last executing test programs: 6m3.879093476s ago: executing program 1 (id=289): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xe, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xf1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94) 6m3.161080206s ago: executing program 1 (id=297): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x1, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x200048e0}, 0x4) sendmsg$NFNL_MSG_CTHELPER_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x44891}, 0x4004000) 6m2.84260324s ago: executing program 1 (id=299): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)={0x30, r1, 0x1, 0xfffffffb, 0x100000, {{}, {}, {0x14, 0x19, {0xfffffffe, 0x1009, 0x5, 0x5}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24000114}, 0x40090) 6m2.512026928s ago: executing program 1 (id=305): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$nfs(&(0x7f00000001c0)='..\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x85000, 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 6m2.293431657s ago: executing program 1 (id=309): ppoll(&(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064d1, &(0x7f0000000040)={0x1, 0x0, &(0x7f00000000c0)=[0x0]}) 6m1.134040524s ago: executing program 1 (id=321): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="0000000002000100240012800b00010065727370616e0000140002800600020030000000080004"], 0x44}}, 0x0) 6m0.690226669s ago: executing program 32 (id=321): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32=0x0, @ANYBLOB="0000000002000100240012800b00010065727370616e0000140002800600020030000000080004"], 0x44}}, 0x0) 5m35.069593308s ago: executing program 2 (id=502): r0 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, "000064640000001503fe00", "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]}) ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000000)={0x9, 0x0, 0x2, 0x10000000, 0x0, 0x4, "0ff8000000000000c5c6ff0717c3a86d", 0x0, 0x2, 0x3, 0xff, 0x0, 0x1, 0xff}) 5m33.809248898s ago: executing program 2 (id=513): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000001300), r0) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000001440)={0x0, 0x0, &(0x7f0000001400)={&(0x7f0000001340)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x36}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8085}, 0x10) 5m33.551927378s ago: executing program 2 (id=504): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') setns(r0, 0x0) 5m33.346307733s ago: executing program 2 (id=505): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x48, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x24, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x48}}, 0x0) 5m32.707980378s ago: executing program 2 (id=507): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 5m32.376472173s ago: executing program 2 (id=511): unshare(0x24060400) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={0x0}) 5m20.73566073s ago: executing program 0 (id=646): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000040)=0x1, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000840)=@req3={0xfffffffa, 0xc530, 0x7, 0x9, 0x7, 0x1, 0xff}, 0x1c) 5m20.343527633s ago: executing program 0 (id=650): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000000)={{0x6, @rose, 0x6}, [@bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r0) 5m20.109847915s ago: executing program 0 (id=652): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xfffffd39, &(0x7f0000000000)='/proc/1/\x99\xefq\xee\xe5\xa0\xbd\xc2\x98#Y?0W\xb3W\xd2\xbfP\xee'}, 0x30) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) rmdir(&(0x7f0000000000)='./file0\x00') 5m19.942098147s ago: executing program 0 (id=654): r0 = socket$inet(0x2, 0x1, 0x100) setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040)=0x3, 0x4) listen(r0, 0x0) 5m19.575688741s ago: executing program 0 (id=657): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) 5m19.295958623s ago: executing program 0 (id=659): preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0xc4, 0x0, 0x0, 0x9) r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc4c85513, &(0x7f0000000040)={0xb, 0x5, 0x0, 0x3}) 5m17.20744297s ago: executing program 33 (id=511): unshare(0x24060400) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x2) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000080)={0x0}) 5m4.119472896s ago: executing program 34 (id=659): preadv2(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0xc4, 0x0, 0x0, 0x9) r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc4c85513, &(0x7f0000000040)={0xb, 0x5, 0x0, 0x3}) 37.10494316s ago: executing program 4 (id=4555): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0x18, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a7000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a800000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x19}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 36.916898728s ago: executing program 4 (id=4558): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x3]}}) 36.749058402s ago: executing program 4 (id=4560): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 35.721196224s ago: executing program 4 (id=4576): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x3c, r1, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044011}, 0x4000) 35.546040044s ago: executing program 4 (id=4579): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040ac057a02000000000001090224000102000036090400b901030000000921000805012205000905810300"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x9}]}}, 0x0}, 0x0) 33.554934729s ago: executing program 7 (id=4613): r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e24, @local}, 0x64) setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000000000)={0x10001, 0x2, 0x1}, 0xc) 33.535001382s ago: executing program 5 (id=4614): r0 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000480)='.', 0x1, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xf1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r0, r1, r0}, &(0x7f00000001c0)=""/241, 0xf1, &(0x7f0000000000)={&(0x7f0000000140)={'rmd160\x00'}}) 33.386490065s ago: executing program 6 (id=4615): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)={0xec, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0xa0, 0x8, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ALLOWEDIPS={0x74, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x3}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}]}, {0x41, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}]}, {0x4}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0xec}, 0x1, 0x0, 0x0, 0x4004840}, 0x40804) 33.252328417s ago: executing program 7 (id=4616): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f00000000c0), 0x4) 33.236666012s ago: executing program 5 (id=4617): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) shmget$private(0x0, 0x400000, 0x0, &(0x7f000000e000/0x400000)=nil) shmctl$IPC_RMID(0x0, 0x0) 32.987127198s ago: executing program 5 (id=4618): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newqdisc={0x6c, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xffe0, 0x10}, {0xfff1, 0x2}, {0x4}}, [@TCA_STAB={0x48, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0xfa, 0xa, 0x0, 0x3, 0x7e, 0x2}}, {0x8, 0x2, [0x7, 0x2]}}, {{0x1c, 0x1, {0x0, 0x4, 0x800, 0x9, 0x1, 0x0, 0x4}}, {0x4}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x20000091}, 0x4040480) 32.934907617s ago: executing program 7 (id=4619): r0 = socket$netlink(0x10, 0x3, 0xf) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x8}, 0xc) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) 32.603186948s ago: executing program 7 (id=4621): r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x4000) 32.359241526s ago: executing program 4 (id=4623): r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 32.33358918s ago: executing program 5 (id=4624): r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETGAMMA(r0, 0xc02064a4, &(0x7f0000000200)={r1, 0x0, 0x0, 0x0, 0x0}) 32.071052324s ago: executing program 5 (id=4626): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000002d40)=ANY=[@ANYBLOB="1c0000001a0069ae26bd7000000000001c000000ff00000405"], 0x1c}}, 0x0) 27.230432886s ago: executing program 3 (id=4627): unshare(0x2a020400) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00') sendfile(r0, r0, 0x0, 0x2000007ff) 23.268687314s ago: executing program 5 (id=4628): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)=0x2) ioctl$PPPIOCSMRRU(r0, 0x4004743b, 0x0) 23.248794446s ago: executing program 6 (id=4629): r0 = fsopen(&(0x7f0000000100)='cgroup\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000200)='c:::\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000000240)='ceph\x00', 0x0) 23.214224545s ago: executing program 7 (id=4630): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149e82, 0x244) setresuid(0x0, 0xee01, 0xffffffffffffffff) write$cgroup_int(r0, &(0x7f0000000000)=0xfe8e, 0x12) 22.994302783s ago: executing program 6 (id=4631): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) recvmmsg(r0, &(0x7f0000006ec0)=[{{0x0, 0x0, 0x0}, 0xfffffffe}], 0x1, 0x6bf68235da62b43, 0x0) 22.751735919s ago: executing program 7 (id=4632): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x23, 0x4, 0x9, 0x0, r0}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) 22.035003241s ago: executing program 6 (id=4633): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x7) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xe9) 21.041424383s ago: executing program 6 (id=4634): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x420, &(0x7f00000001c0)={[{@inode32}, {@noswap}]}) 20.913124203s ago: executing program 6 (id=4635): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 17.109684073s ago: executing program 35 (id=4623): r0 = openat$kvm(0xffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 16.027657627s ago: executing program 3 (id=4637): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r0], 0x38}}, 0x20000010) 15.887608914s ago: executing program 3 (id=4638): r0 = socket(0x40000000015, 0x5, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x13, r0, 0x0) setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000180)=0x1, 0x4) 15.830846689s ago: executing program 3 (id=4639): r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = dup(r0) getdents64(r1, 0x0, 0x0) 15.709581931s ago: executing program 3 (id=4640): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$vim2m(&(0x7f0000000580), 0xeb, 0x2) close_range(r0, 0xffffffffffffffff, 0x0) 15.605461761s ago: executing program 3 (id=4641): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x4001af84, &(0x7f0000000000)) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) 7.784222326s ago: executing program 36 (id=4628): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000300)=0x2) ioctl$PPPIOCSMRRU(r0, 0x4004743b, 0x0) 7.597936773s ago: executing program 37 (id=4632): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x23, 0x4, 0x9, 0x0, r0}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x38) 5.619331031s ago: executing program 38 (id=4635): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4}, [@printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 0s ago: executing program 39 (id=4641): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x4001af84, &(0x7f0000000000)) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) kernel console output (not intermixed with test programs): [ 334.236361][ T6061] rc_core: IR keymap rc-dib0700-rc5 not found [ 334.236381][ T6061] Registered IR keymap rc-empty [ 334.236685][ T6061] dvb-usb: could not initialize remote control. [ 334.236694][ T6061] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected. [ 334.420780][T12034] netlink: 11 bytes leftover after parsing attributes in process `syz.4.2689'. [ 334.449035][ T6061] usb 8-1: USB disconnect, device number 23 [ 334.536300][ T6061] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected. [ 335.140340][T12058] netlink: 'syz.3.2702': attribute type 12 has an invalid length. [ 335.140361][T12058] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.2702'. [ 336.136919][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 336.136935][ T37] audit: type=1326 audit(2000000044.063:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12081 comm="syz.5.2713" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2c9c8deec9 code=0x0 [ 337.554021][ T9] kernel write not supported for file /sg0 (pid: 9 comm: kworker/0:0) [ 337.781050][T12128] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2733'. [ 338.220596][ T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 338.297481][T12151] sctp: [Deprecated]: syz.7.2745 (pid 12151) Use of struct sctp_assoc_value in delayed_ack socket option. [ 338.297481][T12151] Use struct sctp_sack_info instead [ 338.370667][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 338.373467][ T9] usb 5-1: config index 0 descriptor too short (expected 30, got 18) [ 338.387605][ T9] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 338.387632][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.387652][ T9] usb 5-1: Product: syz [ 338.387665][ T9] usb 5-1: Manufacturer: syz [ 338.387678][ T9] usb 5-1: SerialNumber: syz [ 338.420213][ T9] usb 5-1: config 0 descriptor?? [ 338.450221][ T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 338.450275][ T9] usb 5-1: setting power ON [ 338.450293][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 338.481633][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 338.482464][ T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 338.482518][ T9] usb 5-1: media controller created [ 338.563237][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 338.611115][ T9] usb 5-1: selecting invalid altsetting 6 [ 338.611139][ T9] usb 5-1: digital interface selection failed (-22) [ 338.611154][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 338.612743][ T9] usb 5-1: setting power OFF [ 338.612763][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 338.612780][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 338.612792][ T9] (NULL device *): no alternate interface [ 338.673927][T12136] dvb-usb: bulk message failed: -22 (3/0) [ 338.729532][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 338.743578][ T9] usb 5-1: USB disconnect, device number 28 [ 338.820632][ T6061] usb 8-1: new full-speed USB device number 24 using dummy_hcd [ 338.847690][T12164] UBIFS error (pid: 12164): cannot open "c:::", error -22 [ 338.996371][ T6061] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 338.996421][ T6061] usb 8-1: New USB device found, idVendor=1b1c, idProduct=0a0f, bcdDevice= 0.00 [ 338.996443][ T6061] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.008030][ T6061] usb 8-1: config 0 descriptor?? [ 339.437522][ T6061] hid-corsair-void 0003:1B1C:0A0F.003A: item fetching failed at offset 0/3 [ 339.438306][ T6061] hid-corsair-void 0003:1B1C:0A0F.003A: parse failed (reason: -22) [ 339.438410][ T6061] hid-corsair-void 0003:1B1C:0A0F.003A: probe with driver hid-corsair-void failed with error -22 [ 339.634705][ T6061] usb 8-1: USB disconnect, device number 24 [ 339.990617][ T31] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 340.028639][T12205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2771'. [ 340.147448][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.147481][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.147521][ T31] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 340.147544][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.158454][ T31] usb 5-1: config 0 descriptor?? [ 340.804213][ T31] hid-led 0003:1D34:000A.003B: probe with driver hid-led failed with error -71 [ 340.820885][ T31] usb 5-1: USB disconnect, device number 29 [ 341.200579][ T5910] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 341.357033][ T5910] usb 4-1: unable to get BOS descriptor or descriptor too short [ 341.359041][ T5910] usb 4-1: not running at top speed; connect to a high speed hub [ 341.380862][ T5910] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 341.380893][ T5910] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 341.408113][ T5910] usb 4-1: string descriptor 0 read error: -22 [ 341.408260][ T5910] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 341.408282][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.466233][ T5910] usb 4-1: 0:2 : does not exist [ 341.802678][T12255] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2795'. [ 342.086922][ T5910] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5) [ 342.101916][ T5910] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 342.119132][ T5910] usb 4-1: 5:0: failed to get current value for ch 1 (-22) [ 342.130896][ T31] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 342.172796][ T5910] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5) [ 342.180205][ T5910] usb 4-1: USB disconnect, device number 29 [ 342.200949][ T6061] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 342.316422][ T31] usb 6-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 342.316452][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.330207][ T31] usb 6-1: config 0 descriptor?? [ 342.370880][ T6061] usb 5-1: Using ep0 maxpacket: 8 [ 342.378537][ T6061] usb 5-1: config 2 has an invalid interface number: 31 but max is 0 [ 342.378562][ T6061] usb 5-1: config 2 has no interface number 0 [ 342.378664][ T6061] usb 5-1: config 2 interface 31 has no altsetting 0 [ 342.383541][ T6061] usb 5-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 342.383620][ T6061] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.383639][ T6061] usb 5-1: Product: syz [ 342.383652][ T6061] usb 5-1: Manufacturer: syz [ 342.383665][ T6061] usb 5-1: SerialNumber: syz [ 342.814071][ T31] elecom 0003:056E:00E6.003C: unknown main item tag 0x0 [ 342.814109][ T31] elecom 0003:056E:00E6.003C: unknown main item tag 0x0 [ 342.814190][ T31] elecom 0003:056E:00E6.003C: unknown main item tag 0x0 [ 342.814217][ T31] elecom 0003:056E:00E6.003C: unknown main item tag 0x0 [ 342.814243][ T31] elecom 0003:056E:00E6.003C: unknown main item tag 0x0 [ 342.822309][ T31] elecom 0003:056E:00E6.003C: hidraw0: USB HID v1.01 Device [HID 056e:00e6] on usb-dummy_hcd.5-1/input0 [ 342.842983][T12284] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 342.980850][ T31] usb 6-1: USB disconnect, device number 25 [ 343.055994][ T6061] ch9200 5-1:2.31: probe with driver ch9200 failed with error -22 [ 343.079151][ T6061] usb 5-1: USB disconnect, device number 30 [ 