x2a/0x420 [ 311.395355][T11864] ? __fget_files+0x3a0/0x420 [ 311.395385][T11864] __x64_sys_sendmsg+0x19b/0x260 [ 311.395409][T11864] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 311.395439][T11864] ? __pfx_ksys_write+0x10/0x10 [ 311.395461][T11864] ? do_syscall_64+0xbe/0x3b0 [ 311.395483][T11864] do_syscall_64+0xfa/0x3b0 [ 311.395499][T11864] ? lockdep_hardirqs_on+0x9c/0x150 [ 311.395515][T11864] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.395531][T11864] ? clear_bhb_loop+0x60/0xb0 [ 311.395553][T11864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.395568][T11864] RIP: 0033:0x7fdb7318e929 [ 311.395585][T11864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 311.395598][T11864] RSP: 002b:00007fdb740d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 311.395615][T11864] RAX: ffffffffffffffda RBX: 00007fdb733b5fa0 RCX: 00007fdb7318e929 [ 311.395627][T11864] RDX: 0000000000000000 RSI: 0000200000002780 RDI: 0000000000000005 [ 311.395637][T11864] RBP: 00007fdb740d1090 R08: 0000000000000000 R09: 0000000000000000 [ 311.395647][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.395656][T11864] R13: 0000000000000000 R14: 00007fdb733b5fa0 R15: 00007ffe84a03528 [ 311.395681][T11864] [ 311.860415][ T5857] Bluetooth: hci3: Malformed Event: 0x13 [ 311.861397][T11868] /dev/rnullb0: Can't open blockdev [ 312.057105][ T5857] Bluetooth: hci4: command tx timeout [ 312.466901][ T5848] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 312.599113][ T5848] usb 3-1: device descriptor read/64, error -71 [ 312.847093][ T5848] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 312.978729][ T5848] usb 3-1: device descriptor read/64, error -71 [ 313.088385][ T5848] usb usb3-port1: attempt power cycle [ 313.446959][ T5848] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 313.467794][ T5848] usb 3-1: device descriptor read/8, error -71 [ 313.707152][ T5848] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 313.737642][ T5848] usb 3-1: device descriptor read/8, error -71 [ 313.847380][ T5848] usb usb3-port1: unable to enumerate USB device [ 314.137036][ T5857] Bluetooth: hci4: command tx timeout [ 315.270168][T11885] /dev/rnullb0: Can't open blockdev [ 315.325139][T11887] /dev/rnullb0: Can't open blockdev [ 315.332432][T11888] /dev/rnullb0: Can't open blockdev [ 315.430633][T11892] /dev/rnullb0: Can't open blockdev [ 315.654658][T11853] lo speed is unknown, defaulting to 1000 [ 315.880491][T11899] can0: slcan on ttyprintk. [ 316.216856][ T5857] Bluetooth: hci4: command tx timeout [ 316.243541][T11853] chnl_net:caif_netlink_parms(): no params data found [ 316.253407][T11921] /dev/rnullb0: Can't open blockdev [ 316.498649][T11937] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 316.659389][T11853] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.670423][T11853] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.680278][T11937] MTD: Couldn't look up '/dev/sg0': -15 [ 316.696834][T11853] bridge_slave_0: entered allmulticast mode [ 316.708645][T11853] bridge_slave_0: entered promiscuous mode [ 316.735498][T11853] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.760856][T11853] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.776299][T11853] bridge_slave_1: entered allmulticast mode [ 316.794714][T11853] bridge_slave_1: entered promiscuous mode [ 317.023240][T11853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 317.061516][T11853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 317.139411][T11853] team0: Port device team_slave_0 added [ 317.153442][T11853] team0: Port device team_slave_1 added [ 317.218255][T11853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 317.225626][T11853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.260379][T11853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 317.274965][T11853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 317.284016][ T2156] usb 4-1: new low-speed USB device number 70 using dummy_hcd [ 317.292618][T11853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 317.321171][T11853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 317.344280][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.353841][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.397055][T11853] hsr_slave_0: entered promiscuous mode [ 317.403854][T11853] hsr_slave_1: entered promiscuous mode [ 317.411026][T11853] debugfs: 'hsr0' already exists in 'hsr' [ 317.417848][T11853] Cannot create hsr debugfs directory [ 317.469625][ T2156] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 317.482782][ T2156] usb 4-1: config 1 has an invalid descriptor of length 218, skipping remainder of the config [ 317.505713][ T2156] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 317.515949][ T2156] usb 4-1: too many endpoints for config 1 interface 1 altsetting 9: 58, using maximum allowed: 30 [ 317.527583][ T2156] usb 4-1: config 1 interface 1 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 58 [ 317.541314][ T2156] usb 4-1: config 1 interface 1 has no altsetting 0 [ 317.553429][ T2156] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 317.568022][ T2156] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.576084][ T2156] usb 4-1: Product: 盇㰀赑佲루嗉睍竁ꛗ螾㞼咍磬 [ 317.584008][ T2156] usb 4-1: Manufacturer: 瞬ᾖ㸖셰鹪릞쐝䔾艚娽穸Ủ핱環⊊蠬氭ྤꐙⳎ먫夻裩搻ᄇ㎌玛㜃怃䎓뇑찙ᷦ﯒圛ⓒ꼗꒮㍇㟽걞⌙杤ijᴁ啫洖⩊Λ抳먜㮇꓈ퟫਚꓐ耓ᡡ玆鷀元ꨧꙈ᧓萋폜낈蛸㈸ɤ탕刻䳚㓟ᰣ୕ʮ谯怐쓮㹿ꣾ홑ៜ뭹톘㠿톲쪁孡Վ냢磥v᡿醁㗻簄즴牬쾪饸粫 [ 317.625332][ T2156] usb 4-1: SerialNumber: ǐ瑦昄忨眕鰃㐮썉⯦숂셔鏪憝뾃鉔䓑좋븮썯뗳蛍햊瀔亭嶒藛净逆傋⼱仱8췺庆ꚰ楰衭▒븜绞쥁膻⃆埑ᛡﮌ擌뭏ὶ睨具䭾濇်⷇ᕚ䚶㗮詙럏澋巌釽㼭뮄⮣훃Ổ꛱夋⩧᱋杖↞縹읃횚엾盛ᦦ낓ᔉ⿏埇릲࠻Ҧ碊ஸ쯇₺䑣 [ 317.676873][ T5935] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 317.784270][T11853] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 317.799218][T11853] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 317.811501][T11853] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 317.816926][ T5935] usb 1-1: device descriptor read/64, error -71 [ 317.829717][T11853] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 317.912626][T11959] __nla_validate_parse: 2 callbacks suppressed [ 317.912646][T11959] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1600'. [ 317.952041][T11853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.978740][T11853] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.992051][T11979] /dev/rnullb0: Can't open blockdev [ 318.000435][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.008141][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.028005][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.036163][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.057253][ T5935] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 318.207411][ T5935] usb 1-1: device descriptor read/64, error -71 [ 318.287608][T11910] can0 (unregistered): slcan off ttyprintk. [ 318.297212][ T5857] Bluetooth: hci4: command tx timeout [ 318.331467][ T5935] usb usb1-port1: attempt power cycle [ 318.479440][T11853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 318.697872][ T5935] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 318.728463][ T5935] usb 1-1: device descriptor read/8, error -71 [ 318.968562][ T5935] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 319.008994][ T5935] usb 1-1: device descriptor read/8, error -71 [ 319.039179][T11853] veth0_vlan: entered promiscuous mode [ 319.061216][T11853] veth1_vlan: entered promiscuous mode [ 319.120519][ T5935] usb usb1-port1: unable to enumerate USB device [ 319.156167][T11853] veth0_macvtap: entered promiscuous mode [ 319.175156][T11853] veth1_macvtap: entered promiscuous mode [ 319.222524][T11853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 319.270223][T11853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 319.303331][T12016] /dev/rnullb0: Can't open blockdev [ 319.323720][ T49] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.342725][ T49] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.357165][ T49] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.370660][ T49] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.467134][ T9] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 319.545573][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.565192][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.615390][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 