last executing test programs: 6m20.550396302s ago: executing program 4 (id=195): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x4e}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 6m20.456038564s ago: executing program 4 (id=197): bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000001580)='ns/mnt\x00') ioctl$NS_GET_USERNS(r0, 0xb701, 0x0) 6m20.405060353s ago: executing program 4 (id=198): r0 = socket(0x2b, 0x80801, 0x1) listen(r0, 0x0) ioctl$sock_SIOCOUTQNSD(r0, 0x8905, 0x0) 6m20.294978788s ago: executing program 4 (id=200): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$nfs(&(0x7f00000001c0)='..\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x85000, 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 6m20.022542929s ago: executing program 4 (id=202): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) getsockname$packet(r0, 0x0, &(0x7f0000000900)) 6m18.740338945s ago: executing program 4 (id=216): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002f0180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 6m18.282239185s ago: executing program 32 (id=216): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002f0180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x5}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r0, 0x0, 0x9}, 0x18) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 3m4.693941367s ago: executing program 5 (id=2510): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @remote}, 0x10) setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f00000009c0)=0x1234, 0x4) 3m3.638722978s ago: executing program 5 (id=2516): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000140), &(0x7f0000000180)=0x4) 3m3.370532403s ago: executing program 5 (id=2519): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x2, &(0x7f0000000180)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}}) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) 3m3.124666328s ago: executing program 5 (id=2524): recvmsg$unix(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}, 0x22) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000702000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b7000000000000009500001000000000a80501363034fdb117168bd07ba00af739d1a1ee35fe163a255c33282044b32495ef8ab9adc67ccc945f105d802f5132143c0a9fc7a84452569957c1002ed7d4d8e17f791f4798c8eb483e9973320d046c3126c6afcfd84de03352c69b3edff5be26f8ffa5f8f2879021c2ea53ea79acd7fb38dd1abb75aa393cea26d465637d11f705000000473e7b7c4ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057844f226ef4e912f01a201e694e3806e8c70e8b69524cd19f7525d8d66bb766f7f3f918c86a70252236800001897133af94a5a4cfc794d8b9d7c33632152c48eaf302f0b2e0c252b00000000000000006f1bbefbe08de65e3762e194ba4cae8b13535d7d11ee917bca4885bbf597a14ab2458efce78510d86272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36bed435000025ecd201d2ffb0a7fa4f5d11060cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b9d86329bd5b4697336112b0b8754ce3574046bf6114d1a88597850b77378fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f3faf37ebdfccea0c002ad2b42047c9ec43193ccf617dbf8a12b4f189edbf9fb7c42b1f435ccd4d96822e6b70100912c92e3943e9c4f45d8bcd528fa8a3ea847f10e9b2506f3bb506f1d7fbde8010000000000a073d0de5538ab42e170b3baae34c35987b0dda497ac3f5e97e6e6aeea15c6d5ed24310100000003bb6030f84b63aaf8690db0221b1705c501f802ff59b4e683efa4b6e77e042072bd2ac37d413008ec9eb8166f6e28b49a77ed91befc65315896f88a8fb1dd679fb4c515f8b7a5b7aca6a251a89d47b728502f7e621cc0e3ba04000000c149ee6601728c750d304197c22da8650579475afd96187d881e93b42a5fdfd686d8900c44c67133dad58037fda65885a15a429edfe3027a5ebf95254744f10fd607bc3300b94932b8d944e0b083bbd86b19cb074577a25ff581d92af08a06f857310a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6a1def886c95676dce6a8194479700a02b92bdc8d05eae1f24fdd7b80d1bb404c22f681594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4c2d7acf1dfe79d6771903b76e21190c22d641030e1ddacf006c3116e1803af20a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f0001000077339b4200000000108a3c87b19d5b9a00c75d84a92d6dcf00ba96edf35ede0e2b57c26e94801b498924166bde57d5f24258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548971d5d16296dd08e020000007a27310d5d01f8a8a0f5212d7f628f554afea715ccbc66cbb1016490f5d579308cb3188cf2fcaf67e0c16443d526ba4b968f07ae362c2133c168313e84beb871203880dd453c45d0a137d7f5a8b039dbfa62fb2b4214f8e69f967bf1fbd89e77fcca110000000800000000000000f8877994ebdc35f7efd41e3babd9b3782edd6776d5b6cb4ecd72c9de9b5503747d71440378cf2c2c7ea2dc5febb654a867f853713cf4c0bb322fbbe446d18dee4c821275ef18259cafc346c8b3b9fb0f3adcf6ea310a6b9a3f59e29a5909ea047fb61affb4bc8bbea1fb761b8933795b1a91358a7791aa843d07020e8bb6fc18458c49ac6313e7165b7d9f65e94a62b69f1011b94340cdb7303f01e5cdb5682ddf73d65c3de1d88dd7496d6345d5b9de0223988056a53e19a8b96b9640bc6c09d3c2ff894d626b57c776ed53f94d5e22ff148061b37f72bd92924cb1d0a725e19b264346b7cae0251a850de78316503f3c3d395c7e3f04fc8d52583327cd2341ce4b2d092815376299686f41353b2823814563011a2223b9dd00000000000000000000003a131374a3371cb3e2a9bb4d798b91cefa444501f40b7c9589e8c0bb6c82123d2b45ce905d0903b32ecf30e828c71a07a83f3275f3d661d1af0ffbd5d7f0"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r0, 0xfeffff, 0x1c0, 0x3f000002, &(0x7f0000000700)="c45c57ce395de5b289f07d637a223920f181c2e57d71483cfb2d075a3ff07258e080a194805cdb0c26d3f7ffb1e0d9cf4fa36dcb2168b72de48ac8f93e6804f1c4d70898d0810e044d7e1778eaac5dfdcc9f1208905522025bcfdf1b6f969b094d5c022c2b7ffefde71e0627b9a2069cc1e0175c4b8860aad4b0a103c589f676b6c4e85eb3950c533b6e62c39ccf9ae9bfe54ee5887358d44f46337fbe090d7c7e55847edee8130ffd3d1e719e01a68b0e691c0d35b0b56e0b514036342fd56f08ac0083f3c2fe41a1295a3d23cf3d160d4fd90f66beba68860456ed41272e1e68d16c2564c85f5556e18784113c493d13253e14d6eb891707fba3c30d07d5ee8619e4426cafec4cf6a3723c455d09b586b248", 0x0, 0xf0, 0x0, 0xf0, 0xffffff0c}, 0x40) 3m2.911960664s ago: executing program 5 (id=2529): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 3m2.611486223s ago: executing program 5 (id=2533): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) 2m52.323722693s ago: executing program 1 (id=2637): r0 = socket$isdn(0x22, 0x2, 0x25) r1 = socket$isdn(0x22, 0x2, 0x24) dup3(r0, r1, 0x0) 2m52.066016244s ago: executing program 1 (id=2641): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff000000000300000000000000000000000200000000000000000000000000000a030000000000000000000002"], 0x0, 0x56}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x1a, 0x4, 0x0, 0x1, 0x8000, 0x1, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, @value=r0}, 0x50) 2m51.970561189s ago: executing program 1 (id=2643): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="9c01000010000100"/20, @ANYRES32=r1, @ANYBLOB="00000000000000007c011a80400002803c0001800800070000000000080018000000000008000300000000000c0009000300000008000c0000000000080012000000000008001f000000000078000a8014000700fc01000000000000000000000000000014000700fe80000000000000000000000000000014000700200100000000000000000000000000010500080002"], 0x19c}}, 0x0) 2m51.727160516s ago: executing program 1 (id=2645): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x19, 0x4, 0x8, 0x8}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000400850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0x3100, 0x3100, &(0x7f0000000000), 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2m51.413318771s ago: executing program 1 (id=2649): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 2m51.210384867s ago: executing program 1 (id=2652): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='oom_adj\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) 2m47.45581095s ago: executing program 33 (id=2533): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) 2m35.738621662s ago: executing program 34 (id=2652): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='oom_adj\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) 1m16.209259624s ago: executing program 0 (id=3621): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/prev\x00') exit(0x0) read$FUSE(r0, 0x0, 0x0) 1m14.67451772s ago: executing program 7 (id=3635): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000080)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5ba6fa693400000000ed884e04001726b360fbb37b4fe035bbb09587", 0xffffffffffffff1e}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1", 0x1d}], 0x2, 0x0, 0x2f, 0x8004}], 0x1, 0x40804) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, @short={0x2, 0xffff, 0xaaa1}}, 0x14, &(0x7f0000000080)={0x0}, 0x7, 0x0, 0x0, 0x6004a014}, 