343.668249][T12301] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2817'. [ 343.900314][ T37] audit: type=1326 audit(2000000051.823:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.902846][ T37] audit: type=1326 audit(2000000051.833:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.903122][ T37] audit: type=1326 audit(2000000051.833:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.903362][ T37] audit: type=1326 audit(2000000051.833:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.903955][ T37] audit: type=1326 audit(2000000051.833:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.904189][ T37] audit: type=1326 audit(2000000051.833:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 343.904461][ T37] audit: type=1326 audit(2000000051.833:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12312 comm="syz.4.2823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b102beec9 code=0x7ffc0000 [ 344.545653][T12341] netlink: 'syz.3.2835': attribute type 3 has an invalid length. [ 344.709447][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2842'. [ 345.128032][T12370] sp0: Synchronizing with TNC [ 345.150784][T12370] sp0: Found TNC [ 345.158910][T12373] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2848'. [ 345.350579][ T8150] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 345.502964][ T8150] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 345.502991][ T8150] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 345.509327][ T8150] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 345.509357][ T8150] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 345.509377][ T8150] usb 5-1: SerialNumber: syz [ 345.803059][ T8150] usb 5-1: 0:2 : does not exist [ 345.856593][ T8150] usb 5-1: USB disconnect, device number 31 [ 345.869327][ T6061] kernel write not supported for file /dsp1 (pid: 6061 comm: kworker/1:7) [ 346.065039][T12405] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 346.065096][T12405] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 346.065185][T12405] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 346.065309][T12405] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 346.065360][T12405] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 346.065438][T12405] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 346.065565][T12405] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 346.065614][T12405] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 346.065662][T12405] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 346.065709][T12405] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 346.065757][T12405] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 346.065804][T12405] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 346.310029][T12411] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2869'. [ 346.310051][T12411] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2869'. [ 346.310076][T12411] netlink: 'syz.6.2869': attribute type 18 has an invalid length. [ 346.780313][T12423] netlink: 'syz.3.2873': attribute type 3 has an invalid length. [ 347.224824][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2883'. [ 348.645979][T12474] "syz.3.2899" (12474) uses obsolete ecb(arc4) skcipher [ 348.920594][ T37] audit: type=1326 audit(2000000056.843:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.941377][ T37] audit: type=1326 audit(2000000056.873:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.942524][ T37] audit: type=1326 audit(2000000056.873:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.942571][ T37] audit: type=1326 audit(2000000056.873:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.942611][ T37] audit: type=1326 audit(2000000056.873:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.944228][ T37] audit: type=1326 audit(2000000056.873:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.944276][ T37] audit: type=1326 audit(2000000056.873:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 348.944315][ T37] audit: type=1326 audit(2000000056.873:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12501 comm="syz.7.2911" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 349.665236][T12533] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 349.665262][T12533] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 349.712209][T12533] vhci_hcd vhci_hcd.0: Device attached [ 349.890807][ T8150] vhci_hcd: vhci_device speed not set [ 349.930678][ T31] usb 4-1: new low-speed USB device number 30 using dummy_hcd [ 349.950575][ T8150] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 350.083482][ T31] usb 4-1: config 0 has no interfaces? [ 350.083519][ T31] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 350.083542][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.097840][ T31] usb 4-1: config 0 descriptor?? [ 350.338147][ T31] usb 4-1: USB disconnect, device number 30 [ 350.365293][T12534] vhci_hcd: unknown pdu 2 [ 350.383209][ T6814] vhci_hcd: stop threads [ 350.384097][ T6814] vhci_hcd: release socket [ 350.410932][ T6814] vhci_hcd: disconnect device [ 350.440684][ T8150] vhci_hcd: vhci_device speed not set [ 350.861072][T12560] netlink: 'syz.6.2937': attribute type 1 has an invalid length. [ 351.657788][T12587] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.2950'. [ 351.980993][T12600] block nbd6: not configured, cannot reconfigure [ 352.005449][T12601] delete_channel: no stack [ 352.008857][T12597] delete_channel: no stack [ 352.096520][T12607] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2960'. [ 352.103486][T12605] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2959'. [ 352.272145][T12613] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2963'. [ 352.409046][T12617] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2965'. [ 352.466845][T12617] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 352.720385][T12633] [U] „ [ 352.824041][T12635] xt_HMARK: spi-set and port-set can't be combined [ 353.190955][ T5895] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 353.353138][ T5895] usb 6-1: config 220 has an invalid interface number: 76 but max is 2 [ 353.353164][ T5895] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 353.353183][ T5895] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 353.353202][ T5895] usb 6-1: config 220 has no interface number 2 [ 353.353278][ T5895] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 353.353304][ T5895] usb 6-1: config 220 interface 0 has no altsetting 0 [ 353.353321][ T5895] usb 6-1: config 220 interface 76 has no altsetting 0 [ 353.353339][ T5895] usb 6-1: config 220 interface 1 has no altsetting 0 [ 353.358553][ T5895] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 353.358580][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.358599][ T5895] usb 6-1: Product: syz [ 353.358613][ T5895] usb 6-1: Manufacturer: syz [ 353.358627][ T5895] usb 6-1: SerialNumber: syz [ 353.627095][ T5895] usb 6-1: selecting invalid altsetting 0 [ 353.627624][ T5895] usb 6-1: Found UVC 7.01 device syz (8086:0b07) [ 353.627653][ T5895] usb 6-1: No valid video chain found. [ 353.667950][ T5895] usb 6-1: selecting invalid altsetting 0 [ 353.667989][ T5895] usbtest 6-1:220.1: probe with driver usbtest failed with error -22 [ 353.697373][ T5895] usb 6-1: USB disconnect, device number 26 [ 353.945376][T12677] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2992'. [ 354.500655][ T8150] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 354.653398][ T8150] usb 4-1: Using ep0 maxpacket: 32 [ 354.656627][ T8150] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 354.659722][ T8150] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 354.659750][ T8150] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 354.659771][ T8150] usb 4-1: Product: syz [ 354.659785][ T8150] usb 4-1: Manufacturer: syz [ 354.659799][ T8150] usb 4-1: SerialNumber: syz [ 354.722613][ T8150] usb 4-1: config 0 descriptor?? [ 354.724449][T12688] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 354.858981][T12717] netlink: 47 bytes leftover after parsing attributes in process `syz.4.3010'. [ 354.948141][ T31] usb 4-1: USB disconnect, device number 31 [ 355.486382][ T5895] usb 8-1: new full-speed USB device number 25 using dummy_hcd [ 355.637124][ T5895] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 355.637179][ T5895] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 355.637214][ T5895] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 65535, setting to 64 [ 355.637238][ T5895] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 355.638868][ T5895] usb 8-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 355.638894][ T5895] usb 8-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 355.638914][ T5895] usb 8-1: Manufacturer: syz [ 355.668758][ T5895] usb 8-1: config 0 descriptor?? [ 355.900572][ T5153] Bluetooth: hci4: command 0x0406 tx timeout [ 355.992551][ T5895] rc_core: IR keymap rc-hauppauge not found [ 355.992571][ T5895] Registered IR keymap rc-empty [ 355.994764][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.012626][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.032177][ T5895] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0 [ 356.035327][ T5895] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/rc/rc0/input21 [ 356.096817][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.117841][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.132913][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.150900][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.171006][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.191490][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.200786][T12768] ALSA: mixer_oss: invalid OSS volume '' [ 356.211053][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.241689][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.260916][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.283647][ T5895] mceusb 8-1:0.0: Error: mce write urb status = -71 [ 356.346981][ T5895] mceusb 8-1:0.0: Registered with mce emulator interface version 1 [ 356.347005][ T5895] mceusb 8-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 356.363009][ T5895] usb 8-1: USB disconnect, device number 25 [ 356.648548][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3039'. [ 356.648570][T12781] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3039'. [ 356.648596][T12781] netlink: 'syz.7.3039': attribute type 6 has an invalid length. [ 356.660649][ T31] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 356.836583][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 356.836618][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 356.836644][ T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 356.836686][ T31] usb 6-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00 [ 356.836708][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.865083][ T31] usb 6-1: config 0 descriptor?? [ 356.866209][T12774] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 357.298488][ T31] sigmamicro 0003:1C4F:0059.003D: unknown main item tag 0x0 [ 357.310885][ T31] sigmamicro 0003:1C4F:0059.003D: hidraw0: USB HID v0.00 Device [HID 1c4f:0059] on usb-dummy_hcd.5-1/input0 [ 357.483606][T12811] veth0_to_team: entered promiscuous mode [ 357.518336][ T5895] usb 6-1: USB disconnect, device number 27 [ 358.211206][ T5895] usb 8-1: new full-speed USB device number 26 using dummy_hcd [ 358.404291][ T5895] usb 8-1: config 0 has an invalid interface number: 7 but max is 0 [ 358.404318][ T5895] usb 8-1: config 0 has no interface number 0 [ 358.404364][ T5895] usb 8-1: config 0 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 358.404391][ T5895] usb 8-1: config 0 interface 7 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.406134][ T5895] usb 8-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice=22.00 [ 358.406159][ T5895] usb 8-1: New USB device strings: Mfr=17, Product=0, SerialNumber=0 [ 358.406179][ T5895] usb 8-1: Manufacturer: syz [ 358.418128][ T5895] usb 8-1: config 0 descriptor?? [ 358.450700][ T5926] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 358.627693][ T5926] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 358.628280][ T5926] usb 6-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 358.628305][ T5926] usb 6-1: Product: syz [ 358.628319][ T5926] usb 6-1: Manufacturer: syz [ 358.628332][ T5926] usb 6-1: SerialNumber: syz [ 358.670185][ T5926] usb 6-1: config 0 descriptor?? [ 358.678955][ T5926] ch341 6-1:0.0: ch341-uart converter detected [ 358.760696][ T8150] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 358.913710][ T8150] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 358.913744][ T8150] usb 4-1: config 0 interface 0 has no altsetting 0 [ 358.913777][ T8150] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00 [ 358.913799][ T8150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.919987][ T8150] usb 4-1: config 0 descriptor?? [ 358.933242][ T5895] uclogic 0003:5543:0522.003E: unbalanced delimiter at end of report description [ 358.937437][ T5895] uclogic 0003:5543:0522.003E: parse failed [ 358.939912][ T5895] uclogic 0003:5543:0522.003E: probe with driver uclogic failed with error -22 [ 359.071265][ T5895] usb 8-1: USB disconnect, device number 26 [ 359.351268][ T5926] usb 6-1: failed to send control message: -71 [ 359.351326][ T5926] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 359.365040][ T5926] usb 6-1: USB disconnect, device number 28 [ 359.367245][ T5926] ch341 6-1:0.0: device disconnected [ 359.398832][ T8150] logitech 0003:046D:C294.003F: unknown main item tag 0x0 [ 359.398868][ T8150] logitech 0003:046D:C294.003F: unknown main item tag 0x0 [ 359.417920][ T8150] logitech 0003:046D:C294.003F: hidraw0: USB HID v0.04 Device [HID 046d:c294] on usb-dummy_hcd.3-1/input0 [ 359.417953][ T8150] logitech 0003:046D:C294.003F: no inputs found [ 359.463900][T12854] QAT: Invalid ioctl 1075883590 [ 359.464016][T12854] QAT: Invalid ioctl 1075883590 [ 359.464103][T12854] QAT: Invalid ioctl 1075883590 [ 359.464203][T12854] QAT: Invalid ioctl 1075883590 [ 359.464292][T12854] QAT: Invalid ioctl 1075883590 [ 359.464377][T12854] QAT: Invalid ioctl 1075883590 [ 359.464462][T12854] QAT: Invalid ioctl 1075883590 [ 359.464549][T12854] QAT: Invalid ioctl 1075883590 [ 359.464635][T12854] QAT: Invalid ioctl 1075883590 [ 359.464732][T12854] QAT: Invalid ioctl 1075883590 [ 359.602590][ T5926] usb 4-1: USB disconnect, device number 32 [ 359.929739][T12874] netlink: 'syz.7.3083': attribute type 2 has an invalid length. [ 360.049969][T12878] pim6reg527: entered allmulticast mode [ 360.718205][ T5153] Bluetooth: hci2: unexpected event for opcode 0x0c1c [ 360.809844][ T5153] Bluetooth: hci5: unexpected event for opcode 0x2031 [ 361.119385][T12908] program syz.6.3099 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 361.479475][T12914] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3102'. [ 361.851794][ T5910] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 361.879783][ T37] audit: type=1326 audit(2000000069.803:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.879998][ T37] audit: type=1326 audit(2000000069.803:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.890671][ T37] audit: type=1326 audit(2000000069.813:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.891028][ T37] audit: type=1326 audit(2000000069.823:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.891071][ T37] audit: type=1326 audit(2000000069.823:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.901446][ T37] audit: type=1326 audit(2000000069.823:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.901495][ T37] audit: type=1326 audit(2000000069.823:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 361.901535][ T37] audit: type=1326 audit(2000000069.823:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12932 comm="syz.5.3111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 362.042925][T12937] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3113'. [ 362.093004][ T5910] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 362.093031][ T5910] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 362.094582][ T5910] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 362.094609][ T5910] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 362.094628][ T5910] usb 8-1: SerialNumber: syz [ 362.355374][ T5910] usb 8-1: 0:2 : does not exist [ 362.391124][ T5895] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 362.394836][ T5910] usb 8-1: USB disconnect, device number 27 [ 362.550594][ T5895] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 362.550650][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.550675][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.550713][ T5895] usb 6-1: New USB device found, idVendor=056a, idProduct=0010, bcdDevice= 0.00 [ 362.550733][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.557220][ T5895] usb 6-1: config 0 descriptor?? [ 362.846928][T12959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3125'. [ 363.022853][ T5895] wacom 0003:056A:0010.0040: Unknown device_type for 'HID 056a:0010'. Assuming pen. [ 363.033876][ T5895] wacom 0003:056A:0010.0040: hidraw0: USB HID v0.00 Device [HID 056a:0010] on usb-dummy_hcd.5-1/input0 [ 363.044965][ T5895] input: Wacom Graphire Pen as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:056A:0010.0040/input/input22 [ 363.198110][T12971] netlink: 104 bytes leftover after parsing attributes in process `syz.4.3130'. [ 363.204934][ T5910] usb 6-1: USB disconnect, device number 29 [ 363.287751][ T37] audit: type=1326 audit(2000000071.213:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.3.