last executing test programs: 8.130255016s ago: executing program 1 (id=239): r0 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xa031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000002040)={0xaa, 0x22c}) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_readahead}, {@directio}], [], 0x6b}}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000440)=@IORING_OP_LINKAT={0x27, 0x50, 0x0, r3, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='./file0\x00', r3, 0x400, 0x1}) truncate(&(0x7f0000000240)='./file0\x00', 0x648) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x3, 0x36, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0}) r5 = socket$netlink(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, 0x0, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0xa2f00, 0x22) 4.84679338s ago: executing program 1 (id=246): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0x4}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r1, 0x400}}, 0x48) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, r1, 0x30, 0x0, @ib={0x1b, 0x8000, 0xfff, {"3f8c0d6cf777eaa6ace6d3ec00ed4771"}, 0x500e, 0x0, 0x5}}}, 0xa0) 4.55350425s ago: executing program 1 (id=251): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040)) 4.510689662s ago: executing program 1 (id=252): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r2, r1, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000005c0)=[{0x0, 0x3}, {0xcdcb5ded92aa329b, 0x1}], 0xdeadbeef, 0x8, 0x2}) 4.413746024s ago: executing program 1 (id=253): syz_usb_connect(0x3, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0xdd, 0xc3, 0xd2, 0x20, 0x17cc, 0x4712, 0x4b64, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x3, 0x40, 0x56, [{{0x9, 0x4, 0x45, 0x0, 0x0, 0x2, 0x2, 0xff, 0x8}}]}}]}}, 0x0) 3.520827579s ago: executing program 2 (id=260): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000003540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f00000004c0)={0x3c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x1e, 0x33, @deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xe}, @device_b, @device_a, @initial, {0x3, 0x7}}, 0x0, @void}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004) 3.353303415s ago: executing program 2 (id=261): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r3, &(0x7f00000005c0)=[{0x0, 0x3}, {0xcdcb5ded92aa329b, 0x1}], 0xdeadbeef, 0x8, 0x2}) 3.288895362s ago: executing program 2 (id=262): syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) 3.202287288s ago: executing program 0 (id=263): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 3.093136604s ago: executing program 1 (id=264): mkdirat(0xffffffffffffff9c, 0x0, 0x100) prlimit64(0x0, 0xb, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_procfs$pagemap(0x0, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6) recvmmsg(r1, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/63, 0x3f}, 0x7}], 0x4000135, 0x2, 0x0) write(r1, &(0x7f00000000c0)="510003000000", 0x6) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0) r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) finit_module(r3, &(0x7f0000000100)='\\${\x00', 0x3) pwritev2(r3, 0x0, 0x0, 0x7800, 0x0, 0x3) 3.078860438s ago: executing program 0 (id=265): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pipe(0x0) r3 = syz_open_dev$vbi(0x0, 0x2, 0x2) r4 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000002c0)={0xf0f045, 0x800}) poll(&(0x7f00000000c0)=[{r4, 0xe7d4c009da6c1985}], 0x1, 0x6) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, &(0x7f0000002380)="440f20c066350f000000440f22c00f070f320f01c80f06f30f0766b8380000000f23c00f21f8663500000e000f23f8440f20c066350b000000440f22c0f08045a7a77704", 0x44}], 0x1, 0x23, 0x0, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000180)={0x3, 0x7}, 0x4) 2.870565567s ago: executing program 3 (id=266): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fddbdf252100000008000300", @ANYRES32, @ANYBLOB="1c002d800800020023010800050004000100000005000100"], 0x38}, 0x1, 0x0, 0x0, 0xc041}, 0x0) 2.085435517s ago: executing program 0 (id=267): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c72bdf1d08b96ed32b23cf7a559b76f0"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x400}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x800) 2.020277602s ago: executing program 3 (id=268): timerfd_create(0x1, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1a9882, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000240)={0x0, 0x1000000}) syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000000c0)={0x8, 0x5, 0x32}) 1.87263443s ago: executing program 0 (id=269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000140)="6467400f0174f631b9800000c00f3235000400000f30b9aa020000b87d00000064263e430fc77e006331b9800000c00f3266baf80cb808dd1f87ef66bafc0c66ed0f30470f01cf640fc7280f01592744de4546c4a2f19384f8fa9f0000c74424005db80000c744240200000000c7442406000000000f011424", 0x79}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.516194951s ago: executing program 3 (id=270): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r3, &(0x7f00000005c0)=[{0x0, 0x3}, {0xcdcb5ded92aa329b, 0x1}], 0xdeadbeef, 0x8, 0x2}) 1.318143384s ago: executing program 0 (id=271): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x24, 0x0, "43cad7244bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) setsockopt$inet_tcp_int(r1, 0x6, 0x20, &(0x7f0000000040)=0x2, 0xf6) 1.237747121s ago: executing program 3 (id=272): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f00000001c0)={0x20, 0x0, 0x0, 0xdeadbeef, 0x8, 0x63}) 1.049626331s ago: executing program 3 (id=273): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f00000000c0)=0x4, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x60c, 0x4) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) 883.761237ms ago: executing program 3 (id=274): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sched_setscheduler(0x0, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x3) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e0b080510"], 0xe) 463.947845ms ago: executing program 0 (id=275): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x419, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 361.562529ms ago: executing program 2 (id=276): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000009c0), r0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010026bd7000fddbdf252100000008000300", @ANYRES32, @ANYBLOB="1c002d800800020023010800050004000100000005000100"], 0x38}, 0x1, 0x0, 0x0, 0xc041}, 0x0) 163.954858ms ago: executing program 2 (id=277): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c72bdf1d08b96ed32b23cf7a559b76f0"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x400}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004000}, 0x800) 0s ago: executing program 2 (id=278): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2}) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x10001, 0x240000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x0, &(0x7f0000000200)}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x136) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]}) bind$inet6(0xffffffffffffffff, &(0x7f0000000240)={0xa, 0x4e23, 0x1, @empty, 0x3}, 0x1c) socket$inet_icmp(0x2, 0x2, 0x1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r7}) close_range(r1, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.188' (ED25519) to the list of known hosts. [ 77.618404][ T5849] cgroup: Unknown subsys name 'net' [ 77.790539][ T5849] cgroup: Unknown subsys name 'cpuset' [ 77.799389][ T5849] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.529914][ T5849] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 82.459765][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 82.468304][ T5861] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 82.494831][ T5865] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 82.506304][ T5873] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 82.514763][ T5873] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 82.523753][ T5873] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 82.545510][ T5870] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 82.546268][ T5873] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 82.553800][ T5870] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 82.569100][ T5873] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 82.578342][ T5873] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 82.585935][ T5873] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 82.594683][ T5873] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 82.594931][ T5870] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 82.621997][ T5873] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 82.633723][ T52] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 82.640365][ T5875] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 82.648864][ T5875] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 82.661460][ T5875] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 82.669643][ T5875] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 83.291458][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 83.316080][ T5871] chnl_net:caif_netlink_parms(): no params data found [ 83.409119][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 83.460474][ T5858] chnl_net:caif_netlink_parms(): no params data found [ 83.582879][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.590905][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.598724][ T5862] bridge_slave_0: entered allmulticast mode [ 83.607271][ T5862] bridge_slave_0: entered promiscuous mode [ 83.645748][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.652869][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.661152][ T5862] bridge_slave_1: entered allmulticast mode [ 83.668497][ T5862] bridge_slave_1: entered promiscuous mode [ 83.691368][ T5871] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.700333][ T5871] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.707741][ T5871] bridge_slave_0: entered allmulticast mode [ 83.714858][ T5871] bridge_slave_0: entered promiscuous mode [ 83.776184][ T5871] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.783448][ T5871] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.791183][ T5871] bridge_slave_1: entered allmulticast mode [ 83.798674][ T5871] bridge_slave_1: entered promiscuous mode [ 83.805362][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.812492][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.819873][ T5863] bridge_slave_0: entered allmulticast mode [ 83.827615][ T5863] bridge_slave_0: entered promiscuous mode [ 83.851847][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.864597][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.901836][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.909250][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.916786][ T5863] bridge_slave_1: entered allmulticast mode [ 83.924276][ T5863] bridge_slave_1: entered promiscuous mode [ 83.963104][ T5871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.986404][ T5858] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.993619][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.003858][ T5858] bridge_slave_0: entered allmulticast mode [ 84.011434][ T5858] bridge_slave_0: entered promiscuous mode [ 84.034766][ T5871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.074267][ T5858] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.081924][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.089823][ T5858] bridge_slave_1: entered allmulticast mode [ 84.098011][ T5858] bridge_slave_1: entered promiscuous mode [ 84.107192][ T5862] team0: Port device team_slave_0 added [ 84.128967][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.142714][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.167663][ T5862] team0: Port device team_slave_1 added [ 84.176064][ T5871] team0: Port device team_slave_0 added [ 84.224838][ T5871] team0: Port device team_slave_1 added [ 84.248806][ T5858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.262592][ T5858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.300861][ T5863] team0: Port device team_slave_0 added [ 84.320581][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.327799][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.354346][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.368576][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.375708][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.402151][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.428781][ T5863] team0: Port device team_slave_1 added [ 84.436060][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.443027][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.469384][ T5871] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.522734][ T5871] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.530109][ T5871] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.557183][ T5871] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.570475][ T5858] team0: Port device team_slave_0 added [ 84.579812][ T5858] team0: Port device team_slave_1 added [ 84.634085][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.643108][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.669648][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.682664][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.690412][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.716647][ T5875] Bluetooth: hci0: command tx timeout [ 84.716718][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.722249][ T5875] Bluetooth: hci2: command tx timeout [ 84.733127][ T5861] Bluetooth: hci3: command tx timeout [ 84.738245][ T5875] Bluetooth: hci1: command tx timeout [ 84.762130][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 84.769708][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.796635][ T5858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 84.855651][ T5858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 84.862645][ T5858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 84.888796][ T5858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 84.932336][ T5871] hsr_slave_0: entered promiscuous mode [ 84.939406][ T5871] hsr_slave_1: entered promiscuous mode [ 84.951766][ T5862] hsr_slave_0: entered promiscuous mode [ 84.958907][ T5862] hsr_slave_1: entered promiscuous mode [ 84.964942][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 84.970820][ T5862] Cannot create hsr debugfs directory [ 85.049452][ T5858] hsr_slave_0: entered promiscuous mode [ 85.056504][ T5858] hsr_slave_1: entered promiscuous mode [ 85.062822][ T5858] debugfs: 'hsr0' already exists in 'hsr' [ 85.068942][ T5858] Cannot create hsr debugfs directory [ 85.080811][ T5863] hsr_slave_0: entered promiscuous mode [ 85.087506][ T5863] hsr_slave_1: entered promiscuous mode [ 85.093556][ T5863] debugfs: 'hsr0' already exists in 'hsr' [ 85.099479][ T5863] Cannot create hsr debugfs directory [ 85.603203][ T5862] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.615912][ T5862] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.637587][ T5862] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.649446][ T5862] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.705933][ T5871] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.734456][ T5871] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.747561][ T5871] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.781306][ T5871] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.822734][ T5863] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 85.840950][ T5863] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 85.855968][ T5863] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 85.887270][ T5863] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 85.994954][ T5858] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.011886][ T5858] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.029378][ T5858] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.048111][ T5858] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.153190][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.189439][ T5871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.249077][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.270291][ T1168] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.277547][ T1168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.297117][ T5871] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.318801][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.325989][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.355039][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.362227][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.390784][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.416973][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.424195][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.473630][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.511712][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.518877][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.544524][ T1168] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.551838][ T1168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.572330][ T5858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.693702][ T5858] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.724966][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.732255][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.751333][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.758598][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.796789][ T5861] Bluetooth: hci3: command tx timeout [ 86.802266][ T5861] Bluetooth: hci1: command tx timeout [ 86.805143][ T5875] Bluetooth: hci2: command tx timeout [ 86.807765][ T5861] Bluetooth: hci0: command tx timeout [ 86.938676][ T5858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.171666][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.260875][ T5871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.400861][ T5862] veth0_vlan: entered promiscuous mode [ 87.471416][ T5862] veth1_vlan: entered promiscuous mode [ 87.491800][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.559617][ T5871] veth0_vlan: entered promiscuous mode [ 87.590143][ T5862] veth0_macvtap: entered promiscuous mode [ 87.633916][ T5862] veth1_macvtap: entered promiscuous mode [ 87.646760][ T5858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.654480][ T5871] veth1_vlan: entered promiscuous mode [ 87.738943][ T5863] veth0_vlan: entered promiscuous mode [ 87.767836][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.790443][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.823262][ T5871] veth0_macvtap: entered promiscuous mode [ 87.848206][ T5863] veth1_vlan: entered promiscuous mode [ 87.877798][ T5871] veth1_macvtap: entered promiscuous mode [ 87.889615][ T1096] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.899244][ T1096] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.909736][ T5858] veth0_vlan: entered promiscuous mode [ 87.927693][ T1096] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.936818][ T1096] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.965793][ T5858] veth1_vlan: entered promiscuous mode [ 87.999963][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.031386][ T5871] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.084776][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.094395][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.103502][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.107298][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.128801][ T5863] veth0_macvtap: entered promiscuous mode [ 88.139900][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.163403][ T5863] veth1_macvtap: entered promiscuous mode [ 88.172445][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.222712][ T5858] veth0_macvtap: entered promiscuous mode [ 88.233151][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.243516][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.261940][ T5858] veth1_macvtap: entered promiscuous mode [ 88.282862][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.312476][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.341450][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.394971][ T64] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.413124][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 88.414138][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.438131][ T5858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.453557][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.484897][ T64] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.498633][ T64] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.571694][ T64] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.614078][ T1168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.630259][ T1168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.650384][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.697933][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.709686][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.743289][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.875555][ T5861] Bluetooth: hci2: command tx timeout [ 88.877444][ T52] Bluetooth: hci1: command tx timeout [ 88.881018][ T5861] Bluetooth: hci3: command tx timeout [ 88.886557][ T5875] Bluetooth: hci0: command tx timeout [ 88.953773][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.976148][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.984417][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.999343][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.010425][ T5956] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.059011][ T5956] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'. [ 89.076035][ T5864] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 89.086829][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.097963][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.163200][ T1096] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.174511][ T1096] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.236615][ T5864] usb 2-1: Using ep0 maxpacket: 16 [ 89.285396][ T5864] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 89.293767][ T5864] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 89.369240][ T5864] usb 2-1: config 0 has no interface number 0 [ 89.379473][ T5962] overlayfs: missing 'lowerdir' [ 89.407133][ T5864] usb 2-1: config 0 interface 214 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 89.436461][ T5963] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 89.444110][ T5963] overlayfs: failed to set xattr on upper [ 89.464881][ T5963] overlayfs: ...falling back to redirect_dir=nofollow. [ 89.487605][ T5864] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 89.510268][ T5864] usb 2-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3 [ 89.514875][ T5963] overlayfs: ...falling back to index=off. [ 89.520442][ T5864] usb 2-1: Product: syz [ 89.531976][ T5963] overlayfs: ...falling back to uuid=null. [ 89.544739][ T5963] overlayfs: conflicting lowerdir path [ 89.556916][ T5864] usb 2-1: Manufacturer: syz [ 89.561596][ T5864] usb 2-1: SerialNumber: syz [ 89.578760][ T5864] usb 2-1: config 0 descriptor?? [ 89.735725][ T1585] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 89.777143][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 89.809289][ T5952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 89.830024][ T5952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 89.891221][ T1585] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 89.901642][ T1585] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.909744][ T1585] usb 1-1: Product: syz [ 89.914071][ T1585] usb 1-1: Manufacturer: syz [ 89.920258][ T1585] usb 1-1: SerialNumber: syz [ 89.935190][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 89.942667][ T1585] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 89.958593][ T24] usb 3-1: config 252 has an invalid interface number: 43 but max is 0 [ 89.974543][ T24] usb 3-1: config 252 has no interface number 0 [ 89.988830][ T24] usb 3-1: New USB device found, idVendor=2262, idProduct=0002, bcdDevice=2c.d8 [ 90.015606][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.025614][ T43] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 90.047703][ T24] option 3-1:252.43: GSM modem (1-port) converter detected [ 90.075867][ T5864] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 90.236199][ T5864] usb 4-1: Using ep0 maxpacket: 16 [ 90.258127][ T5909] usb 3-1: USB disconnect, device number 2 [ 90.258435][ T5864] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 90.277586][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.286130][ T5864] usb 4-1: Product: syz [ 90.289834][ T5909] option 3-1:252.43: device disconnected [ 90.290418][ T5864] usb 4-1: Manufacturer: syz [ 90.311906][ T5864] usb 4-1: SerialNumber: syz [ 90.340286][ T5864] usb 4-1: config 0 descriptor?? [ 90.351701][ T5864] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 90.762581][ T5864] usb 4-1: clie_3_5_startup: get interface number failed: -71 [ 90.771138][ T5864] visor 4-1:0.0: probe with driver visor failed with error -71 [ 90.799908][ T5864] usb 4-1: USB disconnect, device number 2 [ 90.955675][ T5861] Bluetooth: hci3: command tx timeout [ 90.965466][ T5873] Bluetooth: hci0: command tx timeout [ 90.965615][ T52] Bluetooth: hci2: command tx timeout [ 90.971006][ T5861] Bluetooth: hci1: command tx timeout [ 91.115503][ T43] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 91.136301][ T43] ath9k_htc: Failed to initialize the device [ 91.187899][ T43] usb 1-1: ath9k_htc: USB layer deinitialized [ 91.426865][ T5957] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 91.516517][ T5989] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13'. [ 91.590535][ T5957] usb 3-1: Using ep0 maxpacket: 32 [ 91.612430][ T5957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.623804][ T5957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.634221][ T5957] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 91.651439][ T5957] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.663861][ T5957] usb 3-1: config 0 descriptor?? [ 91.803468][ T5909] usb 2-1: USB disconnect, device number 2 [ 91.944517][ T5994] workqueue: name exceeds WQ_NAME_LEN. Truncating to: ^>>Mv^侦Kc'A [ 92.092606][ T5957] kone 0003:1E7D:2CED.0001: unknown main item tag 0x0 [ 92.134429][ T5957] kone 0003:1E7D:2CED.0001: unknown main item tag 0x0 [ 92.148322][ T5957] kone 0003:1E7D:2CED.0001: unknown main item tag 0x0 [ 92.185673][ T5957] kone 0003:1E7D:2CED.0001: unknown main item tag 0x0 [ 92.194237][ T9] cfg80211: failed to load regulatory.db [ 92.203417][ T5957] kone 0003:1E7D:2CED.0001: unknown main item tag 0x0 [ 92.242739][ T5957] kone 0003:1E7D:2CED.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.2-1/input0 [ 92.335872][ T9] usb 1-1: USB disconnect, device number 2 [ 92.395847][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 92.475210][ T1585] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 92.558125][ T6012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.19'. [ 92.568168][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 92.592862][ T24] usb 4-1: config 0 has an invalid interface number: 191 but max is 0 [ 92.607667][ T24] usb 4-1: config 0 has no interface number 0 [ 92.652425][ T24] usb 4-1: New USB device found, idVendor=04fc, idProduct=0204, bcdDevice=67.67 [ 92.669578][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.679485][ T24] usb 4-1: Product: syz [ 92.684446][ T24] usb 4-1: Manufacturer: syz [ 92.689859][ T1585] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 92.704999][ T24] usb 4-1: SerialNumber: syz [ 92.711178][ T1585] usb 2-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 92.728513][ T1585] usb 2-1: config 1 interface 0 has no altsetting 0 [ 92.750270][ T24] usb 4-1: config 0 descriptor?? [ 92.772887][ T5957] kone 0003:1E7D:2CED.0001: couldn't init struct kone_device [ 92.773912][ T1585] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 92.793730][ T5957] kone 0003:1E7D:2CED.0001: couldn't install mouse [ 92.809097][ T24] spcp8x5 4-1:0.191: SPCP8x5 converter detected [ 92.831775][ T5957] kone 0003:1E7D:2CED.0001: probe with driver kone failed with error -5 [ 92.843198][ T24] usb 4-1: SPCP8x5 converter now attached to ttyUSB0 [ 92.850564][ T1585] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.879096][ T5957] usb 3-1: USB disconnect, device number 3 [ 92.879973][ T1585] usb 2-1: Product: syz [ 92.901251][ T1585] usb 2-1: Manufacturer: syz [ 92.917288][ T1585] usb 2-1: SerialNumber: syz [ 92.937650][ T6002] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 92.954094][ T6002] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 93.032139][ T6001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 93.049215][ T6001] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 93.059997][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 93.093527][ T24] usb 4-1: USB disconnect, device number 3 [ 93.113714][ T24] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0 [ 93.134640][ T24] spcp8x5 4-1:0.191: device disconnected [ 93.205282][ T9] usb 1-1: device descriptor read/64, error -71 [ 93.258221][ T6002] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.348051][ T6002] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.455248][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 93.509366][ T6002] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.605468][ T9] usb 1-1: device descriptor read/64, error -71 [ 93.635845][ T6002] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.725384][ T9] usb usb1-port1: attempt power cycle [ 93.890103][ T64] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.965252][ T13] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.977051][ T13] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.024245][ T64] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.099826][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 94.130139][ T9] usb 1-1: device descriptor read/8, error -71 [ 94.243791][ T1585] rtl8150 2-1:1.0: couldn't reset the device [ 94.271326][ T1585] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5 [ 94.317669][ T1585] usb 2-1: USB disconnect, device number 3 [ 94.398944][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 94.456653][ T9] usb 1-1: device descriptor read/8, error -71 [ 94.596667][ T9] usb usb1-port1: unable to enumerate USB device [ 94.612676][ T6057] netlink: 40 bytes leftover after parsing attributes in process `syz.2.28'. [ 94.622226][ T6057] netlink: 596 bytes leftover after parsing attributes in process `syz.2.28'. [ 94.795714][ T980] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 94.973034][ T980] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 94.989864][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.989892][ T980] usb 4-1: Product: syz [ 94.989906][ T980] usb 4-1: Manufacturer: syz [ 94.989920][ T980] usb 4-1: SerialNumber: syz [ 95.009440][ T980] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 95.025791][ T9] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 95.055604][ T980] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 95.198750][ T9] usb 3-1: config 0 has an invalid interface number: 7 but max is 0 [ 95.206949][ T9] usb 3-1: config 0 has no interface number 0 [ 95.213255][ T9] usb 3-1: config 0 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 95.227174][ T9] usb 3-1: config 0 interface 7 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.239094][ T9] usb 3-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 