0x600c010) 1m14.674267079s ago: executing program 0 (id=3636): r0 = socket$packet(0x11, 0x2, 0x300) readv(r0, &(0x7f00000015c0)=[{&(0x7f00000000c0)=""/135, 0x87}], 0x1) setsockopt$sock_int(r0, 0x1, 0x52, &(0x7f0000000040)=0x92c, 0x4) 1m14.28921922s ago: executing program 7 (id=3639): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x32) ioctl$IMDELTIMER(r0, 0x80044941, &(0x7f0000000140)=0x2) 1m13.825151381s ago: executing program 7 (id=3641): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) r0 = syz_open_procfs$namespace(0x0, &(0x7f00000001c0)='ns/ipc\x00') setns(r0, 0x0) 1m13.248843134s ago: executing program 7 (id=3645): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae09, &(0x7f0000000240)) 1m12.7735005s ago: executing program 7 (id=3647): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) 1m12.38767599s ago: executing program 7 (id=3650): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) write$tun(r0, &(0x7f00000003c0)={@void, @val={0x3, 0x3, 0x8, 0x6ed, 0x19, 0xc}, @ipv4=@tcp={{0x5, 0x4, 0x1, 0x1, 0x708, 0x67, 0x0, 0x4a, 0x6, 0x0, @empty, @multicast1}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x10, 0x20, 0xece5, 0x0, 0x0, {[@md5sig={0x13, 0x12, "603a36c5fac4eb3f75228174598dfe02"}, @window={0x3, 0x3, 0x5}, @exp_fastopen={0xfe, 0x4}, @md5sig={0x13, 0x12, "be00"}]}}, {"37133e621c2638a33e86ba9549f70bcb5248d5ec42b8d998cb66f8be7954ed58d31e76dc6a63b33af97be654129e2c261c13069126075cf7bf4a73b7cf7ffd9ee0d77d7cc7e834cd670072b6a2a263462dd478456a8cf276b43db7893a82743f2bf8e6b2b986942d02c7fe7861348834be815c88b41b90a3e818c5f75885c608cbe9a51841b72ce54e3edacca6dec10ac658558a822a5a19bf391cce6cf552d26848e55dd343b1035f05e8c6cfec5a7234b94e9b69a48aaf67896bd25b2ef1f8604f50c8c9b600ccea72fc24883927aea1ef52869a59f4780f332d3c27fd3bde3d4e59aa5239bb3ce0dded2d372ced04df34f0744272ca2156d1569f02efa1eab573b2600534e7d94bfff550af386e70b7e03f2229ff278a1ac88090679baeb348b32b3c423f9fa17f818d4e516051ad2b2c7323e9f79efb4d51fc3c0206087b8632633887929191106cf1d2c6b4bce60129fc70ef092ed0701ef8d96841e2cb3a0bc458d072f1b6cdddb859c28f243c0e29f8d8610872d453f8f5078151dfeca510ccc4cf88b047778a986941babc2592ce5a10611ff28b389072681bcf1384468eebdea6b7861bbb76622c885ade841e25ba301985766c98683242abdafebc1a9298f0c022b1859392036c1a285ed1b4ea99bde65ad8dd5f53d0b511582ec29082846b8f966ec350e1927759602ab7149e3d624d5fa9ce251518edfa14848bbf06d57387a6a388b5062a9b261ec1fbcb0e3c4214336d1ad1390d2509beb9ba48df7ad8f57cc3d788f1b72648df57b08ee4640218c70a05ca42fabf5800ee5af43eb3a92c3f3fc217e07557334bc33e5d721d3fea3f808d2a08282848daaff3f9408b189628ac6c572ab341d0730c34140ff70711aa0bbd1dc69c31adb0e7f85b8406633c15426b50394d08a6ad78fcffaba1f2cb2b807092ea4168e93f589dfc0f4a21f996ec5a8cab46140b7f164159bed4556b982d3b5973009caefc9a0a7d04d773b7aeb3793396e09376340fbc3e761a4c0b51c5999d598a5bf1e03129ba5902db74133f271c3a207693d363f51ae50c0795eaaf2dfd6cb0fe6dac339200f9fc10a5fe6208d30edce8d95587b8440ea13f1711550a1221d886c91716214a1cd706f915ff588cce5d965f316c5baa9b651432e9f4d20bb52dde2384be94ffe88fb73cd404ebe2b86f32ec4605cd8ee4b2f61bf66195946e7f7746d53578b110d22374d219cb8d1f59d761b74a67d43962b518beb3c734d8bb1adc7f2655e7404c3a47b04b8a3fab14ed91ff5d1324cfa8ef5ada108fbd4d754f0eae29fe2e63e328845cbc91dc83bd081da52659c6f87f3a2a27665d788484ae55ed4b514d1e16a4c85d4ffb1811ccc22cd238a83476dd387b2a830671299e61e55621b4cc0a3ae9d5bc983d2436c2cc16ae06c3f8146a64fa679e78b78ea23c46a757a98306c4b3be1b066ba3609938594b3051b8bb2a15951c6bfb71065188c2d812a14adcfe6262c997e89d158df2ae28e8ca0ce4d9bd60d2f35fac5c836fef8df3fdde2e06f5aaa0ad44b49d2d873e4e3bd2333c4add16e5a22a00fba56a4670d1c5d36458399cbe7e179bbe09a69508d10187ee53e756e1eceb059b4562951a7193464e125732db963bb9ebfe03fa342fb43a4c42650252b615cc396b6ded80595151d878d42f9a9d287032a4a99bd2ed86704ba3cd6805eae79a05ac05e2cc99209952111663d793bd882cc6552262215f604425284fd31b6cc2b5427a7213ca932c3ad91a4ebe95d33fbf31440e5d52215f6efd0615552c2a27669fab0b6e4c02d3433663fae7c22a23fea2adbb5ce8b068575b304cec575fdfa4fd4735f356ad56902fe1c349959f925199c7bcd294511765290ab32863344127717fd3e051a3240fc04ed0a0f90f99ccd3174252820de2ea369be05aceabb1649c9a3372e13ccc2f4cf0dc79ee7638dde37fbfcd2916d375a46f4bf1c991387444d3bdac2a1c1d5ef44cfd563a79b96331a59302761b2eac63444126aea1f1e7ca2287b8c82f9dc9037e39063d98cd3c6c57b4f34ee83604ce93cb902f3196f0aaeb7ed04b9e97436f17a082d17806f3dc0ebc2d336d59fc0829d4169fc8954347a3d449b709a0ad7f6dd89b5d5a18d7a2d479cf27ef62d52a34f45e4e5320b50e40f2375c808442978263d2e709aee56ebc5132c812fb527d618b61443aafa8adf89a06ae35cf7ffc238d9be77070ab66291a6d9b8a2333c9ab0b474f07c830b27f1ede86605c524ffec64b65876b04f3872ed9a34ab88f73bbb56f18b09e3c081abe9afc0613a79ef5b7e6c6720b4b9df5e663c399f7f645e20d47745f7c8a65a657d16e73f3d1d70739e2da66a6c667f3fba6763600f71c551ef0b5e6d63dd2213287ff544a35a20de5ee6b623e1e6e0970c38bfb6ce7a71a"}}}}, 0x712) 1m7.883296517s ago: executing program 0 (id=3654): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455cb, 0x1) 1m7.472295244s ago: executing program 0 (id=3659): r0 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x4e22, 0x4, @dev, 0x601}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x2004fc10) close(r0) 1m6.896806291s ago: executing program 0 (id=3664): r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000340), 0xf2, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r1, r1, r0}, 0x0, 0x0, 0x0) 1m6.62428086s ago: executing program 0 (id=3668): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x1e}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x401}]}}]}, 0x40}}, 0x4048000) 56.615139732s ago: executing program 35 (id=3650): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) write$tun(r0, &(0x7f00000003c0)={@void, @val={0x3, 0x3, 0x8, 0x6ed, 0x19, 0xc}, @ipv4=@tcp={{0x5, 0x4, 0x1, 0x1, 0x708, 0x67, 0x0, 0x4a, 0x6, 0x0, @empty, @multicast1}, {{0x4e23, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x10, 0x20, 0xece5, 0x0, 0x0, {[@md5sig={0x13, 0x12, "603a36c5fac4eb3f75228174598dfe02"}, @window={0x3, 0x3, 0x5}, @exp_fastopen={0xfe, 0x4}, @md5sig={0x13, 0x12, "be00"}]}}, {"37133e621c2638a33e86ba9549f70bcb5248d5ec42b8d998cb66f8be7954ed58d31e76dc6a63b33af97be654129e2c261c13069126075cf7bf4a73b7cf7ffd9ee0d77d7cc7e834cd670072b6a2a263462dd478456a8cf276b43db7893a82743f2bf8e6b2b986942d02c7fe7861348834be815c88b41b90a3e818c5f75885c608cbe9a51841b72ce54e3edacca6dec10ac658558a822a5a19bf391cce6cf552d26848e55dd343b1035f05e8c6cfec5a7234b94e9b69a48aaf67896bd25b2ef1f8604f50c8c9b600ccea72fc24883927aea1ef52869a59f4780f332d3c27fd3bde3d4e59aa5239bb3ce0dded2d372ced04df34f0744272ca2156d1569f02efa1eab573b2600534e7d94bfff550af386e70b7e03f2229ff278a1ac88090679baeb348b32b3c423f9fa17f818d4e516051ad2b2c7323e9f79efb4d51fc3c0206087b8632633887929191106cf1d2c6b4bce60129fc70ef092ed0701ef8d96841e2cb3a0bc458d072f1b6cdddb859c28f243c0e29f8d8610872d453f8f5078151dfeca510ccc4cf88b047778a986941babc2592ce5a10611ff28b389072681bcf1384468eebdea6b7861bbb76622c885ade841e25ba301985766c98683242abdafebc1a9298f0c022b1859392036c1a285ed1b4ea99bde65ad8dd5f53d0b511582ec29082846b8f966ec350e1927759602ab7149e3d624d5fa9ce251518edfa14848bbf06d57387a6a388b5062a9b261ec1fbcb0e3c4214336d1ad1390d2509beb9ba48df7ad8f57cc3d788f1b72648df57b08ee4640218c70a05ca42fabf5800ee5af43eb3a92c3f3fc217e07557334bc33e5d721d3fea3f808d2a08282848daaff3f9408b189628ac6c572ab341d0730c34140ff70711aa0bbd1dc69c31adb0e7f85b8406633c15426b50394d08a6ad78fcffaba1f2cb2b807092ea4168e93f589dfc0f4a21f996ec5a8cab46140b7f164159bed4556b982d3b5973009caefc9a0a7d04d773b7aeb3793396e09376340fbc3e761a4c0b51c5999d598a5bf1e03129ba5902db74133f271c3a207693d363f51ae50c0795eaaf2dfd6cb0fe6dac339200f9fc10a5fe6208d30edce8d95587b8440ea13f1711550a1221d886c91716214a1cd706f915ff588cce5d965f316c5baa9b651432e9f4d20bb52dde2384be94ffe88fb73cd404ebe2b86f32ec4605cd8ee4b2f61bf66195946e7f7746d53578b110d22374d219cb8d1f59d761b74a67d43962b518beb3c734d8bb1adc7f2655e7404c3a47b04b8a3fab14ed91ff5d1324cfa8ef5ada108fbd4d754f0eae29fe2e63e328845cbc91dc83bd081da52659c6f87f3a2a27665d788484ae55ed4b514d1e16a4c85d4ffb1811ccc22cd238a83476dd387b2a830671299e61e55621b4cc0a3ae9d5bc983d2436c2cc16ae06c3f8146a64fa679e78b78ea23c46a757a98306c4b3be1b066ba3609938594b3051b8bb2a15951c6bfb71065188c2d812a14adcfe6262c997e89d158df2ae28e8ca0ce4d9bd60d2f35fac5c836fef8df3fdde2e06f5aaa0ad44b49d2d873e4e3bd2333c4add16e5a22a00fba56a4670d1c5d36458399cbe7e179bbe09a69508d10187ee53e756e1eceb059b4562951a7193464e125732db963bb9ebfe03fa342fb43a4c42650252b615cc396b6ded80595151d878d42f9a9d287032a4a99bd2ed86704ba3cd6805eae79a05ac05e2cc99209952111663d793bd882cc6552262215f604425284fd31b6cc2b5427a7213ca932c3ad91a4ebe95d33fbf31440e5d52215f6efd0615552c2a27669fab0b6e4c02d3433663fae7c22a23fea2adbb5ce8b068575b304cec575fdfa4fd4735f356ad56902fe1c349959f925199c7bcd294511765290ab32863344127717fd3e051a3240fc04ed0a0f90f99ccd3174252820de2ea369be05aceabb1649c9a3372e13ccc2f4cf0dc79ee7638dde37fbfcd2916d375a46f4bf1c991387444d3bdac2a1c1d5ef44cfd563a79b96331a59302761b2eac63444126aea1f1e7ca2287b8c82f9dc9037e39063d98cd3c6c57b4f34ee83604ce93cb902f3196f0aaeb7ed04b9e97436f17a082d17806f3dc0ebc2d336d59fc0829d4169fc8954347a3d449b709a0ad7f6dd89b5d5a18d7a2d479cf27ef62d52a34f45e4e5320b50e40f2375c808442978263d2e709aee56ebc5132c812fb527d618b61443aafa8adf89a06ae35cf7ffc238d9be77070ab66291a6d9b8a2333c9ab0b474f07c830b27f1ede86605c524ffec64b65876b04f3872ed9a34ab88f73bbb56f18b09e3c081abe9afc0613a79ef5b7e6c6720b4b9df5e663c399f7f645e20d47745f7c8a65a657d16e73f3d1d70739e2da66a6c667f3fba6763600f71c551ef0b5e6d63dd2213287ff544a35a20de5ee6b623e1e6e0970c38bfb6ce7a71a"}}}}, 