last executing test programs: 2m23.890717074s ago: executing program 0 (id=762): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = syz_io_uring_setup(0x1e7f, &(0x7f0000000540)={0x0, 0xac24, 0x10000, 0x2, 0x362}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r0, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r1, 0x3516, 0xc2de, 0x8, 0x0, 0x0) 2m23.600493165s ago: executing program 0 (id=767): socket$kcm(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120019007f00000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r0, 0x0, 0x0}, 0x20) 2m23.453062584s ago: executing program 0 (id=769): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'netdevsim0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5, 0xf, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}}, 0x0) 2m23.163699614s ago: executing program 0 (id=776): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 2m22.918686844s ago: executing program 0 (id=777): ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f0000000040)={0x9, {0x22, 0xff, 0x4, 0x7, 0x800}}) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}], 0x2, 0x0) 2m22.090980231s ago: executing program 0 (id=780): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x220, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1e4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x180, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x64, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xe8, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0xb5, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1ef96863b19aaa1c52a12b02f39c0816b2c6136341ed251c3b6f6af9385e3d242e39802d1054758f1fecd4810c086a3ef4c0b3354522333a981535fdd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0x44, 0x1, [@m_ctinfo={0x40, 0x19, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7fffffff}, @TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x220}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2m21.580323022s ago: executing program 32 (id=780): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x220, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1e4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x180, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x64, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xe8, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0xb5, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1ef96863b19aaa1c52a12b02f39c0816b2c6136341ed251c3b6f6af9385e3d242e39802d1054758f1fecd4810c086a3ef4c0b3354522333a981535fdd"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0x44, 0x1, [@m_ctinfo={0x40, 0x19, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7fffffff}, @TCA_CTINFO_ZONE={0x6}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x220}, 0x1, 0x0, 0x0, 0x81}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2m4.759534501s ago: executing program 4 (id=888): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff08000440000000810800084000000003200001"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x400, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x10, 0xb}, {0x6, 0xfff2}, {0xfff3, 0xffe0}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x80, 0x3e38, 0x4}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00178018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) 2m4.549160908s ago: executing program 4 (id=890): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000100)={0x0, r2}) sendmsg$unix(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="b5", 0x1}], 0x1, 0x0, 0x0, 0x4008480}, 0x4041) 2m4.295160761s ago: executing program 4 (id=893): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x100, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x3138, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000180)={0x0, 0xf, 0x4c, {0x4c, 0x1, "001094d14d7bfca1b72d5caf1107014e769182d5f077de47988c965ddd43d4978b96d64c310cb62a0459086b84698492b0e7e80f9219802df69bcb4ab7cfd8707cbb75f2b6452197f450"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2m2.558092023s ago: executing program 4 (id=905): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.kill\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYRESHEX=0x0], 0x44) 2m2.311206432s ago: executing program 4 (id=908): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2m2.179476653s ago: executing program 4 (id=910): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r0, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x7f, 0x4) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000480)=0x7, 0x4) 1m46.996227105s ago: executing program 33 (id=910): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r0, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f0000000000)=0x7f, 0x4) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000480)=0x7, 0x4) 34.977510754s ago: executing program 5 (id=1784): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000000080), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000006900)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b0204dc55ea62d43c809e0ed6e56163fdab317afd5c34d614367e4425bb9a97e38b8beb84ef6d549eed5aaa86dbe646fc77a9b3df93199c796fa597f452bed6b6fbcc812df9be8e35d8d15086609c033a5d2a42d5dcb0d103098fa302c5b1d48f913f8b22a30a47d9ae02000000e2b855845f39806305f56d918cc5b4023fdbe9cae4147c84583ec9dd375031ba5ae65e31f00e641832d29ed658b91f33595b033222944765cb6a50d859f754ed83eefd480be0e3100965f081190bbb39a5965ceaa76975b88885041ff4e66e618d6c37c787f014eadb6c9f65", 0x139, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}}) 34.702393432s ago: executing program 5 (id=1788): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dffbfb, {0x0, 0x0, 0x0, 0x0, 0x64057, 0x2021}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4002801}, 0x8000002) 34.500111231s ago: executing program 5 (id=1789): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180200000000000000000000000000001801000020646c4300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x5}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 34.142939601s ago: executing program 5 (id=1794): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000140)={{0x1, 0x1000, 0xf000, 0x9, 0x80, 0xb, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0x80a0000, 0xd000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0x0, 0xe}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x4, 0x92, 0x80}, {0x100000, 0x4, 0xe, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x9}, {0x10000, 0xdddd0000, 0x0, 0x9, 0x80, 0x2, 0xfd, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0x100000, 0x8, 0x2, 0xaa, 0x2, 0x5, 0x5, 0x1, 0xe, 0x2, 0x3}, {0xf000, 0x10000, 0xa, 0x0, 0xcd, 0x5, 0x5, 0x26, 0x8, 0xcd, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x40, 0xff, 0x0, 0x7f, 0x1, 0xf, 0x8}, {0x100000, 0x5}, {0x80a0000, 0xff81}, 0x80000003, 0x0, 0x6000, 0x1a1, 0x5, 0xe801, 0x4, 0x1, [0xb, 0x2, 0x3, 0x3]}) 33.794480324s ago: executing program 5 (id=1800): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2aa, 0x0, 0x0, 0x10, 0xe3, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcb776f6, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x7357c35c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x5, 0x4, 0x40000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x1cd5a44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xfd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400}) 33.482056179s ago: executing program 5 (id=1813): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, 0x0}) 33.058373874s ago: executing program 3 (id=1805): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0xf7) 30.798134736s ago: executing program 2 (id=1809): socket$qrtr(0x2a, 0x2, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000006180), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f00000002c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x65}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 29.770331354s ago: executing program 2 (id=1814): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) write$FUSE_INIT(r1, &(0x7f0000002340)={0xfffffebf, 0xfffffffffffffffe, 0x0, {0x7, 0x29, 0x0, 0x5b011080, 0x0, 0x0, 0x9}}, 0x50) 29.765015242s ago: executing program 3 (id=1815): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x34, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x12, 0x0, @opaque='\x00'/10}}}}}, 0x0) recvfrom(r0, &(0x7f00000000c0)=""/10, 0xa, 0x0, 0x0, 0x0) 29.466056081s ago: executing program 2 (id=1816): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setregid(0xee01, 0xffffffffffffffff) 29.394055837s ago: executing program 3 (id=1820): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000800)={'wpan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r2, 0x201, 0x70bd25, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r1}, @IEEE802154_ATTR_LLSEC_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x80000}, 0x10000000) 29.084954308s ago: executing program 6 (id=1821): r0 = io_uring_setup(0x664c, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x40000005}) r1 = socket$kcm(0x29, 0x2, 0x0) sendmmsg$sock(r1, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000200)="f202302826", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000009c0)="a543", 0x2}], 0x1}}], 0x2, 0x44884) close_range(r0, 0xffffffffffffffff, 0x0) 29.008050966s ago: executing program 3 (id=1823): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x0, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x13, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c18e8438ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a3977a68e174f005e95ac6a00"}}) ioctl$FS_IOC_GETFSMAP(r1, 0x4c09, 0x0) 28.734506147s ago: executing program 6 (id=1824): r0 = syz_io_uring_setup(0xb, &(0x7f00000002c0)={0x0, 0x200002f, 0x1, 0x0, 0x100020b}, &(0x7f0000000340)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_RENAMEAT={0x23, 0x49, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 28.505988682s ago: executing program 1 (id=1826): prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000351000/0x2000)=nil) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000)) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') read$FUSE(r0, &(0x7f0000001680)={0x2020}, 0x2020) 28.276540397s ago: executing program 1 (id=1827): r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40241, 0x1) close(r0) r1 = socket$alg(0x26, 0x5, 0x0) mount$9p_fd(0x0, &(0x7f0000000680)='./file0\x00', &(0x7f0000000480), 0x14c98, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 27.608766583s ago: executing program 2 (id=1828): r0 = syz_io_uring_setup(0x509, &(0x7f0000000140)={0x0, 0x114df, 0x10, 0x2, 0x89}, &(0x7f00000001c0)=0x0, &(0x7f0000000440)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000380)='./cgroup\x00', 0x2, 0x298f82}) io_uring_enter(r0, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f) 27.254279517s ago: executing program 1 (id=1829): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) close(r0) 27.044534352s ago: executing program 1 (id=1830): syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) r0 = syz_io_uring_setup(0x1644, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x207a98, 0x0, 0x0, 0x0, 0x0) 26.783348612s ago: executing program 2 (id=1831): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000600)=[{{&(0x7f0000000300)={0xa, 0x4e21, 0x8, @private2, 0x6}, 0x1c, &(0x7f0000002280)=[{&(0x7f00000004c0)="b4", 0x1}], 0x1}}, {{&(0x7f0000000340)={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x3b}, 0x9}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000540)='k', 0x1}], 0x1}}], 0x2, 0x931766f6319eed40) shutdown(r0, 0x1) getsockopt$bt_hci(r0, 0x84, 0x84, &(0x7f0000000840)=""/4127, &(0x7f0000000000)=0x101f) 26.460858072s ago: executing program 2 (id=1832): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TCSETS(r0, 0x89f0, &(0x7f0000000100)={0xfffffffc, 0x0, 0x80, 0x7ff, 0x0, "5dee0000005940000000000f00"}) 22.02632244s ago: executing program 1 (id=1833): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0) 21.811412246s ago: executing program 1 (id=1834): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newqdisc={0xb1, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x94, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x4}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xa771}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x8}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x3}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3, 0xe}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x5}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0xbdbf}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x10}}]}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x44854}, 0x8000) 21.602742334s ago: executing program 3 (id=1835): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, r0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x14, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f00000000c0)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe3fb}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 21.43837662s ago: executing program 6 (id=1836): r0 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x9624, 0x3180, 0x7ffe, 0x195}, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_FALLOCATE={0x11, 0x19, 0x0, @fd, 0x2, 0x0, 0x8000e}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x30) 21.291125923s ago: executing program 3 (id=1837): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf028, 0x118000}) 20.960166274s ago: executing program 6 (id=1838): r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @broadcast}, 0x2}}, 0x2e) sendmmsg$sock(r1, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000440)=':', 0x1}, {0x0}], 0x2}}], 0x1, 0x20000400) 20.732132401s ago: executing program 6 (id=1839): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x6cc2, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f00000007c0)=0x57, 0x4) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 17.985703382s ago: executing program 34 (id=1813): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, 0x0}) 15.464480457s ago: executing program 6 (id=1841): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x3fe3aa0262d8c583, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x1c, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x4a}, @TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x2}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x10000}]}}]}, 0x4c}}, 0x0) 11.037508039s ago: executing program 35 (id=1832): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TCSETS(r0, 0x89f0, &(0x7f0000000100)={0xfffffffc, 0x0, 0x80, 0x7ff, 0x0, "5dee0000005940000000000f00"}) 6.509178286s ago: executing program 36 (id=1834): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=@newqdisc={0xb1, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x94, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x6, 0x4}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0xa771}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x8}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x3}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3, 0xe}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x5}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0xbdbf}}, @TCA_HTB_INIT={0x18, 0x2, {0x3, 0x1, 0x10}}]}}]}, 0xc0}, 0x1, 0x0, 0x0, 0x44854}, 0x8000) 6.016541356s ago: executing program 37 (id=1837): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf028, 0x118000}) 0s ago: executing program 38 (id=1841): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@newqdisc={0x4c, 0x24, 0x3fe3aa0262d8c583, 0x2, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x1c, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x4a}, @TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x2}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x10000}]}}]}, 0x4c}}, 0x0) kernel console output (not intermixed with test programs): netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 128.752539][ T6518] netlink: 120 bytes leftover after parsing attributes in process `syz.1.245'. [ 128.752559][ T6518] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 128.924341][ T31] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 129.080328][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.080360][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.080397][ T31] usb 3-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 129.080418][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.140565][ T31] usb 3-1: config 0 descriptor?? [ 129.601900][ T31] hid-led 0003:1D34:0004.0008: unknown main item tag 0x0 [ 129.788644][ T31] hid-led 0003:1D34:0004.0008: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.2-1/input0 [ 129.843145][ T31] hid-led 0003:1D34:0004.0008: Dream Cheeky Webmail Notifier initialized [ 129.987750][ T5911] usb 3-1: USB disconnect, device number 5 [ 130.228974][ T6546] Bluetooth: MGMT ver 1.23 [ 130.326292][ T5856] kernel read not supported for file /dsp (pid: 5856 comm: kworker/0:3) [ 131.962942][ T6580] netlink: 'syz.4.271': attribute type 1 has an invalid length. [ 131.962963][ T6580] netlink: 'syz.4.271': attribute type 4 has an invalid length. [ 131.962975][ T6580] netlink: 212 bytes leftover after parsing attributes in process `syz.4.271'. [ 132.234573][ T6587] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 132.929842][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.929940][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.214257][ T6616] netlink: 146840 bytes leftover after parsing attributes in process `syz.3.288'. [ 133.255621][ T6611] netlink: 44 bytes leftover after parsing attributes in process `syz.4.285'. [ 133.255994][ T6611] netem: unknown loss type 12 [ 133.256011][ T6611] netem: change failed [ 134.676447][ T37] audit: type=1326 audit(1758287224.845:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676498][ T37] audit: type=1326 audit(1758287224.845:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676538][ T37] audit: type=1326 audit(1758287224.845:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676577][ T37] audit: type=1326 audit(1758287224.845:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676615][ T37] audit: type=1326 audit(1758287224.845:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676651][ T37] audit: type=1326 audit(1758287224.845:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676685][ T37] audit: type=1326 audit(1758287224.845:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676722][ T37] audit: type=1326 audit(1758287224.845:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676761][ T37] audit: type=1326 audit(1758287224.845:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 134.676799][ T37] audit: type=1326 audit(1758287224.845:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6618 comm="syz.2.