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 363.290767][ T37] audit: type=1326 audit(2000000071.223:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12972 comm="syz.3.3131" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 363.461296][T12980] netlink: 'syz.4.3135': attribute type 2 has an invalid length. [ 364.411231][ T5926] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 364.573463][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 364.573498][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.573521][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 364.573567][ T5926] usb 4-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00 [ 364.573596][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.581591][ T5926] usb 4-1: config 0 descriptor?? [ 364.660629][ T5910] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 364.820767][ T5910] usb 6-1: Using ep0 maxpacket: 16 [ 364.823073][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.823103][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.823126][ T5910] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 364.823167][ T5910] usb 6-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 364.823189][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.891839][ T5910] usb 6-1: config 0 descriptor?? [ 365.048494][ T5926] hid-generic 0003:045E:008E.0041: unbalanced collection at end of report description [ 365.049373][ T5926] hid-generic 0003:045E:008E.0041: probe with driver hid-generic failed with error -22 [ 365.108288][T13031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3157'. [ 365.123079][ T5910] usbhid 6-1:0.0: can't add hid device: -71 [ 365.123205][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 365.144712][ T5910] usb 6-1: USB disconnect, device number 30 [ 365.250340][ T5926] usb 4-1: USB disconnect, device number 33 [ 365.386983][T13036] team0: Port device syz_tun removed [ 365.403800][T13036] bridge_slave_0: left allmulticast mode [ 365.404667][T13036] bridge0: port 1(bridge_slave_0) entered disabled state [ 365.482246][T13036] bridge_slave_1: left allmulticast mode [ 365.482267][T13036] bridge_slave_1: left promiscuous mode [ 365.482458][T13036] bridge0: port 2(bridge_slave_1) entered disabled state [ 365.571398][T13036] bond0: (slave bond_slave_0): Releasing backup interface [ 365.615329][T13036] bond_slave_0: left allmulticast mode [ 365.639559][T13036] bond0: (slave bond_slave_1): Releasing backup interface [ 365.672651][T13036] bond_slave_1: left allmulticast mode [ 365.718752][T13036] team0: Port device team_slave_0 removed [ 365.776447][T13036] team0: Port device team_slave_1 removed [ 365.778710][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 365.778740][T13036] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.817568][T13036] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 365.817597][T13036] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 366.032509][T13036] team0: Port device geneve0 removed [ 366.553800][T13066] netlink: 'syz.5.3175': attribute type 1 has an invalid length. [ 368.426193][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 368.426209][ T37] audit: type=1326 audit(2000000076.353:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13130 comm="syz.4.3206" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f7b102beec9 code=0x0 [ 369.370571][ T5925] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 369.520519][ T5925] usb 4-1: Using ep0 maxpacket: 8 [ 369.527129][ T5925] usb 4-1: too many endpoints for config 0 interface 0 altsetting 250: 255, using maximum allowed: 30 [ 369.527182][ T5925] usb 4-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 369.527209][ T5925] usb 4-1: config 0 interface 0 has no altsetting 0 [ 369.527243][ T5925] usb 4-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00 [ 369.527265][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.580845][ T5926] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 369.597949][ T5925] usb 4-1: config 0 descriptor?? [ 369.765352][ T5926] usb 8-1: unable to get BOS descriptor or descriptor too short [ 369.767776][ T5926] usb 8-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 369.772341][ T5926] usb 8-1: string descriptor 0 read error: -22 [ 369.772496][ T5926] usb 8-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 369.772520][ T5926] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.990964][T13174] netlink: 'syz.4.3226': attribute type 1 has an invalid length. [ 370.001591][ T5926] usb 8-1: reset high-speed USB device number 28 using dummy_hcd [ 370.045002][ T5925] elecom 0003:056E:011C.0042: hidraw0: USB HID vf4.f6 Device [HID 056e:011c] on usb-dummy_hcd.3-1/input0 [ 370.240630][ T5895] usb 4-1: USB disconnect, device number 34 [ 370.720711][ T5926] usb 8-1: device descriptor read/64, error -71 [ 370.971094][ T5926] usb 8-1: reset high-speed USB device number 28 using dummy_hcd [ 371.131687][ T5926] usb 8-1: unable to get BOS descriptor or descriptor too short [ 371.144251][ T5926] usb 8-1: device firmware changed [ 371.155701][ T5926] usb 8-1: USB disconnect, device number 28 [ 372.208737][T13232] netlink: 108 bytes leftover after parsing attributes in process `syz.5.3253'. [ 372.208765][T13232] block nbd0: Unsupported socket: shutdown callout must be supported. [ 372.900734][ T5925] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 372.951281][ T5895] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 373.050596][ T5925] usb 4-1: Using ep0 maxpacket: 8 [ 373.056017][ T5925] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 373.056046][ T5925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.056066][ T5925] usb 4-1: Product: syz [ 373.056080][ T5925] usb 4-1: Manufacturer: syz [ 373.056095][ T5925] usb 4-1: SerialNumber: syz [ 373.060360][ T5925] usb 4-1: config 0 descriptor?? [ 373.083562][ T6061] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 373.101512][ T5895] usb 6-1: Using ep0 maxpacket: 16 [ 373.110300][ T5895] usb 6-1: config 0 has an invalid interface number: 41 but max is 0 [ 373.110324][ T5895] usb 6-1: config 0 has no interface number 0 [ 373.110372][ T5895] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 373.110397][ T5895] usb 6-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 373.128721][ T5895] usb 6-1: config 0 interface 41 has no altsetting 0 [ 373.140651][ T5895] usb 6-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 373.140678][ T5895] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.140708][ T5895] usb 6-1: Product: syz [ 373.140722][ T5895] usb 6-1: Manufacturer: syz [ 373.140735][ T5895] usb 6-1: SerialNumber: syz [ 373.171110][ T5895] usb 6-1: config 0 descriptor?? [ 373.175078][T13253] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 373.175256][T13253] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 373.230704][ T6061] usb 8-1: Using ep0 maxpacket: 8 [ 373.241257][ T6061] usb 8-1: config index 0 descriptor too short (expected 30, got 18) [ 373.258045][ T6061] usb 8-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 373.258313][ T6061] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.258331][ T6061] usb 8-1: Product: syz [ 373.258344][ T6061] usb 8-1: Manufacturer: syz [ 373.258358][ T6061] usb 8-1: SerialNumber: syz [ 373.285069][ T6061] usb 8-1: config 0 descriptor?? [ 373.308436][ T5925] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 373.328339][ T6061] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 373.328383][ T6061] usb 8-1: setting power ON [ 373.328402][ T6061] dvb-usb: bulk message failed: -22 (2/0) [ 373.353775][ T6061] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 373.355472][ T6061] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 373.355513][ T6061] usb 8-1: media controller created [ 373.403800][T13253] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 373.404071][T13253] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 373.489855][ T6061] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 373.543738][T13259] dvb-usb: bulk message failed: -22 (3/0) [ 373.543761][T13259] cxusb: i2c wr: len=79 is too big! [ 373.543761][T13259] [ 373.597460][ T6061] usb 8-1: selecting invalid altsetting 6 [ 373.597484][ T6061] usb 8-1: digital interface selection failed (-22) [ 373.597499][ T6061] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 373.599379][ T6061] usb 8-1: setting power OFF [ 373.599400][ T6061] dvb-usb: bulk message failed: -22 (2/0) [ 373.599680][ T6061] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 373.599694][ T6061] (NULL device *): no alternate interface [ 373.714972][ T5925] usb write operation failed. (-71) [ 373.756270][ T5925] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 373.756844][ T5925] dvbdev: DVB: registering new adapter (Terratec H7) [ 373.756894][ T5925] usb 4-1: media controller created [ 373.757912][ T5925] usb read operation failed. (-71) [ 373.760640][ T5925] usb write operation failed. (-71) [ 373.772342][ T6061] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 373.794616][ T6061] usb 8-1: USB disconnect, device number 29 [ 373.823153][ T5895] CoreChips 6-1:0.41: probe with driver CoreChips failed with error -71 [ 373.824288][ T5925] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 373.851121][ T5925] usb 4-1: USB disconnect, device number 35 [ 373.856128][ T5895] usb 6-1: USB disconnect, device number 31 [ 374.480957][ T37] audit: type=1326 audit(2000000082.403:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.481011][ T37] audit: type=1326 audit(2000000082.413:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.490201][ T37] audit: type=1326 audit(2000000082.413:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.490253][ T37] audit: type=1326 audit(2000000082.413:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.490295][ T37] audit: type=1326 audit(2000000082.413:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.491463][ T37] audit: type=1326 audit(2000000082.423:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.491512][ T37] audit: type=1326 audit(2000000082.423:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.491554][ T37] audit: type=1326 audit(2000000082.423:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13282 comm="syz.5.3279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 374.504141][ T5925] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 374.740558][ T5925] usb 8-1: Using ep0 maxpacket: 16 [ 374.743684][ T5925] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 78, changing to 10 [ 374.743732][ T5925] usb 8-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 374.743756][ T5925] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.786664][ T5925] usb 8-1: config 0 descriptor?? [ 375.238260][ T5925] uclogic 0003:5543:0781.0043: hidraw0: USB HID v0.04 Device [HID 5543:0781] on usb-dummy_hcd.7-1/input0 [ 375.449078][ T9] usb 8-1: USB disconnect, device number 30 [ 376.439827][T13337] wireguard: wg2: Could not create IPv4 socket [ 376.651173][T13346] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 377.018639][T13363] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3318'. [ 377.320280][T13377] netlink: 'syz.7.3326': attribute type 8 has an invalid length. [ 377.864782][T13401] hugetlbfs: Bad value 'g' for mount option 'nr_inodes' [ 377.864782][T13401] [ 377.924387][T13403] ALSA: seq fatal error: cannot create timer (-22) [ 378.266578][T13415] mkiss: ax0: crc mode is auto. [ 378.424501][T13423] sp0: Synchronizing with TNC [ 378.548348][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.548447][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.610908][ T5895] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 378.760925][ T5895] usb 8-1: Using ep0 maxpacket: 8 [ 378.763401][ T5895] usb 8-1: config 0 interface 0 has no altsetting 0 [ 378.763438][ T5895] usb 8-1: New USB device found, idVendor=17ef, idProduct=61ae, bcdDevice= 0.00 [ 378.763462][ T5895] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.768732][ T5895] usb 8-1: config 0 descriptor?? [ 379.202220][ T5895] lenovo 0003:17EF:61AE.0044: hidraw0: USB HID vff.ff Device [HID 17ef:61ae] on usb-dummy_hcd.7-1/input0 [ 379.401067][ T5895] usb 8-1: USB disconnect, device number 31 [ 380.041860][T13450] netlink: 'syz.3.3358': attribute type 10 has an invalid length. [ 380.041908][T13450] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 380.044793][T13450] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 380.044983][T13450] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 380.045538][T13450] team0: Port device netdevsim0 added [ 380.062359][T13450] netlink: 'syz.3.3358': attribute type 10 has an invalid length. [ 380.062659][T13450] netdevsim netdevsim3 netdevsim0: left promiscuous mode [ 380.062824][T13450] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 380.234642][T13450] team0: Port device netdevsim0 removed [ 380.328971][T13450] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 381.311677][ T5910] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 381.469295][ T5910] usb 8-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 381.469325][ T5910] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.513466][ T5910] usb 8-1: config 0 descriptor?? [ 381.522360][ T5910] gspca_main: spca508-2.14.0 probing 8086:0110 [ 381.727317][ T5910] gspca_spca508: reg_read err -32 [ 381.937575][ T5910] gspca_spca508: reg_read err -71 [ 381.938000][ T5910] gspca_spca508: reg_read err -71 [ 381.938403][ T5910] gspca_spca508: reg_read err -71 [ 381.938797][ T5910] gspca_spca508: reg write: error -71 [ 381.938884][ T5910] spca508 8-1:0.0: probe with driver spca508 failed with error -71 [ 381.952992][ T5910] usb 8-1: USB disconnect, device number 32 [ 382.177057][T13519] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 382.177057][T13519] program syz.5.3389 not setting count and/or reply_len properly [ 382.343682][ T6061] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 382.500550][ T6061] usb 4-1: Using ep0 maxpacket: 32 [ 382.503113][ T6061] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 382.503135][ T6061] usb 4-1: config 0 has no interface number 0 [ 382.535282][ T6061] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 382.535312][ T6061] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.535331][ T6061] usb 4-1: Product: syz [ 382.535346][ T6061] usb 4-1: Manufacturer: syz [ 382.535360][ T6061] usb 4-1: SerialNumber: syz [ 382.583889][ T6061] usb 4-1: config 0 descriptor?? [ 382.601801][ T6061] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 382.601836][ T6061] usb 4-1: selecting invalid altsetting 1 [ 382.601852][ T6061] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 382.638534][ T6061] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 382.638903][ T6061] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 382.638955][ T6061] usb 4-1: media controller created [ 382.691541][ T6061] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 383.054279][T13536] binder: 13533:13536 ioctl c00c620f 200000000500 returned -22 [ 383.451501][ T5925] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 383.600583][ T5925] usb 6-1: Using ep0 maxpacket: 8 [ 383.605311][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 383.605357][ T5925] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 383.605510][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.653923][ T5925] usb 6-1: config 0 descriptor?? [ 383.821002][ T6061] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 383.823321][ T6061] zl10353_read_register: readreg error (reg=127, ret==-110) [ 383.890746][T13515] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 383.967815][ T6061] usb 4-1: USB disconnect, device number 36 [ 384.105063][ T5925] corsair 0003:1B1C:1B09.0045: unbalanced collection at end of report description [ 384.105897][ T5925] corsair 0003:1B1C:1B09.0045: parse failed [ 384.106002][ T5925] corsair 0003:1B1C:1B09.0045: probe with driver corsair failed with error -22 [ 384.331217][ T31] usb 6-1: USB disconnect, device number 32 [ 384.946630][ T5153] Bluetooth: hci4: link tx timeout [ 384.946649][ T5153] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 385.513582][T13613] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3433'. [ 386.570613][ T5910] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 386.724537][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.724569][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.724607][ T5910] usb 4-1: New USB device found, idVendor=056e, idProduct=010d, bcdDevice= 0.00 [ 386.724629][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.771922][ T5910] usb 4-1: config 0 descriptor?? [ 386.775630][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3450'. [ 387.020836][ T5851] Bluetooth: hci4: command 0x0406 tx timeout [ 387.197145][T13666] xt_l2tp: missing protocol rule (udp|l2tpip) [ 387.208601][ T5910] elecom 0003:056E:010D.0046: hidraw0: USB HID v0.00 Device [HID 056e:010d] on usb-dummy_hcd.3-1/input0 [ 387.410305][ T5910] usb 4-1: USB disconnect, device number 37 [ 387.442256][ T37] audit: type=1326 audit(2000000095.363:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.447073][ T37] audit: type=1326 audit(2000000095.373:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.448247][ T37] audit: type=1326 audit(2000000095.373:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.449767][ T37] audit: type=1326 audit(2000000095.373:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.450587][ T37] audit: type=1326 audit(2000000095.373:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.467504][ T37] audit: type=1326 audit(2000000095.393:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.467555][ T37] audit: type=1326 audit(2000000095.393:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13674 comm="syz.7.3462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 387.890795][T13691] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3471'. [ 388.530672][T13715] sp0: Synchronizing with TNC [ 389.363700][ T31] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 389.522986][ T31] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 389.523016][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.529760][ T31] usb 6-1: config 0 descriptor?? [ 389.735037][ T31] udl 6-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 389.937433][ T31] [drm:udl_init] *ERROR* Selecting channel failed [ 390.001191][T13759] team0: left allmulticast mode [ 390.001212][T13759] team_slave_0: left allmulticast mode [ 390.001234][T13759] team_slave_1: left allmulticast mode [ 390.001517][T13759] bridge0: port 3(team0) entered disabled state [ 390.006909][ T31] [drm] Initialized udl 0.0.1 for 6-1:0.0 on minor 2 [ 390.006932][ T31] [drm] Initialized udl on minor 2 [ 390.028926][ T31] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 390.032106][ T31] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 390.050999][ T5926] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 390.055447][ T31] usb 6-1: USB disconnect, device number 33 [ 390.058826][ T5926] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 390.176154][T13759] bridge_slave_0: left allmulticast mode [ 390.176184][T13759] bridge_slave_0: left promiscuous mode [ 390.176477][T13759] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.282674][T13759] bridge_slave_1: left allmulticast mode [ 390.282706][T13759] bridge_slave_1: left promiscuous mode [ 390.282953][T13759] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.414137][T13759] bond0: (slave bond_slave_0): Releasing backup interface [ 390.571264][T13759] bond0: (slave bond_slave_1): Releasing backup interface [ 390.607672][T13759] team_slave_0: left promiscuous mode [ 390.661871][T13759] team0: Port device team_slave_0 removed [ 390.663129][T13759] team_slave_1: left promiscuous mode [ 390.742761][T13759] team0: Port device team_slave_1 removed [ 390.745100][T13759] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 390.745128][T13759] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 390.795704][T13759] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 390.795738][T13759] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 390.881660][T13759] bond0: (slave netdevsim0): Releasing backup interface [ 390.889535][T13791] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3517'. [ 390.889711][T13791] openvswitch: netlink: nsh attribute has 2338 unknown bytes. [ 390.889741][T13791] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 391.071498][T13759] bond0: (slave wlan1): Releasing backup interface [ 391.564662][T13805] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 391.659718][T13811] openvswitch: netlink: nsh attribute has 65533 unknown bytes. [ 391.659753][T13811] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.020608][ T6061] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 392.170604][ T6061] usb 6-1: Using ep0 maxpacket: 32 [ 392.172956][ T6061] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 392.172987][ T6061] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 392.173013][ T6061] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 392.176099][ T6061] usb 6-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 392.176126][ T6061] usb 6-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 392.176146][ T6061] usb 6-1: Product: syz [ 392.176160][ T6061] usb 6-1: Manufacturer: syz [ 392.176174][ T6061] usb 6-1: SerialNumber: syz [ 392.223271][ T6061] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input26 [ 392.348326][T13829] tipc: Can't bind to reserved service type 2 [ 392.609777][ T5926] usb 6-1: USB disconnect, device number 34 [ 392.690820][ T6061] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 392.733287][ T5926] appletouch 6-1:1.0: input: appletouch disconnected [ 392.806698][T13847] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3545'. [ 392.844219][ T6061] usb 8-1: Using ep0 maxpacket: 8 [ 392.847001][ T6061] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 392.847031][ T6061] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 392.847208][ T6061] usb 8-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 392.847231][ T6061] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 392.860193][ T6061] usb 8-1: config 0 descriptor?? [ 393.256452][ T37] audit: type=1326 audit(2000000101.183:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.257732][ T37] audit: type=1326 audit(2000000101.183:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.260057][ T37] audit: type=1326 audit(2000000101.183:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.315949][ T6061] input: HID 28bd:0935 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:28BD:0935.0047/input/input27 [ 393.363415][ T37] audit: type=1326 audit(2000000101.183:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.363481][ T37] audit: type=1326 audit(2000000101.273:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.363523][ T37] audit: type=1326 audit(2000000101.283:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13861 comm="syz.5.3552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c9c8deec9 code=0x7ffc0000 [ 393.387797][ T6061] uclogic 0003:28BD:0935.0047: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.7-1/input0 [ 393.541287][ T6061] usb 8-1: USB disconnect, device number 33 [ 395.526326][T13959] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3597'. [ 395.674684][T13963] tmpfs: Bad value for 'mpol' [ 395.899572][T13973] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3604'. [ 395.899672][T13973] tipc: Enabling of bearer rejected, failed to enable media [ 396.153838][T13984] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3609'. [ 396.292385][T13990] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 396.365130][T13992] xt_l2tp: v2 sid > 0xffff: 1114112 [ 396.902164][T14008] netlink: 'syz.7.3621': attribute type 10 has an invalid length. [ 397.013262][ T5925] IPVS: starting estimator thread 0... [ 397.020659][ T5895] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 397.085485][T14017] netlink: 'syz.7.3626': attribute type 2 has an invalid length. [ 397.085505][T14017] netlink: 119 bytes leftover after parsing attributes in process `syz.7.3626'. [ 397.101030][T14015] IPVS: using max 7 ests per chain, 16800 per kthread [ 397.180548][ T5895] usb 4-1: Using ep0 maxpacket: 32 [ 397.184302][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 397.184332][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 397.184370][ T5895] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 397.184393][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.190235][ T5895] usb 4-1: config 0 descriptor?? [ 397.840032][ T5895] ft260 0003:0403:6030.0048: failed to retrieve chip version [ 397.840610][ T5895] ft260 0003:0403:6030.0048: probe with driver ft260 failed with error -71 [ 397.848126][ T5895] usb 4-1: USB disconnect, device number 38 [ 398.948005][T14094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3662'. [ 399.343528][T14111] netlink: 'syz.6.3672': attribute type 1 has an invalid length. [ 399.343550][T14111] netlink: 208 bytes leftover after parsing attributes in process `syz.6.3672'. [ 399.343580][T14111] netlink: 'syz.6.3672': attribute type 1 has an invalid length. [ 399.343592][T14111] netlink: 'syz.6.3672': attribute type 2 has an invalid length. [ 399.673751][ T37] audit: type=1326 audit(2000000107.593:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.674030][ T37] audit: type=1326 audit(2000000107.603:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.676282][ T37] audit: type=1326 audit(2000000107.603:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.677006][ T37] audit: type=1326 audit(2000000107.603:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.677265][ T37] audit: type=1326 audit(2000000107.603:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.681098][ T37] audit: type=1326 audit(2000000107.603:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.681144][ T37] audit: type=1326 audit(2000000107.613:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.681184][ T37] audit: type=1326 audit(2000000107.613:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14125 comm="syz.6.3680" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f37176deec9 code=0x7ffc0000 [ 399.830900][ T5925] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 399.990724][ T5925] usb 4-1: Using ep0 maxpacket: 32 [ 399.995344][ T5925] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.995399][ T5925] usb 4-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e [ 399.995421][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.035673][ T5925] usb 4-1: config 0 descriptor?? [ 400.060582][ T5925] dvb-usb: found a 'TeVii S662' in warm state. [ 400.060660][ T5925] dw2102: su3000_power_ctrl: 1, initialized 0 [ 400.060680][ T5925] dvb-usb: bulk message failed: -22 (2/0) [ 400.071724][ T5925] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 400.072666][ T5925] dvbdev: DVB: registering new adapter (TeVii S662) [ 400.072719][ T5925] usb 4-1: media controller created [ 400.072744][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072759][ T5925] dw2102: i2c transfer failed. [ 400.072776][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072790][ T5925] dw2102: i2c transfer failed. [ 400.072806][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072818][ T5925] dw2102: i2c transfer failed. [ 400.072834][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072848][ T5925] dw2102: i2c transfer failed. [ 400.072864][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072877][ T5925] dw2102: i2c transfer failed. [ 400.072894][ T5925] dvb-usb: bulk message failed: -22 (6/0) [ 400.072908][ T5925] dw2102: i2c transfer failed. [ 400.072917][ T5925] dvb-usb: MAC address: 02:02:02:02:02:02 [ 400.209545][ T5925] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 400.250622][T14123] dw2102: i2c wr: len=66 is too big! [ 400.250622][T14123] [ 400.283758][ T5925] dvb-usb: bulk message failed: -22 (3/0) [ 400.283777][ T5925] dw2102: command 0x0e transfer failed. [ 400.283794][ T5925] dvb-usb: bulk message failed: -22 (3/0) [ 400.283807][ T5925] dw2102: command 0x0e transfer failed. [ 400.351635][T14143] netlink: 'syz.5.3687': attribute type 2 has an invalid length. [ 400.590507][ T5925] dvb-usb: bulk message failed: -22 (3/0) [ 400.590529][ T5925] dw2102: command 0x0e transfer failed. [ 400.590539][ T5925] dvb-usb: bulk message failed: -22 (3/0) [ 400.590552][ T5925] dw2102: command 0x0e transfer failed. [ 400.590560][ T5925] dvb-usb: bulk message failed: -22 (1/0) [ 400.590573][ T5925] dw2102: command 0x51 transfer failed. [ 400.590581][ T5925] dvb-usb: bulk message failed: -22 (5/0) [ 400.590593][ T5925] dw2102: i2c probe for address 0x68 failed. [ 400.590605][ T5925] dvb-usb: bulk message failed: -22 (5/0) [ 400.590617][ T5925] dw2102: i2c probe for address 0x69 failed. [ 400.590627][ T5925] dvb-usb: bulk message failed: -22 (5/0) [ 400.590640][ T5925] dw2102: i2c probe for address 0x6a failed. [ 400.590649][ T5925] dw2102: probing for demodulator failed. Is the external power switched on? [ 400.590659][ T5925] dvb-usb: no frontend was attached by 'TeVii S662' [ 400.710545][ T5925] rc_core: IR keymap rc-tt-1500 not found [ 400.710564][ T5925] Registered IR keymap rc-empty [ 400.712081][ T5925] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 400.715204][ T5925] input: TeVii S662 as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input28 [ 400.761142][ T5925] dvb-usb: schedule remote query interval to 250 msecs. [ 400.761163][ T5925] dw2102: su3000_power_ctrl: 0, initialized 1 [ 400.761177][ T5925] dvb-usb: TeVii S662 successfully initialized and connected. [ 400.777604][T14156] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3693'. [ 400.790564][ T5925] usb 4-1: USB disconnect, device number 39 [ 400.952684][ T5925] dvb-usb: TeVii S662 successfully deinitialized and disconnected. [ 401.657774][T14194] netlink: 'syz.6.3712': attribute type 178 has an invalid length. [ 402.141231][T14216] hub 9-0:1.0: USB hub found [ 402.156965][T14216] hub 9-0:1.0: 1 port detected [ 402.236235][T14222] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3725'. [ 402.408038][ T5153] Bluetooth: hci2: unexpected event for opcode 0x0404 [ 403.047635][T14257] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (pcl812) [ 403.412962][T14273] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3749'. [ 404.030569][ T6061] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 404.181192][ T6061] usb 6-1: Using ep0 maxpacket: 16 [ 404.189893][ T6061] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.189926][ T6061] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.189949][ T6061] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 404.189992][ T6061] usb 6-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 404.190014][ T6061] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.204573][ T6061] usb 6-1: config 0 descriptor?? [ 404.648125][ T6061] hid-multitouch 0003:0457:07DA.0049: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.5-1/input0 [ 404.834847][ T5925] usb 6-1: USB disconnect, device number 35 [ 405.082722][T14311] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3767'. [ 405.088853][T14311] vlan3: entered promiscuous mode [ 405.088870][T14311] syz_tun: entered promiscuous mode [ 405.786391][T14333] veth1_macvtap: left promiscuous mode [ 405.786420][T14333] macsec0: entered promiscuous mode [ 405.786441][T14333] macsec0: entered allmulticast mode [ 405.802532][T14333] veth1_macvtap: entered promiscuous mode [ 405.802555][T14333] veth1_macvtap: entered allmulticast mode [ 405.807054][T14333] macsec0: left promiscuous mode [ 405.807280][T14333] macsec0: left allmulticast mode [ 405.807293][T14333] veth1_macvtap: left allmulticast mode [ 405.923235][T14337] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3780'. [ 406.188809][T14348] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 406.610539][ T6061] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 406.760697][ T6061] usb 4-1: Using ep0 maxpacket: 16 [ 406.763240][ T6061] usb 4-1: config 0 interface 0 has no altsetting 0 [ 406.763277][ T6061] usb 4-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 406.763299][ T6061] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.768689][ T6061] usb 4-1: config 0 descriptor?? [ 407.184096][ T6061] hid (null): global environment stack underflow [ 407.201086][ T6061] megaworld 0003:07B5:0312.004A: global environment stack underflow [ 407.201108][ T6061] megaworld 0003:07B5:0312.004A: item 0 0 1 11 parsing failed [ 407.202007][ T6061] megaworld 0003:07B5:0312.004A: parse failed [ 407.202079][ T6061] megaworld 0003:07B5:0312.004A: probe with driver megaworld failed with error -22 [ 407.397800][ T6061] usb 4-1: USB disconnect, device number 40 [ 408.438041][T14411] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3815'. [ 409.039682][T14438] netlink: 'syz.7.3828': attribute type 3 has an invalid length. [ 409.194509][T14440] vlan2: entered allmulticast mode [ 410.323212][T14482] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3849'. [ 410.560650][ T6061] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 410.727918][ T6061] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 410.727948][ T6061] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.727967][ T6061] usb 6-1: Product: syz [ 410.727980][ T6061] usb 6-1: Manufacturer: syz [ 410.727994][ T6061] usb 6-1: SerialNumber: syz [ 410.748591][ T6061] usb 6-1: config 0 descriptor?? [ 410.767000][ T6061] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 036 [ 411.013804][T14505] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 411.410081][ T6061] i2c i2c-1: failure reading functionality [ 411.418908][ T6061] i2c i2c-1: connected i2c-tiny-usb device [ 411.429604][ T6061] usb 6-1: USB disconnect, device number 36 [ 411.930253][T14538] netlink: 'syz.6.3877': attribute type 30 has an invalid length. [ 412.290729][ T6061] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 412.440732][ T6061] usb 6-1: Using ep0 maxpacket: 16 [ 412.443385][ T6061] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 412.443408][ T6061] usb 6-1: config 0 has no interface number 0 [ 412.443454][ T6061] usb 6-1: config 0 interface 1 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.443480][ T6061] usb 6-1: config 0 interface 1 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.443502][ T6061] usb 6-1: config 0 interface 1 has no altsetting 0 [ 412.443536][ T6061] usb 6-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 1.00 [ 412.443558][ T6061] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.458530][ T6061] usb 6-1: config 0 descriptor?? [ 412.925058][ T6061] chicony 0003:04F2:0418.004B: item fetching failed at offset 0/4 [ 412.925849][ T6061] chicony 0003:04F2:0418.004B: Chicony hid parse failed: -22 [ 412.925926][ T6061] chicony 0003:04F2:0418.004B: probe with driver chicony failed with error -22 [ 413.126089][ T8150] usb 6-1: USB disconnect, device number 37 [ 414.200577][T14599] sp0: Synchronizing with TNC [ 415.560908][ T5925] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 415.720773][ T5925] usb 4-1: Using ep0 maxpacket: 16 [ 415.723588][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 415.723634][ T5925] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 415.723657][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.770940][ T5925] usb 4-1: config 0 descriptor?? [ 415.954896][ T37] audit: type=1326 audit(2000000123.883:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14630 comm="syz.7.3922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7fc00000 [ 416.211908][ T5925] logitech-djreceiver 0003:046D:C71B.004C: unknown main item tag 0x3 [ 416.211945][ T5925] logitech-djreceiver 0003:046D:C71B.004C: unknown main item tag 0x5 [ 416.421257][ T6061] usb 4-1: USB disconnect, device number 41 [ 417.742650][T14730] netlink: 'syz.4.3970': attribute type 1 has an invalid length. [ 417.742672][T14730] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3970'. [ 417.742687][T14730] nbd: illegal input index 65544 [ 418.221056][ T8150] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 418.391281][ T8150] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 418.391314][ T8150] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64 [ 418.391356][ T8150] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 418.391377][ T8150] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.396722][ T8150] usb 6-1: config 0 descriptor?? [ 418.397737][T14742] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 418.462436][ T8150] hub 6-1:0.0: USB hub found [ 418.612398][ T8150] hub 6-1:0.0: config failed, hub has too many ports! (err -19) [ 418.829674][ T8150] usbhid 6-1:0.0: can't add hid device: -71 [ 418.829796][ T8150] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 418.881643][ T8150] usb 6-1: USB disconnect, device number 38 [ 419.300557][ T5926] usb 4-1: new low-speed USB device number 42 using dummy_hcd [ 419.460194][ T5926] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 419.460222][ T5926] usb 4-1: config 0 has no interface number 0 [ 419.460267][ T5926] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 419.460289][ T5926] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 419.460315][ T5926] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 419.460338][ T5926] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 419.460363][ T5926] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 419.460576][ T5926] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 419.460617][ T5926] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 419.460639][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.466641][ T5926] usb 4-1: config 0 descriptor?? [ 419.471726][T14787] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 419.471919][T14787] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 419.542386][ T5926] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 419.704933][ T5926] usb 4-1: USB disconnect, device number 42 [ 419.712239][ T5926] ldusb 4-1:0.55: LD USB Device #0 now disconnected [ 419.769912][T14810] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (pcl812) [ 419.950173][T14814] sp0: Synchronizing with TNC [ 419.965288][T14813] [U] è [ 420.519488][T14835] genirq: Flags mismatch irq 7. 