0x712) 51.513813131s ago: executing program 36 (id=3668): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_RATE_ENABLE={0x8, 0x5, 0x1e}, @TCA_FQ_LOW_RATE_THRESHOLD={0x8, 0xb, 0x401}]}}]}, 0x40}}, 0x4048000) 49.547936587s ago: executing program 2 (id=3685): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x541b, 0x0) 49.316335598s ago: executing program 2 (id=3687): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x925, 0x8866, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x8000, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0xff, 0x8}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000080)={0x40, 0xb, 0x18, {0x18, 0x8, "534f023677a4a0d9b8a5146b61d64c723ecaa7f1d505"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 49.133609859s ago: executing program 3 (id=3688): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0x36}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x17}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x5, 0xe, 0x0, &(0x7f0000000300)="0101000071a78326c7ffffc826a8", 0x0, 0x3a, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 47.323425639s ago: executing program 2 (id=3689): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af24, &(0x7f0000000180)={0x0, 0x1}) 41.461427464s ago: executing program 2 (id=3696): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231309e53f070d0000002a940183"], 0x0}, 0x0) 39.597749655s ago: executing program 2 (id=3697): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f0803", 0x1f) getsockopt$inet_opts(r0, 0x0, 0x4, 0x0, &(0x7f0000000cc0)) 39.485412409s ago: executing program 2 (id=3698): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000030c0)=ANY=[@ANYBLOB="240000001200010000000000000000001000f0"], 0x24}], 0x1}, 0x0) 35.303048589s ago: executing program 3 (id=3699): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r0}, 0x18) timer_gettime(0x0, 0x0) 35.137206945s ago: executing program 3 (id=3700): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000002840)={'syz', 0x0}, &(0x7f00000011c0)="f40fc24077021c9b084c60ffc26f26db12b9e78d629870bb26edb4a5e1cc0942ed8c58ca4fe84b94a0e31ea64089ee9ca1efb52945ffebbfea11dd3d0df936a10285eacab940ab5c96cb5d81dac1ad2243d878ddea08b78f666b96206bafe0ab1bd5abcb00bb35436929ddabce530b63fab525337057438cf64a506d54d5c83e3e593d1d53ad0e6a44168fe8cfc6ad98b653d80636e4dec1f2ab58762b3494250b9557f5b606a43e50874c90143034142cd5f7bd9b4dd876b97b7feb751d21b23c", 0xc1, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000001340)={r1, r1, r0}, &(0x7f0000000180)=""/4097, 0x1001, 0x0) 34.830626593s ago: executing program 3 (id=3701): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, [], [{{0x9, 0x5, 0x85, 0x3, 0x200, 0x2, 0x5, 0x1}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000bc0)={0x0, 0x15, 0x3, "c39242"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x10, &(0x7f0000000140)={0x20, 0x14}, 0x0, 0x0}) 32.918199314s ago: executing program 3 (id=3702): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000) 32.785807491s ago: executing program 3 (id=3703): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32, @ANYBLOB="140002"], 0x48}}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b2b, &(0x7f0000000080)={'wlan1\x00', @random="02001c00004a"}) 28.000068873s ago: executing program 6 (id=3704): io_setup(0x30, &(0x7f0000000600)=0x0) r1 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r0, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000000c0)="01", 0x24}]) 23.911945388s ago: executing program 37 (id=3698): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000030c0)=ANY=[@ANYBLOB="240000001200010000000000000000001000f0"], 0x24}], 0x1}, 0x0) 17.634415899s ago: executing program 38 (id=3703): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32, @ANYBLOB="140002"], 0x48}}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b2b, &(0x7f0000000080)={'wlan1\x00', @random="02001c00004a"}) 17.581449607s ago: executing program 6 (id=3707): r0 = socket$l2tp(0x2, 0x2, 0x73) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0xc) 17.039126991s ago: executing program 6 (id=3708): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0, 0x0, 0x2000000}) 16.74842502s ago: executing program 6 (id=3709): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) listen(r0, 0x8) setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f0000001940)=@rose={'rose', 0x0}, 0x10) 15.951601011s ago: executing program 6 (id=3710): r0 = add_key$user(&(0x7f0000002100), &(0x7f0000002180)={'syz', 0x1}, &(0x7f00000021c0)='b', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040), &(0x7f0000002340)={'syz', 0x3}, &(0x7f0000000100)="370c099069effa43de3e1404db09b4ce1ef77bde4b371532dd16447c1b13403656c86711f6e750026f23029a50d44299c7bf5c78dc5efae2d041016160e8bef7b30c05e298aa9572540dd950307987eef2115e1bcf512bea3410ca5a9e9f827e4b13490dbbd4fc5a45e0738b959acafd2c12863045265bcbc2c9426ac3f614746b436fe86a72dc642dd67d970604a69b4f22cd0076beedc18056ab4bea4c825b69a7a77adcd5488684872b1bb9eb84586549e11b080468668e8fd0e52ce0705ae5", 0xc1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000200)={r0, r1, r0}, &(0x7f0000000280)=""/174, 0xae, &(0x7f00000003c0)={&(0x7f0000000340)={'sha256\x00'}, &(0x7f0000000240)="708803449262ddb5bda9215853cffafe0690f4ed536f3345070000000000000084a693afd7d8e5ffc37e1b3aebbdae8dc970f207", 0x34}) 15.950872s ago: executing program 6 (id=3711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0) 0s ago: executing program 39 (id=3711): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001d00000020000180140002006e657464657673696d30000000000000080003"], 0x34}}, 0x0) kernel console output (not intermixed with test programs): ttributes in process `syz.0.1875'. [ 267.845710][ T1777] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 267.959339][ T6013] kernel write not supported for file /amidi2 (pid: 6013 comm: kworker/1:6) [ 267.995619][ T1777] usb 4-1: Using ep0 maxpacket: 32 [ 267.998136][ T1777] usb 4-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.998165][ T1777] usb 4-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 267.998198][ T1777] usb 4-1: config 0 interface 0 has no altsetting 0 [ 267.998231][ T1777] usb 4-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 267.998254][ T1777] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.070220][ T1777] usb 4-1: config 0 descriptor?? [ 268.105846][ T5926] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 268.271512][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.271600][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.271640][ T5926] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 268.271663][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.339772][ T5926] usb 3-1: config 0 descriptor?? [ 268.445543][ T6000] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 268.512247][T10250] netlink: 'syz.1.1904': attribute type 29 has an invalid length. [ 268.515202][T10250] netlink: 'syz.1.1904': attribute type 29 has an invalid length. [ 268.569818][ T1777] betop 0003:20BC:5500.002D: hidraw0: USB HID v8.00 Device [HID 20bc:5500] on usb-dummy_hcd.3-1/input0 [ 268.569866][ T1777] betop 0003:20BC:5500.002D: no inputs found [ 268.605780][ T6000] usb 1-1: Using ep0 maxpacket: 32 [ 268.613068][ T6000] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 268.613096][ T6000] usb 1-1: config 0 has no interface number 0 [ 268.650893][ T6000] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 268.651158][ T6000] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.651180][ T6000] usb 