95.249276][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.260468][ T9] usb 3-1: config 0 descriptor?? [ 95.672199][ T6063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.681657][ T6063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.698278][ T6063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.711761][ T6063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.734476][ T9] bigben 0003:146B:0902.0002: unexpected rdesc, please submit for review [ 95.749833][ T9] bigben 0003:146B:0902.0002: unknown main item tag 0x0 [ 95.756950][ T9] bigben 0003:146B:0902.0002: unknown main item tag 0x0 [ 95.764049][ T9] bigben 0003:146B:0902.0002: unknown main item tag 0x0 [ 95.773777][ T9] bigben 0003:146B:0902.0002: unknown main item tag 0x0 [ 95.785738][ T9] bigben 0003:146B:0902.0002: hidraw0: USB HID v0.01 Device [HID 146b:0902] on usb-dummy_hcd.2-1/input7 [ 95.797021][ T9] bigben 0003:146B:0902.0002: missing HID_OUTPUT_REPORT 0 [ 95.804220][ T9] bigben 0003:146B:0902.0002: no output report found [ 95.932437][ T5909] usb 3-1: USB disconnect, device number 4 [ 96.062925][ T6077] input: syz1 as /devices/virtual/input/input5 [ 96.091254][ T6077] sg_write: data in/out 44713/14 bytes for SCSI command 0x0-- guessing data in; [ 96.091254][ T6077] program syz.0.33 not setting count and/or reply_len properly [ 96.155494][ T980] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 96.173360][ T980] ath9k_htc: Failed to initialize the device [ 96.212149][ T980] usb 4-1: ath9k_htc: USB layer deinitialized [ 96.290029][ T6081] mmap: syz.0.35 (6081) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 96.790743][ T6094] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 96.825643][ T6094] netlink: 'syz.2.41': attribute type 4 has an invalid length. [ 97.500642][ T5909] usb 4-1: USB disconnect, device number 4 [ 97.570695][ T6097] syz.3.42 uses obsolete (PF_INET,SOCK_PACKET) [ 98.137800][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.146471][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 98.158247][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.166830][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.185417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.428135][ T5957] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 98.597175][ T5957] usb 3-1: Using ep0 maxpacket: 16 [ 98.607807][ T5957] usb 3-1: config 1 has an invalid interface number: 4 but max is 2 [ 98.616949][ T5957] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 98.627639][ T5957] usb 3-1: config 1 has no interface number 1 [ 98.633792][ T5957] usb 3-1: too many endpoints for config 1 interface 4 altsetting 0: 102, using maximum allowed: 30 [ 98.646504][ T5957] usb 3-1: config 1 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 102 [ 98.663231][ T5957] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.53 [ 98.682840][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.691534][ T5957] usb 3-1: Product: syz [ 98.698275][ T5957] usb 3-1: Manufacturer: syz [ 98.703126][ T5957] usb 3-1: SerialNumber: syz [ 98.937149][ T6103] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 98.962206][ T6103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 98.975244][ T6103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.048880][ T5957] usb 3-1: USB disconnect, device number 5 [ 99.085216][ T980] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 99.111098][ T5859] udevd[5859]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 99.255173][ T980] usb 4-1: Using ep0 maxpacket: 32 [ 99.262202][ T980] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.273295][ T980] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 99.284499][ T980] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83 [ 99.296344][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024 [ 99.307823][ T980] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 99.318113][ T980] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 99.328963][ T980] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 99.341396][ T980] usb 4-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf [ 99.350627][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.359085][ T980] usb 4-1: Product: syz [ 99.363451][ T980] usb 4-1: Manufacturer: syz [ 99.372355][ T980] usb 4-1: SerialNumber: syz [ 99.380528][ T980] usb 4-1: config 0 descriptor?? [ 99.387007][ T6125] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 99.396819][ T980] usb 4-1: NFC: Reader power on cmd error -90 [ 99.403261][ T980] pn533_usb 4-1:0.0: NFC: Couldn't poweron the reader (error -90) [ 99.412346][ T980] pn533_usb 4-1:0.0: probe with driver pn533_usb failed with error -90 [ 99.714599][ T6144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 99.745664][ T6144] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 99.782427][ T1585] usb 4-1: USB disconnect, device number 5 [ 99.930612][ T6147] fuse: Bad value for 'fd' [ 100.069182][ T6151] ubi0: attaching mtd0 [ 100.078168][ T6151] ubi0: scanning is finished [ 100.083531][ T6151] ubi0: empty MTD device detected [ 100.193653][ T6151] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 100.207944][ T6151] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 100.224845][ T6151] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 100.233553][ T6151] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 100.244641][ T6151] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 100.254040][ T6151] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 100.263803][ T6151] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3968057327 [ 100.280383][ T6151] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 100.291466][ T6156] ubi0: background thread "ubi_bgt0d" started, PID 6156 [ 100.292247][ T6154] ubi0: detaching mtd0 [ 100.360581][ T6154] ubi0: mtd0 is detached [ 100.458825][ T6163] FAULT_INJECTION: forcing a failure. [ 100.458825][ T6163] name failslab, interval 1, probability 0, space 0, times 1 [ 100.490912][ T6163] CPU: 1 UID: 0 PID: 6163 Comm: syz.2.64 Not tainted syzkaller #0 PREEMPT(full) [ 100.490937][ T6163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.490947][ T6163] Call Trace: [ 100.490955][ T6163] [ 100.490963][ T6163] dump_stack_lvl+0x189/0x250 [ 100.490997][ T6163] ? __pfx____ratelimit+0x10/0x10 [ 100.491022][ T6163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.491046][ T6163] ? __pfx__printk+0x10/0x10 [ 100.491078][ T6163] ? __pfx___might_resched+0x10/0x10 [ 100.491107][ T6163] should_fail_ex+0x414/0x560 [ 100.491134][ T6163] should_failslab+0xa8/0x100 [ 100.491159][ T6163] __kmalloc_noprof+0xcb/0x7f0 [ 100.491177][ T6163] ? kfree+0x4d/0x6d0 [ 100.491189][ T6163] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 100.491224][ T6163] tomoyo_realpath_from_path+0xe3/0x5d0 [ 100.491253][ T6163] ? tomoyo_domain+0xd9/0x130 [ 100.491277][ T6163] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 100.491301][ T6163] tomoyo_path_number_perm+0x1e8/0x5a0 [ 100.491327][ T6163] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 100.491395][ T6163] ? __fget_files+0x2a/0x420 [ 100.491424][ T6163] ? __fget_files+0x3a0/0x420 [ 100.491447][ T6163] ? __fget_files+0x2a/0x420 [ 100.491475][ T6163] security_file_ioctl+0xcb/0x2d0 [ 100.491500][ T6163] __se_sys_ioctl+0x47/0x170 [ 100.491523][ T6163] do_syscall_64+0xfa/0xfa0 [ 100.491546][ T6163] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.491569][ T6163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.491587][ T6163] ? clear_bhb_loop+0x60/0xb0 [ 100.491609][ T6163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.491626][ T6163] RIP: 0033:0x7f6e8f38ebe9 [ 100.491642][ T6163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.491657][ T6163] RSP: 002b:00007f6e90181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.491677][ T6163] RAX: ffffffffffffffda RBX: 00007f6e8f5c5fa0 RCX: 00007f6e8f38ebe9 [ 100.491690][ T6163] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 100.491701][ T6163] RBP: 00007f6e90181090 R08: 0000000000000000 R09: 0000000000000000 [ 100.491712][ T6163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.491722][ T6163] R13: 00007f6e8f5c6038 R14: 00007f6e8f5c5fa0 R15: 00007ffeaee681e8 [ 100.491756][ T6163] [ 100.491763][ T6163] ERROR: Out of memory at tomoyo_realpath_from_path. [ 100.748607][ T6163] ubi7: attaching mtd0 [ 100.755359][ T6163] ubi7 error: validate_ec_hdr: bad VID header offset 64, expected 513 [ 100.763780][ T6163] ubi7 error: validate_ec_hdr: bad EC header [ 100.784735][ T6163] Erase counter header dump: [ 100.790787][ T6163] magic 0x55424923 [ 100.816148][ T6163] version 1 [ 100.830994][ T6163] ec 1 [ 100.839873][ T6163] vid_hdr_offset 64 [ 100.858643][ T6163] data_offset 128 [ 100.872941][ T6163] image_seq -326909969 [ 100.885223][ T6163] hdr_crc 0xfd768329 [ 100.901444][ T6163] erase counter header hexdump: [ 100.912627][ T6175] netlink: zone id is out of range [ 100.920529][ T6163] CPU: 1 UID: 0 PID: 6163 Comm: syz.2.64 Not tainted syzkaller #0 PREEMPT(full) [ 100.920550][ T6163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 100.920560][ T6163] Call Trace: [ 100.920567][ T6163] [ 100.920574][ T6163] dump_stack_lvl+0x189/0x250 [ 100.920611][ T6163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.920638][ T6163] ? kernel_fpu_end+0xd2/0x120 [ 100.920687][ T6163] validate_ec_hdr+0x20d/0x340 [ 100.920716][ T6163] ubi_io_read_ec_hdr+0x1a5/0x630 [ 100.920745][ T6163] ubi_attach+0x78a/0x5c00 [ 100.920768][ T6163] ? __vmalloc_node_range_noprof+0x1249/0x12f0 [ 100.920820][ T6163] ? __pfx_ubi_attach+0x10/0x10 [ 100.920851][ T6163] ? vmalloc_noprof+0xb2/0xf0 [ 100.920875][ T6163] ubi_attach_mtd_dev+0x1b75/0x37e0 [ 100.920924][ T6163] ctrl_cdev_ioctl+0x28b/0x3e0 [ 100.920948][ T6163] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 100.920967][ T6163] ? __fget_files+0x3a0/0x420 [ 100.920989][ T6163] ? __fget_files+0x2a/0x420 [ 100.921015][ T6163] ? bpf_lsm_file_ioctl+0x9/0x20 [ 100.921040][ T6163] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 100.921059][ T6163] __se_sys_ioctl+0xfc/0x170 [ 100.921082][ T6163] do_syscall_64+0xfa/0xfa0 [ 100.921105][ T6163] ? lockdep_hardirqs_on+0x9c/0x150 [ 100.921129][ T6163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.921147][ T6163] ? clear_bhb_loop+0x60/0xb0 [ 100.921170][ T6163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.921187][ T6163] RIP: 0033:0x7f6e8f38ebe9 [ 100.921203][ T6163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.921218][ T6163] RSP: 002b:00007f6e90181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 100.921238][ T6163] RAX: ffffffffffffffda RBX: 00007f6e8f5c5fa0 RCX: 00007f6e8f38ebe9 [ 100.921250][ T6163] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 100.921262][ T6163] RBP: 00007f6e90181090 R08: 0000000000000000 R09: 0000000000000000 [ 100.921272][ T6163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.921282][ T6163] R13: 00007f6e8f5c6038 R14: 00007f6e8f5c5fa0 R15: 00007ffeaee681e8 [ 100.921315][ T6163] [ 100.921322][ T6163] ubi7 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 100.921879][ T6175] netlink: zone id is out of range [ 101.211648][ T6163] ubi7 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 101.423673][ T6186] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 101.433471][ T6186] cramfs: wrong magic [ 101.977417][ T6198] Invalid logical block size (419430400) [ 102.355412][ T6211] netlink: 228 bytes leftover after parsing attributes in process `syz.1.86'. [ 102.441461][ T6214] netlink: 65039 bytes leftover after parsing attributes in process `syz.1.86'. [ 102.509579][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 102.523513][ T5861] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 102.530768][ T980] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 102.531132][ T5861] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 102.543558][ T5861] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 102.552612][ T5861] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 102.636526][ T5861] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 102.636615][ T5861] Bluetooth: hci3: Injecting HCI hardware error event [ 102.637452][ T5861] Bluetooth: hci3: hardware error 0x00 [ 102.693169][ T980] usb 4-1: not running at top speed; connect to a high speed hub [ 102.695961][ T980] usb 4-1: config 2 has an invalid interface number: 227 but max is 0 [ 102.714026][ T980] usb 4-1: config 2 has no interface number 0 [ 102.714979][ T980] usb 4-1: config 2 interface 227 has no altsetting 0 [ 102.719866][ T980] usb 4-1: New USB device found, idVendor=093a, idProduct=2601, bcdDevice=2c.d4 [ 102.742650][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.750916][ T980] usb 4-1: Product: syz [ 102.750939][ T980] usb 4-1: Manufacturer: syz [ 102.750955][ T980] usb 4-1: SerialNumber: syz [ 102.785763][ T1168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.819065][ T6220] netlink: 8 bytes leftover after parsing attributes in process `syz.2.88'. [ 102.888970][ T6222] netlink: 40 bytes leftover after parsing attributes in process `syz.1.89'. [ 102.937134][ T1168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.143736][ T980] gspca_main: pac7311-2.14.0 probing 093a:2601 [ 103.162269][ T980] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -71 [ 103.166193][ T6232] Invalid logical block size (536870912) [ 103.176008][ T980] pac7311 4-1:2.227: probe with driver pac7311 failed with error -71 [ 103.187481][ T980] usb 4-1: USB disconnect, device number 6 [ 103.188007][ T1168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.369797][ T1168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.381012][ T1585] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 103.428973][ T6215] chnl_net:caif_netlink_parms(): no params data found [ 103.539175][ T1585] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 103.550653][ T1585] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 103.563598][ T1585] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 103.575445][ T1585] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 103.587393][ T1585] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 103.601217][ T1585] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 103.610808][ T1585] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.631357][ T1585] usb 2-1: config 0 descriptor?? [ 103.642258][ T6230] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 103.693196][ T6215] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.703758][ T6215] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.719133][ T6215] bridge_slave_0: entered allmulticast mode [ 103.730904][ T6215] bridge_slave_0: entered promiscuous mode [ 103.745298][ T43] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 103.773430][ T6215] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.785480][ T6215] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.792829][ T6215] bridge_slave_1: entered allmulticast mode [ 103.841654][ T6215] bridge_slave_1: entered promiscuous mode [ 103.899813][ T1168] bridge_slave_1: left allmulticast mode [ 103.910087][ T1168] bridge_slave_1: left promiscuous mode [ 103.923188][ T43] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 103.935549][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.952827][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.964950][ T43] usb 3-1: Product: syz [ 103.967260][ T1168] bridge_slave_0: left allmulticast mode [ 103.977521][ T43] usb 3-1: Manufacturer: syz [ 103.982218][ T43] usb 3-1: SerialNumber: syz [ 103.990175][ T1168] bridge_slave_0: left promiscuous mode [ 103.999201][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.012513][ T43] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 104.041350][ T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 104.080435][ T1585] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 104.088466][ T52] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 104.088536][ T52] Bluetooth: hci1: Injecting HCI hardware error event [ 104.089593][ T52] Bluetooth: hci1: hardware error 0x00 [ 104.110498][ T5957] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 104.184672][ T1585] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 104.285253][ T5957] usb 4-1: Using ep0 maxpacket: 8 [ 104.292267][ T5957] usb 4-1: config 5 has an invalid interface number: 143 but max is 2 [ 104.318003][ T5957] usb 4-1: config 5 has an invalid interface number: 6 but max is 2 [ 104.369353][ T5957] usb 4-1: config 5 contains an unexpected descriptor of type 0x2, skipping [ 104.388474][ T5957] usb 4-1: config 5 has an invalid descriptor of length 108, skipping remainder of the config [ 104.399170][ T5957] usb 4-1: config 5 has no interface number 1 [ 104.408023][ T5957] usb 4-1: config 5 has no interface number 2 [ 104.414392][ T5957] usb 4-1: config 5 interface 143 altsetting 30 has 0 endpoint descriptors, different from the interface descriptor's value: 11 [ 104.430951][ T5957] usb 4-1: too many endpoints for config 5 interface 6 altsetting 7: 122, using maximum allowed: 30 [ 104.448587][ T5957] usb 4-1: config 5 interface 6 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 122 [ 104.462919][ T5957] usb 4-1: too many endpoints for config 5 interface 0 altsetting 5: 36, using maximum allowed: 30 [ 104.476844][ T5957] usb 4-1: config 5 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 36 [ 104.524269][ T5957] usb 4-1: config 5 interface 143 has no altsetting 0 [ 104.547637][ T5957] usb 4-1: config 5 interface 6 has no altsetting 0 [ 104.570770][ T5957] usb 4-1: config 5 interface 0 has no altsetting 0 [ 104.593203][ T5957] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=fc.f3 [ 104.615622][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.623861][ T5957] usb 4-1: Product: syz [ 104.635352][ T5873] Bluetooth: hci0: command tx timeout [ 104.647341][ T5957] usb 4-1: Manufacturer: syz [ 104.652219][ T5957] usb 4-1: SerialNumber: syz [ 104.715303][ T5861] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 104.893973][ T6246] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.905725][ T6246] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.925279][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 104.943316][ T5957] uvcvideo 4-1:5.143: probe with driver uvcvideo failed with error -22 [ 104.968760][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 104.990905][ T5957] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 104.992618][ T1168] bond0 (unregistering): Released all slaves [ 105.010163][ T5957] usb 4-1: MIDIStreaming interface descriptor not found [ 105.041099][ T6265] netlink: 'syz.3.97': attribute type 20 has an invalid length. [ 105.080732][ T5957] usb 4-1: USB disconnect, device number 7 [ 105.115286][ T24] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 105.124266][ T24] ath9k_htc: Failed to initialize the device [ 105.289364][ T24] usb 3-1: ath9k_htc: USB layer deinitialized [ 105.320226][ T6215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 105.342884][ T5976] usb 2-1: USB disconnect, device number 4 [ 105.468965][ T6215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 105.536078][ T6215] team0: Port device team_slave_0 added [ 105.578840][ T6215] team0: Port device team_slave_1 added [ 105.648701][ T6215] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 105.656403][ T5957] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 105.664039][ T6215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 105.691306][ T6215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 105.720868][ T1168] hsr_slave_0: left promiscuous mode [ 105.732454][ T1168] hsr_slave_1: left promiscuous mode [ 105.741038][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 105.757327][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 105.773674][ T1168] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 105.781814][ T1168] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 105.831472][ T1168] veth1_macvtap: left promiscuous mode [ 105.835148][ T5957] usb 4-1: device descriptor read/64, error -71 [ 105.841622][ T1168] veth0_macvtap: left promiscuous mode [ 105.850692][ T1168] veth1_vlan: left promiscuous mode [ 105.863159][ T1168] veth0_vlan: left promiscuous mode [ 106.000824][ T5861] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 106.013140][ T5861] Bluetooth: hci2: Injecting HCI hardware error event [ 106.021922][ T5873] Bluetooth: hci2: hardware error 0x00 [ 106.075273][ T5957] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 106.155698][ T52] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 106.226292][ T5957] usb 4-1: device descriptor read/64, error -71 [ 106.345208][ T5957] usb usb4-port1: attempt power cycle [ 106.474224][ T5976] usb 3-1: USB disconnect, device number 6 [ 106.705371][ T5957] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 106.715168][ T52] Bluetooth: hci0: command tx timeout [ 106.746084][ T5957] usb 4-1: device descriptor read/8, error -71 [ 106.803765][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 106.844400][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 106.985485][ T5957] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 107.017085][ T5957] usb 4-1: device descriptor read/8, error -71 [ 107.135858][ T5957] usb usb4-port1: unable to enumerate USB device [ 107.201496][ T6215] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 107.209783][ T6215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 107.235985][ T6215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 107.433699][ T6298] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.101'. [ 107.447257][ T6298] openvswitch: netlink: Message has 512 unknown bytes. [ 107.487084][ T6215] hsr_slave_0: entered promiscuous mode [ 107.513351][ T6215] hsr_slave_1: entered promiscuous mode [ 107.548682][ T6215] debugfs: 'hsr0' already exists in 'hsr' [ 107.554476][ T6215] Cannot create hsr debugfs directory [ 107.703157][ T6306] cgroup: Unknown subsys name 'appraise' [ 107.771234][ T6306] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.973543][ T6315] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 107.992972][ T6315] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 108.081953][ T5873] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 108.233090][ T6323] Invalid logical block size (570425344) [ 108.550162][ T6336] IPv4: Oversized IP packet from 172.20.20.24 [ 108.558525][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 108.565690][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 108.745550][ T5976] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 108.797235][ T5873] Bluetooth: hci0: command tx timeout [ 108.864195][ T6343] binder: BINDER_SET_CONTEXT_MGR already set [ 108.885187][ T5976] usb 2-1: device descriptor read/64, error -71 [ 108.891729][ T6343] binder: 6342:6343 ioctl 4018620d 200000000040 returned -16 [ 109.109883][ T6215] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.127913][ T6215] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.135584][ T5976] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 109.155937][ T6215] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.171115][ T6215] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.278150][ T5976] usb 2-1: device descriptor read/64, error -71 [ 109.326479][ T980] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 109.395657][ T5976] usb usb2-port1: attempt power cycle [ 109.422812][ T6215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.469366][ T6215] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.512613][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.520094][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.541616][ T980] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 109.544121][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.558045][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.560791][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.576363][ T980] usb 4-1: Product: syz [ 109.580783][ T980] usb 4-1: Manufacturer: syz [ 109.593321][ T980] usb 4-1: SerialNumber: syz [ 109.606926][ T6374] binder: BINDER_SET_CONTEXT_MGR already set [ 109.613568][ T6374] binder: 6373:6374 ioctl 4018620d 200000000180 returned -16 [ 109.631467][ T6215] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 109.648041][ T980] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 109.672204][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 109.695306][ T6215] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.775190][ T5976] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 109.826014][ T5976] usb 2-1: device descriptor read/8, error -71 [ 110.065391][ T5976] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 110.097992][ T1585] usb 4-1: USB disconnect, device number 12 [ 110.119351][ T5976] usb 2-1: device descriptor read/8, error -71 [ 110.245850][ T5976] usb usb2-port1: unable to enumerate USB device [ 110.272316][ T6215] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.392348][ T6215] veth0_vlan: entered promiscuous mode [ 110.418188][ T6215] veth1_vlan: entered promiscuous mode [ 110.510879][ T6215] veth0_macvtap: entered promiscuous mode [ 110.538239][ T6215] veth1_macvtap: entered promiscuous mode [ 110.619183][ T6215] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.649834][ T6215] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.691345][ T64] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.719079][ T64] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.759732][ T64] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.776348][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.805438][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 110.812647][ T9] ath9k_htc: Failed to initialize the device [ 110.861316][ T1585] usb 4-1: ath9k_htc: USB layer deinitialized [ 110.875327][ T5873] Bluetooth: hci0: command tx timeout [ 111.011234][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.042959][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.134908][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 111.146001][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 111.463786][ T6431] IPv4: Oversized IP packet from 172.20.20.24 [ 111.470739][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 111.477287][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 111.515871][ T1585] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 111.708172][ T1585] usb 4-1: Using ep0 maxpacket: 32 [ 111.728719][ T1585] usb 4-1: config 0 has an invalid interface number: 184 but max is 3 [ 111.768230][ T1585] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.795141][ T1585] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 111.804064][ T1585] usb 4-1: config 0 has no interface number 0 [ 111.841797][ T1585] usb 4-1: config 0 interface 184 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 111.874243][ T1585] usb 4-1: config 0 interface 184 has no altsetting 0 [ 111.893199][ T1585] usb 4-1: New USB device found, idVendor=3731, idProduct=010c, bcdDevice=96.da [ 111.912570][ T1585] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.932638][ T1585] usb 4-1: Product: ᅴ堬掗❖䡮㠺烄㡽휍䊛ఒ䡚錴ເ潳里馆ꄆ藱㬰㻗㣞沂瘖់텞⚊黠₥鋬Ꝫ㗈ꁂݍ匲㐋킵쫻薡쇽쬭첼몂璗􂋣㣝⫹㪷త蠑璯⨘ꮯ負 [ 111.957665][ T1585] usb 4-1: Manufacturer: ;༓䤊欤㤦鰋읶㚌省ϥ횁볅蝷⑳ﳙ钽䐢肷맚릺꽚貴꾥磨㳰噦몪添廣칦廋鄦烀癇ᝒᱰ᭬蒪툑ꚁ沷屿髻샽䈒ྐ㉐ᳲꬰ䱚Ⓖ￟ꬌẸ票攑ℹ譐✊殐趉俜᷹ࢫ靖൐滛궼 [ 112.002651][ T1585] usb 4-1: SerialNumber: ㅷ绯韔別䟜ᐜ昄ᝉ䠕᭾鲤嬱렾⋀셧೅嗴氻碅ꆞꇿ헺ⷈ殮粺鰿⒥豮틣䞄ℿ㠕끫⼭舣ล宲⦇Ẃꝓݣ뀚卷鍞雒㼱ጿ늴ꆙ᏷莊쐎嶶運癩嶽袦柵⣿㽉❊훐䧀ﯘ굳䐤钴碒쩈斗莪뼔槊庰덖凂荝ᠵ憞崉㋞荸獢⊸㺓펄㎷龕圶保ᄺ祅紕䁼䥍 [ 112.038128][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 112.068902][ T1585] usb 4-1: config 0 descriptor?? [ 112.205408][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 112.218205][ T9] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 112.230271][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.247999][ T9] usb 2-1: config 0 descriptor?? [ 112.268131][ T9] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 112.356065][ T1585] option 4-1:0.184: GSM modem (1-port) converter detected [ 112.387030][ T1585] usb 4-1: USB disconnect, device number 13 [ 112.403283][ T1585] option 4-1:0.184: device disconnected [ 112.878593][ T6444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.913054][ T6444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.361906][ T9] gspca_nw80x: reg_w err -71 [ 113.375478][ T9] nw80x 2-1:0.0: probe with driver nw80x failed with error -71 [ 113.404780][ T9] usb 2-1: USB disconnect, device number 9 [ 113.456987][ T5957] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 113.641897][ T5957] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 113.661835][ T5957] usb 4-1: config 0 has no interface number 0 [ 113.671709][ T5957] usb 4-1: config 0 interface 41 has no altsetting 0 [ 113.690780][ T5957] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 113.701143][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.709494][ T5957] usb 4-1: Product: syz [ 113.713960][ T5957] usb 4-1: Manufacturer: syz [ 113.735005][ T5957] usb 4-1: SerialNumber: syz [ 113.746367][ T5957] usb 4-1: config 0 descriptor?? [ 113.779764][ T5957] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -22 [ 114.349554][ T6521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.362993][ T6521] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.399024][ T5976] usb 4-1: USB disconnect, device number 14 [ 114.436924][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 114.957377][ T30] audit: type=1326 audit(1757052148.499:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6533 comm="\" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9d5858ebe9 code=0x10000 [ 115.467310][ T6538] netlink: 36 bytes leftover after parsing attributes in process `syz.2.156'. [ 115.768064][ T1585] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 115.937259][ T1585] usb 4-1: config 0 has no interfaces? [ 115.950262][ T1585] usb 4-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice= 9.99 [ 115.974514][ T1585] usb 4-1: New USB device strings: Mfr=249, Product=1, SerialNumber=3 [ 115.994167][ T1585] usb 4-1: Product: syz [ 116.004451][ T1585] usb 4-1: Manufacturer: syz [ 116.019122][ T6555] batadv_slave_1: entered promiscuous mode [ 116.035299][ T1585] usb 4-1: SerialNumber: syz [ 116.051975][ T1585] usb 4-1: config 0 descriptor?? [ 116.076213][ T6551] batadv_slave_1: left promiscuous mode [ 116.412044][ T6566] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.809670][ T1585] usb 4-1: USB disconnect, device number 15 [ 117.196510][ T6584] NILFS (nbd3): device size too small [ 117.275550][ T1585] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 118.180283][ T6586] delete_channel: no stack [ 118.255575][ T1585] usb 3-1: Using ep0 maxpacket: 32 [ 118.266143][ T1585] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 118.274188][ T1585] usb 3-1: config 0 has no interface number 0 [ 118.307762][ T1585] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 118.333190][ T1585] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.357241][ T1585] usb 3-1: Product: syz [ 118.361554][ T1585] usb 3-1: Manufacturer: syz [ 118.415160][ T1585] usb 3-1: SerialNumber: syz [ 118.436351][ T1585] usb 3-1: config 0 descriptor?? [ 118.478152][ T1585] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 118.495580][ T1585] usb 3-1: selecting invalid altsetting 1 [ 118.501450][ T1585] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 118.546549][ T1585] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 118.576364][ T1585] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 118.600067][ T1585] usb 3-1: media controller created [ 118.694946][ T1585] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 118.755469][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.015702][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 119.129961][ T1585] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 119.220367][ T1585] zl10353_read_register: readreg error (reg=127, ret==-71) [ 119.354063][ T1585] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 119.389671][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 119.771173][ T1585] usb 3-1: USB disconnect, device number 7 [ 119.957727][ T6614] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 119.990014][ T6614] block device autoloading is deprecated and will be removed. [ 120.113472][ T6622] random: crng reseeded on system resumption [ 120.135320][ T1585] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 120.288120][ T5947] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 120.307655][ T1585] usb 3-1: unable to get BOS descriptor or descriptor too short [ 120.382615][ T1585] usb 3-1: not running at top speed; connect to a high speed hub [ 120.395533][ T6630] netlink: 'syz.3.185': attribute type 4 has an invalid length. [ 120.416375][ T6630] ieee802154 phy0 wpan0: encryption failed: -22 [ 120.435929][ T1585] usb 3-1: config 7 has an invalid interface number: 156 but max is 0 [ 120.444186][ T1585] usb 3-1: config 7 has no interface number 0 [ 120.465795][ T1585] usb 3-1: config 7 interface 156 has no altsetting 0 [ 120.470632][ T5947] usb 2-1: Using ep0 maxpacket: 8 [ 120.482106][ T1585] usb 3-1: New USB device found, idVendor=2001, idProduct=3a00, bcdDevice=6d.8b [ 120.482538][ T5947] usb 2-1: config 0 has an invalid interface number: 252 but max is 0 [ 120.517547][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 120.520010][ T6634] netlink: 'syz.0.186': attribute type 142 has an invalid length. [ 120.545383][ T1585] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.594936][ T1585] usb 3-1: Product: syz [ 120.597537][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 120.600219][ T1585] usb 3-1: Manufacturer: syz [ 120.614648][ T6633] Zero length message leads to an empty skb [ 120.662687][ T5947] usb 2-1: config 0 has no interface number 0 [ 120.670117][ T5947] usb 2-1: config 0 interface 252 has no altsetting 0 [ 120.676805][ T1585] usb 3-1: SerialNumber: syz [ 120.680444][ T5947] usb 2-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=f0.28 [ 120.690820][ T5947] usb 2-1: New USB device strings: Mfr=244, Product=1, SerialNumber=3 [ 120.699429][ T5947] usb 2-1: Product: syz [ 120.740630][ T5947] usb 2-1: Manufacturer: syz [ 120.769496][ T5947] usb 2-1: SerialNumber: syz [ 120.798013][ T5947] usb 2-1: config 0 descriptor?? [ 121.033081][ T1585] usb 3-1: Could not find all expected endpoints [ 121.123982][ T1585] usb 3-1: USB disconnect, device number 8 [ 121.131734][ T5947] usb 2-1: USB disconnect, device number 10 [ 122.355556][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 122.715009][ T6662] netlink: 20 bytes leftover after parsing attributes in process `syz.1.195'. [ 122.805228][ T24] usb 1-1: device descriptor read/64, error -71 [ 123.029965][ T1585] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 123.085291][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 123.835189][ T1585] usb 4-1: Using ep0 maxpacket: 8 [ 123.853519][ T1585] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.878600][ T1585] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.908350][ T1585] usb 4-1: config 0 interface 0 has no altsetting 0 [ 123.945212][ T1585] usb 4-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 123.972622][ T1585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.999353][ T1585] usb 4-1: config 0 descriptor?? [ 124.864499][ T1585] samsung 0003:0419:0001.0004: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.3-1/input0 [ 125.053609][ T9] usb 4-1: USB disconnect, device number 16 [ 125.707404][ T6704] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 126.536297][ T6729] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 126.955808][ T5873] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 126.961478][ T52] Bluetooth: hci4: command 0x1003 tx timeout [ 127.541103][ T6746] netlink: 16 bytes leftover after parsing attributes in process `syz.3.229'. [ 127.544924][ T6748] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 128.278713][ T6774] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 128.659404][ T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 128.896793][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 128.965587][ T24] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.086118][ T24] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.199520][ T24] usb 1-1: config 0 interface 0 has no altsetting 0 [ 129.285803][ T24] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 129.385580][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.572100][ T24] usb 1-1: config 0 descriptor?? [ 129.725348][ T5909] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 129.965420][ T5909] usb 4-1: Using ep0 maxpacket: 16 [ 130.077608][ T5909] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 130.311366][ T5909] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 130.619339][ T5909] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 130.767129][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.786539][ T24] samsung 0003:0419:0001.0005: hidraw0: USB HID v0.00 Device [HID 0419:0001] on usb-dummy_hcd.0-1/input0 [ 130.878967][ T5909] usb 4-1: Product: syz [ 130.921660][ T5909] usb 4-1: Manufacturer: syz [ 130.994158][ T5909] usb 4-1: SerialNumber: syz [ 131.076345][ T24] usb 1-1: USB disconnect, device number 9 [ 131.149799][ T5909] usb 4-1: config 0 descriptor?? [ 131.212479][ T5909] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 131.238620][ T6786] fido_id[6786]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 131.319105][ T5909] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 131.594029][ T6799] autofs: Bad value for 'fd' [ 131.679995][ T6801] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 131.827838][ T5909] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 131.839219][ T5909] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 132.015723][ T24] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 132.185370][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 132.194490][ T24] usb 2-1: config 8 has an invalid interface number: 69 but max is 0 [ 132.203432][ T24] usb 2-1: config 8 has no interface number 0 [ 132.214135][ T24] usb 2-1: New USB device found, idVendor=17cc, idProduct=4712, bcdDevice=4b.64 [ 132.224041][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.232645][ T24] usb 2-1: Product: syz [ 132.238512][ T24] usb 2-1: Manufacturer: syz [ 132.243277][ T24] usb 2-1: SerialNumber: syz [ 132.452289][ T5909] em28xx 4-1:0.0: Unknown AC97 audio processor detected! [ 132.479514][ T24] usb 2-1: bad CDC descriptors [ 132.501824][ T24] snd-usb-caiaq 2-1:8.69: can't set alt interface. [ 132.516134][ T24] usb 2-1: unable to init card! (ret=-5) [ 132.522963][ T24] snd-usb-caiaq 2-1:8.69: probe with driver snd-usb-caiaq failed with error -5 [ 132.537884][ T24] usb 2-1: USB disconnect, device number 11 [ 132.680119][ T5909] em28xx 4-1:0.0: couldn't setup AC97 register 2 [ 132.695792][ T5909] em28xx 4-1:0.0: couldn't setup AC97 register 4 [ 132.714432][ T5909] em28xx 4-1:0.0: couldn't setup AC97 register 6 [ 132.724213][ T5909] em28xx 4-1:0.0: couldn't setup AC97 register 54 [ 132.732195][ T5909] em28xx 4-1:0.0: couldn't setup AC97 register 56 [ 132.761149][ T5909] usb 4-1: USB disconnect, device number 17 [ 132.801727][ T6821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 133.121484][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.202264][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.228940][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 133.248479][ T6831] Bluetooth: MGMT ver 1.23 [ 134.041618][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.082528][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.093643][ T24] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 134.113010][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.140030][ T24] usb 3-1: config 0 descriptor?? [ 134.584047][ T24] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0 [ 134.643120][ T24] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 134.778138][ T6847] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 134.796402][ T24] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE [ 135.189952][ T24] cp2112 0003:10C4:EA90.0006: error setting SMBus config [ 135.217096][ T24] cp2112 0003:10C4:EA90.0006: probe with driver cp2112 failed with error -71 [ 135.291361][ T24] usb 3-1: USB disconnect, device number 9 [ 136.035267][ T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 136.205774][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 136.226516][ T24] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.237910][ T24] usb 1-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.275195][ T24] usb 1-1: config 0 interface 0 has no altsetting 0 [ 136.311924][ T6866] ================================================================== [ 136.320029][ T6866] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0 [ 136.328497][ T6866] Read of size 8 at addr ffff88802782c408 by task syz.2.278/6866 [ 136.336243][ T6866] [ 136.338569][ T6866] CPU: 1 UID: 0 PID: 6866 Comm: syz.2.278 Not tainted syzkaller #0 PREEMPT(full) [ 136.338584][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 136.338591][ T6866] Call Trace: [ 136.338598][ T6866] [ 136.338604][ T6866] dump_stack_lvl+0x189/0x250 [ 136.338624][ T6866] ? __kasan_check_byte+0x12/0x40 [ 136.338638][ T6866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.338654][ T6866] ? lock_release+0x4b/0x3e0 [ 136.338667][ T6866] ? __virt_addr_valid+0x4a5/0x5c0 [ 136.338683][ T6866] print_report+0xca/0x240 [ 136.338694][ T6866] ? change_page_attr_set_clr+0x625/0xfc0 [ 136.338706][ T6866] kasan_report+0x118/0x150 [ 136.338719][ T6866] ? change_page_attr_set_clr+0x625/0xfc0 [ 136.338732][ T6866] change_page_attr_set_clr+0x625/0xfc0 [ 136.338745][ T6866] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 136.338757][ T6866] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 136.338774][ T6866] ? memtype_reserve+0x874/0xb30 [ 136.338793][ T6866] _set_pages_array+0x145/0x270 [ 136.338807][ T6866] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 136.338823][ T6866] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 136.338840][ T6866] drm_gem_shmem_pin_locked+0x22c/0x460 [ 136.338855][ T6866] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 136.338870][ T6866] ? ww_mutex_lock+0x3f/0x1c0 [ 136.338886][ T6866] drm_gem_map_attach+0x19c/0x1f0 [ 136.338901][ T6866] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 136.338915][ T6866] ? __fget_files+0x3a0/0x420 [ 136.338929][ T6866] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 136.338945][ T6866] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 136.338959][ T6866] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 136.338973][ T6866] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 136.338988][ T6866] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 136.339003][ T6866] drm_ioctl_kernel+0x2cc/0x390 [ 136.339016][ T6866] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 136.339030][ T6866] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 136.339044][ T6866] drm_ioctl+0x67f/0xb10 [ 136.339056][ T6866] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 136.339071][ T6866] ? __pfx_drm_ioctl+0x10/0x10 [ 136.339085][ T6866] ? __fget_files+0x3a0/0x420 [ 136.339098][ T6866] ? __fget_files+0x2a/0x420 [ 136.339111][ T6866] ? bpf_lsm_file_ioctl+0x9/0x20 [ 136.339127][ T6866] ? __pfx_drm_ioctl+0x10/0x10 [ 136.339138][ T6866] __se_sys_ioctl+0xfc/0x170 [ 136.339149][ T6866] do_syscall_64+0xfa/0xfa0 [ 136.339163][ T6866] ? lockdep_hardirqs_on+0x9c/0x150 [ 136.339177][ T6866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.339187][ T6866] ? clear_bhb_loop+0x60/0xb0 [ 136.339198][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.339209][ T6866] RIP: 0033:0x7f6e8f38ebe9 [ 136.339220][ T6866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.339230][ T6866] RSP: 002b:00007f6e90181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 136.339243][ T6866] RAX: ffffffffffffffda RBX: 00007f6e8f5c5fa0 RCX: 00007f6e8f38ebe9 [ 136.339252][ T6866] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000006 [ 136.339259][ T6866] RBP: 00007f6e8f411e19 R08: 0000000000000000 R09: 0000000000000000 [ 136.339266][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 136.339272][ T6866] R13: 00007f6e8f5c6038 R14: 00007f6e8f5c5fa0 R15: 00007ffeaee681e8 [ 136.339284][ T6866] [ 136.339287][ T6866] [ 136.672775][ T6866] Allocated by task 6866: [ 136.677109][ T6866] kasan_save_track+0x3e/0x80 [ 136.681782][ T6866] __kasan_kmalloc+0x93/0xb0 [ 136.686363][ T6866] __kvmalloc_node_noprof+0x5cd/0x910 [ 136.691811][ T6866] drm_gem_get_pages+0x166/0xa20 [ 136.696750][ T6866] drm_gem_shmem_get_pages_locked+0x201/0x440 [ 136.702901][ T6866] drm_gem_shmem_pin_locked+0x22c/0x460 [ 136.708547][ T6866] drm_gem_map_attach+0x19c/0x1f0 [ 136.713680][ T6866] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 136.719055][ T6866] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 136.725422][ T6866] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 136.731166][ T6866] drm_ioctl_kernel+0x2cc/0x390 [ 136.736009][ T6866] drm_ioctl+0x67f/0xb10 [ 136.740254][ T6866] __se_sys_ioctl+0xfc/0x170 [ 136.744870][ T6866] do_syscall_64+0xfa/0xfa0 [ 136.749389][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.755282][ T6866] [ 136.757627][ T6866] The buggy address belongs to the object at ffff88802782c000 [ 136.757627][ T6866] which belongs to the cache kmalloc-2k of size 2048 [ 136.771670][ T6866] The buggy address is located 0 bytes to the right of [ 136.771670][ T6866] allocated 1032-byte region [ffff88802782c000, ffff88802782c408) [ 136.786241][ T6866] [ 136.788576][ T6866] The buggy address belongs to the physical page: [ 136.794976][ T6866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27828 [ 136.803832][ T6866] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 136.812622][ T6866] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 136.820203][ T6866] page_type: f5(slab) [ 136.824184][ T6866] raw: 00fff00000000040 ffff88801a842000 ffffea0000915c00 dead000000000002 [ 136.832778][ T6866] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 136.841365][ T6866] head: 00fff00000000040 ffff88801a842000 ffffea0000915c00 dead000000000002 [ 136.850047][ T6866] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 136.858817][ T6866] head: 00fff00000000003 ffffea00009e0a01 00000000ffffffff 00000000ffffffff [ 136.867501][ T6866] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 136.876167][ T6866] page dumped because: kasan: bad access detected [ 136.882583][ T6866] page_owner tracks the page as allocated [ 136.888330][ T6866] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5858, tgid 5858 (syz-executor), ts 85328908467, free_ts 59121115638 [ 136.909516][ T6866] post_alloc_hook+0x240/0x2a0 [ 136.914292][ T6866] get_page_from_freelist+0x21e4/0x22c0 [ 136.919835][ T6866] __alloc_frozen_pages_noprof+0x181/0x370 [ 136.925729][ T6866] alloc_pages_mpol+0x232/0x4a0 [ 136.930589][ T6866] allocate_slab+0x8a/0x330 [ 136.935110][ T6866] ___slab_alloc+0xbd1/0x13f0 [ 136.939794][ T6866] __slab_alloc+0x55/0xa0 [ 136.944116][ T6866] __kmalloc_node_track_caller_noprof+0x5c7/0x800 [ 136.950526][ T6866] kmalloc_reserve+0x136/0x290 [ 136.955294][ T6866] pskb_expand_head+0x18e/0x1150 [ 136.960244][ T6866] netlink_trim+0x1d5/0x2e0 [ 136.964765][ T6866] netlink_broadcast_filtered+0xd6/0x1000 [ 136.970594][ T6866] nlmsg_notify+0xf0/0x1a0 [ 136.975062][ T6866] rtnetlink_event+0x224/0x270 [ 136.979933][ T6866] notifier_call_chain+0x1b6/0x3e0 [ 136.985136][ T6866] __netdev_upper_dev_link+0x3c3/0x590 [ 136.990609][ T6866] page last free pid 5645 tgid 5645 stack trace: [ 136.997120][ T6866] __free_frozen_pages+0xbc4/0xd30 [ 137.002233][ T6866] __put_partials+0x146/0x170 [ 137.006923][ T6866] put_cpu_partial+0x17c/0x250 [ 137.011696][ T6866] __slab_free+0x2b9/0x390 [ 137.016123][ T6866] qlist_free_all+0x97/0x140 [ 137.020738][ T6866] kasan_quarantine_reduce+0x148/0x160 [ 137.026185][ T6866] __kasan_slab_alloc+0x22/0x80 [ 137.031028][ T6866] kmem_cache_alloc_noprof+0x367/0x6e0 [ 137.036475][ T6866] __anon_vma_prepare+0xcb/0x4a0 [ 137.041406][ T6866] __handle_mm_fault+0x4aff/0x5400 [ 137.046507][ T6866] handle_mm_fault+0x40a/0x8e0 [ 137.051260][ T6866] do_user_addr_fault+0xa81/0x1390 [ 137.056468][ T6866] exc_page_fault+0x82/0x100 [ 137.061068][ T6866] asm_exc_page_fault+0x26/0x30 [ 137.066020][ T6866] [ 137.068356][ T6866] Memory state around the buggy address: [ 137.073971][ T6866] ffff88802782c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 137.082032][ T6866] ffff88802782c380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 137.090168][ T6866] >ffff88802782c400: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 137.098216][ T6866] ^ [ 137.102614][ T6866] ffff88802782c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 137.110837][ T6866] ffff88802782c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 137.118884][ T6866] ================================================================== [ 137.129015][ T6866] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 137.136231][ T6866] CPU: 1 UID: 0 PID: 6866 Comm: syz.2.278 Not tainted syzkaller #0 PREEMPT(full) [ 137.145425][ T6866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 137.155568][ T6866] Call Trace: [ 137.158846][ T6866] [ 137.161771][ T6866] dump_stack_lvl+0x99/0x250 [ 137.166362][ T6866] ? __asan_memcpy+0x40/0x70 [ 137.170947][ T6866] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.176153][ T6866] ? __pfx__printk+0x10/0x10 [ 137.180741][ T6866] vpanic+0x237/0x6d0 [ 137.184801][ T6866] ? __pfx_vpanic+0x10/0x10 [ 137.189317][ T6866] panic+0xb9/0xc0 [ 137.193039][ T6866] ? __pfx_panic+0x10/0x10 [ 137.197449][ T6866] ? _raw_spin_unlock_irqrestore+0xa8/0x110 [ 137.203347][ T6866] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 137.209233][ T6866] ? change_page_attr_set_clr+0x625/0xfc0 [ 137.214946][ T6866] check_panic_on_warn+0x89/0xb0 [ 137.219876][ T6866] ? change_page_attr_set_clr+0x625/0xfc0 [ 137.225597][ T6866] end_report+0x78/0x160 [ 137.229829][ T6866] kasan_report+0x129/0x150 [ 137.234322][ T6866] ? change_page_attr_set_clr+0x625/0xfc0 [ 137.240049][ T6866] change_page_attr_set_clr+0x625/0xfc0 [ 137.245677][ T6866] ? __pfx_change_page_attr_set_clr+0x10/0x10 [ 137.251731][ T6866] ? __pfx_pagerange_is_ram_callback+0x10/0x10 [ 137.257961][ T6866] ? memtype_reserve+0x874/0xb30 [ 137.262897][ T6866] _set_pages_array+0x145/0x270 [ 137.267738][ T6866] drm_gem_shmem_get_pages_locked+0x2d0/0x440 [ 137.273797][ T6866] ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10 [ 137.280813][ T6866] drm_gem_shmem_pin_locked+0x22c/0x460 [ 137.286386][ T6866] ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10 [ 137.292448][ T6866] ? ww_mutex_lock+0x3f/0x1c0 [ 137.297116][ T6866] drm_gem_map_attach+0x19c/0x1f0 [ 137.302427][ T6866] dma_buf_dynamic_attach+0x1e7/0x3d0 [ 137.307797][ T6866] ? __fget_files+0x3a0/0x420 [ 137.312468][ T6866] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 137.319311][ T6866] drm_gem_shmem_prime_import_no_map+0xc1/0x2f0 [ 137.325544][ T6866] ? drm_gem_prime_fd_to_handle+0x185/0x4d0 [ 137.331437][ T6866] ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10 [ 137.338279][ T6866] drm_gem_prime_fd_to_handle+0x196/0x4d0 [ 137.343990][ T6866] drm_ioctl_kernel+0x2cc/0x390 [ 137.348867][ T6866] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 137.355275][ T6866] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 137.360878][ T6866] drm_ioctl+0x67f/0xb10 [ 137.365118][ T6866] ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10 [ 137.371531][ T6866] ? __pfx_drm_ioctl+0x10/0x10 [ 137.376285][ T6866] ? __fget_files+0x3a0/0x420 [ 137.380950][ T6866] ? __fget_files+0x2a/0x420 [ 137.385542][ T6866] ? bpf_lsm_file_ioctl+0x9/0x20 [ 137.390484][ T6866] ? __pfx_drm_ioctl+0x10/0x10 [ 137.395346][ T6866] __se_sys_ioctl+0xfc/0x170 [ 137.400021][ T6866] do_syscall_64+0xfa/0xfa0 [ 137.404523][ T6866] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.409818][ T6866] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.415895][ T6866] ? clear_bhb_loop+0x60/0xb0 [ 137.420574][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.426454][ T6866] RIP: 0033:0x7f6e8f38ebe9 [ 137.430893][ T6866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.450873][ T6866] RSP: 002b:00007f6e90181038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 137.459340][ T6866] RAX: ffffffffffffffda RBX: 00007f6e8f5c5fa0 RCX: 00007f6e8f38ebe9 [ 137.467405][ T6866] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000006 [ 137.475405][ T6866] RBP: 00007f6e8f411e19 R08: 0000000000000000 R09: 0000000000000000 [ 137.483369][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 137.491337][ T6866] R13: 00007f6e8f5c6038 R14: 00007f6e8f5c5fa0 R15: 00007ffeaee681e8 [ 137.499343][ T6866] [ 137.502709][ T6866] Kernel Offset: disabled [ 137.507033][ T6866] Rebooting in 86400 seconds..