319.624650][ T9] usb 1-1: device descriptor read/64, error -71 [ 319.637836][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 319.877144][ T9] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 320.017406][ T9] usb 1-1: device descriptor read/64, error -71 [ 320.059624][ T2156] usb 4-1: 0:2 : does not exist [ 320.100119][ T2156] usb 4-1: USB disconnect, device number 70 [ 320.126964][ T5987] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 320.136077][ T9] usb usb1-port1: attempt power cycle [ 320.150394][T12033] /dev/rnullb0: Can't open blockdev [ 320.163949][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 320.306999][ T5987] usb 5-1: Using ep0 maxpacket: 16 [ 320.320653][ T5987] usb 5-1: unable to get BOS descriptor or descriptor too short [ 320.334235][ T5987] usb 5-1: config 13 has an invalid interface number: 50 but max is 0 [ 320.347073][ T5987] usb 5-1: config 13 has no interface number 0 [ 320.360699][ T5987] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 320.381722][ T5987] usb 5-1: config 13 interface 50 has no altsetting 0 [ 320.394619][ T5987] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 320.404666][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.413343][ T5987] usb 5-1: Product: syz [ 320.418457][ T5987] usb 5-1: Manufacturer: syz [ 320.423174][ T5987] usb 5-1: SerialNumber: syz [ 320.496014][T12036] /dev/rnullb0: Can't open blockdev [ 320.507844][ T9] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 320.680215][ T5987] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 320.694626][ T5987] usb 5-1: MIDIStreaming interface descriptor not found [ 320.717633][ T9] usb 1-1: device not accepting address 91, error -71 [ 320.759343][ T5987] usb 5-1: USB disconnect, device number 2 [ 320.882927][ T6574] udevd[6574]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 321.174446][T12061] /dev/rnullb0: Can't open blockdev [ 321.551652][T12084] /dev/rnullb0: Can't open blockdev [ 321.825089][T12094] /dev/rnullb0: Can't open blockdev [ 321.857045][T12095] /dev/rnullb0: Can't open blockdev [ 322.091155][T12106] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1635'. [ 322.102819][T12105] tipc: Started in network mode [ 322.109278][T12105] tipc: Node identity ac14140f, cluster identity 4711 [ 322.116617][T12105] tipc: New replicast peer: 255.255.255.255 [ 322.128193][T12105] tipc: Enabled bearer , priority 10 [ 322.150180][T12105] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1634'. [ 322.173409][T12105] tipc: Disabling bearer [ 322.446872][ T5946] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 322.606957][ T5946] usb 4-1: Using ep0 maxpacket: 32 [ 322.622881][ T5946] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 322.639442][ T5946] usb 4-1: config 0 has no interfaces? [ 322.654147][ T5946] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 322.667291][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.675594][ T5946] usb 4-1: Product: syz [ 322.680931][ T5946] usb 4-1: Manufacturer: syz [ 322.686334][ T5946] usb 4-1: SerialNumber: syz [ 322.701909][ T5946] usb 4-1: config 0 descriptor?? [ 322.876862][ T5935] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 322.957882][T12109] cgroup: Name too long [ 322.962881][T12109] /dev/rnullb0: Can't open blockdev [ 323.023478][ T5848] usb 4-1: USB disconnect, device number 71 [ 323.038284][ T5935] usb 1-1: Using ep0 maxpacket: 8 [ 323.060338][ T5935] usb 1-1: unable to get BOS descriptor or descriptor too short [ 323.095545][ T5935] usb 1-1: config 2 has an invalid interface number: 65 but max is 0 [ 323.104930][ T5935] usb 1-1: config 2 has no interface number 0 [ 323.124820][ T5935] usb 1-1: config 2 interface 65 has no altsetting 0 [ 323.136809][ T5935] usb 1-1: New USB device found, idVendor=0b48, idProduct=1009, bcdDevice=d8.44 [ 323.146339][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.160280][ T5935] usb 1-1: Product: syz [ 323.164515][ T5935] usb 1-1: Manufacturer: syz [ 323.173463][ T5935] usb 1-1: SerialNumber: syz [ 323.201551][ T30] audit: type=1326 audit(1752562818.312:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12124 comm="syz.2.1641" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7fc00000 [ 323.254892][T12131] block device autoloading is deprecated and will be removed. [ 323.309194][T12128] /dev/rnullb0: Can't open blockdev [ 323.458548][T12139] /dev/rnullb0: Can't open blockdev [ 323.481789][ T5935] ttusb_dec_send_command: command bulk message failed: error -22 [ 323.505842][ T5935] ttusb-dec 1-1:2.65: probe with driver ttusb-dec failed with error -22 [ 323.515095][ T30] audit: type=1800 audit(1752562818.612:20): pid=12139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1644" name="bus" dev="overlay" ino=73 res=0 errno=0 [ 323.545842][T12139] fuse: Unknown parameter '0x0000000000000006' [ 323.567765][ T5935] usb 1-1: USB disconnect, device number 93 [ 323.854665][T12154] /dev/rnullb0: Can't open blockdev [ 324.707145][ T2156] usb 4-1: new full-speed USB device number 72 using dummy_hcd [ 324.745300][ T30] audit: type=1326 audit(1752562819.852:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.2.1659" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffe0000 [ 324.846831][ T2156] usb 4-1: device descriptor read/64, error -71 [ 325.096925][ T2156] usb 4-1: new full-speed USB device number 73 using dummy_hcd [ 325.247569][ T2156] usb 4-1: device descriptor read/64, error -71 [ 325.357706][ T2156] usb usb4-port1: attempt power cycle [ 325.372586][T12210] syz.0.1665: attempt to access beyond end of device [ 325.372586][T12210] nbd0: rw=0, sector=2, nr_sectors = 1 limit=0 [ 325.716804][ T2156] usb 4-1: new full-speed USB device number 74 using dummy_hcd [ 325.760162][ T2156] usb 4-1: device descriptor read/8, error -71 [ 325.807868][T12222] /dev/rnullb0: Can't open blockdev [ 325.996812][ T2156] usb 4-1: new full-speed USB device number 75 using dummy_hcd [ 326.027593][ T2156] usb 4-1: device descriptor read/8, error -71 [ 326.137179][ T2156] usb usb4-port1: unable to enumerate USB device [ 328.316454][T12239] pim6reg: entered allmulticast mode [ 328.328727][T12239] pim6reg: left allmulticast mode [ 328.391710][T12243] 9pnet_fd: p9_fd_create_unix (12243): problem connecting socket: ./file0: -111 [ 328.707599][T12258] FAULT_INJECTION: forcing a failure. [ 328.707599][T12258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 328.741561][T12258] CPU: 0 UID: 0 PID: 12258 Comm: syz.3.1679 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 328.741593][T12258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 328.741607][T12258] Call Trace: [ 328.741614][T12258] [ 328.741623][T12258] dump_stack_lvl+0x189/0x250 [ 328.741657][T12258] ? __pfx____ratelimit+0x10/0x10 [ 328.741680][T12258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 328.741708][T12258] ? __pfx__printk+0x10/0x10 [ 328.741738][T12258] ? __might_fault+0xb0/0x130 [ 328.741780][T12258] should_fail_ex+0x414/0x560 [ 328.741809][T12258] _copy_from_user+0x2d/0xb0 [ 328.741846][T12258] ___sys_sendmsg+0x158/0x2a0 [ 328.741876][T12258] ? __pfx____sys_sendmsg+0x10/0x10 [ 328.741938][T12258] ? __fget_files+0x2a/0x420 [ 328.741964][T12258] ? __fget_files+0x3a0/0x420 [ 328.742000][T12258] __x64_sys_sendmsg+0x19b/0x260 [ 328.742030][T12258] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 328.742068][T12258] ? __pfx_ksys_write+0x10/0x10 [ 328.742087][T12258] ? rcu_is_watching+0x15/0xb0 [ 328.742119][T12258] ? do_syscall_64+0xbe/0x3b0 [ 328.742147][T12258] do_syscall_64+0xfa/0x3b0 [ 328.742168][T12258] ? lockdep_hardirqs_on+0x9c/0x150 [ 328.742190][T12258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.742209][T12258] ? clear_bhb_loop+0x60/0xb0 [ 328.742234][T12258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.742253][T12258] RIP: 0033:0x7ffa4b18e929 [ 328.742271][T12258] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 328.742288][T12258] RSP: 002b:00007ffa4bf53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.742309][T12258] RAX: ffffffffffffffda RBX: 00007ffa4b3b5fa0 RCX: 00007ffa4b18e929 [ 328.742324][T12258] RDX: 000000002000c000 RSI: 0000200000000080 RDI: 0000000000000003 [ 328.742337][T12258] RBP: 00007ffa4bf53090 R08: 0000000000000000 R09: 