1-1: Product: syz [ 268.651194][ T6000] usb 1-1: Manufacturer: syz [ 268.651208][ T6000] usb 1-1: SerialNumber: syz [ 268.698481][ T6000] usb 1-1: config 0 descriptor?? [ 268.719893][ T6000] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 268.774723][ T5926] cp2112 0003:10C4:EA90.002E: item fetching failed at offset 5/7 [ 268.784113][ T5926] cp2112 0003:10C4:EA90.002E: parse failed [ 268.791819][ T44] usb 4-1: USB disconnect, device number 17 [ 268.799624][ T5926] cp2112 0003:10C4:EA90.002E: probe with driver cp2112 failed with error -22 [ 268.980356][ T990] usb 3-1: USB disconnect, device number 19 [ 269.003218][T10252] fido_id[10252]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 269.300571][T10258] tipc: Started in network mode [ 269.300604][T10258] tipc: Node identity e0000002, cluster identity 4711 [ 269.301042][T10258] tipc: Enabling of bearer rejected, failed to enable media [ 269.370265][ T6000] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 269.401375][ T6000] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 269.531891][ C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 269.563953][ T44] usb 1-1: USB disconnect, device number 15 [ 269.733858][T10261] sp0: Synchronizing with TNC [ 269.736406][ T44] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 269.773755][ T44] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 269.774749][ T44] quatech2 1-1:0.51: device disconnected [ 270.425779][ T6000] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 270.472755][T10287] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 270.472784][T10287] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 270.525049][T10287] vhci_hcd vhci_hcd.0: Device attached [ 270.575468][ T6000] usb 3-1: Using ep0 maxpacket: 16 [ 270.578606][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 270.578637][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.578658][ T6000] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 270.578699][ T6000] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 270.578719][ T6000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.584652][ T6000] usb 3-1: config 0 descriptor?? [ 270.725719][ T44] vhci_hcd: vhci_device speed not set [ 270.785531][ T44] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 270.785725][ T5926] usb 6-1: new low-speed USB device number 14 using dummy_hcd [ 270.947660][ T5926] usb 6-1: config 0 has no interfaces? [ 270.947698][ T5926] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 270.948113][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.003617][ T5926] usb 6-1: config 0 descriptor?? [ 271.082491][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082532][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082561][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082787][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082815][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082843][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082870][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082897][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082925][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.082951][ T6000] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0 [ 271.166122][ T6000] microsoft 0003:045E:07DA.002F: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 271.166154][ T6000] microsoft 0003:045E:07DA.002F: no inputs found [ 271.166168][ T6000] microsoft 0003:045E:07DA.002F: could not initialize ff, continuing anyway [ 271.261113][T10288] vhci_hcd: unknown pdu 1 [ 271.277071][ T6000] usb 6-1: USB disconnect, device number 14 [ 271.308650][ T5926] usb 3-1: USB disconnect, device number 20 [ 271.325587][ T44] vhci_hcd: vhci_device speed not set [ 271.337352][ T69] vhci_hcd: stop threads [ 271.339559][ T69] vhci_hcd: release socket [ 271.358572][ T37] audit: type=1400 audit(1759086668.470:22): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10302 comm="syz.0.1924" src=1 dest=20000 netif=wpan0 [ 271.360665][ T69] vhci_hcd: disconnect device [ 271.363002][T10303] fido_id[10303]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 271.408586][ T44] usb 43-1: device descriptor read/64, error -71 [ 271.600753][ T44] vhci_hcd: vhci_device speed not set [ 271.815774][ C0] syz_tun: tun_net_xmit 70 [ 272.789252][ T5926] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 272.956252][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 272.956290][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.956328][ T5926] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 272.956349][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.968561][ T5926] usb 2-1: config 0 descriptor?? [ 273.385289][ T5926] bigben 0003:146B:0902.0030: unexpected rdesc, please submit for review [ 273.434698][ T5926] bigben 0003:146B:0902.0030: hidraw0: USB HID v0.01 Device [HID 146b:0902] on usb-dummy_hcd.1-1/input0 [ 273.434735][ T5926] bigben 0003:146B:0902.0030: not enough values in HID_OUTPUT_REPORT 0 field 0 [ 273.434755][ T5926] bigben 0003:146B:0902.0030: no output report found [ 273.606282][ T990] usb 2-1: USB disconnect, device number 22 [ 273.761533][T10370] fido_id[10370]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 275.595093][T10429] tipc: Started in network mode [ 275.595123][T10429] tipc: Node identity ac141413, cluster identity 4711 [ 275.626237][T10429] tipc: New replicast peer: 10.1.1.2 [ 275.626768][T10429] tipc: Enabled bearer , priority 5 [ 276.339726][T10451] binder: 10450:10451 ioctl 400c620e 200000000000 returned -22 [ 276.655647][ T6000] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 276.686592][T10466] IPVS: Error joining to the multicast group [ 276.745929][ T44] tipc: Node number set to 2886997011 [ 276.818279][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.818315][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.818338][ T6000] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 276.818381][ T6000] usb 3-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00 [ 276.818405][ T6000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.845873][ T6000] usb 3-1: config 0 descriptor?? [ 277.312232][ T6000] hid_parser_main: 1 callbacks suppressed [ 277.312256][ T6000] sony 0003:12BA:0100.0031: unknown main item tag 0x0 [ 277.331421][ T6000] sony 0003:12BA:0100.0031: hidraw0: USB HID v0.00 Device [HID 12ba:0100] on usb-dummy_hcd.2-1/input0 [ 277.331453][ T6000] sony 0003:12BA:0100.0031: failed to claim input [ 277.528126][ T44] usb 3-1: USB disconnect, device number 21 [ 278.078044][T10502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2019'. [ 278.078068][T10502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2019'. [ 278.078094][T10502] netlink: 'syz.1.2019': attribute type 7 has an invalid length. [ 278.955540][ T6013] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 279.105567][ T6013] usb 4-1: Using ep0 maxpacket: 16 [ 279.116213][ T6013] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 279.116241][ T6013] usb 4-1: config 0 has no interface number 0 [ 279.116389][ T6013] usb 4-1: config 0 interface 1 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.116415][ T6013] usb 4-1: config 0 interface 1 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.116437][ T6013] usb 4-1: config 0 interface 1 has no altsetting 0 [ 279.116471][ T6013] usb 4-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 1.00 [ 279.116493][ T6013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.189313][ T6013] usb 4-1: config 0 descriptor?? [ 279.609204][ T6013] chicony 0003:04F2:0418.0032: item fetching failed at offset 0/4 [ 279.610019][ T6013] chicony 0003:04F2:0418.0032: Chicony hid parse failed: -22 [ 279.610088][ T6013] chicony 0003:04F2:0418.0032: probe with driver chicony failed with error -22 [ 279.625945][ T5926] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 279.705726][T10551] netlink: 'syz.1.2042': attribute type 1 has an invalid length. [ 279.705749][T10551] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2042'. [ 279.796020][ T5926] usb 1-1: Using ep0 maxpacket: 16 [ 279.801670][ T6000] usb 4-1: USB disconnect, device number 18 [ 279.804458][ T5926] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.804489][ T5926] usb 1-1: config 0 interface 0 has no altsetting 0 [ 279.804525][ T5926] usb 1-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 279.804547][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.880704][ T5926] usb 1-1: config 0 descriptor?? [ 280.021789][T10557] netlink: 'syz.5.2045': attribute type 16 has an invalid length. [ 280.321491][ T5926] kye 0003:0458:0087.0033: unknown main item tag 0x0 [ 280.321532][ T5926] kye 0003:0458:0087.0033: unknown main item tag 0x0 [ 280.321561][ T5926] kye 0003:0458:0087.0033: unknown main item tag 0x0 [ 280.321589][ T5926] kye 0003:0458:0087.0033: unknown main item tag 0x0 [ 280.321615][ T5926] kye 0003:0458:0087.0033: unknown main item tag 0x0 [ 280.372127][ T5926] kye 0003:0458:0087.0033: hidraw0: USB HID v0.05 Device [HID 0458:0087] on usb-dummy_hcd.0-1/input0 [ 280.543451][ T990] usb 1-1: USB disconnect, device number 16 [ 280.670320][T10568] fido_id[10568]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 282.204945][T10607] netlink: 'syz.5.2066': attribute type 10 has an invalid length. [ 282.392982][T10616] xt_HMARK: proto mask must be zero with L3 mode [ 282.425869][T10619] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2073'. [ 282.425901][T10619] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2073'. [ 282.425916][T10619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2073'. [ 282.531720][T10607] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 282.549044][T10605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 283.295556][ T44] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 283.375157][T10651] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2090'. [ 283.389720][T10649] PKCS8: Unsupported PKCS#8 version [ 283.448036][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 283.448070][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 283.448096][ T44] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 283.448137][ T44] usb 1-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00 [ 283.448159][ T44] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.509422][ T44] usb 1-1: config 0 descriptor?? [ 283.510450][T10637] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 283.947159][ T44] aureal 0003:0755:2626.0034: fixing Aureal Cy se W-01RN USB_V3.1 report descriptor. [ 283.950516][ T44] aureal 0003:0755:2626.0034: unknown main item tag 0x6 [ 283.950553][ T44] aureal 0003:0755:2626.0034: report_id 29495 is invalid [ 283.950566][ T44] aureal 0003:0755:2626.0034: item 0 2 1 8 parsing failed [ 283.951241][ T44] aureal 0003:0755:2626.0034: probe with driver aureal failed with error -22 [ 284.132616][ T44] usb 1-1: USB disconnect, device number 17 [ 284.405617][ T6000] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 284.555682][ T6000] usb 2-1: Using ep0 maxpacket: 32 [ 284.564810][ T6000] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 284.564839][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.564857][ T6000] usb 2-1: Product: syz [ 284.564872][ T6000] usb 2-1: Manufacturer: syz [ 284.564886][ T6000] usb 2-1: SerialNumber: syz [ 284.581957][ T6000] usb 2-1: config 0 descriptor?? [ 284.847590][ T37] audit: type=1326 audit(1759086681.970:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10689 comm="syz.2.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 284.847669][ T37] audit: type=1326 audit(1759086681.970:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10689 comm="syz.2.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 284.899173][ T37] audit: type=1326 audit(1759086682.020:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10689 comm="syz.2.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 284.908596][ T37] audit: type=1326 audit(1759086682.030:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10689 comm="syz.2.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 284.911182][ T37] audit: type=1326 audit(1759086682.030:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10689 comm="syz.2.2108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 285.020287][ T6000] airspy 2-1:0.0: Board ID: 00 [ 285.020310][ T6000] airspy 2-1:0.0: Firmware version: [ 285.236823][ T6000] airspy 2-1:0.0: usb_control_msg() failed -71 request 11 [ 285.274153][ T6000] airspy 2-1:0.0: Registered as swradio24 [ 285.274187][ T6000] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 285.345538][ T44] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 285.416767][ T6000] usb 2-1: USB disconnect, device number 23 [ 285.501572][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 285.503957][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.503989][ T44] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.505701][ T44] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 285.505728][ T44] usb 4-1: New USB device strings: Mfr=9, Product=0, SerialNumber=0 [ 285.505746][ T44] usb 4-1: Manufacturer: syz [ 285.566427][ T44] usb 4-1: config 0 descriptor?? [ 285.570964][ T44] hub 4-1:0.0: USB hub found [ 285.779132][ T44] hub 4-1:0.0: 1 port detected [ 285.986032][ T44] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 285.986059][ T44] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 286.019729][ T44] usbhid 4-1:0.0: can't add hid device: -71 [ 286.019858][ T44] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 286.098913][ T44] usb 4-1: USB disconnect, device number 19 [ 286.207568][ T37] audit: type=1800 audit(1759086683.280:28): pid=10714 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.2118" name="SYSV00000000" dev="hugetlbfs" ino=3 res=0 errno=0 [ 286.877293][ T5207] udevd[5207]: worker [6734] terminated by signal 33 (Unknown signal 33) [ 286.877342][ T5207] udevd[5207]: worker [6734] failed while handling '/devices/virtual/block/loop1' [ 287.085588][ T6014] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 287.238909][ T6014] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 287.238937][ T6014] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 287.238955][ T6014] usb 1-1: config 0 has no interface number 0 [ 287.239019][ T6014] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 287.239043][ T6014] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.245109][ T6014] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 287.245138][ T6014] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.245156][ T6014] usb 1-1: Product: syz [ 287.245170][ T6014] usb 1-1: Manufacturer: syz [ 287.245184][ T6014] usb 1-1: SerialNumber: syz [ 287.275469][T10750] genirq: Flags mismatch irq 10. 00202000 (das16m1) vs. 00202080 (virtio2) [ 287.346093][ T6014] usb 1-1: config 0 descriptor?? [ 288.001916][ T6014] usb 1-1: USB disconnect, device number 18 [ 288.415754][T10790] program syz.5.2153 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 288.676385][T10802] tipc: Enabled bearer , priority 10 [ 288.798421][T10804] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 288.798449][T10804] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 288.798548][T10804] vhci_hcd vhci_hcd.0: Device attached [ 288.987062][ T5926] vhci_hcd: vhci_device speed not set [ 289.054852][ T5926] usb 35-1: new full-speed USB device number 2 using vhci_hcd [ 289.095955][ T6000] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 289.259235][ T6000] usb 2-1: Using ep0 maxpacket: 8 [ 289.261704][ T6000] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 289.261727][ T6000] usb 2-1: config 0 has no interfaces? [ 289.264777][ T6000] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 289.264804][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.264824][ T6000] usb 2-1: Product: syz [ 289.264838][ T6000] usb 2-1: Manufacturer: syz [ 289.264858][ T6000] usb 2-1: SerialNumber: syz [ 289.279734][ T6000] usb 2-1: config 0 descriptor?? [ 289.500199][T10805] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 1 [ 289.500754][ T12] vhci_hcd: stop threads [ 289.500769][ T12] vhci_hcd: release socket [ 289.503794][ T12] vhci_hcd: disconnect device [ 289.507586][ T6000] usb 2-1: USB disconnect, device number 24 [ 289.828187][T10847] netlink: 'syz.2.2176': attribute type 1 has an invalid length. [ 289.920397][T10843] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.925569][ T6014] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 290.077817][ T6014] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.077853][ T6014] usb 1-1: config 0 interface 0 has no altsetting 0 [ 290.077888][ T6014] usb 1-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 290.077910][ T6014] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.127289][ T6014] usb 1-1: config 0 descriptor?? [ 290.155468][ T6013] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 