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 137.347853][ T6684] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.733932][ T5911] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 137.903918][ T5911] usb 3-1: Using ep0 maxpacket: 32 [ 137.906568][ T5911] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 137.906593][ T5911] usb 3-1: config 0 has no interface number 0 [ 137.913925][ T5911] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 137.913950][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.913968][ T5911] usb 3-1: Product: syz [ 137.913981][ T5911] usb 3-1: Manufacturer: syz [ 137.913994][ T5911] usb 3-1: SerialNumber: syz [ 137.936209][ T5911] usb 3-1: config 0 descriptor?? [ 137.972023][ T5911] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 138.228852][ T5911] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 138.332670][ T5911] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 138.555420][ T6704] Dead loop on virtual device ip6_vti0, fix it urgently! [ 138.602263][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 138.636283][ T5924] usb 3-1: USB disconnect, device number 6 [ 138.713266][ T5924] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 138.789578][ T5924] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 138.790666][ T5924] quatech2 3-1:0.51: device disconnected [ 139.690831][ T37] kauditd_printk_skb: 791 callbacks suppressed [ 139.690848][ T37] audit: type=1326 audit(1758287742.874:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.690892][ T37] audit: type=1326 audit(1758287742.874:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.690931][ T37] audit: type=1326 audit(1758287742.874:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.690975][ T37] audit: type=1326 audit(1758287742.874:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.691549][ T37] audit: type=1326 audit(1758287742.874:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.693035][ T37] audit: type=1326 audit(1758287742.874:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.694344][ T37] audit: type=1326 audit(1758287742.884:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.694842][ T37] audit: type=1326 audit(1758287742.884:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.697388][ T37] audit: type=1326 audit(1758287742.884:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.697692][ T6045] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 139.698871][ T37] audit: type=1326 audit(1758287742.884:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6709 comm="syz.2.328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff17ac3ae09 code=0x7ffc0000 [ 139.956286][ T6045] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 139.956319][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 139.956345][ T6045] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 139.962449][ T6045] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24 [ 139.962476][ T6045] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.962495][ T6045] usb 5-1: Product: syz [ 139.962515][ T6045] usb 5-1: Manufacturer: syz [ 139.962529][ T6045] usb 5-1: SerialNumber: syz [ 140.081825][ T6045] usb 5-1: config 0 descriptor?? [ 140.082630][ T6712] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 140.326073][ T6045] powermate: unknown product id 0240 [ 140.326089][ T6045] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 140.379498][ T6045] input: Griffin SoundKnob as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9 [ 140.840158][ C1] powermate: config urb returned -71 [ 140.840395][ C1] powermate: config urb returned -71 [ 140.841243][ C1] powermate: config urb returned -71 [ 140.990238][ T5924] usb 5-1: USB disconnect, device number 3 [ 140.990816][ C1] powermate 5-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 141.205413][ T6727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.336'. [ 141.578167][ T6045] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 141.743914][ T6045] usb 2-1: Using ep0 maxpacket: 8 [ 141.748605][ T6045] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.748634][ T6045] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 141.748672][ T6045] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 141.748692][ T6045] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.809304][ T6045] usb 2-1: config 0 descriptor?? [ 142.240926][ T6748] netem: invalid attributes len -3 [ 142.241161][ T6748] netem: change failed [ 142.261461][ T6045] hid-rmi 0003:06CB:81A7.0009: unknown main item tag 0x4 [ 142.261496][ T6045] hid-rmi 0003:06CB:81A7.0009: unknown main item tag 0x0 [ 142.261522][ T6045] hid-rmi 0003:06CB:81A7.0009: unknown main item tag 0x0 [ 142.261547][ T6045] hid-rmi 0003:06CB:81A7.0009: unknown main item tag 0x0 [ 142.261572][ T6045] hid-rmi 0003:06CB:81A7.0009: unbalanced collection at end of report description [ 142.262700][ T6045] hid-rmi 0003:06CB:81A7.0009: parse failed [ 142.262804][ T6045] hid-rmi 0003:06CB:81A7.0009: probe with driver hid-rmi failed with error -22 [ 142.476796][ T5924] usb 2-1: USB disconnect, device number 2 [ 144.555960][ T6806] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 144.555960][ T6806] The task syz.4.369 (6806) triggered the difference, watch for misbehavior. [ 145.156064][ T6815] input: syz1 as /devices/virtual/input/input10 [ 146.764186][ T6839] Driver unsupported XDP return value 0 on prog (id 29) dev N/A, expect packet loss! [ 147.087780][ T6849] netlink: 80 bytes leftover after parsing attributes in process `syz.0.389'. [ 147.764822][ T6872] netlink: 'syz.0.400': attribute type 9 has an invalid length. [ 147.764844][ T6872] netlink: 155628 bytes leftover after parsing attributes in process `syz.0.400'. [ 149.354048][ T6045] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 149.506012][ T6045] usb 3-1: Using ep0 maxpacket: 32 [ 149.508497][ T6045] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 149.516196][ T6045] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 149.516235][ T6045] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 149.516253][ T6045] usb 3-1: Product: syz [ 149.516266][ T6045] usb 3-1: Manufacturer: syz [ 149.516279][ T6045] usb 3-1: SerialNumber: syz [ 149.539770][ T6045] usb 3-1: config 0 descriptor?? [ 149.540974][ T6902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 149.552850][ T6045] hub 3-1:0.0: bad descriptor, ignoring hub [ 149.552889][ T6045] hub 3-1:0.0: probe with driver hub failed with error -5 [ 149.695326][ T31] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 149.852934][ T6917] vxcan1: tx address claim with dest, not broadcast [ 149.859819][ T6915] netlink: 'syz.0.421': attribute type 6 has an invalid length. [ 149.866622][ T31] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 149.866650][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 149.872077][ T31] usb 2-1: config 0 descriptor?? [ 149.882574][ T31] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 149.896491][ T6045] usb 3-1: USB disconnect, device number 7 [ 150.090848][ T6919] netlink: 28 bytes leftover after parsing attributes in process `syz.0.424'. [ 150.106973][ T31] gp8psk: usb in 128 operation failed. [ 150.317225][ T31] gp8psk: FW Version = 244.249.196 (0xf4f9c4) Build 2015/223/09 [ 150.418100][ T6926] netlink: 4 bytes leftover after parsing attributes in process `syz.4.425'. [ 150.511237][ T6045] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 150.521079][ T31] gp8psk: usb in 149 operation failed. [ 150.521096][ T31] gp8psk: failed to get FPGA version [ 150.522330][ T31] gp8psk: usb in 138 operation failed. [ 150.522346][ T31] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 150.522383][ T31] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 150.538790][ T31] usb 2-1: USB disconnect, device number 3 [ 150.623998][ T5903] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 150.684326][ T6045] usb 3-1: Using ep0 maxpacket: 32 [ 150.687257][ T6045] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 150.690705][ T6045] usb 3-1: string descriptor 0 read error: -22 [ 150.690859][ T6045] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 150.690882][ T6045] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 150.720901][ T6045] usb 3-1: config 0 descriptor?? [ 150.740296][ T6902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 150.750544][ T6045] hub 3-1:0.0: bad descriptor, ignoring hub [ 150.750580][ T6045] hub 3-1:0.0: probe with driver hub failed with error -5 [ 150.799992][ T5903] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 150.800021][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.892958][ T5903] usb 1-1: config 0 descriptor?? [ 150.903254][ T5903] cp210x 1-1:0.0: cp210x converter detected [ 151.086217][ T5911] usb 3-1: USB disconnect, device number 8 [ 151.357534][ T5903] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 151.443338][ T5903] usb 1-1: cp210x converter now attached to ttyUSB0 [ 151.563958][ T5156] Bluetooth: hci4: command 0x0405 tx timeout [ 151.584430][ T5903] usb 1-1: USB disconnect, device number 4 [ 151.665285][ T5903] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 151.819538][ T5903] cp210x 1-1:0.0: device disconnected [ 151.823251][ T6953] program syz.3.439 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 153.571747][ T5903] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 153.644287][ T5156] Bluetooth: hci4: command 0x0405 tx timeout [ 153.779347][ T5903] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 153.779374][ T5903] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 153.779393][ T5903] usb 5-1: config 0 has no interface number 0 [ 153.779460][ T5903] usb 5-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 153.779485][ T5903] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 153.779510][ T5903] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 153.779533][ T5903] usb 5-1: config 0 interface 52 has no altsetting 0 [ 153.806302][ T5903] usb 5-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 153.806331][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 153.806350][ T5903] usb 5-1: Product: syz [ 153.806371][ T5903] usb 5-1: SerialNumber: syz [ 153.811586][ T5903] usb 5-1: config 0 descriptor?? [ 154.098208][ T5903] input: syz (Stick) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input11 [ 154.349705][ T5856] usb 5-1: USB disconnect, device number 4 [ 155.793980][ T5924] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 155.957242][ T5924] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 155.957272][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.987894][ T5924] usb 5-1: config 0 descriptor?? [ 155.992097][ T5924] cp210x 5-1:0.0: cp210x converter detected [ 156.403953][ T5924] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 156.434184][ T5924] usb 5-1: cp210x converter now attached to ttyUSB0 [ 156.623536][ T5924] usb 5-1: USB disconnect, device number 5 [ 156.651465][ T5924] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 156.824584][ T5924] cp210x 5-1:0.0: device disconnected [ 157.463458][ T4907] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.484119][ T6045] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 157.613675][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 157.635230][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 157.637680][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 157.640619][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 157.642182][ T6045] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 157.642208][ T6045] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.660850][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 157.700796][ T6045] usb 4-1: config 0 descriptor?? [ 157.738003][ T6045] cp210x 4-1:0.0: cp210x converter detected [ 158.049900][ T4907] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.280226][ T37] kauditd_printk_skb: 542 callbacks suppressed [ 158.280243][ T37] audit: type=1326 audit(1758287761.464:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.280867][ T37] audit: type=1326 audit(1758287761.464:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.281441][ T37] audit: type=1326 audit(1758287761.464:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.282519][ T37] audit: type=1326 audit(1758287761.464:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.285098][ T37] audit: type=1326 audit(1758287761.464:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68b9b2ec29 code=0x7ffc0000 [ 158.293608][ T37] audit: type=1326 audit(1758287761.474:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68b9b2ec29 code=0x7ffc0000 [ 158.295783][ T37] audit: type=1326 audit(1758287761.484:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.296455][ T37] audit: type=1326 audit(1758287761.484:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.297582][ T37] audit: type=1326 audit(1758287761.484:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.299053][ T37] audit: type=1326 audit(1758287761.484:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7089 comm="syz.4.500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f68b9acae09 code=0x7ffc0000 [ 158.394248][ T6045] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 158.394300][ T6045] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 158.401307][ T6045] usb 4-1: cp210x converter now attached to ttyUSB0 [ 158.424981][ T6045] usb 4-1: USB disconnect, device number 6 [ 158.467356][ T6045] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 158.467843][ T6045] cp210x 4-1:0.0: device disconnected [ 158.892254][ T4907] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.505584][ T4907] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.723942][ T59] Bluetooth: hci3: command tx timeout [ 160.033295][ T7115] netlink: 48 bytes leftover after parsing attributes in process `syz.4.510'. [ 160.033321][ T7115] netlink: 48 bytes leftover after parsing attributes in process `syz.4.510'. [ 160.265413][ T7082] chnl_net:caif_netlink_parms(): no params data found [ 160.855073][ T7131] netlink: 8 bytes leftover after parsing attributes in process `syz.2.517'. [ 161.068136][ T4907] bridge_slave_1: left allmulticast mode [ 161.068219][ T4907] bridge_slave_1: left promiscuous mode [ 161.070584][ T4907] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.195846][ T4907] bridge_slave_0: left allmulticast mode [ 161.195879][ T4907] bridge_slave_0: left promiscuous mode [ 161.196203][ T4907] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.654131][ T5875] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 161.806850][ T59] Bluetooth: hci3: command tx timeout [ 161.810272][ T5875] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 161.810298][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.829678][ T5875] usb 4-1: config 0 descriptor?? [ 161.859192][ T5875] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 162.263587][ T5875] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 162.464966][ T5875] gspca_cpia1: usb_control_msg 01, error -32 [ 162.468938][ T5875] gspca_cpia1: usb_control_msg 01, error -71 [ 162.468957][ T5875] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 162.475060][ T5875] usb 4-1: USB disconnect, device number 7 [ 163.559901][ T7178] mmap: syz.3.538 (7178) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 163.784382][ T4907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 163.844755][ T4907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 163.887210][ T4907] bond0 (unregistering): Released all slaves [ 163.895240][ T59] Bluetooth: hci3: command tx timeout [ 164.041387][ T7170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'. [ 164.194599][ T7184] netlink: 12 bytes leftover after parsing attributes in process `syz.2.541'. [ 164.719408][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.552'. [ 164.719442][ T7205] netlink: 48 bytes leftover after parsing attributes in process `syz.3.552'. [ 164.761048][ T7082] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.761368][ T7082] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.761603][ T7082] bridge_slave_0: entered allmulticast mode [ 164.765727][ T7082] bridge_slave_0: entered promiscuous mode [ 164.810018][ T7205] vlan3: entered allmulticast mode [ 164.822866][ T7082] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.823008][ T7082] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.823188][ T7082] bridge_slave_1: entered allmulticast mode [ 164.829370][ T7082] bridge_slave_1: entered promiscuous mode [ 164.969321][ T7208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.553'. [ 164.969354][ T7208] netlink: 12 bytes leftover after parsing attributes in process `syz.2.553'. [ 165.369967][ T7220] loop5: detected capacity change from 0 to 524255232 [ 165.613233][ T7228] loop9: detected capacity change from 0 to 8 [ 165.636274][ T7228] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 165.636314][ T7228] loop9: partition table partially beyond EOD, truncated [ 165.636427][ T7228] loop9: p1 size 81768186 extends beyond EOD, truncated [ 165.911547][ T7082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.911613][ T12] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 165.966860][ T59] Bluetooth: hci3: command tx timeout [ 166.036516][ T12] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 166.047570][ T7082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.094807][ T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 166.207580][ T5856] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 166.245503][ T12] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 166.260547][ T7243] bond0: (slave macvlan3): Error -98 calling set_mac_address [ 166.361914][ T5856] usb 3-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 166.361944][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.361962][ T5856] usb 3-1: Product: syz [ 166.361975][ T5856] usb 3-1: Manufacturer: syz [ 166.361988][ T5856] usb 3-1: SerialNumber: syz [ 166.409419][ T5856] usb 3-1: config 0 descriptor?? [ 166.540196][ T7248] netlink: 71 bytes leftover after parsing attributes in process `syz.4.571'. [ 166.597948][ T7082] team0: Port device team_slave_0 added [ 166.810203][ T4907] hsr_slave_0: left promiscuous mode [ 166.847502][ T4907] hsr_slave_1: left promiscuous mode [ 166.849557][ T4907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.849640][ T4907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.913892][ T4907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.913921][ T4907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.107908][ T4907] veth1_macvtap: left promiscuous mode [ 167.108155][ T4907] veth0_macvtap: left promiscuous mode [ 167.108355][ T4907] veth1_vlan: left promiscuous mode [ 167.108643][ T4907] veth0_vlan: left promiscuous mode [ 167.241848][ T5856] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 167.241877][ T5856] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 167.242111][ T5856] asix 3-1:0.0: probe with driver asix failed with error -71 [ 167.276697][ T5856] usb 3-1: USB disconnect, device number 9 [ 169.435830][ T4907] team0 (unregistering): Port device team_slave_1 removed [ 169.658284][ T4907] team0 (unregistering): Port device team_slave_0 removed [ 171.939168][ T7082] team0: Port device team_slave_1 added [ 173.640763][ T7082] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.640778][ T7082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.640802][ T7082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.690247][ T7082] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.690262][ T7082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.690286][ T7082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.840622][ T7298] capability: warning: `syz.0.591' uses deprecated v2 capabilities in a way that may be insecure [ 173.857227][ T37] kauditd_printk_skb: 549 callbacks suppressed [ 173.857246][ T37] audit: type=1400 audit(1758287777.024:1920): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=wx pid=7297 comm="syz.0.591" name="134" dev="tmpfs" ino=689 [ 174.003589][ T7303] netlink: 'syz.0.594': attribute type 13 has an invalid length. [ 174.140475][ T7303] macvtap0: entered promiscuous mode [ 174.194304][ T7303] macvtap0: refused to change device tx_queue_len [ 174.219613][ T7082] hsr_slave_0: entered promiscuous mode [ 174.220915][ T7082] hsr_slave_1: entered promiscuous mode [ 174.221782][ T7082] debugfs: 'hsr0' already exists in 'hsr' [ 174.221803][ T7082] Cannot create hsr debugfs directory [ 174.354487][ T7308] sp0: Synchronizing with TNC [ 174.885373][ T7322] netlink: 'syz.4.602': attribute type 12 has an invalid length. [ 174.993358][ T7322] netlink: 8 bytes leftover after parsing attributes in process `syz.4.602'. [ 175.914030][ T59] Bluetooth: hci4: unexpected event 0x2f length: 509 > 260 [ 176.933627][ T7082] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 177.009527][ T7082] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 177.091260][ T7082] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 177.263989][ T7082] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 177.779878][ T7082] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.831930][ T7082] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.848720][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state [ 177.848872][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 177.888617][ T1410] bridge0: port 2(bridge_slave_1) entered blocking state [ 177.888740][ T1410] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.795604][ T7082] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.083161][ T7437] netlink: 8 bytes leftover after parsing attributes in process `syz.4.648'. [ 179.275515][ T7082] veth0_vlan: entered promiscuous mode [ 179.306470][ T7082] veth1_vlan: entered promiscuous mode [ 179.489193][ T7082] veth0_macvtap: entered promiscuous mode [ 179.535984][ T7082] veth1_macvtap: entered promiscuous mode [ 179.569371][ T7451] syz.4.655 uses obsolete (PF_INET,SOCK_PACKET) [ 179.572106][ T7449] netlink: 'syz.2.654': attribute type 8 has an invalid length. [ 179.658548][ T7082] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.707100][ T7082] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.750924][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.751340][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.752401][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.755272][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.336335][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.336357][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 180.497916][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 180.497935][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 181.125864][ T7482] vlan2: entered allmulticast mode [ 181.966579][ T1180] wlan0: Trigger new scan to find an IBSS to join [ 183.849234][ T7542] netlink: 28 bytes leftover after parsing attributes in process `syz.4.691'. [ 183.849257][ T7542] netlink: 28 bytes leftover after parsing attributes in process `syz.4.691'. [ 184.926943][ T1180] wlan0: Trigger new scan to find an IBSS to join [ 184.985995][ T7564] sp0: Synchronizing with TNC [ 185.059610][ T7574] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 185.125928][ T7577] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.706'. [ 185.933892][ T5875] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 186.074316][ T7598] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 186.101439][ T5875] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 186.101468][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.134336][ T5875] usb 1-1: config 0 descriptor?? [ 186.140247][ T5875] cp210x 1-1:0.0: cp210x converter detected [ 186.173925][ T5856] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 186.324489][ T5856] usb 4-1: Using ep0 maxpacket: 32 [ 186.329637][ T5856] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 186.329665][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.329683][ T5856] usb 4-1: Product: syz [ 186.329697][ T5856] usb 4-1: Manufacturer: syz [ 186.329710][ T5856] usb 4-1: SerialNumber: syz [ 186.346738][ T5856] usb 4-1: config 0 descriptor?? [ 186.657597][ T37] audit: type=1400 audit(1758287789.844:1921): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=7607 comm="syz.2.721" dest=20002 netif=wpan0 [ 186.811817][ T7610] netlink: 8 bytes leftover after parsing attributes in process `syz.4.722'. [ 186.824216][ T5875] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 186.824264][ T5875] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 186.834202][ T5875] usb 1-1: cp210x converter now attached to ttyUSB0 [ 186.860528][ T5875] usb 1-1: USB disconnect, device number 5 [ 186.880205][ T5875] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 186.880690][ T5875] cp210x 1-1:0.0: device disconnected [ 187.000972][ T5856] peak_usb 4-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 187.001011][ T5856] peak_usb 4-1:0.0 can0: sending command failure: -22 [ 187.001084][ T5856] peak_usb 4-1:0.0 can0: sending command failure: -22 [ 187.204281][ T5856] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -22 [ 187.222287][ T5856] usb 4-1: USB disconnect, device number 8 [ 187.575273][ T7630] netlink: 12 bytes leftover after parsing attributes in process `syz.1.732'. [ 187.911003][ T7639] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'. [ 187.953859][ T6031] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 187.967718][ T4907] wlan0: Creating new IBSS network, BSSID ae:e6:1d:ac:c1:be [ 188.116328][ T6031] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 188.116493][ T6031] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.142440][ T6031] usb 1-1: config 0 descriptor?? [ 188.774725][ T6031] ath6kl: mismatched byte count 0 vs. expected 12 [ 188.782561][ T6031] ath6kl: Failed to init ath6kl core: -22 [ 188.817973][ T6031] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 188.994558][ T5875] usb 1-1: USB disconnect, device number 6 [ 189.849030][ T7680] kvm: kvm [7679]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000015) = 0x0 [ 190.707188][ T7706] bpf: Bad value for 'gid' [ 190.952679][ T7714] netlink: 36 bytes leftover after parsing attributes in process `syz.1.768'. [ 191.058401][ T7718] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 191.473891][ T5875] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 191.630547][ T5875] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 191.630573][ T5875] usb 2-1: config 0 has no interface number 0 [ 191.649902][ T5875] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 191.649931][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.649949][ T5875] usb 2-1: Product: syz [ 191.649963][ T5875] usb 2-1: Manufacturer: syz [ 191.649976][ T5875] usb 2-1: SerialNumber: syz [ 191.705748][ T5875] usb 2-1: config 0 descriptor?? [ 192.167162][ T5875] usb 2-1: Firmware: major: 0, minor: 11, hardware type: UNKNOWN (170) [ 192.293691][ T7737] netlink: 20 bytes leftover after parsing attributes in process `syz.3.781'. [ 192.369928][ T5875] usb 2-1: failed to fetch extended address, random address set [ 192.372084][ T5875] usb 2-1: atusb_probe: initialization failed, error = -524 [ 192.372715][ T5875] atusb 2-1:0.128: probe with driver atusb failed with error -524 [ 192.409734][ T5875] usb 2-1: USB disconnect, device number 4 [ 192.992496][ T1180] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.439951][ T1180] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.545102][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 193.571063][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 193.572974][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 193.604697][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 193.605929][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 194.064529][ T1180] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.372213][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.372273][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.671689][ T7797] netlink: 12 bytes leftover after parsing attributes in process `syz.2.810'. [ 194.715394][ T7800] netlink: 36 bytes leftover after parsing attributes in process `syz.4.809'. [ 194.791536][ T1180] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 194.853853][ T6031] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 194.918356][ T7807] netlink: 188 bytes leftover after parsing attributes in process `syz.1.813'. [ 195.009925][ T6031] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.009974][ T6031] usb 4-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 195.009996][ T6031] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.055022][ T6031] usb 4-1: config 0 descriptor?? [ 195.510178][ T6031] uclogic 0003:2179:0077.000A: interface is invalid, ignoring [ 195.643939][ T59] Bluetooth: hci0: command tx timeout [ 195.721069][ T6033] usb 4-1: USB disconnect, device number 9 [ 195.983390][ T7756] chnl_net:caif_netlink_parms(): no params data found [ 196.145308][ T1180] bridge_slave_1: left allmulticast mode [ 196.145340][ T1180] bridge_slave_1: left promiscuous mode [ 196.145592][ T1180] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.206080][ T1180] bridge_slave_0: left allmulticast mode [ 196.206112][ T1180] bridge_slave_0: left promiscuous mode [ 196.207019][ T1180] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.633864][ T31] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 196.799753][ T31] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 196.799783][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.799801][ T31] usb 2-1: Product: syz [ 196.799814][ T31] usb 2-1: Manufacturer: syz [ 196.799827][ T31] usb 2-1: SerialNumber: syz [ 196.838962][ T31] usb 2-1: config 0 descriptor?? [ 197.073932][ T31] usb 2-1: USB disconnect, device number 5 [ 197.515071][ T5875] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 197.664055][ T5875] usb 5-1: Using ep0 maxpacket: 32 [ 197.666726][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.666755][ T5875] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.666792][ T5875] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 197.666815][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.676167][ T5875] usb 5-1: config 0 descriptor?? [ 197.724030][ T59] Bluetooth: hci0: command tx timeout [ 198.117253][ T5875] ft260 0003:0403:6030.000B: unknown main item tag 0x7 [ 198.312147][ T5875] ft260 0003:0403:6030.000B: chip code: 6424 8183 [ 198.520864][ T5875] ft260 0003:0403:6030.000B: failed to retrieve system status [ 198.521111][ T5875] ft260 0003:0403:6030.000B: probe with driver ft260 failed with error -71 [ 198.526624][ T5875] usb 5-1: USB disconnect, device number 6 [ 199.024831][ T1180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 199.108174][ T1180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 199.162102][ T1180] bond0 (unregistering): Released all slaves [ 199.226162][ T7825] netlink: 20 bytes leftover after parsing attributes in process `syz.3.819'. [ 199.807035][ T59] Bluetooth: hci0: command tx timeout [ 200.111246][ T7756] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.111363][ T7756] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.111570][ T7756] bridge_slave_0: entered allmulticast mode [ 200.124643][ T7756] bridge_slave_0: entered promiscuous mode [ 200.161285][ T7756] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.161428][ T7756] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.161658][ T7756] bridge_slave_1: entered allmulticast mode [ 200.184609][ T7756] bridge_slave_1: entered promiscuous mode [ 200.905869][ T7890] netlink: 'syz.2.847': attribute type 25 has an invalid length. [ 200.905889][ T7890] netlink: 'syz.2.847': attribute type 1 has an invalid length. [ 200.906020][ T7890] bridge0: port 1(bridge_slave_0) entered learning state [ 200.926757][ T7756] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.947935][ T7756] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.097103][ T1180] hsr_slave_0: left promiscuous mode [ 201.133913][ T1180] hsr_slave_1: left promiscuous mode [ 201.134902][ T1180] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.134938][ T1180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.187949][ T1180] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 201.187979][ T1180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 201.375325][ T1180] veth1_macvtap: left promiscuous mode [ 201.375654][ T1180] veth0_macvtap: left promiscuous mode [ 201.375954][ T1180] veth1_vlan: left promiscuous mode [ 201.376160][ T1180] veth0_vlan: left promiscuous mode [ 201.885426][ T59] Bluetooth: hci0: command tx timeout [ 203.404107][ T59] Bluetooth: hci2: command tx timeout [ 203.755420][ T1180] team0 (unregistering): Port device team_slave_1 removed [ 203.974593][ T1180] team0 (unregistering): Port device team_slave_0 removed [ 206.396485][ T7901] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 206.396720][ T7901] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 206.400157][ T7904] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 206.446354][ T7909] netlink: 16 bytes leftover after parsing attributes in process `syz.3.855'. [ 206.471578][ T7901] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 206.559737][ T7901] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 206.559820][ T7901] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 206.671891][ T7756] team0: Port device team_slave_0 added [ 206.695902][ T7756] team0: Port device team_slave_1 added [ 206.715082][ T7901] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 206.786635][ T7901] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 206.868208][ T7901] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 206.878475][ T7901] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 206.959313][ T7901] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 207.002141][ T7756] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.005661][ T7756] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.005687][ T7756] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.019429][ T7756] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.019445][ T7756] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.019467][ T7756] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.053274][ T7901] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 207.053397][ T7901] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 207.191030][ T7901] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 207.272282][ T7901] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 207.272429][ T7901] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 207.365410][ T7901] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 207.577049][ T7756] hsr_slave_0: entered promiscuous mode [ 207.578351][ T7756] hsr_slave_1: entered promiscuous mode [ 208.276701][ T7947] netlink: 4 bytes leftover after parsing attributes in process `syz.3.873'. [ 208.444638][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 208.604042][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 208.638796][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.878'. [ 208.930002][ T59] Bluetooth: hci4: command 0x0405 tx timeout [ 209.003896][ T1430] wlan1: Trigger new scan to find an IBSS to join [ 209.084025][ T59] Bluetooth: hci3: command 0x0c1a tx timeout [ 209.206813][ T7756] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 209.282278][ T7756] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 209.323881][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 209.355603][ T7756] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 209.411816][ T7976] netem: incorrect ge model size [ 209.412028][ T7976] netem: change failed [ 209.464286][ T7756] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 209.588757][ T7983] loop7: detected capacity change from 0 to 7 [ 209.605024][ C0] blk_print_req_error: 20 callbacks suppressed [ 209.605045][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.605073][ C0] buffer_io_error: 20 callbacks suppressed [ 209.605084][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.605473][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.605497][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.605696][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.605718][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.605912][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.605937][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.606153][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.606178][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.607335][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.607364][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.607940][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.607968][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.609158][ T7983] ldm_validate_partition_table(): Disk read failed. [ 209.612495][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.612524][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.622870][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.622902][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.623966][ T7985] netlink: 'syz.4.888': attribute type 3 has an invalid length. [ 209.624002][ T7985] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 209.625700][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 209.625740][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 209.626055][ T7983] Dev loop7: unable to read RDB block 0 [ 209.638280][ T7983] loop7: unable to read partition table [ 209.638513][ T7983] loop7: partition table beyond EOD, truncated [ 209.638531][ T7983] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 210.283872][ T6031] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 210.436626][ T6031] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 210.436676][ T6031] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00 [ 210.436698][ T6031] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.443493][ T6031] usb 5-1: config 0 descriptor?? [ 210.447567][ T7993] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 210.524015][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 210.633946][ T5924] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 210.683917][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 210.773314][ T8008] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 210.811582][ T5924] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 210.811611][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.839280][ T5924] usb 3-1: config 0 descriptor?? [ 210.854921][ T5924] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 210.888781][ T6031] ryos 0003:1E7D:3138.000C: unknown main item tag 0x0 [ 210.888863][ T6031] ryos 0003:1E7D:3138.000C: unknown main item tag 0x1 [ 210.918475][ T6031] ryos 0003:1E7D:3138.000C: hidraw0: USB HID v1.01 Device [HID 1e7d:3138] on usb-dummy_hcd.4-1/input0 [ 210.974891][ T7756] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.004390][ T59] Bluetooth: hci4: command 0x0405 tx timeout [ 211.119273][ T7756] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.127030][ T6045] usb 5-1: USB disconnect, device number 7 [ 211.163935][ T59] Bluetooth: hci3: command 0x0c1a tx timeout [ 211.189800][ T1180] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.189937][ T1180] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.229930][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.230061][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.403954][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 211.662639][ T5924] gspca_sunplus: reg_w_riv err -71 [ 211.662738][ T5924] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 211.683507][ T5924] usb 3-1: USB disconnect, device number 10 [ 211.788207][ T8019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.903'. [ 211.964677][ T4560] wlan1: Trigger new scan to find an IBSS to join [ 212.078182][ T8035] netem: incorrect gi model size [ 212.078221][ T8035] netem: change failed [ 212.157133][ T7756] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.604222][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 212.763946][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 212.935310][ T7756] veth0_vlan: entered promiscuous mode [ 212.976740][ T7756] veth1_vlan: entered promiscuous mode [ 213.084030][ T59] Bluetooth: hci4: command 0x0405 tx timeout [ 213.168199][ T7756] veth0_macvtap: entered promiscuous mode [ 213.201334][ T7756] veth1_macvtap: entered promiscuous mode [ 213.245607][ T59] Bluetooth: hci3: command 0x0c1a tx timeout [ 213.292973][ T7756] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.310650][ T8065] sctp: Trying to GSO but underlying device doesn't support it. [ 213.318213][ T7756] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.368630][ T43] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.369318][ T43] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.373127][ T43] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.400079][ T43] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 213.486114][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 213.830772][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.830791][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.977096][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.977115][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 214.186044][ T8076] bond0: option all_slaves_active: invalid value (128) [ 214.362633][ T8082] netlink: 20 bytes leftover after parsing attributes in process `syz.1.929'. [ 214.834032][ T8099] binder: 8098:8099 ioctl 40046205 0 returned -22 [ 214.844426][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 214.924243][ T1180] wlan1: Trigger new scan to find an IBSS to join [ 215.834963][ T1180] wlan1: Creating new IBSS network, BSSID 32:4c:5a:3a:2c:b2 [ 215.913901][ T5911] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 216.042626][ T1180] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 216.079549][ T5911] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 216.079576][ T5911] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 216.079628][ T5911] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 216.079652][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.115913][ T5911] usb 3-1: config 0 descriptor?? [ 216.133639][ T5911] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 216.133695][ T5911] dvb-usb: bulk message failed: -22 (3/0) [ 216.155071][ T5911] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 216.156105][ T5911] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 216.156159][ T5911] usb 3-1: media controller created [ 216.185179][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 216.219101][ T5911] dvb-usb: bulk message failed: -22 (6/0) [ 216.219219][ T5911] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 216.241796][ T5911] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13 [ 216.256539][ T5911] dvb-usb: schedule remote query interval to 150 msecs. [ 216.256559][ T5911] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 216.418937][ T5911] dvb-usb: bulk message failed: -22 (1/0) [ 216.418980][ T5911] dvb-usb: error while querying for an remote control event. [ 216.577612][ T5911] dvb-usb: bulk message failed: -22 (1/0) [ 216.577644][ T5911] dvb-usb: error while querying for an remote control event. [ 216.734022][ T5856] dvb-usb: bulk message failed: -22 (1/0) [ 216.734054][ T5856] dvb-usb: error while querying for an remote control event. [ 216.894041][ T5911] dvb-usb: bulk message failed: -22 (1/0) [ 216.894072][ T5911] dvb-usb: error while querying for an remote control event. [ 216.927542][ T31] usb 3-1: USB disconnect, device number 11 [ 217.106047][ T31] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 217.241177][ T8162] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.965'. [ 217.465348][ T8173] netlink: 8 bytes leftover after parsing attributes in process `syz.5.968'. [ 218.282662][ T8195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.978'. [ 218.282686][ T8195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.978'. [ 218.282702][ T8195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.978'. [ 218.297238][ T8195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.978'. [ 218.297273][ T8195] netlink: 'syz.2.978': attribute type 6 has an invalid length. [ 218.730547][ T8188] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 218.730773][ T8188] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 218.743435][ T8188] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 218.748276][ T8188] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 218.748414][ T8188] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 218.795563][ T8188] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.063965][ T5875] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 219.216758][ T5875] usb 3-1: Using ep0 maxpacket: 32 [ 219.219400][ T5875] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 219.219427][ T5875] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.228205][ T5875] usb 3-1: config 0 descriptor?? [ 219.454390][ T5875] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 219.458346][ T5875] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 219.459423][ T5875] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 219.459476][ T5875] usb 3-1: media controller created [ 219.497070][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 219.658568][ T5875] az6027: usb out operation failed. (-71) [ 219.660684][ T5875] az6027: usb out operation failed. (-71) [ 219.660706][ T5875] stb0899_attach: Driver disabled by Kconfig [ 219.660715][ T5875] az6027: no front-end attached [ 219.660715][ T5875] [ 219.661124][ T5875] az6027: usb out operation failed. (-71) [ 219.661136][ T5875] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 219.671841][ T5875] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input14 [ 219.674232][ T5875] dvb-usb: schedule remote query interval to 400 msecs. [ 219.674249][ T5875] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 219.680093][ T5875] usb 3-1: USB disconnect, device number 12 [ 219.893004][ T5875] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 220.124013][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout [ 220.499062][ T37] audit: type=1326 audit(1758287823.684:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.502152][ T37] audit: type=1326 audit(1758287823.684:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.502424][ T37] audit: type=1326 audit(1758287823.684:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.502666][ T37] audit: type=1326 audit(1758287823.684:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.502953][ T37] audit: type=1326 audit(1758287823.684:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.503546][ T37] audit: type=1326 audit(1758287823.684:1927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.517089][ T37] audit: type=1326 audit(1758287823.684:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.517139][ T37] audit: type=1326 audit(1758287823.704:1929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.517179][ T37] audit: type=1326 audit(1758287823.704:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.517214][ T37] audit: type=1326 audit(1758287823.704:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8210 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa989a5ec29 code=0x7ffc0000 [ 220.765976][ T5846] Bluetooth: hci3: command 0x0c1a tx timeout [ 220.766015][ T5846] Bluetooth: hci2: command 0x0c1a tx timeout [ 220.766112][ T5156] Bluetooth: hci4: command 0x0405 tx timeout [ 220.844086][ T59] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 220.858946][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.371662][ T8227] block device autoloading is deprecated and will be removed. [ 221.658075][ T8238] ./file0: Can't open blockdev [ 222.843993][ T5156] Bluetooth: hci3: command 0x0c1a tx timeout [ 223.433997][ T5856] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 223.594185][ T5856] usb 4-1: Using ep0 maxpacket: 8 [ 223.596835][ T5856] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 223.596957][ T5856] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 223.596997][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 223.597023][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 223.597047][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 223.597072][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 223.597097][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 223.597123][ T5856] usb 4-1: config 168 interface 0 has no altsetting 0 [ 223.598510][ T5856] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 223.598545][ T5856] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 223.598600][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 223.598625][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 223.598649][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 223.598673][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 223.598698][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 223.598724][ T5856] usb 4-1: config 168 interface 0 has no altsetting 0 [ 223.600380][ T5856] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 223.600418][ T5856] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30 [ 223.600457][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 223.600488][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 223.600511][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 223.600535][ T5856] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 223.600560][ T5856] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100 [ 223.600586][ T5856] usb 4-1: config 168 interface 0 has no altsetting 0 [ 223.873884][ T5856] usb 4-1: string descriptor 0 read error: -22 [ 223.874009][ T5856] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 223.874028][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.919016][ T5856] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 224.138473][ T5875] usb 4-1: USB disconnect, device number 10 [ 225.049046][ T8296] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1034'. [ 225.843161][ T8298] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 225.843306][ T8298] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 225.913085][ T8298] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 225.913373][ T8298] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 225.914994][ T8298] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 225.915283][ T8298] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 226.236266][ T8322] program syz.1.1035 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.400348][ T8329] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1039'. [ 226.544131][ T5856] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 226.717020][ T5856] usb 4-1: Using ep0 maxpacket: 8 [ 226.720032][ T5856] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 226.720059][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.779177][ T5856] pvrusb2: Hardware description: Terratec Grabster AV400 [ 226.779197][ T5856] pvrusb2: ********** [ 226.779203][ T5856] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 226.779214][ T5856] pvrusb2: Important functionality might not be entirely working. [ 226.779223][ T5856] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 226.779233][ T5856] pvrusb2: ********** [ 226.987984][ T2368] pvrusb2: Invalid write control endpoint [ 227.191221][ T8326] pvrusb2: Invalid write control endpoint [ 227.197508][ T5856] usb 4-1: USB disconnect, device number 