0000000000000000 [ 328.742350][T12258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 328.742362][T12258] R13: 0000000000000000 R14: 00007ffa4b3b5fa0 R15: 00007ffe9ad89fe8 [ 328.742394][T12258] [ 329.257330][ T2156] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 329.419649][ T2156] usb 4-1: Using ep0 maxpacket: 32 [ 329.431839][ T2156] usb 4-1: config 64 has an invalid interface number: 51 but max is 0 [ 329.486838][ T2156] usb 4-1: config 64 has no interface number 0 [ 329.544581][ T2156] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 329.564938][ T2156] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 329.605605][ T2156] usb 4-1: Manufacturer: syz [ 329.627434][ T2156] usb 4-1: SerialNumber: syz [ 329.674335][ T2156] quatech2 4-1:64.51: Quatech 2nd gen USB to Serial Driver converter detected [ 329.768625][ T5848] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 329.866603][T12284] netlink: 'syz.2.1684': attribute type 9 has an invalid length. [ 329.883423][ T2156] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 329.899814][T12285] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 329.906416][ T2156] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 329.932253][ T5848] usb 5-1: config 0 has too many interfaces: 33, using maximum allowed: 32 [ 329.949900][ T5848] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 33 [ 329.976927][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.997180][ T5848] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.031003][ T5848] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cfe, bcdDevice= 0.00 [ 330.044502][ T5848] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.074811][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 9 [ 330.085539][ T5848] usb 5-1: config 0 descriptor?? [ 330.099628][T12289] /dev/rnullb0: Can't open blockdev [ 330.313451][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 330.319296][ T9] usb 4-1: USB disconnect, device number 76 [ 330.346191][ T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 330.389285][ T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 330.429602][ T9] quatech2 4-1:64.51: device disconnected [ 330.540696][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.556828][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.564302][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.587015][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.594536][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.617043][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.636844][ T5848] hid-generic 0003:1E7D:2CFE.0010: unknown main item tag 0x0 [ 330.649795][ T5848] hid-generic 0003:1E7D:2CFE.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:2cfe] on usb-dummy_hcd.4-1/input0 [ 330.765561][T12299] program syz.2.1689 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 331.311938][T12312] /dev/rnullb0: Can't open blockdev [ 331.467014][T12318] /dev/rnullb0: Can't open blockdev [ 331.476992][ T2156] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 331.564281][T12322] /dev/rnullb0: Can't open blockdev [ 331.616892][ T2156] usb 4-1: device descriptor read/64, error -71 [ 331.796907][ T9] usb 3-1: new full-speed USB device number 92 using dummy_hcd [ 331.856851][ T2156] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 331.950964][ T9] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 331.960172][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.977441][ T9] usb 3-1: config 0 descriptor?? [ 331.985754][ T9] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 331.988161][ T2156] usb 4-1: device descriptor read/64, error -71 [ 332.108195][ T2156] usb usb4-port1: attempt power cycle [ 332.388365][ T9] gp8psk: usb in 137 operation failed. [ 332.395346][ T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 332.407876][ T9] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 332.424916][ T9] usb 3-1: USB disconnect, device number 92 [ 332.468402][ T2156] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 332.491990][T12327] /dev/rnullb0: Can't open blockdev [ 332.511277][ T2156] usb 4-1: device descriptor read/8, error -71 [ 332.534423][ T5946] usb 5-1: USB disconnect, device number 3 [ 332.776907][ T2156] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 332.826461][ T2156] usb 4-1: device descriptor read/8, error -71 [ 332.953695][ T2156] usb usb4-port1: unable to enumerate USB device [ 333.142263][T12334] tap0: tun_chr_ioctl cmd 1074025677 [ 333.158242][T12334] tap0: linktype set to 776 [ 333.206275][T12344] /dev/rnullb0: Can't open blockdev [ 333.467543][T12351] /dev/rnullb0: Can't open blockdev [ 333.756250][T12357] /dev/rnullb0: Can't open blockdev [ 333.772927][T12358] /dev/rnullb0: Can't open blockdev [ 333.807061][ T5848] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 333.853933][T12361] /dev/rnullb0: Can't open blockdev [ 333.967739][ T5848] usb 1-1: Using ep0 maxpacket: 16 [ 333.984404][ T5848] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 333.999318][ T5848] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 334.011139][ T5848] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 334.023453][ T5848] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 334.038768][ T5848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.047062][ T5848] usb 1-1: Product: syz [ 334.051271][ T5848] usb 1-1: Manufacturer: syz [ 334.055959][ T5848] usb 1-1: SerialNumber: syz [ 334.234484][T12375] FAULT_INJECTION: forcing a failure. [ 334.234484][T12375] name failslab, interval 1, probability 0, space 0, times 0 [ 334.275837][T12375] CPU: 1 UID: 0 PID: 12375 Comm: syz.2.1713 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 334.275868][T12375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 334.275881][T12375] Call Trace: [ 334.275889][T12375] [ 334.275898][T12375] dump_stack_lvl+0x189/0x250 [ 334.275930][T12375] ? __pfx____ratelimit+0x10/0x10 [ 334.275953][T12375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 334.275982][T12375] ? __pfx__printk+0x10/0x10 [ 334.276017][T12375] ? __pfx___might_resched+0x10/0x10 [ 334.276043][T12375] ? fs_reclaim_acquire+0x7d/0x100 [ 334.276070][T12375] should_fail_ex+0x414/0x560 [ 334.276097][T12375] should_failslab+0xa8/0x100 [ 334.276118][T12375] __kmalloc_noprof+0xcb/0x4f0 [ 334.276147][T12375] ? kernfs_fop_write_iter+0x158/0x4f0 [ 334.276175][T12375] kernfs_fop_write_iter+0x158/0x4f0 [ 334.276205][T12375] vfs_write+0x54b/0xa90 [ 334.276233][T12375] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 334.276257][T12375] ? __pfx_vfs_write+0x10/0x10 [ 334.276290][T12375] ? __fget_files+0x2a/0x420 [ 334.276326][T12375] ksys_write+0x145/0x250 [ 334.276351][T12375] ? __pfx_ksys_write+0x10/0x10 [ 334.276370][T12375] ? rcu_is_watching+0x15/0xb0 [ 334.276403][T12375] ? do_syscall_64+0xbe/0x3b0 [ 334.276430][T12375] do_syscall_64+0xfa/0x3b0 [ 334.276451][T12375] ? lockdep_hardirqs_on+0x9c/0x150 [ 334.276472][T12375] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.276492][T12375] ? clear_bhb_loop+0x60/0xb0 [ 334.276516][T12375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.276535][T12375] RIP: 0033:0x7fdb7318e929 [ 334.276553][T12375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 334.276571][T12375] RSP: 002b:00007fdb740d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 334.276593][T12375] RAX: ffffffffffffffda RBX: 00007fdb733b5fa0 RCX: 00007fdb7318e929 [ 334.276614][T12375] RDX: 0000000000000012 RSI: 0000200000000140 RDI: 0000000000000004 [ 334.276627][T12375] RBP: 00007fdb740d1090 R08: 0000000000000000 R09: 0000000000000000 [ 334.276640][T12375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.276652][T12375] R13: 0000000000000000 R14: 00007fdb733b5fa0 R15: 00007ffe84a03528 [ 334.276687][T12375] [ 335.193631][ T5848] usb 1-1: 0:2 : does not exist [ 335.203598][ T5848] usb 1-1: 1:0: cannot get min/max values for control 4 (id 1) [ 335.280071][ T5848] usb 1-1: USB disconnect, device number 94 [ 335.343314][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 335.536966][ T5918] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 335.696848][ T5918] usb 5-1: Using ep0 maxpacket: 32 [ 335.707610][ T5918] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 