00202080 (ttyS3) vs. 00202000 (pcl812) [ 420.868339][T14852] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4027'. [ 420.987368][T14857] tmpfs: Cannot change global quota limit on remount [ 421.050581][ T5925] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 421.205421][ T5925] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 421.205470][ T5925] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 421.205513][ T5925] usb 6-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 421.205536][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.258847][ T5925] usb 6-1: config 0 descriptor?? [ 421.499020][T14873] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4038'. [ 421.558131][ T37] audit: type=1326 audit(2000000129.483:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.560656][ T37] audit: type=1326 audit(2000000129.483:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.613822][ T37] audit: type=1326 audit(2000000129.543:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.620550][ T37] audit: type=1326 audit(2000000129.543:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd4b98bef03 code=0x7ffc0000 [ 421.630094][ T37] audit: type=1326 audit(2000000129.553:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd4b98bef03 code=0x7ffc0000 [ 421.630141][ T37] audit: type=1326 audit(2000000129.553:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.631310][ T37] audit: type=1326 audit(2000000129.563:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.642972][ T37] audit: type=1326 audit(2000000129.573:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.647857][ T37] audit: type=1326 audit(2000000129.573:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.647901][ T37] audit: type=1326 audit(2000000129.573:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.3.4040" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4b98beec9 code=0x7ffc0000 [ 421.809318][ T5925] kye 0003:0458:0138.004D: hidraw0: USB HID v0.00 Device [HID 0458:0138] on usb-dummy_hcd.5-1/input0 [ 421.884516][ T6061] usb 6-1: USB disconnect, device number 39 [ 422.467232][T14898] netdevsim netdevsim6 netdevsim0: entered promiscuous mode [ 422.467456][T14898] macsec1: entered allmulticast mode [ 422.467475][T14898] netdevsim netdevsim6 netdevsim0: entered allmulticast mode [ 422.971981][T14918] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4058'. [ 423.060655][T14920] netlink: 296 bytes leftover after parsing attributes in process `syz.6.4060'. [ 424.570049][T14993] netlink: 'syz.3.4096': attribute type 3 has an invalid length. [ 424.570071][T14993] netlink: 'syz.3.4096': attribute type 1 has an invalid length. [ 424.570084][T14993] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.4096'. [ 424.728496][T14998] netlink: 'syz.7.4097': attribute type 46 has an invalid length. [ 426.954162][T15077] xt_l2tp: missing protocol rule (udp|l2tpip) [ 427.096742][T15084] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 427.259764][T15090] bad cache= option: no%e [ 427.259764][T15090] [ 427.260034][T15090] CIFS: VFS: bad cache= option: no%e [ 427.374174][T15095] [U] : [ 427.374215][T15095] [U] [ 427.374250][T15095] [U] [ 427.374285][T15095] [U] [ 427.374319][T15095] [U] [ 427.374353][T15095] [U] [ 427.374385][T15095] [U] [ 427.374419][T15095] [U] [ 427.374493][T15095] [U] [ 427.374526][T15095] [U] [ 427.374561][T15095] [U] [ 427.374596][T15095] [U] [ 427.374631][T15095] [U] [ 427.374665][T15095] [U] [ 427.374700][T15095] [U] [ 427.374734][T15095] [U] [ 427.374806][T15095] [U] [ 427.374839][T15095] [U] [ 427.374874][T15095] [U] [ 427.374907][T15095] [U] [ 427.374940][T15095] [U] [ 427.374974][T15095] [U] [ 427.375007][T15095] [U] [ 427.375041][T15095] [U] [ 427.375117][T15095] [U] [ 427.375152][T15095] [U] [ 427.375186][T15095] [U] [ 427.375220][T15095] [U] [ 427.375254][T15095] [U] [ 427.375288][T15095] [U] [ 427.375324][T15095] [U] [ 427.375358][T15095] [U] [ 427.375428][T15095] [U] [ 427.375462][T15095] [U] [ 427.375495][T15095] [U] [ 427.375528][T15095] [U] [ 427.375562][T15095] [U] [ 427.375596][T15095] [U] [ 427.375629][T15095] [U] [ 427.375662][T15095] [U] [ 427.375733][T15095] [U] [ 427.375768][T15095] [U] [ 427.375801][T15095] [U] [ 427.375834][T15095] [U] [ 427.375868][T15095] [U] [ 427.375901][T15095] [U] [ 427.375935][T15095] [U] [ 427.375969][T15095] [U] [ 427.376039][T15095] [U] [ 427.376073][T15095] [U] [ 427.376106][T15095] [U] [ 427.376145][T15095] [U] [ 427.376178][T15095] [U] [ 427.376212][T15095] [U] [ 427.376245][T15095] [U] [ 427.376278][T15095] [U] [ 427.376349][T15095] [U] [ 427.376383][T15095] [U] [ 427.376416][T15095] [U] [ 427.376449][T15095] [U] [ 427.376483][T15095] [U] [ 427.376517][T15095] [U] [ 427.376551][T15095] [U] [ 427.376584][T15095] [U] [ 427.376654][T15095] [U] [ 427.376688][T15095] [U] [ 427.376722][T15095] [U] [ 427.376755][T15095] [U] [ 427.376789][T15095] [U] [ 427.376823][T15095] [U] [ 427.376857][T15095] [U] [ 427.376891][T15095] [U] [ 427.376961][T15095] [U] [ 427.376994][T15095] [U] [ 427.377028][T15095] [U] [ 427.377062][T15095] [U] [ 427.377095][T15095] [U] [ 427.377133][T15095] [U] [ 427.377167][T15095] [U] [ 427.377201][T15095] [U] [ 427.377271][T15095] [U] [ 427.377305][T15095] [U] [ 427.377339][T15095] [U] [ 427.377373][T15095] [U] [ 427.377406][T15095] [U] [ 427.377440][T15095] [U] [ 427.377473][T15095] [U] [ 427.377507][T15095] [U] [ 427.377577][T15095] [U] [ 427.377611][T15095] [U] [ 427.377644][T15095] [U] [ 427.377677][T15095] [U] [ 427.377711][T15095] [U] [ 427.377744][T15095] [U] [ 427.377779][T15095] [U] [ 427.377812][T15095] [U] [ 427.377881][T15095] [U] [ 427.377915][T15095] [U] [ 427.377947][T15095] [U] [ 427.377977][T15095] [U] [ 427.378009][T15095] [U] [ 427.378041][T15095] [U] [ 427.378072][T15095] [U] [ 427.378103][T15095] [U] [ 427.378180][T15095] [U] [ 427.378214][T15095] [U] [ 427.378249][T15095] [U] [ 427.378283][T15095] [U] [ 427.378317][T15095] [U] [ 427.378350][T15095] [U] [ 427.378383][T15095] [U] [ 427.378414][T15095] [U] [ 427.378480][T15095] [U] [ 427.378513][T15095] [U] [ 427.378547][T15095] [U] [ 427.378581][T15095] [U] [ 427.378615][T15095] [U] [ 427.378649][T15095] [U] [ 427.378683][T15095] [U] [ 427.378717][T15095] [U] [ 427.378786][T15095] [U] [ 427.378819][T15095] [U] [ 427.378853][T15095] [U] [ 427.378885][T15095] [U] [ 427.378918][T15095] [U] [ 427.378951][T15095] [U] [ 427.378985][T15095] [U] [ 427.404472][T15094] [U] [ 427.496965][T15098] netlink: 256 bytes leftover after parsing attributes in process `syz.6.4146'. [ 427.496986][T15098] netlink: 80 bytes leftover after parsing attributes in process `syz.6.4146'. [ 427.794530][T15105] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4152'. [ 428.172278][T15125] netlink: 16 bytes leftover after parsing attributes in process `syz.5.4161'. [ 428.640593][ T6061] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 428.800552][ T6061] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 428.800579][ T6061] usb 4-1: config 0 has no interface number 0 [ 428.800628][ T6061] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.800652][ T6061] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.800689][ T6061] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 428.800710][ T6061] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.807532][ T6061] usb 4-1: config 0 descriptor?? [ 429.015220][T15157] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4176'. [ 429.265712][ T6061] uclogic 0003:256C:006D.004E: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input1 [ 429.433267][ T5910] usb 4-1: USB disconnect, device number 43 [ 429.886118][T15187] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 429.886144][T15187] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 429.888501][T15187] vhci_hcd vhci_hcd.0: Device attached [ 430.061152][ T5910] vhci_hcd: vhci_device speed not set [ 430.120876][ T5910] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 430.141451][ T5925] usb 6-1: new low-speed USB device number 40 using dummy_hcd [ 430.279119][T15201] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 430.299024][T15203] netlink: 28 bytes leftover after parsing attributes in process `syz.7.4198'. [ 430.304637][ T5925] usb 6-1: config 0 has no interfaces? [ 430.304670][ T5925] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 430.304692][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.318836][ T5925] usb 6-1: config 0 descriptor?? [ 430.534794][T15188] vhci_hcd: unknown pdu 1 [ 430.539431][ T5925] usb 6-1: USB disconnect, device number 40 [ 430.556928][ T1338] vhci_hcd: stop threads [ 430.556943][ T1338] vhci_hcd: release socket [ 430.557009][ T1338] vhci_hcd: disconnect device [ 430.621147][ T5910] vhci_hcd: vhci_device speed not set [ 431.116703][T15219] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4205'. [ 431.116724][T15219] tipc: Invalid UDP bearer configuration [ 431.116763][T15219] tipc: Enabling of bearer rejected, failed to enable media [ 431.520716][ T31] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 431.675314][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.675343][ T31] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 431.675385][ T31] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 431.675406][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.727995][ T31] usb 6-1: config 0 descriptor?? [ 431.951620][ T5910] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 432.110726][ T5910] usb 4-1: Using ep0 maxpacket: 16 [ 432.113229][ T5910] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 432.113256][ T5910] usb 4-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 432.113280][ T5910] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 432.113304][ T5910] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 432.113325][ T5910] usb 4-1: config 0 interface 0 has no altsetting 0 [ 432.157764][ T5910] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 432.157793][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 432.157813][ T5910] usb 4-1: Product: syz [ 432.157826][ T5910] usb 4-1: Manufacturer: syz [ 432.157839][ T5910] usb 4-1: SerialNumber: syz [ 432.165019][ T5910] usb 4-1: config 0 descriptor?? [ 432.236914][ T31] koneplus 0003:1E7D:2D51.004F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.5-1/input0 [ 432.416588][ T5925] usb 6-1: USB disconnect, device number 41 [ 432.492634][ T5910] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input29 [ 432.521685][ T5189] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 432.598121][ T5189] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 432.637550][T15241] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 432.674447][ T5189] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 432.724146][T15267] usb usb8: usbfs: process 15267 (syz.6.4229) did not claim interface 0 before use [ 432.744708][ T5925] usb 4-1: USB disconnect, device number 44 [ 432.854766][T15271] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4231'. [ 432.907110][T15273] sp0: Synchronizing with TNC [ 433.300118][T15290] gretap0: entered promiscuous mode [ 433.301126][T15290] vlan2: entered promiscuous mode [ 433.645553][T15302] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4247'. [ 433.793145][ T5925] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 433.947483][ T5925] usb 6-1: Using ep0 maxpacket: 32 [ 433.959343][ T5925] usb 6-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 433.959372][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.959391][ T5925] usb 6-1: Product: syz [ 433.959405][ T5925] usb 6-1: Manufacturer: syz [ 433.959418][ T5925] usb 6-1: SerialNumber: syz [ 434.002924][ T5925] usb 6-1: config 0 descriptor?? [ 434.438419][ T5925] airspy 6-1:0.0: usb_control_msg() failed -71 request 0a [ 434.438444][ T5925] airspy 6-1:0.0: Could not detect board [ 434.438553][ T5925] airspy 6-1:0.0: probe with driver airspy failed with error -71 [ 434.468181][ T5925] usb 6-1: USB disconnect, device number 42 [ 435.704392][T15374] vlan2: entered allmulticast mode [ 435.704413][T15374] bond0: entered allmulticast mode [ 435.704427][T15374] bond_slave_0: entered allmulticast mode [ 435.704449][T15374] bond_slave_1: entered allmulticast mode [ 435.754055][T15377] netlink: 'syz.4.4282': attribute type 29 has an invalid length. [ 436.367812][T15405] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4287'. [ 437.149063][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4310'. [ 437.172377][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4310'. [ 437.172745][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4310'. [ 437.173844][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4310'. [ 437.173991][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4310'. [ 437.210638][T15443] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4312'. [ 437.654482][T15461] ubi31: attaching mtd0 [ 437.654507][T15461] ubi31 error: ubi_attach_mtd_dev: bad VID header (536940548) or data offsets (536940612) [ 437.790860][ T5925] usb 6-1: new full-speed USB device number 43 using dummy_hcd [ 437.953604][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 437.953640][ T5925] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.953678][ T5925] usb 6-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00 [ 437.953701][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.963169][ T5925] usb 6-1: config 0 descriptor?? [ 438.431493][ T5925] hid-u2fzero 0003:10C4:8ACF.0050: unknown main item tag 0x3 [ 438.431550][ T5925] hid-u2fzero 0003:10C4:8ACF.0050: item fetching failed at offset 4/5 [ 438.432895][ T5925] hid-u2fzero 0003:10C4:8ACF.0050: probe with driver hid-u2fzero failed with error -22 [ 438.619731][ T5926] usb 6-1: USB disconnect, device number 43 [ 439.161293][T15517] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4350'. [ 439.987700][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.987778][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.082507][T15557] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 440.300578][ T5910] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 440.470977][ T5910] usb 6-1: Using ep0 maxpacket: 32 [ 440.478512][ T5910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 440.478569][ T5910] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.478597][ T5910] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.478619][ T5910] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 440.478645][ T5910] usb 6-1: config 0 interface 0 has no altsetting 0 [ 440.478679][ T5910] usb 6-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 440.478701][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.488175][ T5910] usb 6-1: config 0 descriptor?? [ 440.545590][T15573] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 440.597302][T15575] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4376'. [ 440.946502][ T5910] hid-thrustmaster 0003:044F:B65D.0051: global environment stack underflow [ 440.946524][ T5910] hid-thrustmaster 0003:044F:B65D.0051: item 0 4 1 11 parsing failed [ 440.947335][ T5910] hid-thrustmaster 0003:044F:B65D.0051: parse failed with error -22 [ 440.947404][ T5910] hid-thrustmaster 0003:044F:B65D.0051: probe with driver hid-thrustmaster failed with error -22 [ 441.114835][ T5926] usb 6-1: USB disconnect, device number 44 [ 442.000846][ T5910] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 442.150789][ T5910] usb 4-1: Using ep0 maxpacket: 8 [ 442.157332][ T5910] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 442.157359][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.157379][ T5910] usb 4-1: Product: syz [ 442.157396][ T5910] usb 4-1: Manufacturer: syz [ 442.157410][ T5910] usb 4-1: SerialNumber: syz [ 442.191900][ T5910] usb 4-1: config 0 descriptor?? [ 442.215240][ T5910] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 442.215295][ T5910] dvb-usb: bulk message failed: -22 (2/0) [ 442.215312][ T5910] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 442.221916][ T5910] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 442.221970][ T5910] usb 4-1: media controller created [ 442.313726][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 442.383499][ T5910] dvb-usb: bulk message failed: -22 (1/0) [ 442.383550][ T5910] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 442.409399][ T5910] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input30 [ 442.426949][ T5910] dvb-usb: schedule remote query interval to 50 msecs. [ 442.426974][ T5910] dvb-usb: bulk message failed: -22 (2/0) [ 442.426990][ T5910] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 442.440304][T15623] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4399'. [ 442.498125][ T5910] dvb-usb: bulk message failed: -22 (1/0) [ 442.498147][ T5910] dvb-usb: error while querying for an remote control event. [ 442.498916][ T5910] usb 4-1: USB disconnect, device number 45 [ 442.681669][ T5910] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 442.937457][T15635] netlink: 80 bytes leftover after parsing attributes in process `syz.7.4405'. [ 442.937520][T15635] netlink: 80 bytes leftover after parsing attributes in process `syz.7.4405'. [ 443.533761][T15659] usb usb8: usbfs: process 15659 (syz.7.4417) did not claim interface 0 before use [ 443.570746][ T5910] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 443.737363][ T5910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.737389][ T5910] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 443.740229][ T5910] usb 6-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83 [ 443.740246][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.740256][ T5910] usb 6-1: Product: syz [ 443.740264][ T5910] usb 6-1: Manufacturer: syz [ 443.740271][ T5910] usb 6-1: SerialNumber: syz [ 443.749731][ T5910] usb 6-1: config 0 descriptor?? [ 443.980584][ T9] usb 6-1: USB disconnect, device number 45 [ 444.401793][T15682] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4428'. [ 444.988761][T15705] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4439'. [ 444.988784][T15705] bridge_slave_1: default FDB implementation only supports local addresses [ 445.111652][ T5910] kernel write not supported for file /uinput (pid: 5910 comm: kworker/0:3) [ 445.598112][T15728] netlink: 1 bytes leftover