290.316051][ T6013] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 290.316140][ T6013] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 290.316167][ T6013] usb 4-1: config 0 interface 0 has no altsetting 0 [ 290.316201][ T6013] usb 4-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00 [ 290.316223][ T6013] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.395171][ T6013] usb 4-1: config 0 descriptor?? [ 290.400425][T10858] vlan4: entered allmulticast mode [ 290.400446][T10858] bond0: entered allmulticast mode [ 290.400460][T10858] bond_slave_0: entered allmulticast mode [ 290.400481][T10858] bond_slave_1: entered allmulticast mode [ 290.415136][T10858] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 290.432395][T10849] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 290.444311][T10858] mac80211_hwsim hwsim13 wlan1: entered allmulticast mode [ 290.555662][ T44] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 290.639417][ T6014] asus 0003:0B05:1822.0035: unknown main item tag 0x0 [ 290.639460][ T6014] asus 0003:0B05:1822.0035: unknown main item tag 0x0 [ 290.678098][ T6014] asus 0003:0B05:1822.0035: hidraw0: USB HID v0.04 Device [HID 0b05:1822] on usb-dummy_hcd.0-1/input0 [ 290.678138][ T6014] asus 0003:0B05:1822.0035: Asus input not registered [ 290.720709][ T44] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 290.720739][ T44] usb 3-1: config 0 has no interface number 0 [ 290.746254][ T44] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 290.746498][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.746520][ T44] usb 3-1: Product: syz [ 290.746534][ T44] usb 3-1: Manufacturer: syz [ 290.746548][ T44] usb 3-1: SerialNumber: syz [ 290.753003][ T6014] asus 0003:0B05:1822.0035: probe with driver asus failed with error -12 [ 290.855865][ T44] usb 3-1: config 0 descriptor?? [ 290.856984][ T6014] usb 1-1: USB disconnect, device number 19 [ 290.904591][ T6013] uclogic 0003:28BD:0074.0036: interface is invalid, ignoring [ 290.985506][ T990] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 291.019944][T10866] fido_id[10866]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 291.086454][ T6000] usb 4-1: USB disconnect, device number 20 [ 291.142037][ T990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 291.142142][ T990] usb 2-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 291.142165][ T990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.196808][ T990] usb 2-1: config 0 descriptor?? [ 291.511777][ T44] usb 3-1: Firmware version (0.0) predates our first public release. [ 291.511806][ T44] usb 3-1: Please update to version 0.2 or newer [ 291.652359][ T990] elecom 0003:056E:00FC.0037: unknown main item tag 0x0 [ 291.652393][ T990] elecom 0003:056E:00FC.0037: unknown main item tag 0x0 [ 291.652415][ T990] elecom 0003:056E:00FC.0037: unknown main item tag 0x0 [ 291.652436][ T990] elecom 0003:056E:00FC.0037: unknown main item tag 0x0 [ 291.652458][ T990] elecom 0003:056E:00FC.0037: unknown main item tag 0x0 [ 291.755690][ T990] elecom 0003:056E:00FC.0037: hidraw0: USB HID vff.fe Device [HID 056e:00fc] on usb-dummy_hcd.1-1/input0 [ 291.819442][ T44] usb 3-1: USB disconnect, device number 22 [ 291.870451][ T1777] usb 2-1: USB disconnect, device number 25 [ 291.907665][T10886] fido_id[10886]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 293.118039][T10917] CIFS: Unable to determine destination address [ 293.155809][ T6000] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 293.308569][ T6000] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 293.308601][ T6000] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.337810][ T6000] usb 1-1: config 0 descriptor?? [ 293.584359][ T6000] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 293.605779][ T44] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 293.755684][ T44] usb 2-1: Using ep0 maxpacket: 8 [ 293.762157][ T44] usb 2-1: unable to get BOS descriptor or descriptor too short [ 293.763714][ T44] usb 2-1: config 4 has an invalid interface number: 30 but max is 0 [ 293.763739][ T44] usb 2-1: config 4 has no interface number 0 [ 293.763771][ T44] usb 2-1: config 4 interface 30 has no altsetting 0 [ 293.775876][ T6000] [drm:udl_init] *ERROR* Selecting channel failed [ 293.825686][ T44] usb 2-1: string descriptor 0 read error: -22 [ 293.825852][ T44] usb 2-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 293.825876][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.910929][ T44] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 293.910990][ T44] dw2102: su3000_power_ctrl: 1, initialized 0 [ 293.911011][ T44] dvb-usb: bulk message failed: -22 (2/0) [ 293.969948][ T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 293.986688][ T44] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 293.986753][ T44] usb 2-1: media controller created [ 293.986781][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986797][ T44] dw2102: i2c transfer failed. [ 293.986814][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986828][ T44] dw2102: i2c transfer failed. [ 293.986844][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986857][ T44] dw2102: i2c transfer failed. [ 293.986874][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986887][ T44] dw2102: i2c transfer failed. [ 293.986904][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986917][ T44] dw2102: i2c transfer failed. [ 293.986933][ T44] dvb-usb: bulk message failed: -22 (6/0) [ 293.986946][ T44] dw2102: i2c transfer failed. [ 293.986956][ T44] dvb-usb: MAC address: 02:02:02:02:02:02 [ 294.063409][T10922] dvb-usb: bulk message failed: -22 (4/0) [ 294.063526][T10922] dw2102: i2c transfer failed. [ 294.063535][T10922] dvb-usb: bulk message failed: -22 (4/0) [ 294.063548][T10922] dw2102: i2c transfer failed. [ 294.119564][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 294.135853][ T5926] vhci_hcd: vhci_device speed not set [ 294.173442][ T6000] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 294.173467][ T6000] [drm] Initialized udl on minor 2 [ 294.189240][ T44] dvb-usb: bulk message failed: -22 (3/0) [ 294.189260][ T44] dw2102: command 0x0e transfer failed. [ 294.189269][ T44] dvb-usb: bulk message failed: -22 (3/0) [ 294.189283][ T44] dw2102: command 0x0e transfer failed. [ 294.250447][ T6000] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 294.274882][ T6000] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 294.357120][ T5825] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 294.381856][ T6000] usb 1-1: USB disconnect, device number 20 [ 294.403670][ T5825] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 294.495611][ T44] dvb-usb: bulk message failed: -22 (3/0) [ 294.495634][ T44] dw2102: command 0x0e transfer failed. [ 294.495644][ T44] dvb-usb: bulk message failed: -22 (3/0) [ 294.495656][ T44] dw2102: command 0x0e transfer failed. [ 294.495665][ T44] dvb-usb: bulk message failed: -22 (1/0) [ 294.495678][ T44] dw2102: command 0x51 transfer failed. [ 294.495686][ T44] dvb-usb: bulk message failed: -22 (5/0) [ 294.495699][ T44] dw2102: i2c probe for address 0x68 failed. [ 294.495708][ T44] dvb-usb: bulk message failed: -22 (5/0) [ 294.495721][ T44] dw2102: i2c probe for address 0x69 failed. [ 294.495731][ T44] dvb-usb: bulk message failed: -22 (5/0) [ 294.495743][ T44] dw2102: i2c probe for address 0x6a failed. [ 294.495752][ T44] dw2102: probing for demodulator failed. Is the external power switched on? [ 294.495763][ T44] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 294.856764][ T44] rc_core: IR keymap rc-tt-1500 not found [ 294.856784][ T44] Registered IR keymap rc-empty [ 294.858491][ T44] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0 [ 294.861732][ T44] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input23 [ 294.910659][ T44] dvb-usb: schedule remote query interval to 250 msecs. [ 294.910685][ T44] dw2102: su3000_power_ctrl: 0, initialized 1 [ 294.910699][ T44] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 294.914285][ T44] usb 2-1: USB disconnect, device number 26 [ 295.290771][ T44] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 296.882495][ T37] audit: type=1326 audit(1759086694.000:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 296.884749][ T37] audit: type=1326 audit(1759086694.000:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 296.934927][ T37] audit: type=1326 audit(1759086694.050:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 