335.737079][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.755342][ T5918] usb 5-1: Product: syz [ 335.765462][ T5918] usb 5-1: Manufacturer: syz [ 335.775586][ T5918] usb 5-1: SerialNumber: syz [ 335.797034][ T5918] usb 5-1: config 0 descriptor?? [ 335.902406][ T2156] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 336.076897][ T2156] usb 4-1: Using ep0 maxpacket: 16 [ 336.096889][ T2156] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 336.193532][ T2156] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 336.204972][ T2156] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 336.214956][ T2156] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 336.233175][ T2156] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 336.255977][ T2156] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 336.266837][ T2156] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 336.275061][ T2156] usb 4-1: Manufacturer: syz [ 336.285579][ T2156] usb 4-1: config 0 descriptor?? [ 336.404966][ T30] audit: type=1400 audit(1752562831.512:22): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=12428 comm="syz.2.1727" [ 336.438666][ T5918] peak_usb 5-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 336.455451][ T5918] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 336.462939][ T5918] peak_usb 5-1:0.0 can0: sending command failure: -22 [ 336.478257][T12427] overlay: Unknown parameter 'euid' [ 336.610121][ T5918] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -22 [ 336.622813][ T2156] rc_core: IR keymap rc-hauppauge not found [ 336.636774][ T2156] Registered IR keymap rc-empty [ 336.652436][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.696981][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.733195][ T2156] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 336.781125][ T2156] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input28 [ 336.808551][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.846898][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.887641][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.906934][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.926904][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.956890][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 336.977117][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 337.000262][T12441] netlink: 'syz.4.1718': attribute type 1 has an invalid length. [ 337.014296][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 337.024218][T12441] netlink: 'syz.4.1718': attribute type 11 has an invalid length. [ 337.038986][T12441] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1718'. [ 337.057914][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 337.069512][T12441] /dev/rnullb0: Can't open blockdev [ 337.086876][ T2156] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 337.123071][ T2156] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 337.152452][ T2156] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 337.703026][T12463] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1732'. [ 337.772822][T12463] /dev/rnullb0: Can't open blockdev [ 337.843830][T12465] /dev/rnullb0: Can't open blockdev [ 338.193091][T12468] /dev/rnullb0: Can't open blockdev [ 338.345001][ T9] usb 5-1: USB disconnect, device number 4 [ 338.707271][ T5935] usb 4-1: USB disconnect, device number 81 [ 338.717775][T12476] /dev/rnullb0: Can't open blockdev [ 339.027209][T12485] /dev/rnullb0: Can't open blockdev [ 339.047122][ T2156] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 339.126947][ T5848] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 339.206616][T12492] /dev/rnullb0: Can't open blockdev [ 339.248879][ T2156] usb 5-1: unable to get BOS descriptor or descriptor too short [ 339.265819][ T2156] usb 5-1: config 127 has an invalid interface number: 157 but max is 2 [ 339.274724][ T2156] usb 5-1: config 127 has an invalid interface number: 102 but max is 2 [ 339.283397][ T2156] usb 5-1: config 127 has an invalid interface number: 237 but max is 2 [ 339.292261][ T2156] usb 5-1: config 127 has no interface number 0 [ 339.298825][ T2156] usb 5-1: config 127 has no interface number 1 [ 339.299730][ T5848] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 339.305269][ T2156] usb 5-1: config 127 has no interface number 2 [ 339.323432][ T2156] usb 5-1: config 127 interface 157 has no altsetting 0 [ 339.331155][ T2156] usb 5-1: config 127 interface 102 has no altsetting 0 [ 339.344940][ T2156] usb 5-1: config 127 interface 237 has no altsetting 0 [ 339.354673][ T2156] usb 5-1: New USB device found, idVendor=05c6, idProduct=920b, bcdDevice=6f.a1 [ 339.362238][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.364009][ T2156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.395982][ T5848] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.430760][ T5848] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 339.468783][ T5848] usb 1-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 339.482291][ T5848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.513981][ T5848] usb 1-1: config 0 descriptor?? [ 339.548375][T12498] IPVS: set_ctl: invalid protocol: 103 224.0.0.2:20002 [ 339.616855][ T2156] usb 5-1: Product: syz [ 339.621159][ T2156] usb 5-1: Manufacturer: syz [ 339.625783][ T2156] usb 5-1: SerialNumber: syz [ 339.855380][T12479] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 339.885313][ T2156] usb 5-1: selecting invalid altsetting 0 [ 339.892847][ T2156] usb 5-1: Could not set interface, error -22 [ 339.917833][ T2156] usb 5-1: USB disconnect, device number 5 [ 339.994732][ T5848] usbhid 1-1:0.0: can't add hid device: -71 [ 340.005859][ T5848] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 340.041688][ T5848] usb 1-1: USB disconnect, device number 95 [ 340.415081][T12520] /dev/rnullb0: Can't open blockdev [ 340.477361][T12526] /dev/rnullb0: Can't open blockdev [ 340.625163][T12530] 9pnet: p9_errstr2errno: server reported unknown error [ 340.820967][T12541] program syz.3.1759 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 340.842061][T12541] loop8: detected capacity change from 0 to 7 [ 340.864293][T12541] Dev loop8: unable to read RDB block 7 [ 340.870981][T12541] loop8: AHDI p1 p2 p3 [ 340.875202][T12541] loop8: partition table partially beyond EOD, truncated [ 340.890312][T12541] loop8: p1 start 1601398130 is beyond EOD, truncated [ 340.901221][T12541] loop8: p2 start 1702059890 is beyond EOD, truncated [ 340.952590][ T5859] Dev loop8: unable to read RDB block 7 [ 340.958799][ T5859] loop8: AHDI p1 p2 p3 [ 340.965458][T12541] netlink: 'syz.3.1759': attribute type 11 has an invalid length. [ 340.975901][ T5859] loop8: partition table partially beyond EOD, truncated [ 340.994466][ T5859] loop8: p1 start 1601398130 is beyond EOD, truncated [ 341.012658][ T5859] loop8: p2 start 1702059890 is beyond EOD, truncated [ 341.031228][T12542] Dev loop8: unable to read RDB block 7 [ 341.038100][T12541] binder: 12540:12541 ioctl c018620b 200000000000 returned -14 [ 341.046425][T12542] loop8: AHDI p1 p2 p3 [ 341.052046][T12542] loop8: partition table partially beyond EOD, truncated [ 341.060950][T12542] loop8: p1 start 1601398130 is beyond EOD, truncated [ 341.068294][T12542] loop8: p2 start 1702059890 is beyond EOD, truncated [ 341.284711][T12557] /dev/rnullb0: Can't open blockdev [ 341.422951][T12559] binder: 12558:12559 ioctl c0205648 2000000001c0 returned -22 [ 341.976983][ T5848] usb 3-1: new high-speed USB device number 93 using dummy_hcd [ 342.103337][T12586] overlayfs: failed to resolve 'verity=require': -2 [ 342.118993][T12584] MTD: Attempt to mount non-MTD device "/dev/rnullb0" [ 342.126256][T12584] /dev/rnullb0: Can't open blockdev [ 342.141417][ T5848] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 342.172434][ T5848] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 342.184369][ T5848] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 342.200500][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.237951][ T5848] usb 3-1: config 0 descriptor?? [ 342.436608][T12591] /dev/rnullb0: Can't open blockdev [ 342.449940][T12576] netlink: 'syz.2.1771': attribute type 1 has an invalid length. [ 342.471979][T12576] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1771'. [ 