after parsing attributes in process `syz.6.4450'. [ 445.598536][T15728] xt_policy: neither incoming nor outgoing policy selected [ 445.645254][T15730] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 445.649467][T15730] @0Ù: renamed from bond_slave_1 (while UP) [ 445.879450][T15734] netlink: 27 bytes leftover after parsing attributes in process `syz.5.4453'. [ 447.164681][T15765] fuse: Bad value for 'user_id' [ 447.164701][T15765] fuse: Bad value for 'user_id' [ 447.315917][ T37] audit: type=1800 audit(2000000155.223:226): pid=15772 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.4470" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0 [ 447.484459][T15781] xt_l2tp: v2 tid > 0xffff: 1114244 [ 447.756338][T15795] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 447.789891][T15795] block nbd3: Attempted send on invalid socket [ 447.790003][T15795] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 448.240586][ T5910] IPVS: starting estimator thread 0... [ 448.323271][T15812] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4487'. [ 448.330669][T15806] IPVS: using max 7 ests per chain, 16800 per kthread [ 448.366839][T15812] vlan2: entered allmulticast mode [ 448.560867][ T9] usb 6-1: new full-speed USB device number 46 using dummy_hcd [ 448.735347][ T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 448.735372][ T9] usb 6-1: config 0 has no interface number 0 [ 448.735420][ T9] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 448.735442][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.745315][ T9] usb 6-1: config 0 descriptor?? [ 448.779842][ T9] usb 6-1: selecting invalid altsetting 1 [ 448.780015][ T9] dvb_ttusb_budget: ttusb_init_controller: error [ 448.780028][ T9] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 449.020083][T15836] bridge0: entered promiscuous mode [ 449.020289][T15836] macsec1: entered promiscuous mode [ 449.085907][ T9] DVB: Unable to find symbol cx22700_attach() [ 449.156462][ T9] DVB: Unable to find symbol tda10046_attach() [ 449.156476][ T9] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 449.170954][ T9] usb 6-1: USB disconnect, device number 46 [ 449.262027][T15843] netlink: 72 bytes leftover after parsing attributes in process `syz.3.4502'. [ 450.920573][ T5895] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 451.074789][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.074833][ T5895] usb 4-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00 [ 451.074857][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.117391][ T5895] usb 4-1: config 0 descriptor?? [ 451.260506][ T5910] usb 6-1: new low-speed USB device number 47 using dummy_hcd [ 451.415069][ T5910] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 451.415101][ T5910] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 32, setting to 8 [ 451.415126][ T5910] usb 6-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 451.415152][ T5910] usb 6-1: config 0 interface 0 has no altsetting 0 [ 451.415185][ T5910] usb 6-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00 [ 451.415207][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.442825][ T5910] usb 6-1: config 0 descriptor?? [ 451.443854][T15920] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 451.541559][ T5895] kye 0003:0458:5017.0052: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 451.542625][ T5895] kye 0003:0458:5017.0052: unknown main item tag 0x0 [ 451.542655][ T5895] kye 0003:0458:5017.0052: unknown main item tag 0x0 [ 451.542681][ T5895] kye 0003:0458:5017.0052: unknown main item tag 0x0 [ 451.542706][ T5895] kye 0003:0458:5017.0052: unknown main item tag 0x0 [ 451.542752][ T5895] kye 0003:0458:5017.0052: unknown main item tag 0x0 [ 451.546472][ T5895] kye 0003:0458:5017.0052: hidraw0: USB HID v0.2f Device [HID 0458:5017] on usb-dummy_hcd.3-1/input0 [ 451.546503][ T5895] kye 0003:0458:5017.0052: tablet-enabling feature report not found [ 451.546516][ T5895] kye 0003:0458:5017.0052: tablet enabling failed [ 451.603940][T15936] netlink: 'syz.4.4546': attribute type 29 has an invalid length. [ 451.638526][T15936] netlink: 'syz.4.4546': attribute type 29 has an invalid length. [ 451.734869][ T5895] usb 4-1: USB disconnect, device number 46 [ 451.894450][ T5910] vrc2 0003:07C0:1125.0053: fixing up VRC-2 report descriptor [ 451.912151][ T5910] input: HID 07c0:1125 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:07C0:1125.0053/input/input31 [ 452.031082][ T5910] vrc2 0003:07C0:1125.0053: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.5-1/input0 [ 452.089619][ T5910] usb 6-1: USB disconnect, device number 47 [ 452.374446][ T37] audit: type=1326 audit(2000000160.303:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.374500][ T37] audit: type=1326 audit(2000000160.303:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.383671][ T37] audit: type=1326 audit(2000000160.313:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.383720][ T37] audit: type=1326 audit(2000000160.313:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.384062][ T37] audit: type=1326 audit(2000000160.313:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.384103][ T37] audit: type=1326 audit(2000000160.313:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.384600][ T37] audit: type=1326 audit(2000000160.313:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.384641][ T37] audit: type=1326 audit(2000000160.313:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.610896][ T37] audit: type=1326 audit(2000000160.533:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15957 comm="syz.7.4557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fdd76b6eec9 code=0x7ffc0000 [ 452.816379][ T37] audit: type=1326 audit(2000000160.743:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15972 comm="syz.7.4563" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdd76b6eec9 code=0x0 [ 454.137398][T16025] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4588'. [ 454.305021][ T5910] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 454.457636][ T5910] usb 6-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 454.457666][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.457685][ T5910] usb 6-1: Product: syz [ 454.457705][ T5910] usb 6-1: Manufacturer: syz [ 454.457718][ T5910] usb 6-1: SerialNumber: syz [ 454.465138][ T5910] usb 6-1: config 0 descriptor?? [ 454.480247][ T5910] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 455.121208][ T5910] gspca_sunplus: reg_r err -71 [ 455.121321][ T5910] sunplus 6-1:0.0: probe with driver sunplus failed with error -71 [ 455.129995][ T5910] usb 6-1: USB disconnect, device number 48 [ 455.251199][T16062] netlink: 19 bytes leftover after parsing attributes in process `syz.7.4606'. [ 455.547644][T16074] atomic_op ffff88802177d218 conn xmit_atomic 0000000000000000 [ 455.609427][T16076] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4612'. [ 455.609441][T16076] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4612'. [ 455.609456][T16076] netlink: 'syz.7.4612': attribute type 5 has an invalid length. [ 455.609464][T16076] netlink: 'syz.7.4612': attribute type 6 has an invalid length. [ 457.951813][ C1] vkms_vblank_simulate: vblank timer overrun [ 457.987284][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.021727][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.055282][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.090860][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.123924][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.161412][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.194827][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.228104][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.261523][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.294648][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.326819][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.358128][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.385619][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.421188][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.451410][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.491528][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.518232][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.557977][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.584881][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.624635][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.651877][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.690587][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.718822][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.760533][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.800046][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.825834][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.919048][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.961467][ C1] vkms_vblank_simulate: vblank timer overrun [ 458.989412][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.018044][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.074341][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.106260][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.139090][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.206787][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.234943][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.276430][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.301415][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.339533][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.391155][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.418798][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.461014][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.486707][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.526909][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.555405][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.616295][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.644318][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.674460][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.706533][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.734766][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.783452][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.814563][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.834623][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.941625][ C1] vkms_vblank_simulate: vblank timer overrun [ 459.969336][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.005813][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.064920][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.095805][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.123852][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.153476][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.184416][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.227878][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.260840][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.292986][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.322212][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.353050][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.399534][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.429800][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.459154][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.493373][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.525534][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.555236][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.615693][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.644976][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.672584][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.702536][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.735181][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.778586][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.809121][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.843537][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.939935][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.974067][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.007728][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.048685][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.082596][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.116457][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.151069][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.184906][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.235331][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.269426][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.303750][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.338134][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.389810][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.417938][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.457479][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.486183][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.530141][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.570323][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.626989][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.657563][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.687406][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.728334][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.756158][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.784760][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.850347][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.913431][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.953789][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.987757][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.024422][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.060887][ C1] vkms_vblank_simulate: vblank timer overrun [ 466.378535][T16116] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 468.066985][T16123] Falling back ldisc for ttyprintk. [ 468.209750][T16126] tmpfs: Cannot disable swap on remount [ 473.071474][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 473.078594][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 473.080006][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 473.121240][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 473.122094][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 475.180753][ T5851] Bluetooth: hci3: command tx timeout [ 477.269374][ T5851] Bluetooth: hci3: command tx timeout [ 479.340624][ T5851] Bluetooth: hci3: command tx timeout [ 481.433232][ T5851] Bluetooth: hci3: command tx timeout [ 482.259418][ C0] sched: DL replenish lagged too much [ 482.872002][ T5153] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 482.923396][ T5842] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 482.960716][ T5842] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 482.963296][ T5842] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 482.964681][ T5842] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 482.965536][ T5842] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 483.016721][ T5153] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 483.027709][ T5153] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 483.029130][ T5153] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 483.030068][ T5153] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 484.412520][ T5153] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 484.444872][ T5153] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 484.446327][ T5153] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 484.447522][ T5153] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 484.448908][ T5153] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 485.020579][ T5153] Bluetooth: hci7: command tx timeout [ 485.100723][ T5153] Bluetooth: hci6: command tx timeout [ 486.599620][ T5153] Bluetooth: hci8: command tx timeout [ 487.102447][ T5153] Bluetooth: hci7: command tx timeout [ 487.194499][ T5153] Bluetooth: hci6: command tx timeout [ 488.634421][ T5153] Bluetooth: hci8: command tx timeout [ 489.200871][ T5153] Bluetooth: hci7: command tx timeout [ 489.270872][ T5153] Bluetooth: hci6: command tx timeout [ 490.701762][ T5851] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 490.735548][ T5851] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 490.737007][ T5851] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 490.738363][ T5851] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 490.739289][ T5851] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 490.780645][ T5153] Bluetooth: hci8: command tx timeout [ 491.260520][ T5153] Bluetooth: hci7: command tx timeout [ 491.360651][ T5153] Bluetooth: hci6: command tx timeout [ 492.860942][ T5153] Bluetooth: hci8: command tx timeout [ 500.302516][T16128] chnl_net:caif_netlink_parms(): no params data found [ 500.332302][T16144] chnl_net:caif_netlink_parms(): no params data found [ 500.362205][T16149] chnl_net:caif_netlink_parms(): no params data found [ 500.500214][T16145] chnl_net:caif_netlink_parms(): no params data found [ 501.428718][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.428796][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.700922][ T5851] Bluetooth: hci9: command tx timeout [ 510.781241][ T5851] Bluetooth: hci9: command tx timeout [ 512.871675][ T5851] Bluetooth: hci9: command tx timeout [ 514.940696][ T5851] Bluetooth: hci9: command tx timeout [ 534.116726][ T5153] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 534.118240][ T5153] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 534.120588][ T5153] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 535.139209][ T5153] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 535.165241][ T5153] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 537.265304][ T5851] Bluetooth: hci0: command tx timeout [ 539.340488][ T5851] Bluetooth: hci0: command tx timeout [ 541.420572][ T5851] Bluetooth: hci0: command tx timeout [ 542.838834][ T5153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 542.858938][ T5153] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 542.868649][ T5153] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 542.870049][ T5153] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 542.887977][ T5153] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 543.382382][ T5153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 543.411146][ T5153] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 543.412623][ T5153] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 543.414393][ T5153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 543.415259][ T5153] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 543.501188][ T5153] Bluetooth: hci0: command tx timeout [ 544.946087][ T5153] Bluetooth: hci1: command tx timeout [ 545.451738][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 545.455162][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 545.458473][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 545.459684][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 545.500610][ T5851] Bluetooth: hci2: command tx timeout [ 545.516768][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 547.020618][ T5851] Bluetooth: hci1: command tx timeout [ 547.580559][ T5851] Bluetooth: hci4: command tx timeout [ 547.581283][ T5851] Bluetooth: hci2: command tx timeout [ 549.100631][ T5851] Bluetooth: hci1: command tx timeout [ 549.660539][ T5153] Bluetooth: hci4: command tx timeout [ 549.664213][ T5851] Bluetooth: hci2: command tx timeout [ 551.042569][ T5153] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 551.048435][ T5153] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 551.049802][ T5153] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 551.073293][ T5153] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 551.076054][ T5153] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 551.182236][ T5153] Bluetooth: hci1: command tx timeout [ 551.740554][ T5153] Bluetooth: hci2: command tx timeout [ 551.740585][ T5153] Bluetooth: hci4: command tx timeout [ 553.180536][ T5851] Bluetooth: hci5: command tx timeout [ 553.822093][ T5851] Bluetooth: hci4: command tx timeout [ 555.260598][ T5851] Bluetooth: hci5: command tx timeout [ 557.340698][ T5851] Bluetooth: hci5: command tx timeout [ 559.421162][ T5851] Bluetooth: hci5: command tx timeout [ 562.867751][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.867829][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 595.908817][ T5153] Bluetooth: hci3: command 0x0406 tx timeout [ 596.558583][ T5842] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 596.583567][ T5842] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 596.585818][ T5842] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 596.587083][ T5842] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 596.587907][ T5842] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 603.860551][T16206] Bluetooth: hci8: command tx timeout [ 605.922302][T16208] Bluetooth: hci8: command tx timeout [ 605.922538][T16208] Bluetooth: hci6: command 0x0406 tx timeout [ 605.922566][T16208] Bluetooth: hci7: command 0x0406 tx timeout [ 607.169717][T16206] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 607.194241][T16206] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 607.195655][T16206] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 607.196930][T16206] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 607.244070][T16206] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 607.327846][T16216] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 607.362315][T16216] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 607.369448][T16216] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 607.388937][T16216] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 607.389778][T16216] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 607.512331][T16208] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 607.516671][T16208] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 607.518126][T16208] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 607.519437][T16208] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 607.530561][T16208] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 607.980527][T16208] Bluetooth: hci8: command tx timeout [ 610.060517][T16208] Bluetooth: hci8: command tx timeout [ 611.635994][T16222] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 611.655102][T16222] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 611.692377][T16222] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 611.693774][T16222] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 611.694658][T16222] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 613.923357][T16216] Bluetooth: hci12: command tx timeout [ 615.989278][T16208] Bluetooth: hci12: command tx timeout [ 615.989861][T16208] Bluetooth: hci13: command tx timeout [ 615.990268][T16208] Bluetooth: hci11: command tx timeout [ 616.000990][T16208] Bluetooth: hci10: command tx timeout [ 618.107845][ T5153] Bluetooth: hci13: command tx timeout [ 618.107880][ T5153] Bluetooth: hci10: command tx timeout [ 618.107902][ T5153] Bluetooth: hci11: command tx timeout [ 618.107923][ T5153] Bluetooth: hci12: command tx timeout [ 620.260483][ T5153] Bluetooth: hci12: command tx timeout [ 620.260517][ T5153] Bluetooth: hci11: command tx timeout [ 620.260540][ T5153] Bluetooth: hci10: command tx timeout [ 620.780507][ T5153] Bluetooth: hci13: command tx timeout [ 622.313744][T16216] Bluetooth: hci10: command tx timeout [ 622.313793][ T5153] Bluetooth: hci11: command tx timeout [ 622.871148][ T5153] Bluetooth: hci13: command tx timeout [ 624.308263][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.308341][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.512480][T16216] Bluetooth: hci9: command 0x0406 tx timeout [ 656.759506][T16216] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 656.789345][T16216] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 656.800463][T16216] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 656.801776][T16216] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 656.802652][T16216] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 658.940803][T16216] Bluetooth: hci14: command tx timeout [ 661.022973][T16216] Bluetooth: hci14: command tx timeout [ 662.319054][T16216] Bluetooth: hci0: command 0x0406 tx timeout [ 663.103513][T16216] Bluetooth: hci14: command tx timeout [ 665.180556][T16216] Bluetooth: hci14: command tx timeout [ 667.006353][T16222] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 667.033354][T16222] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 667.035731][T16222] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 667.037429][T16222] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 667.038325][T16222] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 667.093200][T16206] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 667.128544][T16206] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 667.145395][T16206] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 667.148340][T16206] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 667.150951][T16206] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 667.345935][T16206] Bluetooth: hci1: command 0x0406 tx timeout [ 667.346076][T16206] Bluetooth: hci2: command 0x0406 tx timeout [ 667.654722][T16206] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 667.688467][T16206] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 667.690013][T16206] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 667.707815][T16206] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 667.733709][T16206] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 671.802146][T16246] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 671.826062][T16246] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 671.830123][T16246] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 671.861379][T16246] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 671.864150][T16246] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 672.541971][T16246] Bluetooth: hci4: command 0x0406 tx timeout [ 676.151021][ T38] INFO: task syz.5.4628:16111 blocked for more than 144 seconds. [ 676.151047][ T38] Not tainted syzkaller #0 [ 676.151058][ T38] Blocked by coredump. [ 676.151063][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 676.151072][ T38] task:syz.5.4628 state:D stack:25128 pid:16111 tgid:16111 ppid:6702 task_flags:0x40044c flags:0x00004006 [ 676.151125][ T38] Call Trace: [ 676.151132][ T38] [ 676.151146][ T38] __schedule+0x16f3/0x4c20 [ 676.151182][ T38] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 676.151204][ T38] ? arch_stack_walk+0xfc/0x150 [ 676.151244][ T38] ? __pfx___schedule+0x10/0x10 [ 676.151287][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 676.151315][ T38] rt_mutex_schedule+0x77/0xf0 [ 676.151333][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 676.151355][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 676.151396][ T38] rt_mutex_slowlock+0x2b1/0x6e0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 676.151420][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 676.151442][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 676.151481][ T38] ? __pfx___fsnotify_parent+0x10/0x10 [ 676.151512][ T38] ? tun_chr_close+0x41/0x1c0 [ 676.151534][ T38] mutex_lock_nested+0x16a/0x1d0 [ 676.151558][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 676.151582][ T38] tun_chr_close+0x41/0x1c0 [ 676.151606][ T38] __fput+0x458/0xa80 [ 676.151638][ T38] task_work_run+0x1d4/0x260 [ 676.151661][ T38] ? __pfx_task_work_run+0x10/0x10 [ 676.151681][ T38] ? do_exit+0x6b0/0x2300 [ 676.151697][ T38] ? kmem_cache_free+0x195/0x510 [ 676.151727][ T38] do_exit+0x6b5/0x2300 [ 676.151744][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 676.151775][ T38] ? __lock_acquire+0xab9/0xd20 [ 676.151800][ T38] ? __pfx_do_exit+0x10/0x10 [ 676.151815][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 676.151845][ T38] ? rt_spin_lock+0x1bb/0x2c0 [ 676.151876][ T38] do_group_exit+0x21c/0x2d0 [ 676.151899][ T38] get_signal+0x125e/0x1310 [ 676.151945][ T38] arch_do_signal_or_restart+0x9a/0x750 [ 676.151968][ T38] ? blkcg_maybe_throttle_current+0x1a8/0xbc0 [ 676.151989][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 676.152014][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 676.152051][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 676.152078][ T38] exit_to_user_mode_loop+0x75/0x110 [ 676.152101][ T38] do_syscall_64+0x2bd/0x3b0 [ 676.152119][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 676.152143][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.152161][ T38] ? clear_bhb_loop+0x60/0xb0 [ 676.152184][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.152207][ T38] RIP: 0033:0x7f2c9c8deec9 [ 676.152224][ T38] RSP: 002b:00007ffddc2f11a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 676.152243][ T38] RAX: 0000000000000000 RBX: 0000000000071baf RCX: 00007f2c9c8deec9 [ 676.152257][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 676.152268][ T38] RBP: 00007f2c9cb37da0 R08: 0000000000000001 R09: 00000003dc2f149f [ 676.152281][ T38] R10: 0000001b2e020000 R11: 0000000000000246 R12: 00007f2c9cb35fac [ 676.152294][ T38] R13: 00007f2c9cb35fa0 R14: ffffffffffffffff R15: 00007ffddc2f12c0 [ 676.152326][ T38] [ 676.152334][ T38] INFO: task syz.7.4632:16121 blocked for more than 144 seconds. [ 676.152347][ T38] Not tainted syzkaller #0 [ 676.152356][ T38] Blocked by coredump. [ 676.152362][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 676.152371][ T38] task:syz.7.4632 state:D stack:26608 pid:16121 tgid:16120 ppid:7851 task_flags:0x40054c flags:0x00004002 [ 676.152414][ T38] Call Trace: [ 676.152420][ T38] [ 676.152432][ [ 676.152432][ T38] __schedule+0x16f3/0x4c20 [ 676.152462][ T38] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 676.152483][ T38] ? arch_stack_walk+0xfc/0x150 [ 676.152523][ T38] ? __pfx___schedule+0x10/0x10 [ 676.152565][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 676.152592][ T38] rt_mutex_schedule+0x77/0xf0 [ 676.152609][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 676.152631][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 676.152671][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 676.152695][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 676.152717][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 676.152755][ T38] ? __pfx___fsnotify_parent+0x10/0x10 [ 676.152785][ T38] ? tun_chr_close+0x41/0x1c0 [ 676.152806][ T38] mutex_lock_nested+0x16a/0x1d0 [ 676.152829][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 676.152860][ T38] tun_chr_close+0x41/0x1c0 [ 676.152884][ T38] __fput+0x458/0xa80 [ 676.152915][ T38] task_work_run+0x1d4/0x260 [ 676.152936][ T38] ? __pfx_task_work_run+0x10/0x10 [ 676.152956][ T38] ? do_exit+0x6b0/0x2300 [ 676.152972][ T38] ? kmem_cache_free+0x195/0x510 [ 676.153000][ T38] do_exit+0x6b5/0x2300 [ 676.153017][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 676.153047][ T38] ? __lock_acquire+0xab9/0xd20 [ 676.153072][ T38] ? __pfx_do_exit+0x10/0x10 [ 676.153087][ T38] ? rt_mutex_slowunlock+0x493/0x8a0 [ 676.153111][ T38] ? rt_spin_lock+0x1bb/0x2c0 [ 676.153143][ T38] do_group_exit+0x21c/0x2d0 [ 676.153166][ T38] get_signal+0x125e/0x1310 [ 676.153211][ T38] arch_do_signal_or_restart+0x9a/0x750 [ 676.153240][ T38] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 676.153279][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 676.153304][ T38] exit_to_user_mode_loop+0x75/0x110 [ 676.153327][ T38] do_syscall_64+0x2bd/0x3b0 [ 676.153344][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 676.153367][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.153385][ T38] ? clear_bhb_loop+0x60/0xb0 [ 676.153407][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.153425][ T38] RIP: 0033:0x7fdd76b6eec9 [ 676.153439][ T38] RSP: 002b:00007fdd74dce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 676.153458][ T38] RAX: 0000000000000000 RBX: 00007fdd76dc5fa0 RCX: 00007fdd76b6eec9 [ 676.153471][ T38] RDX: 0000000000000038 RSI: 0000200000000580 RDI: 000000000000001b [ 676.153483][ T38] RBP: 00007fdd76bf1f91 R08: 0000000000000000 R09: 0000000000000000 [ 676.153495][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.153506][ T38] R13: 00007fdd76dc6038 R14: 00007fdd76dc5fa0 R15: 00007ffec14b0fc8 [ 676.153538][ T38] [ 676.153573][ T38] [ 676.153573][ T38] Showing all locks held in the system: [ 676.153581][ T38] 2 locks held by kworker/0:1/10: [ 676.153592][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.153640][ T38] #1: ffffc900000f7bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.153685][ T38] 7 locks held by kworker/u8:0/12: [ 676.153696][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.153742][ T38] #1: ffffc90000117bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.153788][ T38] #2: ffff88805e663300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 676.153847][ T38] #3: ffff88805c8f7120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 676.153895][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 676.153939][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.153983][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.154028][ T38] 3 locks held by kworker/u8:1/13: [ 676.154038][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.154083][ T38] #1: ffffc90000127bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.154127][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 676.154173][ T38] 2 locks held by rcuc/1/28: [ 676.154184][ T38] 7 locks held by ktimers/1/29: [ 676.154194][ T38] 4 locks held by kworker/1:0H/32: [ 676.154205][ T38] #0: ffff888019898d38 ((wq_completion)events_highpri){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.154249][ T38] #1: ffffc90000a6fbc0 ((work_completion)(&ptr->w[cpu])){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.154294][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.154338][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.154384][ T38] 1 lock held by khungtaskd/38: [ 676.154394][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 676.154447][ T38] 3 locks held by kworker/u8:6/1113: [ 676.154458][ T38] #0: ffff88814d24a138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.154502][ T38] #1: ffffc90004d7fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.154548][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 676.154595][ T38] 4 locks held by kworker/u8:7/1338: [ 676.154605][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.154649][ T38] #1: ffffc9000544fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.154693][ T38] #2: ffffffff8ecc6980 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 676.154739][ T38] #3: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 676.154794][ T38] 6 locks held by kworker/u9:1/5153: [ 676.154804][ T38] #0: ffff8880378cb138 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.154859][ T38] #1: ffffc9001000fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.154905][ T38] #2: ffff888041254e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 676.154949][ T38] #3: ffff8880412540a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 676.154996][ T38] #4: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 676.155043][ T38] #5: ffff8880385fd358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 676.155089][ T38] 2 locks held by getty/5598: [ 676.155099][ T38] #0: ffff88823bf2c0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 676.155147][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 676.155193][ T38] 4 locks held by kworker/u9:2/5842: [ 676.155203][ T38] #0: ffff88803ce28138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.155252][ T38] #1: ffffc90004c3fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.155297][ T38] #2: ffff888060f600a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 676.155341][ T38] #3: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 676.155386][ T38] 5 locks held by kworker/u9:4/5851: [ 676.155397][ T38] #0: ffff88802897e938 ((wq_completion)hci1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.155446][ T38] #1: ffffc90004befbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.155491][ T38] #2: ffff88806fb98e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 676.155533][ T38] #3: ffff88806fb980a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 676.155579][ T38] #4: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 676.155627][ T38] 4 locks held by kworker/1:3/5895: [ 676.155638][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.155683][ T38] #1: ffffc90004f1fbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.155727][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.155771][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.155817][ T38] 4 locks held by kworker/1:4/5926: [ 676.155827][ T38] #0: ffff888059e6ed38 