11 [ 227.218364][ T2368] pvrusb2: Invalid write control endpoint [ 227.218378][ T2368] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 227.218387][ T2368] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 227.218394][ T2368] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 227.218403][ T2368] pvrusb2: Device being rendered inoperable [ 227.222568][ T2368] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 227.222622][ T2368] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 227.308592][ T2368] pvrusb2: Attached sub-driver cx25840 [ 227.308617][ T2368] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 227.308626][ T2368] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 227.403894][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout [ 227.462658][ T6045] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 227.617071][ T6045] usb 2-1: unable to get BOS descriptor or descriptor too short [ 227.618861][ T6045] usb 2-1: config 1 interface 0 altsetting 64 bulk endpoint 0x82 has invalid maxpacket 1024 [ 227.618891][ T6045] usb 2-1: config 1 interface 0 altsetting 64 endpoint 0x3 has invalid maxpacket 7227, setting to 1024 [ 227.618914][ T6045] usb 2-1: config 1 interface 0 altsetting 64 bulk endpoint 0x3 has invalid maxpacket 1024 [ 227.618937][ T6045] usb 2-1: config 1 interface 0 has no altsetting 0 [ 227.622095][ T6045] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 227.622121][ T6045] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.622140][ T6045] usb 2-1: Product: syz [ 227.622154][ T6045] usb 2-1: Manufacturer: syz [ 227.622168][ T6045] usb 2-1: SerialNumber: syz [ 227.639672][ T8339] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 227.639867][ T8339] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 227.871903][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 227.889811][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 227.891083][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 227.892378][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 227.893218][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 227.963906][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 227.963943][ T59] Bluetooth: hci3: command 0x0c1a tx timeout [ 227.963969][ T59] Bluetooth: hci4: command 0x0405 tx timeout [ 227.963995][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 227.971325][ T6045] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 228.060237][ T6045] usb 2-1: USB disconnect, device number 6 [ 228.491337][ T5854] syz_tun (unregistering): left allmulticast mode [ 229.484025][ T5156] Bluetooth: hci1: command 0x0c1a tx timeout [ 229.963568][ T43] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.974369][ T5156] Bluetooth: hci5: command tx timeout [ 230.497677][ T43] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.649065][ T8383] syz.2.1063 (8383): drop_caches: 2 [ 230.902538][ T43] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.340157][ T43] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.742819][ T8433] vivid-004: disconnect [ 231.749799][ T8430] vivid-004: reconnect [ 231.814824][ T8432] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1084'. [ 231.818910][ T8352] chnl_net:caif_netlink_parms(): no params data found [ 232.043914][ T5156] Bluetooth: hci5: command tx timeout [ 232.226049][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 232.226065][ T37] audit: type=1326 audit(1758288091.416:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8440 comm="syz.2.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff17ac9ec29 code=0x7ffc0000 [ 232.261805][ T37] audit: type=1326 audit(1758288091.416:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8440 comm="syz.2.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff17ac9ec29 code=0x7ffc0000 [ 232.261858][ T37] audit: type=1326 audit(1758288091.416:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8440 comm="syz.2.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7ff17ac9ec29 code=0x7ffc0000 [ 232.493087][ T37] audit: type=1326 audit(1758288091.676:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8440 comm="syz.2.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff17ac9ec29 code=0x7ffc0000 [ 232.493126][ T37] audit: type=1326 audit(1758288091.676:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8440 comm="syz.2.1088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff17ac9ec29 code=0x7ffc0000 [ 232.615450][ T43] bridge_slave_1: left allmulticast mode [ 232.615491][ T43] bridge_slave_1: left promiscuous mode [ 232.615758][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.687003][ T43] bridge_slave_0: left allmulticast mode [ 232.687037][ T43] bridge_slave_0: left promiscuous mode [ 232.687311][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.733848][ T8451] nbd1: detected capacity change from 0 to 127 [ 232.737871][ T5156] block nbd1: Receive control failed (result -32) [ 233.603976][ T5856] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 233.767249][ T5856] usb 3-1: unable to get BOS descriptor or descriptor too short [ 233.768885][ T5856] usb 3-1: config 1 interface 0 altsetting 64 bulk endpoint 0x82 has invalid maxpacket 1024 [ 233.768915][ T5856] usb 3-1: config 1 interface 0 altsetting 64 endpoint 0x3 has invalid maxpacket 7227, setting to 1024 [ 233.768940][ T5856] usb 3-1: config 1 interface 0 altsetting 64 bulk endpoint 0x3 has invalid maxpacket 1024 [ 233.768964][ T5856] usb 3-1: config 1 interface 0 has no altsetting 0 [ 233.820087][ T5856] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 233.820114][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.820132][ T5856] usb 3-1: Product: syz [ 233.820145][ T5856] usb 3-1: Manufacturer: syz [ 233.820158][ T5856] usb 3-1: SerialNumber: syz [ 233.862690][ T8471] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 233.862819][ T8471] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 234.089281][ T5856] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 234.120557][ T5856] usb 3-1: USB disconnect, device number 13 [ 234.123923][ T5156] Bluetooth: hci5: command tx timeout [ 234.403782][ T8486] nbd2: detected capacity change from 0 to 127 [ 234.416507][ T5156] block nbd2: Receive control failed (result -32) [ 234.529629][ T8494] program syz.3.1108 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.511318][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511362][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511386][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511410][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511434][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511458][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511482][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511506][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511530][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.511554][ T31] hid-generic 0000:0006:0007.000D: unknown main item tag 0x0 [ 235.534130][ T31] hid-generic 0000:0006:0007.000D: hidraw0: HID v0.0b Device [syz1] on syz1 [ 235.626928][ T8506] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1114'. [ 235.859500][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.935051][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.994793][ T43] bond0 (unregistering): Released all slaves [ 236.205191][ T5156] Bluetooth: hci5: command tx timeout [ 236.342623][ T8352] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.342768][ T8352] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.343009][ T8352] bridge_slave_0: entered allmulticast mode [ 236.345917][ T8352] bridge_slave_0: entered promiscuous mode [ 236.349602][ T8352] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.349737][ T8352] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.349913][ T8352] bridge_slave_1: entered allmulticast mode [ 236.352662][ T8352] bridge_slave_1: entered promiscuous mode [ 236.773908][ T5875] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 236.931979][ T5875] usb 6-1: config 0 has no interfaces? [ 236.937480][ T5875] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 236.937508][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.937526][ T5875] usb 6-1: Product: syz [ 236.937539][ T5875] usb 6-1: Manufacturer: syz [ 236.937552][ T5875] usb 6-1: SerialNumber: syz [ 236.970282][ T5875] usb 6-1: config 0 descriptor?? [ 237.129774][ T8352] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.142543][ T8352] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.207997][ T5875] usb 6-1: USB disconnect, device number 2 [ 237.548833][ T8547] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1133'. [ 238.140410][ T8352] team0: Port device team_slave_0 added [ 238.158900][ T8352] team0: Port device team_slave_1 added [ 238.323240][ T8582] input: syz0 as /devices/virtual/input/input15 [ 238.769409][ T43] hsr_slave_0: left promiscuous mode [ 238.805765][ T43] hsr_slave_1: left promiscuous mode [ 238.806748][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 238.806775][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 238.868730][ T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 238.868760][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.978231][ T43] veth1_macvtap: left promiscuous mode [ 238.978354][ T43] veth0_macvtap: left promiscuous mode [ 238.978641][ T43] veth1_vlan: left promiscuous mode [ 238.979716][ T43] veth0_vlan: left promiscuous mode [ 239.073880][ T5875] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 239.228328][ T5875] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 239.228358][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.248969][ T5875] usb 4-1: config 0 descriptor?? [ 239.260121][ T5875] cp210x 4-1:0.0: cp210x converter detected [ 239.664778][ T5875] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 239.669503][ T5875] usb 4-1: cp210x converter now attached to ttyUSB0 [ 239.872553][ T6045] usb 4-1: USB disconnect, device number 12 [ 239.884929][ T6045] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 240.004483][ T6045] cp210x 4-1:0.0: device disconnected [ 241.355123][ T43] team0 (unregistering): Port device team_slave_1 removed [ 241.584834][ T43] team0 (unregistering): Port device team_slave_0 removed [ 243.707419][ T8352] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.707435][ T8352] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.707459][ T8352] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.714671][ T8352] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.714685][ T8352] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.714708][ T8352] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 244.198415][ T8352] hsr_slave_0: entered promiscuous mode [ 244.199687][ T8352] hsr_slave_1: entered promiscuous mode [ 244.218907][ T8352] debugfs: 'hsr0' already exists in 'hsr' [ 244.218932][ T8352] Cannot create hsr debugfs directory [ 244.245361][ T8606] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 244.248586][ T8606] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 244.248795][ T8606] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 244.249047][ T8606] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 244.249138][ T8606] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 244.307758][ T8606] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 244.307847][ T8606] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 244.423910][ T8606] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 245.261487][ T8632] support for cryptoloop has been removed. Use dm-crypt instead. [ 245.498534][ T8636] capability: warning: `syz.5.1172' uses 32-bit capabilities (legacy support in use) [ 245.854173][ T8639] Bluetooth: MGMT ver 1.23 [ 245.864589][ T4560] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 245.978458][ T8647] netlink: 'syz.1.1177': attribute type 1 has an invalid length. [ 245.978479][ T8647] netlink: 'syz.1.1177': attribute type 2 has an invalid length. [ 245.980008][ T8647] netlink: 'syz.1.1177': attribute type 1 has an invalid length. [ 245.980024][ T8647] netlink: 'syz.1.1177': attribute type 2 has an invalid length. [ 246.193418][ T8352] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 246.276531][ T8352] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 246.283943][ T59] Bluetooth: hci0: command 0x0c1a tx timeout [ 246.283978][ T59] Bluetooth: hci3: command 0x0c1a tx timeout [ 246.284004][ T59] Bluetooth: hci2: command 0x0c1a tx timeout [ 246.284036][ T59] Bluetooth: hci1: command 0x0c1a tx timeout [ 246.340647][ T8352] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 246.363912][ T5156] Bluetooth: hci5: command 0x0c1a tx timeout [ 246.480264][ T8352] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 246.989799][ T8691] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1193'. [ 247.114367][ T8352] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.199991][ T8352] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.235880][ T4560] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.236113][ T4560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.245908][ T4560] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.249418][ T4560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.874909][ T8715] openvswitch: netlink: IPv4 tunnel dst address is zero [ 248.048244][ T8352] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.373923][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout [ 248.443881][ T5156] Bluetooth: hci5: command 0x0c1a tx timeout [ 249.251184][ T8352] veth0_vlan: entered promiscuous mode [ 249.300771][ T8352] veth1_vlan: entered promiscuous mode [ 249.402669][ T8352] veth0_macvtap: entered promiscuous mode [ 249.464970][ T8352] veth1_macvtap: entered promiscuous mode [ 249.473310][ T8739] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1209'. [ 249.473333][ T8739] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1209'. [ 249.493689][ T8711] syz.1.1200 (8711): drop_caches: 2 [ 249.598261][ T8352] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.665152][ T8352] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.708503][ T1410] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.708765][ T1410] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.709052][ T1410] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.709547][ T1410] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 250.408640][ T1410] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.408662][ T1410] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.523986][ T5156] Bluetooth: hci5: command 0x0c1a tx timeout [ 250.559665][ T8763] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1218'. [ 250.564624][ T8763] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1218'. [ 250.588365][ T8763] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1218'. [ 250.681658][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 250.681701][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.715883][ T5856] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 250.888517][ T5856] usb 2-1: Using ep0 maxpacket: 8 [ 250.941280][ T5856] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 250.941311][ T5856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.941330][ T5856] usb 2-1: Product: syz [ 250.941342][ T5856] usb 2-1: Manufacturer: syz [ 250.941354][ T5856] usb 2-1: SerialNumber: syz [ 250.946800][ T5856] usb 2-1: config 0 descriptor?? [ 251.205065][ T5856] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 251.615937][ T8780] netlink: 'syz.2.1227': attribute type 25 has an invalid length. [ 251.615960][ T8780] netlink: 'syz.2.1227': attribute type 8 has an invalid length. [ 251.836603][ T5856] gspca_sunplus: reg_w_riv err -71 [ 251.836695][ T5856] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 251.846514][ T5856] usb 2-1: USB disconnect, device number 7 [ 253.538533][ T6045] kernel read not supported for file /dsp (pid: 6045 comm: kworker/1:6) [ 253.763947][ T31] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 253.913889][ T31] usb 7-1: Using ep0 maxpacket: 32 [ 253.916382][ T31] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 253.916406][ T31] usb 7-1: config 0 has no interface number 0 [ 253.919638][ T31] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 253.919664][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.919683][ T31] usb 7-1: Product: syz [ 253.919697][ T31] usb 7-1: Manufacturer: syz [ 253.919711][ T31] usb 7-1: SerialNumber: syz [ 253.984187][ T31] usb 7-1: config 0 descriptor?? [ 253.987896][ T31] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 254.221647][ T31] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 254.249742][ T31] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 254.651115][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 254.655135][ T6033] usb 7-1: USB disconnect, device number 2 [ 254.709540][ T6033] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 254.782415][ T6033] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 254.783638][ T6033] quatech2 7-1:0.51: device disconnected [ 255.384378][ T8873] netlink: 'syz.5.1270': attribute type 2 has an invalid length. [ 255.812457][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.812552][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.481779][ T8879] cgroup: fork rejected by pids controller in /syz1 [ 257.446071][ T8949] netlink: 'syz.3.1292': attribute type 7 has an invalid length. [ 257.446092][ T8949] netlink: 'syz.3.1292': attribute type 8 has an invalid length. [ 257.446104][ T8949] netlink: 'syz.3.1292': attribute type 4 has an invalid length. [ 