342.534814][T12576] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 342.551115][T12591] /dev/rnullb0: Can't open blockdev [ 342.562721][T12576] trusted_key: syz.2.1771 sent an empty control message without MSG_MORE. [ 342.598647][ T5848] usb 3-1: USB disconnect, device number 93 [ 343.457284][T12623] /dev/rnullb0: Can't open blockdev [ 343.669700][T12630] /dev/rnullb0: Can't open blockdev [ 343.898210][T12638] /dev/rnullb0: Can't open blockdev [ 344.044168][T12647] /dev/rnullb0: Can't open blockdev [ 344.205121][T12651] /dev/rnullb0: Can't open blockdev [ 344.237985][T12654] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 344.414383][T12661] /dev/rnullb0: Can't open blockdev [ 344.577604][T12667] /dev/rnullb0: Can't open blockdev [ 344.583988][T12667] /dev/rnullb0: Can't open blockdev [ 344.700187][T12672] /dev/rnullb0: Can't open blockdev [ 344.885780][T12680] /dev/rnullb0: Can't open blockdev [ 345.444183][T12707] netlink: 'syz.2.1806': attribute type 16 has an invalid length. [ 345.466511][T12705] syz.0.1805: attempt to access beyond end of device [ 345.466511][T12705] nbd0: rw=0, sector=2, nr_sectors = 1 limit=0 [ 345.480301][T12707] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1806'. [ 345.507942][T12707] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.517103][T12705] hfs: can't find a HFS filesystem on dev nbd0 [ 345.681748][T12716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1811'. [ 345.693787][T12717] netlink: 204 bytes leftover after parsing attributes in process `syz.3.1810'. [ 345.729677][T12719] /dev/rnullb0: Can't open blockdev [ 345.946840][ T5987] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 346.130061][ T5987] usb 5-1: Using ep0 maxpacket: 16 [ 346.177733][ T5987] usb 5-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 346.192714][T12735] /dev/rnullb0: Can't open blockdev [ 346.207160][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.224555][ T5987] usb 5-1: Product: syz [ 346.229639][ T5987] usb 5-1: Manufacturer: syz [ 346.234298][ T5987] usb 5-1: SerialNumber: syz [ 346.267946][ T5987] usb 5-1: config 0 descriptor?? [ 346.313200][ T5987] as10x_usb: device has been detected [ 346.327758][ T5987] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 346.349552][T12739] /dev/rnullb0: Can't open blockdev [ 346.418625][ T5987] usb 5-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 346.545137][ T5987] as10x_usb: error during firmware upload part1 [ 346.580755][ T5987] Registered device Sky IT Digital Key (green led) [ 346.625176][T12749] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1822'. [ 346.769027][ T5848] usb 3-1: new high-speed USB device number 94 using dummy_hcd [ 346.963948][ T5848] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 347.005633][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 347.046906][ T5848] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 347.080658][ T5848] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 347.114904][ T5848] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 347.126942][ T9] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 347.144621][ T5848] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.161693][T12761] /dev/rnullb0: Can't open blockdev [ 347.164480][ T5848] usb 3-1: config 0 descriptor?? [ 347.240433][T12763] /dev/rnullb0: Can't open blockdev [ 347.254211][ T30] audit: type=1326 audit(1752562842.362:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12762 comm="syz.0.1825" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7eff6138e929 code=0x0 [ 347.299664][ T9] usb 4-1: config 0 has no interfaces? [ 347.305680][ T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 347.315122][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.342346][ T9] usb 4-1: config 0 descriptor?? [ 347.373726][ T5918] usb 5-1: USB disconnect, device number 6 [ 347.404076][ T5918] Unregistered device Sky IT Digital Key (green led) [ 347.406021][ T5918] as10x_usb: device has been disconnected [ 347.443036][ T5848] usbhid 3-1:0.0: can't add hid device: -71 [ 347.459354][ T5848] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 347.476558][ T5848] usb 3-1: USB disconnect, device number 94 [ 347.561297][T12758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.573313][T12758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.590535][T12758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 347.599470][T12758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 347.609849][ T5918] usb 4-1: USB disconnect, device number 82 [ 347.876825][ T5848] usb 3-1: new high-speed USB device number 95 using dummy_hcd [ 348.046886][ T927] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 348.068397][ T5848] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 348.077676][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.085839][ T5848] usb 3-1: Product: syz [ 348.091356][ T5848] usb 3-1: Manufacturer: syz [ 348.096126][ T5848] usb 3-1: SerialNumber: syz [ 348.123320][ T5848] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 348.141336][ T5987] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 348.200916][ T927] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 348.212978][ T927] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 348.229982][ T927] usb 4-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.40 [ 348.239511][ T927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.248476][ T927] usb 4-1: Product: syz [ 348.252997][ T927] usb 4-1: Manufacturer: syz [ 348.257757][ T927] usb 4-1: SerialNumber: syz [ 348.277159][ T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 348.446905][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 348.454931][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 348.465326][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 348.487875][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 348.507057][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.515188][ T9] usb 5-1: Product: syz [ 348.537364][ T9] usb 5-1: Manufacturer: syz [ 348.547336][ T5918] usb 3-1: USB disconnect, device number 95 [ 348.558446][ T9] usb 5-1: SerialNumber: syz [ 348.590630][ T9] cdc_ether 5-1:1.0: skipping garbage [ 348.596362][ T9] usb 5-1: bad CDC descriptors [ 348.605597][ T927] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 348.623104][ T927] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 348.654228][ T927] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 348.666532][ T927] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 348.683244][ T927] usb 4-1: USB disconnect, device number 83 [ 348.767757][ T2156] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 348.787268][T12773] syzkaller1: entered promiscuous mode [ 348.792815][T12773] syzkaller1: entered allmulticast mode [ 348.899730][ T5946] usb 5-1: USB disconnect, device number 7 [ 348.922191][ T2156] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 348.933991][ T2156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.943563][ T2156] usb 1-1: Product: syz [ 348.948003][ T2156] usb 1-1: Manufacturer: syz [ 348.952801][ T2156] usb 1-1: SerialNumber: syz [ 348.965222][ T2156] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 348.987646][ T5935] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 349.177732][ T5987] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 349.184886][ T5987] ath9k_htc: Failed to initialize the device [ 349.204773][ T5918] usb 3-1: ath9k_htc: USB layer deinitialized [ 349.225503][T12788] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1834'. [ 349.252084][T12788] tmpfs: Bad value for 'mpol' [ 349.263303][T12788] /dev/rnullb0: Can't open blockdev [ 349.373639][T12795] binder: 12794:12795 ioctl c018620b 200000000000 returned -14 [ 349.520972][T12799] /dev/rnullb0: Can't open blockdev [ 349.534095][T12802] overlayfs: overlapping lowerdir path [ 349.604284][T12806] /dev/rnullb0: Can't open blockdev [ 349.690263][ T5918] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 349.883023][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 349.892614][ T5918] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.907367][ T5918] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 