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.155882][ T38] #1: ffffc9000520fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.155941][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.155985][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.156030][ T38] 4 locks held by kworker/1:6/5953: [ 676.156040][ T38] #0: ffff88805c214938 ((wq_completion)wg-crypt-wg2#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.156089][ T38] #1: ffffc9000530fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.156164][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.156208][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.156252][ T38] 4 locks held by kworker/1:7/6061: [ 676.156262][ T38] #0: ffff88805e9b1538 ((wq_completion)wg-kex-wg2#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.156311][ T38] #1: ffffc90005d5fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.156369][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.156413][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.156464][ T38] 2 locks held by syz.4.4623/16100: [ 676.156474][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 676.156520][ T38] #1: ffffffff8d843810 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x8de/0x1fe0 [ 676.156566][ T38] 4 locks held by kworker/1:1/16106: [ 676.156576][ T38] #0: ffff88805f0d3938 ((wq_completion)wg-kex-wg1#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.156625][ T38] #1: ffffc9000ce47bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.156684][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.156727][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.156772][ T38] 1 lock held by syz.5.4628/16111: [ 676.156783][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 676.156829][ T38] 1 lock held by syz.7.4632/16121: [ 676.156845][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 676.156891][ T38] 3 locks held by syz-executor/16128: [ 676.156902][ T38] #0: ffff88804bfe0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 676.156946][ T38] #1: ffff88804bfe00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 676.156992][ T38] #2: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 676.157035][ T38] 2 locks held by syz-executor/16144: [ 676.157046][ T38] #0: ffffffff8f1d7be8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 676.157097][ T38] #1: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 676.157143][ T38] 3 locks held by syz-executor/16145: [ 676.157153][ T38] #0: ffff88806c700e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 676.157197][ T38] #1: ffff88806c7000a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 676.157243][ T38] #2: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 676.157286][ T38] 1 lock held by syz-executor/16149: [ 676.157296][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 676.157342][ T38] 2 locks held by syz-executor/16152: [ 676.157353][ T38] #0: ffffffff8f1d8740 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 676.157403][ T38] #1: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 676.157450][ T38] 4 locks held by kworker/1:2/16159: [ 676.157461][ T38] #0: ffff8880620b4d38 ((wq_completion)wg-crypt-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.157510][ T38] #1: ffffc90005bdfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.157568][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.157611][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.157656][ T38] 4 locks held by kworker/1:8/16160: [ 676.157666][ T38] #0: ffff88802f288d38 ((wq_completion)wg-crypt-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.157715][ T38] #1: ffffc90005bbfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.157774][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 676.157818][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 676.157869][ T38] 1 lock held by syz-executor/16178: [ 676.157880][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.157923][ T38] 1 lock held by syz-executor/16182: [ 676.157933][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.157975][ T38] 1 lock held by syz-executor/16184: [ 676.157986][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158027][ T38] 1 lock held by syz-executor/16187: [ 676.158038][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158080][ T38] 1 lock held by syz-executor/16190: [ 676.158090][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158133][ T38] 1 lock held by syz-executor/16205: [ 676.158144][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158186][ T38] 4 locks held by kworker/u9:0/16206: [ 676.158196][ T38] #0: ffff88807fa72938 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.158245][ T38] #1: ffffc90004237bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.158289][ T38] #2: ffff8880708b00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 676.158333][ T38] #3: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 676.158378][ T38] 5 locks held by kworker/u9:3/16208: [ 676.158388][ T38] #0: ffff8880242b8138 ((wq_completion)hci2#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.158437][ T38] #1: ffffc90004bbfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.158482][ T38] #2: ffff888069628e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 676.158524][ T38] #3: ffff8880696280a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 676.158570][ T38] #4: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 676.158617][ T38] 1 lock held by syz-executor/16212: [ 676.158628][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158671][ T38] 1 lock held by syz-executor/16213: [ 676.158681][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158723][ T38] 4 locks held by kworker/u9:5/16216: [ 676.158733][ T38] #0: ffff888028538938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.158783][ T38] #1: ffffc90004217bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.158827][ T38] #2: ffff8880509740a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 676.158876][ T38] #3: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 676.158921][ T38] 1 lock held by syz-executor/16217: [ 676.158931][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.158973][ T38] 1 lock held by syz-executor/16221: [ 676.158983][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159025][ T38] 5 locks held by kworker/u9:7/16222: [ 676.159035][ T38] #0: ffff8880274aa138 ((wq_completion)hci4#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.159084][ T38] #1: ffffc900040efbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.159129][ T38] #2: ffff888028294e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 676.159172][ T38] #3: ffff8880282940a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 676.159218][ T38] #4: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 676.159266][ T38] 1 lock held by syz-executor/16232: [ 676.159277][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159320][ T38] 1 lock held by syz-executor/16237: [ 676.159330][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159372][ T38] 1 lock held by syz-executor/16239: [ 676.159383][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159425][ T38] 1 lock held by syz-executor/16241: [ 676.159435][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159477][ T38] 4 locks held by kworker/u9:8/16243: [ 676.159487][ T38] #0: ffff88805ecdd138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.159535][ T38] #1: ffffc900041b7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.159580][ T38] #2: ffff88804d9880a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 676.159623][ T38] #3: ffffffff8ee3b2d8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 676.159669][ T38] 1 lock held by syz-executor/16245: [ 676.159679][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 676.159721][ T38] 3 locks held by kworker/u9:9/16246: [ 676.159731][ T38] #0: ffff888063365938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 676.159775][ T38] #1: ffffc90003f77bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 676.159820][ T38] #2: ffff88805f328e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 676.159876][ T38] [ 676.159882][ T38] ============================================= [ 676.159882][ T38] [ 676.159897][ T38] NMI backtrace for cpu 0 [ 676.159920][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.159966][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.159989][ T38] Call Trace: [ 676.160004][ T38] [ 676.160021][ T38] dump_stack_lvl+0x189/0x250 [ 676.160090][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.160152][ T38] ? __pfx__printk+0x10/0x10 [ 676.160227][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 676.160263][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 676.160284][ T38] ? __pfx__printk+0x10/0x10 [ 676.160307][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 676.160330][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 676.160354][ T38] watchdog+0xf93/0xfe0 [ 676.160381][ T38] ? watchdog+0x1de/0xfe0 [ 676.160408][ T38] kthread+0x70e/0x8a0 [ 676.160434][ T38] ? __pfx_watchdog+0x10/0x10 [ 676.160454][ T38] ? __pfx_kthread+0x10/0x10 [ 676.160482][ T38] ? __pfx_kthread+0x10/0x10 [ 676.160506][ T38] ret_from_fork+0x436/0x7d0 [ 676.160531][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 676.160573][ T38] ? __switch_to_asm+0x39/0x70 [ 676.160589][ T38] ? __switch_to_asm+0x33/0x70 [ 676.160601][ T38] ? __pfx_kthread+0x10/0x10 [ 676.160624][ T38] ret_from_fork_asm+0x1a/0x30 [ 676.160657][ T38] [ 676.160706][ T38] Sending NMI from CPU 0 to CPUs 1: [ 676.160730][ C1] NMI backtrace for cpu 1 [ 676.160743][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.160761][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.160770][ C1] RIP: 0010:__lock_acquire+0x2b2/0xd20 [ 676.160790][ C1] Code: e1 ff 1f 00 00 ba 00 e0 ff ff 41 23 54 c7 20 09 ca 41 89 54 c7 20 4d 89 4c c7 08 49 89 5c c7 10 4c 8b 6c 24 68 4d 89 6c c7 18 <65> 8b 15 b3 73 5a 10 31 f6 85 d2 40 0f 95 c6 31 d2 83 bf 04 0b 00 [ 676.160803][ C1] RSP: 0018:ffffc90000a3e288 EFLAGS: 00000002 [ 676.160817][ C1] RAX: 0000000000000023 RBX: ffffffff8d9a8d80 RCX: 000000000000000b [ 676.160828][ C1] RDX: 000000000002000b RSI: 000000000000000b RDI: ffff88801cac1dc0 [ 676.160838][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8172c165 [ 676.160848][ C1] R10: ffffc90000a3e4d8 R11: ffffffff81aaf310 R12: 0000000000000002 [ 676.160859][ C1] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801cac28e0 [ 676.160869][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 676.160882][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 676.160893][ C1] CR2: 0000563501132660 CR3: 0000000024652000 CR4: 00000000003526f0 [ 676.160907][ C1] Call Trace: [ 676.160913][ C1] [ 676.160923][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.160940][ C1] lock_acquire+0x120/0x360 [ 676.160957][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.160978][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.160995][ C1] ? nf_hook_slow+0xc2/0x220 [ 676.161014][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.161031][ C1] unwind_next_frame+0xc2/0x2390 [ 676.161048][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.161067][ C1] ? unwind_next_frame+0xa5/0x2390 [ 676.161085][ C1] ? nft_do_chain_inet+0x25d/0x340 [ 676.161102][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 676.161118][ C1] arch_stack_walk+0x11c/0x150 [ 676.161139][ C1] ? nf_hook_slow+0xc2/0x220 [ 676.161158][ C1] stack_trace_save+0x9c/0xe0 [ 676.161173][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 676.161186][ C1] ? do_raw_spin_lock+0x121/0x290 [ 676.161207][ C1] kasan_save_track+0x3e/0x80 [ 676.161223][ C1] ? kasan_save_track+0x3e/0x80 [ 676.161237][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 676.161252][ C1] ? __kmalloc_cache_noprof+0x1a8/0x320 [ 676.161269][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 676.161288][ C1] ? dst_init+0xd9/0x450 [ 676.161301][ C1] ? dst_alloc+0x12a/0x170 [ 676.161314][ C1] ? ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 676.161330][ C1] ? ip_route_output_key_hash+0x1b9/0x2e0 [ 676.161344][ C1] ? ip_route_output_flow+0x2a/0x150 [ 676.161357][ C1] ? ip_route_me_harder+0x6d2/0x1030 [ 676.161373][ C1] ? synproxy_send_tcp+0x359/0x6c0 [ 676.161391][ C1] ? synproxy_send_client_synack+0x8bb/0xe20 [ 676.161409][ C1] ? nft_synproxy_eval_v4+0x36e/0x560 [ 676.161424][ C1] ? nft_synproxy_do_eval+0x345/0x570 [ 676.161439][ C1] ? nft_do_chain+0x409/0x1920 [ 676.161452][ C1] ? nft_do_chain_inet+0x25d/0x340 [ 676.161466][ C1] ? nf_hook_slow+0xc2/0x220 [ 676.161497][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 676.161516][ C1] __kasan_kmalloc+0x93/0xb0 [ 676.161533][ C1] __kmalloc_cache_noprof+0x1a8/0x320 [ 676.161551][ C1] ? ref_tracker_alloc+0x13b/0x450 [ 676.161570][ C1] ref_tracker_alloc+0x13b/0x450 [ 676.161595][ C1] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 676.161619][ C1] ? dst_alloc+0x105/0x170 [ 676.161633][ C1] ? dst_alloc+0x105/0x170 [ 676.161648][ C1] dst_init+0xd9/0x450 [ 676.161663][ C1] dst_alloc+0x12a/0x170 [ 676.161679][ C1] ip_route_output_key_hash_rcu+0x1560/0x23e0 [ 676.161698][ C1] ? ip_route_output_key_hash+0xde/0x2e0 [ 676.161714][ C1] ip_route_output_key_hash+0x1b9/0x2e0 [ 676.161729][ C1] ? __lock_acquire+0xab9/0xd20 [ 676.161746][ C1] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 676.161764][ C1] ? ip_route_me_harder+0x4ad/0x1030 [ 676.161784][ C1] ip_route_output_flow+0x2a/0x150 [ 676.161797][ C1] ? ip_route_me_harder+0x6c0/0x1030 [ 676.161813][ C1] ip_route_me_harder+0x6d2/0x1030 [ 676.161833][ C1] ? __pfx_ip_route_me_harder+0x10/0x10 [ 676.161861][ C1] synproxy_send_tcp+0x359/0x6c0 [ 676.161883][ C1] synproxy_send_client_synack+0x8bb/0xe20 [ 676.161907][ C1] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 676.161925][ C1] ? nft_synproxy_eval_v6+0x1b8/0x560 [ 676.161940][ C1] ? synproxy_pernet+0x45/0x270 [ 676.161957][ C1] nft_synproxy_eval_v4+0x36e/0x560 [ 676.161975][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 676.161991][ C1] ? nf_ip_checksum+0x13c/0x510 [ 676.162007][ C1] nft_synproxy_do_eval+0x345/0x570 [ 676.162025][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 676.162040][ C1] ? __pfx___ip_vs_conn_in_get+0x10/0x10 [ 676.162061][ C1] nft_do_chain+0x409/0x1920 [ 676.162082][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 676.162098][ C1] ? __pfx_ip_vs_conn_out_get_proto+0x10/0x10 [ 676.162113][ C1] ? stack_trace_save+0x9c/0xe0 [ 676.162135][ C1] ? ip_vs_out_hook+0x9b5/0xef0 [ 676.162152][ C1] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 676.162170][ C1] nft_do_chain_inet+0x25d/0x340 [ 676.162184][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 676.162204][ C1] ? NF_HOOK+0x9a/0x3a0 [ 676.162221][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 676.162237][ C1] nf_hook_slow+0xc2/0x220 [ 676.162258][ C1] NF_HOOK+0x206/0x3a0 [ 676.162275][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 676.162292][ C1] ? NF_HOOK+0x9a/0x3a0 [ 676.162308][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 676.162324][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 676.162343][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 676.162361][ C1] ? skb_dst+0x4f/0xd0 [ 676.162378][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 676.162397][ C1] NF_HOOK+0x30c/0x3a0 [ 676.162414][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 676.162431][ C1] ? NF_HOOK+0x9a/0x3a0 [ 676.162447][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 676.162465][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 676.162486][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 676.162502][ C1] __netif_receive_skb+0x143/0x380 [ 676.162519][ C1] ? rt_spin_unlock+0x65/0x80 [ 676.162537][ C1] ? process_backlog+0x27b/0x900 [ 676.162553][ C1] process_backlog+0x31e/0x900 [ 676.162575][ C1] __napi_poll+0xb6/0x540 [ 676.162598][ C1] net_rx_action+0x707/0xe00 [ 676.162615][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 676.162640][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 676.162672][ C1] handle_softirqs+0x22f/0x710 [ 676.162692][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 676.162713][ C1] run_ktimerd+0xcf/0x190 [ 676.162730][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 676.162748][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 676.162764][ C1] ? smpboot_thread_fn+0x5f4/0xa60 [ 676.162781][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 676.162796][ C1] smpboot_thread_fn+0x53f/0xa60 [ 676.162813][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 676.162834][ C1] kthread+0x70e/0x8a0 [ 676.162853][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 676.162870][ C1] ? __pfx_kthread+0x10/0x10 [ 676.162890][ C1] ? __pfx_kthread+0x10/0x10 [ 676.162908][ C1] ret_from_fork+0x436/0x7d0 [ 676.162925][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 676.162944][ C1] ? __switch_to_asm+0x39/0x70 [ 676.162957][ C1] ? __switch_to_asm+0x33/0x70 [ 676.162970][ C1] ? __pfx_kthread+0x10/0x10 [ 676.162988][ C1] ret_from_fork_asm+0x1a/0x30 [ 676.163008][ C1] [ 676.540800][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 676.540821][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 676.540842][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 676.540854][ T38] Call Trace: [ 676.540861][ T38] [ 676.540871][ T38] dump_stack_lvl+0x99/0x250 [ 676.540900][ T38] ? __asan_memcpy+0x40/0x70 [ 676.540920][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 676.540944][ T38] ? __pfx__printk+0x10/0x10 [ 676.540977][ T38] vpanic+0x281/0x750 [ 676.541003][ T38] ? __pfx_vpanic+0x10/0x10 [ 676.541023][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 676.541041][ T38] ? preempt_schedule+0xae/0xc0 [ 676.541065][ T38] ? preempt_schedule_common+0x83/0xd0 [ 676.541095][ T38] panic+0xb9/0xc0 [ 676.541117][ T38] ? __pfx_panic+0x10/0x10 [ 676.541140][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 676.541166][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 676.541191][ T38] watchdog+0xfd2/0xfe0 [ 676.541217][ T38] ? watchdog+0x1de/0xfe0 [ 676.541244][ T38] kthread+0x70e/0x8a0 [ 676.541270][ T38] ? __pfx_watchdog+0x10/0x10 [ 676.541290][ T38] ? __pfx_kthread+0x10/0x10 [ 676.541319][ T38] ? __pfx_kthread+0x10/0x10 [ 676.541343][ T38] ret_from_fork+0x436/0x7d0 [ 676.541368][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 676.541395][ T38] ? __switch_to_asm+0x39/0x70 [ 676.541410][ T38] ? __switch_to_asm+0x33/0x70 [ 676.541426][ T38] ? __pfx_kthread+0x10/0x10 [ 676.541451][ T38] ret_from_fork_asm+0x1a/0x30 [ 676.541483][ T38] [ 676.541739][ T38] Kernel Offset: disabled