257.446116][ T8949] netlink: 212 bytes leftover after parsing attributes in process `syz.3.1292'. [ 258.068752][ T8962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1298'. [ 258.472792][ T8966] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 258.523928][ T59] Bluetooth: hci5: command 0x0c1a tx timeout [ 258.669775][ T8981] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1306'. [ 258.746873][ T8982] af_packet: tpacket_rcv: packet too big, clamped from 114 to 4294967272. macoff=96 [ 258.780513][ T8986] loop2: detected capacity change from 0 to 7 [ 259.907781][ T9014] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 260.984242][ T6031] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 261.146281][ T6031] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.146321][ T6031] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.146359][ T6031] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 261.146381][ T6031] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.151737][ T6031] usb 2-1: config 0 descriptor?? [ 261.273921][ T6033] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 261.490822][ T6033] usb 7-1: config 0 has an invalid interface number: 128 but max is 0 [ 261.490850][ T6033] usb 7-1: config 0 has no interface number 0 [ 261.524808][ T6033] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 261.525553][ T6033] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.525576][ T6033] usb 7-1: Product: syz [ 261.525590][ T6033] usb 7-1: Manufacturer: syz [ 261.525604][ T6033] usb 7-1: SerialNumber: syz [ 261.543823][ T6033] usb 7-1: config 0 descriptor?? [ 261.770666][ T6031] hid-steam 0003:28DE:1142.000E: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 261.834094][ T6031] hid-steam 0003:28DE:1142.000E: Steam wireless receiver connected [ 261.994871][ T6033] usb 7-1: Firmware: major: 177, minor: 79, hardware type: HULUSB (4) [ 262.009683][ T6031] hid-steam 0003:28DE:1142.000F: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 262.040917][ T6031] usb 2-1: USB disconnect, device number 8 [ 262.136006][ T9058] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1342'. [ 262.142701][ T6031] hid-steam 0003:28DE:1142.000E: Steam wireless receiver disconnected [ 262.196060][ T6033] usb 7-1: failed to fetch extended address, random address set [ 262.283981][ T6033] usb 7-1: USB disconnect, device number 3 [ 263.533925][ T6045] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 263.690242][ T6045] usb 2-1: Using ep0 maxpacket: 32 [ 263.695521][ T6045] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 263.695547][ T6045] usb 2-1: config 0 has no interface number 0 [ 263.695594][ T6045] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 263.695620][ T6045] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 263.695659][ T6045] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 263.695681][ T6045] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.769031][ T6045] usb 2-1: config 0 descriptor?? [ 263.779171][ T6045] usb 2-1: can't set config #0, error -71 [ 263.782019][ T6045] usb 2-1: USB disconnect, device number 9 [ 264.893204][ T9139] tap0: tun_chr_ioctl cmd 2147767507 [ 265.583913][ T6045] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 265.736554][ T6045] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 265.736580][ T6045] usb 2-1: config 0 has no interfaces? [ 265.736609][ T6045] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 265.736631][ T6045] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.805788][ T6045] usb 2-1: config 0 descriptor?? [ 266.085923][ T9159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 266.104047][ T9159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 266.128583][ T5875] usb 2-1: USB disconnect, device number 10 [ 268.023888][ T5875] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 268.184841][ T5875] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 268.184868][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.184888][ T5875] usb 6-1: Product: syz [ 268.184901][ T5875] usb 6-1: Manufacturer: syz [ 268.184915][ T5875] usb 6-1: SerialNumber: syz [ 268.203862][ T6045] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 268.221153][ T5875] usb 6-1: config 0 descriptor?? [ 268.245166][ T5875] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 003 [ 268.361036][ T6045] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.361069][ T6045] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.361162][ T6045] usb 7-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 268.361185][ T6045] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.429088][ T6045] usb 7-1: config 0 descriptor?? [ 268.497417][ T9229] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 268.631684][ T5875] (null): failure reading functionality [ 268.684337][ T5875] i2c i2c-1: connected i2c-tiny-usb device [ 268.870095][ T6031] usb 6-1: USB disconnect, device number 3 [ 268.887868][ T9240] loop8: detected capacity change from 0 to 7 [ 268.892411][ T9241] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1423'. [ 268.893699][ T6045] sony 0003:054C:024B.0010: unexpected long global item [ 268.894167][ T9240] Dev loop8: unable to read RDB block 7 [ 268.894208][ T9240] loop8: unable to read partition table [ 268.894433][ T9240] loop8: partition table beyond EOD, truncated [ 268.894450][ T9240] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 268.946750][ T6045] sony 0003:054C:024B.0010: parse failed [ 268.946859][ T6045] sony 0003:054C:024B.0010: probe with driver sony failed with error -22 [ 269.138389][ T6031] usb 7-1: USB disconnect, device number 4 [ 269.248164][ T9250] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1428'. [ 269.248221][ T9250] netem: change failed [ 269.739214][ T9271] syz.3.1437 (9271): /proc/9267/oom_adj is deprecated, please use /proc/9267/oom_score_adj instead. [ 271.225599][ T9322] Bluetooth: MGMT ver 1.23 [ 271.580450][ T9326] netlink: 133 bytes leftover after parsing attributes in process `syz.3.1464'. [ 271.893866][ T37] audit: type=1326 audit(1758288131.076:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9335 comm="syz.3.1468" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd9b56fec29 code=0x0 [ 273.864056][ T6045] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 274.015998][ T6045] usb 7-1: Using ep0 maxpacket: 16 [ 274.018923][ T6045] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.018973][ T6045] usb 7-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 274.019005][ T6045] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.066139][ T6045] usb 7-1: config 0 descriptor?? [ 274.538363][ T6045] hid_parser_main: 43 callbacks suppressed [ 274.538384][ T6045] creative-sb0540 0003:041E:3100.0011: unknown main item tag 0x0 [ 274.538413][ T6045] creative-sb0540 0003:041E:3100.0011: item fetching failed at offset 3/5 [ 274.539082][ T6045] creative-sb0540 0003:041E:3100.0011: parse failed [ 274.539177][ T6045] creative-sb0540 0003:041E:3100.0011: probe with driver creative-sb0540 failed with error -22 [ 274.749799][ T6045] usb 7-1: USB disconnect, device number 5 [ 274.991015][ T9424] netlink: 'syz.5.1505': attribute type 2 has an invalid length. [ 275.653873][ T6045] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 275.715517][ T9453] input: syz1 as /devices/virtual/input/input16 [ 275.753969][ T993] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 275.816289][ T6045] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 275.816315][ T6045] usb 2-1: config 0 has no interface number 0 [ 275.816361][ T6045] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 275.816388][ T6045] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 275.816428][ T6045] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 275.816451][ T6045] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.883917][ T6045] usb 2-1: config 0 descriptor?? [ 275.885113][ T9439] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 275.909459][ T6045] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 275.961612][ T993] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 275.961643][ T993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.961661][ T993] usb 3-1: Product: syz [ 275.961674][ T993] usb 3-1: Manufacturer: syz [ 275.961687][ T993] usb 3-1: SerialNumber: syz [ 276.006193][ T993] usb 3-1: config 0 descriptor?? [ 276.010698][ T993] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 014 [ 276.107986][ T5856] usb 2-1: USB disconnect, device number 11 [ 276.421259][ T993] (null): failure reading functionality [ 276.424248][ T9468] ip6gretap1: entered allmulticast mode [ 276.463433][ T993] i2c i2c-1: connected i2c-tiny-usb device [ 276.470775][ T9470] input: syz1 as /devices/virtual/input/input17 [ 276.490150][ T9472] misc userio: Begin command sent, but we're already running [ 276.665628][ T6031] usb 3-1: USB disconnect, device number 14 [ 276.891971][ T57] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 277.349434][ T9507] loop2: detected capacity change from 0 to 7 [ 277.437712][ C1] blk_print_req_error: 5 callbacks suppressed [ 277.437734][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.437765][ C1] buffer_io_error: 5 callbacks suppressed [ 277.437777][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.467935][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.467971][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.472085][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.472114][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.492910][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.492944][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.493888][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.493916][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.494244][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.494269][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.495195][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.495222][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.495316][ T9507] ldm_validate_partition_table(): Disk read failed. [ 277.495511][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.495586][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.495919][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.495943][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.496165][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 277.496190][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 277.496576][ T9507] Dev loop2: unable to read RDB block 0 [ 277.497391][ T9507] loop2: unable to read partition table [ 277.497610][ T9507] loop2: partition table beyond EOD, truncated [ 277.497643][ T9507] loop_reread_partitions: partition scan of loop2 (DPx^8TA/w'69ڈ"%m9p<Ժ M*Y) failed (rc=-5) [ 277.833931][ T6031] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 277.977684][ T9531] ALSA: mixer_oss: invalid OSS volume '' [ 277.983990][ T6031] usb 4-1: Using ep0 maxpacket: 8 [ 278.003816][ T6031] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 278.007033][ T6031] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 278.007060][ T6031] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 278.007081][ T6031] usb 4-1: Product: syz [ 278.007095][ T6031] usb 4-1: Manufacturer: syz [ 278.007109][ T6031] usb 4-1: SerialNumber: syz [ 278.163912][ T5856] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 278.264959][ T6031] usb 4-1: Handspring Visor / Palm OS: No valid connect info available [ 278.264985][ T6031] usb 4-1: Handspring Visor / Palm OS: port 79, is for unknown use [ 278.265004][ T6031] usb 4-1: Handspring Visor / Palm OS: port 0, is for Debugger use [ 278.265022][ T6031] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 278.338076][ T5856] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 278.338102][ T5856] usb 7-1: config 0 has no interface number 0 [ 278.345464][ T5856] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 278.346190][ T5856] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.346211][ T5856] usb 7-1: Product: syz [ 278.346224][ T5856] usb 7-1: Manufacturer: syz [ 278.346237][ T5856] usb 7-1: SerialNumber: syz [ 278.395181][ T5856] usb 7-1: config 0 descriptor?? [ 278.460863][ T6031] usb 4-1: palm_os_3_probe - error -71 getting bytes available request [ 278.460950][ T6031] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 278.490672][ T6031] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 278.546629][ T6031] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 278.568259][ T6031] usb 4-1: USB disconnect, device number 13 [ 278.606400][ T5856] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 278.636463][ T6031] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 278.641883][ T5856] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 278.642278][ T5856] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 278.642328][ T5856] usb 7-1: media controller created [ 278.668056][ T6031] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 278.668565][ T6031] visor 4-1:1.0: device disconnected [ 278.778511][ T5856] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 278.897876][ T9553] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1565'. [ 279.444994][ T993] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 279.593970][ T993] usb 2-1: Using ep0 maxpacket: 16 [ 279.596885][ T993] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.596915][ T993] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.596938][ T993] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 279.596964][ T993] usb 2-1: config 0 interface 0 has no altsetting 0 [ 279.596997][ T993] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 279.597019][ T993] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.603036][ T993] usb 2-1: config 0 descriptor?? [ 279.919037][ T5856] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 279.968715][ T5856] usb 7-1: USB disconnect, device number 6 [ 280.111779][ T993] hid (null): unknown global tag 0xc [ 280.111870][ T993] hid (null): bogus close delimiter [ 280.111904][ T993] hid (null): invalid report_size 12466 [ 280.333841][ T6045] usb 2-1: USB disconnect, device number 12 [ 280.607552][ T9594] pimreg: entered allmulticast mode [ 280.632176][ T9594] pimreg: left allmulticast mode [ 280.858525][ T9603] program syz.6.1588 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 281.212595][ T6045] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 281.273887][ T5856] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 281.310916][ T9623] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1597'. [ 281.364229][ T6045] usb 2-1: Using ep0 maxpacket: 32 [ 281.374438][ T6045] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 281.374465][ T6045] usb 2-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 281.374488][ T6045] usb 2-1: config 0 interface 0 has no altsetting 0 [ 281.414320][ T6045] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 281.414349][ T6045] usb 2-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 281.414369][ T6045] usb 2-1: Product: syz [ 281.414382][ T6045] usb 2-1: Manufacturer: syz [ 281.414397][ T6045] usb 2-1: SerialNumber: syz [ 281.423278][ T6045] usb 2-1: config 0 descriptor?? [ 281.424705][ T5856] usb 7-1: Using ep0 maxpacket: 8 [ 281.428894][ T5856] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 281.428925][ T5856] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 281.428948][ T5856] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 281.428970][ T5856] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.429008][ T5856] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 281.429028][ T5856] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.713953][ T5856] usb 7-1: GET_CAPABILITIES returned 0 [ 281.714004][ T5856] usbtmc 7-1:16.0: can't read capabilities [ 281.872826][ T6045] gs_usb 2-1:0.0: Configuring for 1 interfaces [ 281.948425][ T5856] usb 7-1: USB disconnect, device number 7 [ 282.120821][ T37] audit: type=1326 audit(1758288141.306:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9640 comm="syz.3.1606" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd9b56fec29 code=0x0 [ 282.292824][ T6045] usb 2-1: USB disconnect, device number 13 [ 282.834028][ T5875] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 283.001393][ T5875] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 283.001429][ T5875] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 283.001454][ T5875] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 283.048952][ T5875] usb 6-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 283.048981][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.049000][ T5875] usb 6-1: Product: syz [ 283.049014][ T5875] usb 6-1: Manufacturer: syz [ 283.049026][ T5875] usb 6-1: SerialNumber: syz [ 283.086532][ T5875] usb 6-1: config 0 descriptor?? [ 283.098351][ T9655] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 283.098540][ T9655] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 283.125750][ T5875] usb 6-1: ucan: probing device on interface #0 [ 283.772275][ T5875] ucan 6-1:0.0: probe with driver ucan failed with error -22 [ 283.972077][ T9684] netlink: 'syz.3.1624': attribute type 3 has an invalid length. [ 283.996266][ T5924] usb 6-1: USB disconnect, device number 4 [ 284.442556][ T9693] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 284.714151][ T5924] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 284.871835][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.871994][ T5924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.872037][ T5924] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 