349.934333][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.953729][ T5918] usb 4-1: Product: syz [ 349.964307][ T5918] usb 4-1: Manufacturer: syz [ 350.016732][ T5918] usb 4-1: SerialNumber: syz [ 350.040914][ T5918] usb 4-1: config 0 descriptor?? [ 350.060069][ T5935] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 350.068069][ T5918] dm9601 4-1:0.0: probe with driver dm9601 failed with error -22 [ 350.077175][ T5935] ath9k_htc: Failed to initialize the device [ 350.088196][ T5918] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22 [ 350.126616][ T5935] usb 1-1: ath9k_htc: USB layer deinitialized [ 350.309395][ T5918] usb 4-1: USB disconnect, device number 84 [ 350.364812][ T5987] usb 1-1: USB disconnect, device number 96 [ 350.401165][T12823] /dev/rnullb0: Can't open blockdev [ 350.617843][T12829] sp0: Synchronizing with TNC [ 350.634288][T12828] [U] [ 350.751631][T12836] ieee802154 phy0 wpan0: encryption failed: -22 [ 350.894762][T12844] /dev/sg0: Can't lookup blockdev [ 351.162981][T12854] veth0: entered promiscuous mode [ 351.176231][T12852] veth0: left promiscuous mode [ 351.302477][ T30] audit: type=1326 audit(1752562846.412:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12860 comm="syz.3.1861" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ffa4b18e929 code=0x0 [ 351.387073][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 351.396476][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 351.492737][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 352.532279][T12872] ptrace attach of "./syz-executor exec"[5852] was attempted by "o [ 352.707393][T12878] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1866'. [ 353.429386][T12887] libceph: resolve '4' (ret=-3): failed [ 354.279414][T12910] random: crng reseeded on system resumption [ 354.583081][ T30] audit: type=1326 audit(1752562849.692:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12932 comm="syz.2.1886" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdb7318e929 code=0x0 [ 354.697055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 354.746450][T12937] 9pnet_fd: Insufficient options for proto=fd [ 354.974086][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 355.178980][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 355.383717][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 355.547360][T12941] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1888'. [ 355.584700][T12941] netlink: 'syz.0.1888': attribute type 1 has an invalid length. [ 355.690922][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 355.743481][T12947] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(10) [ 355.750149][T12947] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 355.763867][T12947] vhci_hcd vhci_hcd.0: Device attached [ 355.832303][T12948] vhci_hcd: connection closed [ 355.867254][ T2960] vhci_hcd: stop threads [ 355.880120][ T2960] vhci_hcd: release socket [ 355.894240][ T2960] vhci_hcd: disconnect device [ 355.903948][ T5918] kernel read not supported for file /vcs (pid: 5918 comm: kworker/1:4) [ 355.916867][T12953] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1891'. [ 355.947218][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 355.947253][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 357.957397][T12978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1901'. [ 361.426829][ T5987] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 361.736893][ T5987] usb 3-1: Using ep0 maxpacket: 8 [ 361.753486][ T5987] usb 3-1: unable to get BOS descriptor or descriptor too short [ 361.763506][ T5987] usb 3-1: config 4 interface 0 has no altsetting 0 [ 361.791474][ T5987] usb 3-1: string descriptor 0 read error: -22 [ 361.805729][ T5987] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 361.845404][ T5987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.062407][ T5987] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 362.123574][ T5987] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 362.189778][ T5987] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 362.208577][ T5987] usb 3-1: media controller created [ 362.300224][ T5987] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 363.171980][ T5987] zl10353_read_register: readreg error (reg=127, ret==0) [ 363.389906][ T5987] usb 3-1: USB disconnect, device number 96 [ 365.433002][ T30] audit: type=1326 audit(1752562860.542:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 365.461908][ T30] audit: type=1326 audit(1752562860.542:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 365.485989][ T30] audit: type=1326 audit(1752562860.542:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdb7318d290 code=0x7ffc0000 [ 365.512326][ T30] audit: type=1326 audit(1752562860.542:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 365.541337][ T30] audit: type=1326 audit(1752562860.542:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 365.566264][ T30] audit: type=1326 audit(1752562860.542:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 365.589419][ T30] audit: type=1326 audit(1752562860.542:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13065 comm="syz.2.1936" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb7318e929 code=0x7ffc0000 [ 366.865280][T13086] lo speed is unknown, defaulting to 1000 [ 366.895336][T13086] lo speed is unknown, defaulting to 1000 [ 366.907774][T13086] lo speed is unknown, defaulting to 1000 [ 366.957254][T13086] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 367.000784][T13086] lo speed is unknown, defaulting to 1000 [ 367.015141][T13086] lo speed is unknown, defaulting to 1000 [ 367.027071][T13086] lo speed is unknown, defaulting to 1000 [ 367.036019][T13086] lo speed is unknown, defaulting to 1000 [ 367.046991][T13086] lo speed is unknown, defaulting to 1000 [ 367.529888][T13099] syzkaller1: entered promiscuous mode [ 367.535541][T13099] syzkaller1: entered allmulticast mode [ 368.619335][T13125] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1959'. [ 369.216398][ T30] audit: type=1800 audit(1752562864.322:33): pid=13136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1963" name="bus" dev="overlay" ino=2683 res=0 errno=0 [ 369.762159][T13146] lo speed is unknown, defaulting to 1000 [ 369.788703][T13146] lo speed is unknown, defaulting to 1000 [ 369.976963][ T5851] Bluetooth: hci1: command 0x1003 tx timeout [ 369.977957][ T5857] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 372.517460][ T5987] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 372.676964][ T5987] usb 5-1: Using ep0 maxpacket: 8 [ 372.714661][ T5987] usb 5-1: unable to get BOS descriptor or descriptor too short [ 372.764426][ T5987] usb 5-1: config 4 interface 0 has no altsetting 0 [ 372.831473][ T5987] usb 5-1: string descriptor 0 read error: -22 [ 372.838543][ T5987] usb 5-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 372.886803][ T5987] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.998157][ T5987] usb 5-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 373.088850][ T5987] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 373.205873][ T5987] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 373.251233][ T5987] usb 5-1: media controller created [ 373.434693][ T5987] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 374.805362][ T5987] zl10353_read_register: readreg error (reg=127, ret==0) [ 374.917067][ T5857] Bluetooth: hci4: link tx timeout [ 374.924270][ T5857] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 375.267518][ T5987] usb 5-1: USB disconnect, device number 8 [ 376.206246][T13230] lo speed is unknown, defaulting to 1000 [ 376.219574][T13230] lo speed is unknown, defaulting to 1000 [ 376.659413][T13233] lo speed is unknown, defaulting to 1000 [ 376.669247][T13233] lo speed is unknown, defaulting to 1000 [ 377.033341][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 377.096593][ T1163] Bluetooth: hci1: Frame reassembly failed (-84) [ 378.779728][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.790455][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.097134][ T5851] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 379.707050][ T5946] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 379.839256][T13263] lo