296.962589][ T37] audit: type=1326 audit(1759086694.080:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 296.962867][ T37] audit: type=1326 audit(1759086694.080:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 296.963730][ T37] audit: type=1326 audit(1759086694.080:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 297.115853][ T37] audit: type=1326 audit(1759086694.240:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 297.116054][ T37] audit: type=1326 audit(1759086694.240:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11017 comm="syz.2.2255" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 297.987050][T11057] netlink: 'syz.1.2272': attribute type 4 has an invalid length. [ 297.987075][T11057] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.2272'. [ 298.185632][T11065] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2277'. [ 298.185656][T11065] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2277'. [ 298.225886][T11067] sctp: [Deprecated]: syz.2.2276 (pid 11067) Use of struct sctp_assoc_value in delayed_ack socket option. [ 298.225886][T11067] Use struct sctp_sack_info instead [ 298.512712][T11080] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2283'. [ 298.818996][T11091] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2288'. [ 299.206767][ T44] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 299.360800][ T44] usb 1-1: unable to get BOS descriptor or descriptor too short [ 299.361572][ T44] usb 1-1: not running at top speed; connect to a high speed hub [ 299.363204][ T44] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 299.363226][ T44] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 299.408642][ T44] usb 1-1: string descriptor 0 read error: -22 [ 299.408805][ T44] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 299.408827][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.473976][ T44] usb 1-1: 0:2 : does not exist [ 299.762940][T11102] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2294'. [ 299.863570][T11105] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 300.112720][ T44] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 300.117724][ T44] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 300.154198][ T44] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 300.330913][ T44] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 300.345954][ T44] usb 1-1: USB disconnect, device number 21 [ 301.615699][ T5926] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 301.772434][ T5926] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 301.772468][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.772488][ T5926] usb 4-1: Product: syz [ 301.772502][ T5926] usb 4-1: Manufacturer: syz [ 301.772516][ T5926] usb 4-1: SerialNumber: syz [ 301.812801][ T5926] usb 4-1: config 0 descriptor?? [ 301.848960][ T5926] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 302.479577][ T5926] usb 4-1: USB disconnect, device number 21 [ 303.258385][T11205] comedi: No check for data length of config insn id 1003 is implemented [ 303.258405][T11205] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c [ 303.258418][T11205] comedi: Assuming n=15 is correct [ 304.091282][ T6000] Process accounting resumed [ 304.707162][T11251] sp0: Synchronizing with TNC [ 304.846787][T11257] netlink: 'syz.5.2368': attribute type 2 has an invalid length. [ 306.015608][ T44] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 306.142896][T11300] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 306.165438][ T44] usb 4-1: Using ep0 maxpacket: 32 [ 306.167731][ T44] usb 4-1: config 0 has an invalid interface number: 66 but max is 0 [ 306.167755][ T44] usb 4-1: config 0 has no interface number 0 [ 306.172633][ T44] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 306.172663][ T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.172682][ T44] usb 4-1: Product: syz [ 306.172696][ T44] usb 4-1: Manufacturer: syz [ 306.172710][ T44] usb 4-1: SerialNumber: syz [ 306.230792][ T44] usb 4-1: config 0 descriptor?? [ 306.253280][ T44] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 306.253350][ T44] dvb-usb: bulk message failed: -22 (2/0) [ 306.271459][ T44] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 306.272272][ T44] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 306.272339][ T44] usb 4-1: media controller created [ 306.324552][ T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 306.354093][ T44] cxusb: set interface failed [ 306.354112][ T44] dvb-usb: bulk message failed: -22 (1/0) [ 306.415910][ T44] DVB: Unable to find symbol lgdt330x_attach() [ 306.415928][ T44] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 306.486416][T11289] dvb-usb: bulk message failed: -22 (3/0) [ 306.605502][ T44] rc_core: IR keymap rc-dvico-portable not found [ 306.605523][ T44] Registered IR keymap rc-empty [ 306.607567][ T44] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 306.610947][ T44] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input24 [ 306.647480][ T44] dvb-usb: schedule remote query interval to 100 msecs. [ 306.647503][ T44] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 306.673783][ T44] usb 4-1: USB disconnect, device number 22 [ 306.821576][T11318] CIFS mount error: No usable UNC path provided in device string! [ 306.821576][T11318] [ 306.821599][T11318] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 306.995830][ T44] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 307.571218][T11338] netdevsim netdevsim3: Direct firmware load for . [ 307.571218][T11338] failed with error -2 [ 307.571247][T11338] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 307.571247][T11338] [ 307.733481][T11351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2412'. [ 307.735104][T11351] openvswitch: netlink: Unknown nsh attribute 0 [ 307.735290][T11351] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 307.785796][ T6000] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 307.935698][ T6000] usb 2-1: Using ep0 maxpacket: 32 [ 307.957461][ T6000] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 307.957490][ T6000] usb 2-1: config 0 has no interface number 0 [ 307.999750][T11355] /dev/nullb0: Can't open blockdev [ 308.104400][T11357] sctp: [Deprecated]: syz.0.2415 (pid 11357) Use of int in max_burst socket option. [ 308.104400][T11357] Use struct sctp_assoc_value instead [ 308.187715][ T6000] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 308.187744][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.187762][ T6000] usb 2-1: Product: syz [ 308.187775][ T6000] usb 2-1: Manufacturer: syz [ 308.187789][ T6000] usb 2-1: SerialNumber: syz [ 308.198990][ T6000] usb 2-1: config 0 descriptor?? [ 308.211710][ T6000] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 308.520524][ T6000] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 308.556881][ T6000] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 308.707299][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 308.911460][ C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 308.914814][ T990] usb 2-1: USB disconnect, device number 27 [ 308.952809][ T990] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 308.998483][ T990] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 308.999435][ T990] quatech2 2-1:0.51: device disconnected [ 310.430152][T11428] fuse: Bad value for 'user_id' [ 310.430173][T11428] fuse: Bad value for 'user_id' [ 310.455964][T11430] netlink: 'syz.3.2451': attribute type 15 has an invalid length. [ 310.925986][T11447] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2460'. [ 310.926011][T11447] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2460'. [ 310.926026][T11447] netlink: 'syz.3.2460': attribute type 5 has an invalid length. [ 310.926038][T11447] netlink: 43 bytes leftover after parsing attributes in process `syz.3.2460'. [ 311.835788][ C0] syz_tun: tun_net_xmit 58 [ 312.064583][T11497] F2FS-fs: Conflicting test_dummy_encryption options [ 312.085737][ C0] syz_tun: tun_net_xmit 58 [ 312.107157][T11499] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2486'. [ 312.133008][T11499] vlan3: entered promiscuous mode [ 312.133092][T11499] gretap0: entered promiscuous mode [ 312.443602][T11508] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2490'. [ 312.446700][T11507] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2490'. [ 312.777447][T11521] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2496'. [ 