284.872059][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.897540][ T5924] usb 4-1: config 0 descriptor?? [ 285.374219][ T5924] hid-steam 0003:28DE:1142.0013: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 285.464422][ T9709] program syz.2.1635 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.487776][ T9710] input: syz1 as /devices/virtual/input/input19 [ 285.534283][ T5875] usb 4-1: USB disconnect, device number 14 [ 287.480749][ T9745] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1650'. [ 287.480782][ T9745] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 288.199651][ T5856] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 288.343855][ T5856] usb 4-1: Using ep0 maxpacket: 8 [ 288.346821][ T5856] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 288.346850][ T5856] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 288.346874][ T5856] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 288.346895][ T5856] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 288.346935][ T5856] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 288.346955][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.414681][ T9768] cgroup: fork rejected by pids controller in /syz2 [ 288.651943][ T5856] usb 4-1: GET_CAPABILITIES returned 0 [ 288.651992][ T5856] usbtmc 4-1:16.0: can't read capabilities [ 288.858018][ T993] usb 4-1: USB disconnect, device number 15 [ 289.090223][T10108] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1670'. [ 291.557603][T10169] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1698'. [ 291.607567][T10169] bridge0: entered promiscuous mode [ 291.635859][T10169] batman_adv: batadv0: Adding interface: macvlan2 [ 291.635878][T10169] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 291.635911][T10169] batman_adv: batadv0: Interface activated: macvlan2 [ 292.120865][T10187] binder: BC_ACQUIRE_RESULT not supported [ 292.120880][T10187] binder: 10184:10187 ioctl c0306201 200000000640 returned -22 [ 292.287945][T10195] vivid-000: ================= START STATUS ================= [ 292.287973][T10195] vivid-000: Test Pattern: 75% Colorbar [ 292.288000][T10195] vivid-000: Fill Percentage of Frame: 100 [ 292.288017][T10195] vivid-000: Horizontal Movement: No Movement [ 292.288034][T10195] vivid-000: Vertical Movement: No Movement [ 292.288059][T10195] vivid-000: OSD Text Mode: All [ 292.288077][T10195] vivid-000: Show Border: false [ 292.288093][T10195] vivid-000: Show Square: false [ 292.288109][T10195] vivid-000: Sensor Flipped Horizontally: false [ 292.288126][T10195] vivid-000: Sensor Flipped Vertically: false [ 292.288143][T10195] vivid-000: Insert SAV Code in Image: false [ 292.288160][T10195] vivid-000: Insert EAV Code in Image: false [ 292.288176][T10195] vivid-000: Insert Video Guard Band: false [ 292.288192][T10195] vivid-000: Reduced Framerate: false [ 292.288207][T10195] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 292.288226][T10195] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 292.288244][T10195] vivid-000: Enable Capture Cropping: true grabbed [ 292.288262][T10195] vivid-000: Enable Capture Composing: true grabbed [ 292.288280][T10195] vivid-000: Enable Capture Scaler: true grabbed [ 292.288299][T10195] vivid-000: Timestamp Source: End of Frame [ 292.288314][T10195] vivid-000: Colorspace: sRGB [ 292.288329][T10195] vivid-000: Transfer Function: Default [ 292.288343][T10195] vivid-000: Y'CbCr Encoding: Default [ 292.288359][T10195] vivid-000: HSV Encoding: Hue 0-179 [ 292.288375][T10195] vivid-000: Quantization: Default [ 292.288390][T10195] vivid-000: Apply Alpha To Red Only: false [ 292.288404][T10195] vivid-000: Standard Aspect Ratio: 4x3 [ 292.288419][T10195] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 292.288441][T10195] vivid-000: DV Timings: 640x480p59 inactive [ 292.288462][T10195] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 292.288480][T10195] vivid-000: Maximum EDID Blocks: 2 [ 292.288495][T10195] vivid-000: Limited RGB Range (16-235): false [ 292.288511][T10195] vivid-000: Rx RGB Quantization Range: Automatic [ 292.288528][T10195] vivid-000: Power Present: 0x00000001 [ 292.288553][T10195] tpg source WxH: 320x240 (Y'CbCr) [ 292.288565][T10195] tpg field: 1 [ 292.288572][T10195] tpg crop: (0,0)/320x240 [ 292.288585][T10195] tpg compose: (0,0)/320x240 [ 292.288598][T10195] tpg colorspace: 8 [ 292.288605][T10195] tpg transfer function: 0/2 [ 292.288614][T10195] tpg Y'CbCr encoding: 0/1 [ 292.288623][T10195] tpg quantization: 0/2 [ 292.288631][T10195] tpg RGB range: 0/2 [ 292.288639][T10195] vivid-000: ================== END STATUS ================== [ 292.551063][T10192] cgroup: fork rejected by pids controller in /syz3 [ 292.974807][ T993] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 293.136141][ T993] usb 3-1: config 0 has no interfaces? [ 293.139250][ T993] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 293.139280][ T993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.139300][ T993] usb 3-1: Product: syz [ 293.139315][ T993] usb 3-1: Manufacturer: syz [ 293.139328][ T993] usb 3-1: SerialNumber: syz [ 293.182667][ T993] usb 3-1: config 0 descriptor?? [ 293.387853][ T6031] usb 3-1: USB disconnect, device number 15 [ 294.147054][T10667] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1722'. [ 294.147092][T10667] netlink: 'syz.3.1722': attribute type 21 has an invalid length. [ 294.423412][T10674] netlink: 'syz.5.1724': attribute type 1 has an invalid length. [ 294.423435][T10674] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1724'. [ 294.423462][T10674] netlink: 97 bytes leftover after parsing attributes in process `syz.5.1724'. [ 295.171475][T10699] Falling back ldisc for ptm0. [ 295.886811][T10718] program syz.3.1745 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 296.096372][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1746'. [ 296.096668][T10720] netlink: 'syz.1.1746': attribute type 5 has an invalid length. [ 296.748581][T10728] cgroup: fork rejected by pids controller in /syz6 [ 298.654583][T11005] netlink: 'syz.6.1774': attribute type 49 has an invalid length. [ 299.584268][ T37] audit: type=1326 audit(1758288158.776:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11029 comm="syz.6.1786" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51cd9cec29 code=0x0 [ 299.964056][ T59] Bluetooth: hci5: command 0x0c1a tx timeout [ 300.813853][ T6045] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 300.966127][ T6045] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 300.966159][ T6045] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 300.966198][ T6045] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 300.966220][ T6045] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.162440][ T6045] usb 7-1: config 0 descriptor?? [ 301.890590][ T6045] hid-steam 0003:28DE:1142.0014: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0 [ 301.949180][ T6045] hid-steam 0003:28DE:1142.0014: Steam wireless receiver connected [ 302.318479][ T6045] hid-steam 0003:28DE:1142.0015: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0 [ 302.400123][ T6045] usb 7-1: USB disconnect, device number 8 [ 302.575146][ T6045] hid-steam 0003:28DE:1142.0014: Steam wireless receiver disconnected [ 303.525620][T11086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1819'. [ 303.597046][ T37] audit: type=1326 audit(1758288162.776:1941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd9b56fec29 code=0x7ffc0000 [ 303.685374][ T37] audit: type=1326 audit(1758288162.866:1942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.689360][ T37] audit: type=1326 audit(1758288162.876:1943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.690591][ T37] audit: type=1326 audit(1758288162.876:1944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.691987][ T37] audit: type=1326 audit(1758288162.876:1945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.744430][ T37] audit: type=1326 audit(1758288162.876:1946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.745427][ T37] audit: type=1326 audit(1758288162.936:1947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.747198][ T37] audit: type=1326 audit(1758288162.936:1948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 303.748584][ T37] audit: type=1326 audit(1758288162.936:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11076 comm="syz.3.1805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd9b569ae09 code=0x7ffc0000 [ 305.481774][T11115] loop6: detected capacity change from 0 to 524287999 [ 307.816802][ T4560] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 308.643758][ C0] sched: DL replenish lagged too much [ 317.097980][ T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 317.124391][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 317.127044][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 317.128629][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 317.129648][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 317.258619][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.258697][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.254054][ T5156] Bluetooth: hci4: command tx timeout [ 321.324112][ T5156] Bluetooth: hci4: command tx timeout [ 323.414017][ T5156] Bluetooth: hci4: command tx timeout [ 324.166293][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 324.195928][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 324.197275][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 324.202738][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 324.203594][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 324.606466][T11145] netlink: 133 bytes leftover after parsing attributes in process `syz.1.1834'. [ 325.484013][ T59] Bluetooth: hci4: command tx timeout [ 326.284291][ T59] Bluetooth: hci6: command tx timeout [ 328.376806][ T59] Bluetooth: hci6: command tx timeout [ 329.086751][ T5156] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 329.114129][ T5156] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 329.117517][ T5156] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 329.119118][ T5156] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 329.119942][ T5156] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 329.504889][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 329.537592][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 329.543207][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 329.564378][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 329.565757][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 330.444012][ T59] Bluetooth: hci6: command tx timeout [ 331.244393][ T59] Bluetooth: hci7: command tx timeout [ 331.644119][ T59] Bluetooth: hci8: command tx timeout [ 332.525456][ T59] Bluetooth: hci6: command tx timeout [ 333.324494][ T59] Bluetooth: hci7: command tx timeout [ 333.724884][ T59] Bluetooth: hci8: command tx timeout [ 335.116491][ T5156] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 335.142250][ T5156] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 335.143689][ T5156] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 335.171317][ T5156] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 335.172741][ T5156] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 335.403929][ T59] Bluetooth: hci7: command tx timeout [ 335.803977][ T59] Bluetooth: hci8: command tx timeout [ 337.243984][ T59] Bluetooth: hci9: command tx timeout [ 337.496457][ T59] Bluetooth: hci7: command tx timeout [ 337.884036][ T59] Bluetooth: hci8: command tx timeout [ 339.324228][ T59] Bluetooth: hci9: command tx timeout [ 341.404454][ T59] Bluetooth: hci9: command tx timeout [ 342.121139][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 343.484366][ T59] Bluetooth: hci9: command tx timeout [ 352.061629][T11173] chnl_net:caif_netlink_parms(): no params data found [ 352.202847][T11161] chnl_net:caif_netlink_parms(): no params data found [ 352.485165][T11167] chnl_net:caif_netlink_parms(): no params data found [ 377.189689][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 377.212134][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 377.213481][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 377.235714][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 377.237112][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 378.780586][ T4907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 379.236636][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.236715][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.324161][ T5156] Bluetooth: hci3: command tx timeout [ 381.405437][ T5156] Bluetooth: hci3: command tx timeout [ 383.484022][ T5156] Bluetooth: hci3: command tx timeout [ 384.628728][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 384.661155][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 384.674313][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 384.678983][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 384.679776][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 385.563940][ T5156] Bluetooth: hci3: command tx timeout [ 386.764809][ T5156] Bluetooth: hci5: command tx timeout [ 388.857085][ T5156] Bluetooth: hci5: command tx timeout [ 389.589616][ T59] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 389.616402][ T59] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 389.618316][ T59] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 389.619550][ T59] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 389.662297][ T59] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 390.098940][ T5156] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 390.125301][ T5156] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 390.127531][ T5156] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 390.129588][ T5156] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 390.130366][ T5156] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 390.924185][ T59] Bluetooth: hci5: command tx timeout [ 391.724084][ T59] Bluetooth: hci10: command tx timeout [ 392.204877][ T59] Bluetooth: hci11: command tx timeout [ 393.003970][ T59] Bluetooth: hci5: command tx timeout [ 393.803932][ T59] Bluetooth: hci10: command tx timeout [ 394.283916][ T59] Bluetooth: hci11: command tx timeout [ 395.665410][ T5156] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 395.689437][ T5156] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 395.690834][ T5156] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 395.692113][ T5156] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 395.692929][ T5156] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 395.884042][ T5156] Bluetooth: hci10: command tx timeout [ 396.364310][ T5156] Bluetooth: hci11: command tx timeout [ 397.809263][ T5156] Bluetooth: hci12: command tx timeout [ 397.964553][ T5156] Bluetooth: hci10: command tx timeout [ 398.444150][ T5156] Bluetooth: hci11: command tx timeout [ 399.884406][ T5156] Bluetooth: hci12: command tx timeout [ 401.964748][ T5156] Bluetooth: hci12: command tx timeout [ 404.044572][ T5156] Bluetooth: hci12: command tx timeout [ 420.355691][ T4907] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 438.871814][ T59] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 438.910002][ T59] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 438.912531][ T59] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 438.944121][ T59] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 438.946754][ T59] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 440.154949][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.155028][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.015400][ T59] Bluetooth: hci13: command tx timeout [ 442.215488][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 443.084477][ T59] Bluetooth: hci13: command tx timeout [ 445.169105][ T59] Bluetooth: hci13: command tx timeout [ 445.231147][ T5849] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 445.272299][ T5846] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 445.287814][ T5846] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 445.289133][ T5846] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 445.289938][ T5846] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 447.244402][ T5846] Bluetooth: hci13: command tx timeout [ 447.335374][ T5846] Bluetooth: hci6: command 0x0406 tx timeout [ 449.989204][T11237] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 450.013628][T11237] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 450.032442][T11237] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 450.041406][T11237] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 450.043375][T11237] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 450.582636][T11238] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 450.612555][T11238] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 450.622263][T11238] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 450.633337][T11238] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 450.643987][T11238] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 451.005016][ T38] INFO: task syz.5.1813:11071 blocked for more than 143 seconds. [ 451.005045][ T38] Not tainted syzkaller #0 [ 451.005055][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 451.005067][ T38] task:syz.5.1813 state:D stack:25128 pid:11071 tgid:11071 ppid:7756 task_flags:0x400040 flags:0x00004006 [ 451.005117][ T38] Call Trace: [ 451.005124][ T38] [ 451.005136][ T38] __schedule+0x16f3/0x4c20 [ 451.005186][ T38] ? __lock_acquire+0xab9/0xd20 [ 451.005208][ T38] ? __pfx___schedule+0x10/0x10 [ 451.005245][ T38] ? schedule+0x91/0x360 [ 451.005270][ T38] schedule+0x165/0x360 [ 451.005295][ T38] schedule_timeout+0x9a/0x270 [ 451.005318][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 451.005353][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 451.005376][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.005398][ T38] ? wait_for_completion+0x267/0x5d0 [ 451.005422][ T38] wait_for_completion+0x2bf/0x5d0 [ 451.005459][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 451.005484][ T38] ? __raw_spin_lock_init+0x45/0x100 [ 451.005513][ T38] rcu_barrier+0x463/0x570 [ 451.005544][ T38] kvm_mmu_uninit_vm+0x53/0x90 [ 451.005564][ T38] kvm_arch_destroy_vm+0x23d/0x280 [ 451.005589][ T38] kvm_put_kvm+0xf8e/0x1670 [ 451.005619][ T38] ? __pfx_kvm_vm_release+0x10/0x10 [ 451.005641][ T38] kvm_vm_release+0x46/0x50 [ 451.005662][ T38] __fput+0x458/0xa80 [ 451.005693][ T38] task_work_run+0x1d4/0x260 [ 451.005724][ T38] ? __pfx_task_work_run+0x10/0x10 [ 451.005748][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 451.005774][ T38] exit_to_user_mode_loop+0xec/0x110 [ 451.005797][ T38] do_syscall_64+0x2bd/0x3b0 [ 451.005814][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.005837][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.005855][ T38] ? clear_bhb_loop+0x60/0xb0 [ 451.005877][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.005900][ T38] RIP: 0033:0x7fed828eec29 [ 451.005919][ T38] RSP: 002b:00007fff1e262c38 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 451.005939][ T38] RAX: 0000000000000000 RBX: 00007fed82b37da0 RCX: 00007fed828eec29 [ 451.005952][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 451.005962][ T38] RBP: 00007fed82b37da0 R08: 0000000000000ff4 R09: 000000041e262f2f [ 451.005975][ T38] R10: 00000000005fc87c R11: 0000000000000246 R12: 0000000000049ad3 [ 451.005987][ T38] R13: 00007fed82b36090 R14: ffffffffffffffff R15: 00007fff1e262d50 [ 451.006019][ T38] [ 451.006055][ T38] [ 451.006055][ T38] Showing all locks held in the system: [ 451.006064][ T38] 4 locks held by kworker/0:1/10: [ 451.006074][ T38] #0: ffff888057fd3538 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.006128][ T38] #1: ffffc900000f7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.006187][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 451.006231][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 451.006275][ T38] 3 locks held by kworker/u8:0/12: [ 451.006285][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.006328][ T38] #1: ffffc90000117bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.006372][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 451.006415][ T38] 7 locks held by ktimers/0/16: [ 451.006427][ T38] 1 lock held by khungtaskd/38: [ 451.006437][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 451.006481][ T38] 2 locks held by kworker/u8:3/57: [ 451.006491][ T38] 4 locks held by kworker/u9:0/59: [ 451.006502][ T38] #0: ffff8880272ff938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.006551][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.006596][ T38] #2: ffff888086ecc0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 451.006641][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 451.006695][ T38] 3 locks held by kworker/u8:11/1430: [ 451.006706][ T38] #0: ffff888030660938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.006757][ T38] #1: ffffc9000561fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.006802][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 451.006858][ T38] 6 locks held by kworker/u9:1/5156: [ 451.006869][ T38] #0: ffff88805e24c138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.006914][ T38] #1: ffffc9001045fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.006958][ T38] #2: ffff888032d08e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 451.006999][ T38] #3: ffff888032d080a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 451.007046][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 451.007092][ T38] #5: ffff888062775b58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 451.007138][ T38] 2 locks held by getty/5597: [ 451.007148][ T38] #0: ffff88823bf3e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 451.007196][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 451.007242][ T38] 3 locks held by kworker/u9:3/5846: [ 451.007252][ T38] #0: ffff8880213f4938 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.007297][ T38] #1: ffffc90004c3fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.007342][ T38] #2: ffff888067c30e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 451.007384][ T38] 5 locks held by kworker/u9:5/5849: [ 451.007395][ T38] #0: ffff88805922e138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.007439][ T38] #1: ffffc90004c8fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.007484][ T38] #2: ffff8880358d0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 451.007526][ T38] #3: ffff8880358d00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 451.007572][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 451.007619][ T38] 3 locks held by kworker/1:3/5875: [ 451.007629][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.007674][ T38] #1: ffffc90004d8fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.007728][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 451.007774][ T38] 4 locks held by kworker/0:8/6033: [ 451.007784][ T38] #0: ffff888032fb3538 ((wq_completion)wg-crypt-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.007833][ T38] #1: ffffc90005447bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.007892][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 451.007935][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 451.007979][ T38] 2 locks held by napi/wg0-0/7378: [ 451.007989][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 451.008032][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 451.008079][ T38] 1 lock held by syz.5.1813/11071: [ 451.008089][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 451.008132][ T38] 3 locks held by syz.2.1832/11134: [ 451.008142][ T38] #0: ffff88803988b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x5c/0x200 [ 451.008184][ T38] #1: ffff88805d40f0a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x80/0x200 [ 451.008228][ T38] #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 451.008270][ T38] 1 lock held by syz.1.1834/11145: [ 451.008280][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 451.008321][ T38] 1 lock held by syz.3.1837/11153: [ 451.008331][ T38] #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 451.008372][ T38] 2 locks held by syz-executor/11161: [ 451.008383][ T38] #0: ffffffff8e43b8a0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 451.008434][ T38] #1: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 451.008479][ T38] 1 lock held by syz.6.1841/11164: [ 451.008489][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 451.008537][ T38] 2 locks held by syz-executor/11173: [ 451.008547][ T38] #0: ffffffff8f1d7ae8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 451.008597][ T38] #1: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 451.008642][ T38] 1 lock held by syz-executor/11177: [ 451.008652][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 451.008696][ T38] 4 locks held by kworker/0:12/11179: [ 451.008715][ T38] 1 lock held by syz-executor/11204: [ 451.008725][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.008768][ T38] 1 lock held by syz-executor/11207: [ 451.008779][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.008820][ T38] 1 lock held by syz-executor/11211: [ 451.008831][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.008873][ T38] 1 lock held by syz-executor/11213: [ 451.008883][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.008925][ T38] 1 lock held by syz-executor/11217: [ 451.008935][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.008977][ T38] 1 lock held by dhcpcd/11221: [ 451.008987][ T38] #0: ffff888022231d78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009035][ T38] 1 lock held by dhcpcd/11222: [ 451.009045][ T38] #0: ffff8880222316b8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009092][ T38] 1 lock held by dhcpcd/11223: [ 451.009102][ T38] #0: ffff888022236e78 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009150][ T38] 1 lock held by syz-executor/11224: [ 451.009160][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.009203][ T38] 1 lock held by dhcpcd/11226: [ 451.009213][ T38] #0: ffff88805a4ee0f8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009259][ T38] 1 lock held by dhcpcd/11227: [ 451.009269][ T38] #0: ffff88805a4eda38 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009317][ T38] 1 lock held by dhcpcd/11228: [ 451.009326][ T38] #0: ffff88805a4eaaf8 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 451.009374][ T38] 1 lock held by syz-executor/11230: [ 451.009384][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.009425][ T38] 3 locks held by kworker/u9:2/11232: [ 451.009436][ T38] #0: ffff88802f144138 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.009480][ T38] #1: ffffc90005467bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.009526][ T38] #2: ffff888060928e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 451.009569][ T38] 1 lock held by syz-executor/11235: [ 451.009579][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.009621][ T38] 4 locks held by kworker/u9:4/11237: [ 451.009632][ T38] #0: ffff8880594c0938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.009680][ T38] #1: ffffc90005427bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.009730][ T38] #2: ffff888097c140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 451.009775][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 451.009820][ T38] 4 locks held by kworker/u9:7/11239: [ 451.009830][ T38] #0: ffff888057d1c138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 451.009879][ T38] #1: ffffc90005407bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 451.009924][ T38] #2: ffff888097fec0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 451.009967][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 451.010011][ T38] 1 lock held by syz-executor/11240: [ 451.010022][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 451.010064][ T38] [ 451.010069][ T38] ============================================= [ 451.010069][ T38] [ 451.010084][ T38] NMI backtrace for cpu 1 [ 451.010107][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 451.010127][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 451.010137][ T38] Call Trace: [ 451.010145][ T38] [ 451.010153][ T38] dump_stack_lvl+0x189/0x250 [ 451.010180][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.010202][ T38] ? __pfx__printk+0x10/0x10 [ 451.010234][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 451.010259][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 451.010282][ T38] ? __pfx__printk+0x10/0x10 [ 451.010305][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 451.010328][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 451.010352][ T38] watchdog+0xf93/0xfe0 [ 451.010378][ T38] ? watchdog+0x1de/0xfe0 [ 451.010405][ T38] kthread+0x70e/0x8a0 [ 451.010431][ T38] ? __pfx_watchdog+0x10/0x10 [ 451.010451][ T38] ? __pfx_kthread+0x10/0x10 [ 451.010478][ T38] ? __pfx_kthread+0x10/0x10 [ 451.010502][ T38] ret_from_fork+0x436/0x7d0 [ 451.010526][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 451.010553][ T38] ? __switch_to_asm+0x39/0x70 [ 451.010568][ T38] ? __switch_to_asm+0x33/0x70 [ 451.010583][ T38] ? __pfx_kthread+0x10/0x10 [ 451.010607][ T38] ret_from_fork_asm+0x1a/0x30 [ 451.010639][ T38] [ 451.010646][ T38] Sending NMI from CPU 1 to CPUs 0: [ 451.010673][ C0] NMI backtrace for cpu 0 [ 451.010687][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 451.010705][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 451.010714][ C0] RIP: 0010:synproxy_send_client_synack+0x347/0xe20 [ 451.010738][ C0] Code: 1f 07 00 00 66 41 c7 07 40 00 48 8b 44 24 48 4c 8d b8 3e 09 00 00 4c 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 1b 07 00 00 <45> 0f b6 3f 48 8d 7a 08 48 89 f8 48 c1 e8 03 42 0f b6 04 28 84 c0 [ 451.010751][ C0] RSP: 0018:ffffc90000156e80 EFLAGS: 00000246 [ 451.010765][ C0] RAX: 0000000000000000 RBX: ffff88808c1fed50 RCX: ffff88801ae85940 [ 451.010777][ C0] RDX: ffff88808fafb540 RSI: 0000000000000000 RDI: ffff88808fafb544 [ 451.010788][ C0] RBP: ffffc90000156f90 R08: 0000000000000000 R09: 0000000000000100 [ 451.010798][ C0] R10: dffffc0000000000 R11: ffffed1011f5f6b5 R12: ffff88808c1fec80 [ 451.010810][ C0] R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88803547093e [ 451.010822][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 451.010834][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 451.010846][ C0] CR2: 00007f695b5e6038 CR3: 0000000096548000 CR4: 00000000003526f0 [ 451.010860][ C0] Call Trace: [ 451.010866][ C0] [ 451.010879][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 451.010898][ C0] ? nft_synproxy_eval_v6+0x550/0x560 [ 451.010915][ C0] ? synproxy_pernet+0x45/0x270 [ 451.010932][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 451.010951][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 451.010976][ C0] ? nf_ip_checksum+0x13c/0x510 [ 451.010994][ C0] nft_synproxy_do_eval+0x345/0x570 [ 451.011013][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 451.011036][ C0] nft_do_chain+0x40c/0x1920 [ 451.011059][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 451.011094][ C0] nft_do_chain_inet+0x25d/0x340 [ 451.011109][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 451.011124][ C0] ? __lock_acquire+0xab9/0xd20 [ 451.011147][ C0] ? NF_HOOK+0x9a/0x3a0 [ 451.011165][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 451.011180][ C0] nf_hook_slow+0xc2/0x220 [ 451.011202][ C0] NF_HOOK+0x206/0x3a0 [ 451.011220][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 451.011237][ C0] ? NF_HOOK+0x9a/0x3a0 [ 451.011254][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 451.011270][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 451.011289][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 451.011308][ C0] ? skb_dst+0x4f/0xd0 [ 451.011325][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 451.011345][ C0] NF_HOOK+0x30c/0x3a0 [ 451.011363][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 451.011380][ C0] ? NF_HOOK+0x9a/0x3a0 [ 451.011397][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 451.011415][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 451.011439][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 451.011455][ C0] __netif_receive_skb+0x143/0x380 [ 451.011473][ C0] ? rt_spin_unlock+0x65/0x80 [ 451.011491][ C0] ? process_backlog+0x27b/0x900 [ 451.011508][ C0] process_backlog+0x31e/0x900 [ 451.011531][ C0] __napi_poll+0xb3/0x540 [ 451.011550][ C0] net_rx_action+0x707/0xe00 [ 451.011566][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 451.011594][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 451.011629][ C0] handle_softirqs+0x22f/0x710 [ 451.011651][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 451.011673][ C0] run_ktimerd+0xcf/0x190 [ 451.011691][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 451.011709][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 451.011726][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 451.011744][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 451.011759][ C0] smpboot_thread_fn+0x53f/0xa60 [ 451.011777][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 451.011798][ C0] kthread+0x70e/0x8a0 [ 451.011818][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 451.011834][ C0] ? __pfx_kthread+0x10/0x10 [ 451.011855][ C0] ? __pfx_kthread+0x10/0x10 [ 451.011874][ C0] ret_from_fork+0x436/0x7d0 [ 451.011892][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 451.011912][ C0] ? __switch_to_asm+0x39/0x70 [ 451.011925][ C0] ? __switch_to_asm+0x33/0x70 [ 451.011938][ C0] ? __pfx_kthread+0x10/0x10 [ 451.011963][ C0] ret_from_fork_asm+0x1a/0x30 [ 451.011985][ C0] [ 451.012675][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 451.012688][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 451.012713][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 451.012723][ T38] Call Trace: [ 451.012731][ T38] [ 451.012738][ T38] dump_stack_lvl+0x99/0x250 [ 451.012762][ T38] ? __asan_memcpy+0x40/0x70 [ 451.012781][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.012804][ T38] ? __pfx__printk+0x10/0x10 [ 451.012835][ T38] vpanic+0x281/0x750 [ 451.012860][ T38] ? __pfx_vpanic+0x10/0x10 [ 451.012880][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 451.012898][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.012932][ T38] panic+0xb9/0xc0 [ 451.012954][ T38] ? __pfx_panic+0x10/0x10 [ 451.012979][ T38] ? irq_work_queue+0xc3/0x140 [ 451.013005][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 451.013029][ T38] watchdog+0xfd2/0xfe0 [ 451.013054][ T38] ? watchdog+0x1de/0xfe0 [ 451.013081][ T38] kthread+0x70e/0x8a0 [ 451.013106][ T38] ? __pfx_watchdog+0x10/0x10 [ 451.013126][ T38] ? __pfx_kthread+0x10/0x10 [ 451.013154][ T38] ? __pfx_kthread+0x10/0x10 [ 451.013179][ T38] ret_from_fork+0x436/0x7d0 [ 451.013203][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 451.013230][ T38] ? __switch_to_asm+0x39/0x70 [ 451.013246][ T38] ? __switch_to_asm+0x33/0x70 [ 451.013261][ T38] ? __pfx_kthread+0x10/0x10 [ 451.013285][ T38] ret_from_fork_asm+0x1a/0x30 [ 451.013317][ T38] [ 451.013463][ T38] Kernel Offset: disabled