speed is unknown, defaulting to 1000 [ 379.910510][T13263] lo speed is unknown, defaulting to 1000 [ 379.919570][ T5946] usb 1-1: Using ep0 maxpacket: 8 [ 379.963091][ T5946] usb 1-1: unable to get BOS descriptor or descriptor too short [ 380.027030][ T5946] usb 1-1: config 4 interface 0 has no altsetting 0 [ 380.089768][ T5946] usb 1-1: string descriptor 0 read error: -22 [ 380.122517][ T5946] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 380.176887][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.272528][ T5946] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 380.311560][T13268] lo speed is unknown, defaulting to 1000 [ 380.350093][ T5946] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 380.424052][ T5946] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 380.460389][T13268] lo speed is unknown, defaulting to 1000 [ 380.481108][ T5946] usb 1-1: media controller created [ 380.584977][ T5946] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 381.762395][ T5946] zl10353_read_register: readreg error (reg=127, ret==0) [ 382.035831][ T5946] usb 1-1: USB disconnect, device number 97 [ 382.466898][ T5905] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 382.627002][ T5905] usb 4-1: Using ep0 maxpacket: 32 [ 382.639486][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.651045][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.661552][ T5905] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 382.676797][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.697833][ T5905] usb 4-1: config 0 descriptor?? [ 383.043792][T13309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2021'. [ 383.232729][ T5905] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 383.454979][ T5987] usb 4-1: USB disconnect, device number 85 [ 383.977891][ T5851] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 383.978181][ T5857] Bluetooth: hci1: command 0x1003 tx timeout [ 384.408014][ T5987] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 384.578547][ T5987] usb 4-1: Using ep0 maxpacket: 8 [ 384.613459][ T5987] usb 4-1: unable to get BOS descriptor or descriptor too short [ 384.652022][ T5987] usb 4-1: config 4 interface 0 has no altsetting 0 [ 384.702103][ T5987] usb 4-1: string descriptor 0 read error: -22 [ 384.735796][ T5987] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 384.800240][ T5987] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.885804][ T5987] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 385.003923][ T5987] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 385.099363][ T5987] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 385.166762][ T5987] usb 4-1: media controller created [ 386.074331][ T5987] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 387.177789][ T5987] zl10353_read_register: readreg error (reg=127, ret==0) [ 387.303366][ T5946] usb 4-1: USB disconnect, device number 86 [ 388.166335][ T9] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 388.306848][ T9] usb 4-1: device descriptor read/64, error -71 [ 388.549803][ T9] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 388.687234][ T9] usb 4-1: device descriptor read/64, error -71 [ 388.807349][ T9] usb usb4-port1: attempt power cycle [ 389.160429][ T9] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 389.201950][ T9] usb 4-1: device descriptor read/8, error -71 [ 389.446811][ T9] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 389.505344][ T5857] Bluetooth: hci1: command 0x1003 tx timeout [ 389.508454][ T5851] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 389.568052][ T9] usb 4-1: device descriptor read/8, error -71 [ 390.024398][ T9] usb usb4-port1: unable to enumerate USB device [ 391.802384][T13447] overlayfs: failed to resolve './file1': -2 [ 392.688933][T13473] overlayfs: failed to resolve './file1': -2 [ 392.838121][ T5988] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 392.996787][ T5988] usb 3-1: Using ep0 maxpacket: 32 [ 393.009144][ T5988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.027407][ T5988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.046780][ T5988] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 393.076403][ T5988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.098401][ T5988] usb 3-1: config 0 descriptor?? [ 393.524739][ T5988] savu 0003:1E7D:2D5A.0012: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 393.804038][ T5988] usb 3-1: USB disconnect, device number 97 [ 394.626790][T13519] netlink: 180 bytes leftover after parsing attributes in process `syz.2.2103'. [ 394.996572][T13527] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2107'. [ 395.075447][T13531] genirq: Flags mismatch irq 9. 00200000 (pcmmio) vs. 00002080 (acpi) [ 396.006881][ T927] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 396.166883][ T927] usb 1-1: Using ep0 maxpacket: 32 [ 396.179412][ T927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 396.203749][ T927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 396.245000][ T927] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 396.276746][ T927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.291594][ T927] usb 1-1: config 0 descriptor?? [ 396.345644][T13561] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2116'. [ 396.503522][T13565] 9pnet_fd: Insufficient options for proto=fd [ 396.758707][ T927] savu 0003:1E7D:2D5A.0013: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 397.024346][ T5918] usb 1-1: USB disconnect, device number 98 [ 397.291343][T13588] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2126'. [ 397.360165][T13591] 9pnet_fd: Insufficient options for proto=fd [ 397.623516][ T5851] Bluetooth: hci2: unexpected event for opcode 0x2041 [ 398.654840][T13621] 9pnet_fd: Insufficient options for proto=fd [ 398.971637][ T36] Bluetooth: hci1: Frame reassembly failed (-84) [ 401.018145][ T5857] Bluetooth: hci1: command 0x1003 tx timeout [ 401.027718][ T5851] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 401.442704][ T5988] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 401.607859][ T5988] usb 4-1: Using ep0 maxpacket: 32 [ 401.629769][ T5988] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.647100][ T5988] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.658048][ T5988] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 401.679340][ T5988] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.696296][ T5988] usb 4-1: config 0 descriptor?? [ 401.793462][T13740] 9pnet_fd: Insufficient options for proto=fd [ 402.143157][ T5988] savu 0003:1E7D:2D5A.0014: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 402.323592][ T5988] usb 4-1: USB disconnect, device number 91 [ 402.543109][T13769] 9pnet_fd: Insufficient options for proto=fd [ 402.838118][ T5918] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 403.002354][ T5918] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 403.017518][ T5918] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 403.038712][T13790] overlayfs: failed to resolve './file1': -2 [ 403.045094][ T5918] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 403.056563][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 403.068350][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 403.104207][ T5918] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 403.114013][ T5918] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 403.124854][ T5918] usb 1-1: Product: syz [ 403.130914][ T5918] usb 1-1: Manufacturer: syz [ 403.152323][ T5918] cdc_wdm 1-1:1.0: skipping garbage [ 403.161794][ T5918] cdc_wdm 1-1:1.0: skipping garbage [ 403.173250][ T5918] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 403.194292][ T5918] cdc_wdm 1-1:1.0: Unknown control protocol [ 403.408325][T13798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2194'. [ 403.634191][ T927] usb 1-1: USB disconnect, device number 99 [ 403.841838][T13805] 9pnet_fd: Insufficient options for proto=fd [ 404.356789][ T927] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 404.507826][ T927] usb 5-1: Using ep0 maxpacket: 32 [ 404.521665][ T927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.535080][ T927] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.555154][ T927] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 404.560526][T13821] overlayfs: failed to resolve './file1': -2 [ 404.565876][ T927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.591765][ T927] usb 5-1: config 0 descriptor?? [ 404.885449][T13831] 9pnet_fd: Insufficient options for proto=fd [ 405.035682][ T927] savu 0003:1E7D:2D5A.0015: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 405.223328][ T927] usb 5-1: USB disconnect, device number 9 [ 405.488666][T13850] overlayfs: failed to resolve './file1': -2 [ 405.610368][T13853] overlayfs: failed to resolve './file1': -2 [ 405.744539][T13856] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2214'. [ 406.402457][T13867] 9pnet_fd: Insufficient options for proto=fd [ 406.615575][T13876] overlayfs: failed to resolve './file1': -2 [ 406.916983][ T2156] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 407.079556][ T2156] usb 1-1: Using ep0 maxpacket: 32 [ 407.093116][ T2156] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 407.132850][ T2156] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 407.135132][T13897] 9pnet_fd: Insufficient options for proto=fd [ 407.142948][ T2156] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 407.167354][ T2156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.188420][ T2156] usb 1-1: config 0 descriptor?? [ 407.273203][T13904] overlayfs: failed to resolve './file1': -2 [ 407.635953][ T2156] savu 0003:1E7D:2D5A.0016: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 407.822407][ T5988] usb 1-1: USB disconnect, device number 100 [ 408.035244][T13931] overlayfs: failed to resolve './file0': -2 [ 408.586619][T13956] overlayfs: failed to resolve './file0': -2 [ 408.983100][T13970] overlayfs: failed to resolve './file0': -2 [ 409.301112][T13982] overlayfs: failed to resolve './file0': -2 [ 409.426962][ T5988] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 409.594131][ T5988] usb 3-1: Using ep0 maxpacket: 32 [ 409.617581][ T5988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.621698][T13996] overlayfs: failed to resolve './file0': -2 [ 409.640271][ T5988] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.652702][ T5988] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 409.673407][ T5988] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.695746][ T5988] usb 3-1: config 0 descriptor?? [ 410.124987][ T5988] usbhid 3-1:0.0: can't add hid device: -71 [ 410.145589][ T5988] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 410.172297][ T5988] usb 3-1: USB disconnect, device number 98 [ 410.377030][ T5851] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 410.383708][ T5857] Bluetooth: hci1: command 0x1003 tx timeout [ 410.449177][T14022] overlayfs: failed to resolve './file0': -2 [ 412.238014][T14055] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2288'. [ 412.327184][ T927] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 412.372880][T14059] ------------[ cut here ]------------ [ 412.378918][T14059] kernel BUG at fs/buffer.c:1582! [ 412.384291][T14059] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 412.390582][T14059] CPU: 1 UID: 0 PID: 14059 Comm: syz.4.2290 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 412.398524][T14061] overlayfs: failed to resolve './file0': -2 [ 412.402250][T14059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.402270][T14059] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 412.423951][T14059] Code: 4c 89 e2 e8 a6 50 bd 02 e9 42 ff ff ff e8 5c 9d 77 ff 48 89 df 48 c7 c6 e0 35 ba 8b e8 2d 76 c0 ff 90 0f 0b e8 45 9d 77 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 412.444911][T14059] RSP: 0018:ffffc900049bf790 EFLAGS: 00010287 [ 412.451085][T14059] RAX: ffffffff8248785b RBX: ffffea0001227200 RCX: 0000000000080000 [ 412.459243][T14059] RDX: ffffc9001a2f9000 RSI: 000000000000112c RDI: 000000000000112d [ 412.467219][T14059] RBP: dffffc0000000000 R08: ffffea0001227207 R09: 1ffffd4000244e40 [ 412.475943][T14059] R10: dffffc0000000000 R11: fffff94000244e41 R12: 0000000000000002 [ 412.484218][T14059] R13: 0000000000004000 R14: ffff88805bef9828 R15: 0000000000004000 [ 412.493280][T14059] FS: 00007f0d67d516c0(0000) GS:ffff8881258b4000(0000) knlGS:0000000000000000 [ 412.503788][T14059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 412.510667][T14059] CR2: 000000110c26bab1 CR3: 00000000789d0000 CR4: 00000000003526f0 [ 412.519814][T14059] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005 [ 412.527897][T14059] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 412.537101][T14059] Call Trace: [ 412.540387][T14059] [ 412.543411][T14059] folio_alloc_buffers+0x3a0/0x640 [ 412.548548][T14059] bdev_getblk+0x286/0x660 [ 412.552984][T14059] __bread_gfp+0x89/0x3c0 [ 412.557506][T14059] ntfs_bread+0xc2/0x1e0 [ 412.561791][T14059] ntfs_fill_super+0x63d/0x40b0 [ 412.566770][T14059] ? format_decode+0x5ee/0xe30 [ 412.571569][T14059] ? vsnprintf+0xe11/0xf00 [ 412.576464][T14059] ? __pfx_ntfs_fill_super+0x10/0x10 [ 412.582045][T14059] ? sb_set_blocksize+0x85/0x180 [ 412.587847][T14059] ? setup_bdev_super+0x4c1/0x5b0 [ 412.593280][T14059] get_tree_bdev_flags+0x40b/0x4d0 [ 412.598598][T14059] ? __pfx_ntfs_fill_super+0x10/0x10 [ 412.604827][T14059] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 412.610581][T14059] vfs_get_tree+0x92/0x2b0 [ 412.615224][T14059] do_new_mount+0x2a2/0x9e0 [ 412.619901][T14059] ? ns_capable+0x8a/0xf0 [ 412.624249][T14059] ? __pfx_do_new_mount+0x10/0x10 [ 412.629334][T14059] ? path_mount+0x61c/0xfe0 [ 412.633858][T14059] ? user_path_at+0x44/0x60 [ 412.638906][T14059] __se_sys_mount+0x317/0x410 [ 412.643603][T14059] ? __pfx___se_sys_mount+0x10/0x10 [ 412.648810][T14059] ? rcu_is_watching+0x15/0xb0 [ 412.653607][T14059] ? do_syscall_64+0xbe/0x3b0 [ 412.658380][T14059] ? __x64_sys_mount+0x20/0xc0 [ 412.663425][T14059] do_syscall_64+0xfa/0x3b0 [ 412.668404][T14059] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.674119][T14059] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.680833][T14059] ? clear_bhb_loop+0x60/0xb0 [ 412.685649][T14059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.691666][T14059] RIP: 0033:0x7f0d66f8e929 [ 412.696125][T14059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.716455][T14059] RSP: 002b:00007f0d67d51038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 412.725353][T14059] RAX: ffffffffffffffda RBX: 00007f0d671b5fa0 RCX: 00007f0d66f8e929 [ 412.733352][T14059] RDX: 00002000000001c0 RSI: 0000200000000100 RDI: 0000200000000040 [ 412.741346][T14059] RBP: 00007f0d67010b39 R08: 0000000000000000 R09: 0000000000000000 [ 412.749340][T14059] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 412.757518][T14059] R13: 0000000000000000 R14: 00007f0d671b5fa0 R15: 00007ffd1699a7f8 [ 412.765616][T14059] [ 412.768670][T14059] Modules linked in: [ 412.773972][T14059] ---[ end trace 0000000000000000 ]--- [ 412.774592][ T927] usb 3-1: device descriptor read/64, error -71 [ 412.791894][T14059] RIP: 0010:folio_set_bh+0x1dc/0x1e0 [ 412.800298][T14059] Code: 4c 89 e2 e8 a6 50 bd 02 e9 42 ff ff ff e8 5c 9d 77 ff 48 89 df 48 c7 c6 e0 35 ba 8b e8 2d 76 c0 ff 90 0f 0b e8 45 9d 77 ff 90 <0f> 0b 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f [ 412.820997][T14059] RSP: 0018:ffffc900049bf790 EFLAGS: 00010287 [ 412.827367][T14059] RAX: ffffffff8248785b RBX: ffffea0001227200 RCX: 0000000000080000 [ 412.836503][T14059] RDX: ffffc9001a2f9000 RSI: 000000000000112c RDI: 000000000000112d [ 412.845072][T14059] RBP: dffffc0000000000 R08: ffffea0001227207 R09: 1ffffd4000244e40 [ 412.855271][T14059] R10: dffffc0000000000 R11: fffff94000244e41 R12: 0000000000000002 [ 412.863887][T14059] R13: 0000000000004000 R14: ffff88805bef9828 R15: 0000000000004000 [ 412.872321][T14059] FS: 00007f0d67d516c0(0000) GS:ffff8881258b4000(0000) knlGS:0000000000000000 [ 412.882272][T14059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 412.889969][T14059] CR2: 000000110c26bab1 CR3: 00000000789d0000 CR4: 00000000003526f0 [ 412.898394][T14059] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005 [ 412.906841][T14059] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 412.915131][T14059] Kernel panic - not syncing: Fatal exception [ 412.921541][T14059] Kernel Offset: disabled [ 412.925967][T14059] Rebooting in 86400 seconds..