312.777547][T11521] netlink: 7 bytes leftover after parsing attributes in process `syz.5.2496'. [ 313.915853][ T44] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 314.074511][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 314.074563][ T44] usb 3-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 314.074587][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.110970][ T44] usb 3-1: config 0 descriptor?? [ 314.595814][ T44] asus 0003:0B05:17E0.0038: item fetching failed at offset 2/5 [ 314.596604][ T44] asus 0003:0B05:17E0.0038: Asus hid parse failed: -22 [ 314.596705][ T44] asus 0003:0B05:17E0.0038: probe with driver asus failed with error -22 [ 314.766259][ T5926] usb 3-1: USB disconnect, device number 23 [ 315.000573][ T5156] Bluetooth: hci2: unexpected event for opcode 0x0c7b [ 315.332181][T11589] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 315.332240][T11589] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 315.332291][T11589] comedi comedi3: 8255: I/O port conflict (0x403,4) [ 315.332339][T11589] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 315.332488][T11589] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 315.332543][T11589] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 315.332592][T11589] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 315.332715][T11589] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 315.332765][T11589] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 315.332813][T11589] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 315.332861][T11589] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 315.332909][T11589] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 315.332956][T11589] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 316.318229][T11610] program syz.0.2539 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 316.562491][T11618] Bluetooth: MGMT ver 1.23 [ 316.607774][T11616] syz.3.2543 (11616) used greatest stack depth: 17720 bytes left [ 316.818144][T11626] netlink: 'syz.3.2546': attribute type 1 has an invalid length. [ 317.121394][T11634] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 317.121449][T11634] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 317.121498][T11634] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 317.121545][T11634] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 317.121593][T11634] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 317.121641][T11634] comedi comedi3: 8255: I/O port conflict (0x12,4) [ 317.121688][T11634] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 317.121736][T11634] comedi comedi3: 8255: I/O port conflict (0x81,4) [ 317.121783][T11634] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4) [ 317.121831][T11634] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 317.121879][T11634] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 317.121935][T11634] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 317.121983][T11634] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 317.122030][T11634] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 317.122124][T11634] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 317.122170][T11634] comedi comedi3: 8255: I/O port conflict (0x400009,4) [ 317.122219][T11634] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 317.122266][T11634] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 317.122393][T11634] comedi comedi3: 8255: I/O port conflict (0x80,4) [ 317.260424][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.260515][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.465259][T11639] netlink: 'syz.2.2554': attribute type 1 has an invalid length. [ 318.092098][T11654] tipc: Started in network mode [ 318.092120][T11654] tipc: Node identity 4, cluster identity 4711 [ 318.092133][T11654] tipc: Node number set to 4 [ 318.695529][ T5156] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 318.695719][ T5841] Bluetooth: hci0: command 0x0405 tx timeout [ 318.870233][T11682] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2572'. [ 318.870291][T11682] netlink: 'syz.3.2572': attribute type 9 has an invalid length. [ 319.035798][ T5156] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 319.035925][ T5156] Bluetooth: hci2: Injecting HCI hardware error event [ 319.040112][ T5156] Bluetooth: hci2: hardware error 0x00 [ 319.415620][ T6014] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 319.439109][T11695] tipc: Enabled bearer , priority 10 [ 319.464985][T11697] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2581'. [ 319.570427][ T6014] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 319.570453][ T6014] usb 1-1: config 1 has an invalid descriptor of length 121, skipping remainder of the config [ 319.570479][ T6014] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 319.570498][ T6014] usb 1-1: config 1 has no interface number 1 [ 319.570542][ T6014] usb 1-1: too many endpoints for config 1 interface 2 altsetting 50: 48, using maximum allowed: 30 [ 319.570582][ T6014] usb 1-1: config 1 interface 2 altsetting 50 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 319.570608][ T6014] usb 1-1: config 1 interface 0 has no altsetting 0 [ 319.570623][ T6014] usb 1-1: config 1 interface 2 has no altsetting 1 [ 319.665027][ T6014] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 319.665061][ T6014] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.665082][ T6014] usb 1-1: Product: syz [ 319.665097][ T6014] usb 1-1: Manufacturer: syz [ 319.665112][ T6014] usb 1-1: SerialNumber: syz [ 320.056827][ T6014] usb 1-1: cannot find UAC_HEADER [ 320.057343][ T6014] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 320.076262][ T6014] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 320.076326][ T6014] usb 1-1: MIDIStreaming interface descriptor not found [ 320.284308][ T6014] usb 1-1: USB disconnect, device number 22 [ 320.555502][ T990] tipc: Node number set to 754974784 [ 320.578527][ T6716] udevd[6716]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 320.668261][ T37] audit: type=1326 audit(1759086717.790:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 320.668519][ T37] audit: type=1326 audit(1759086717.790:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 320.675606][ T44] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 320.682127][ T37] audit: type=1326 audit(1759086717.800:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 320.824854][ T37] audit: type=1326 audit(1759086717.940:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7feb6973af79 code=0x7ffc0000 [ 320.824900][ T37] audit: type=1326 audit(1759086717.940:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 320.824937][ T37] audit: type=1326 audit(1759086717.940:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11713 comm="syz.1.2589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 320.830393][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.830440][ T44] usb 3-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00 [ 320.830469][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.857835][ T44] usb 3-1: config 0 descriptor?? [ 320.865605][ T990] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 321.021925][ T990] usb 4-1: Using ep0 maxpacket: 8 [ 321.029339][ T990] usb 4-1: unable to get BOS descriptor or descriptor too short [ 321.034656][ T990] usb 4-1: config 8 interface 0 altsetting 7 bulk endpoint 0x83 has invalid maxpacket 31 [ 321.034687][ T990] usb 4-1: config 8 interface 0 has no altsetting 0 [ 321.055643][ T990] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 321.055736][ T990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.055754][ T990] usb 4-1: Product: syz [ 321.055769][ T990] usb 4-1: Manufacturer: syz [ 321.055784][ T990] usb 4-1: SerialNumber: syz [ 321.151414][T11717] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 321.255544][ T5156] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 321.406999][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407043][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407072][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407098][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407121][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407147][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.407171][ T44] steelseries 0003:1038:12C2.0039: unknown main item tag 0x0 [ 321.438626][ T990] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 321.438683][ T990] usb 4-1: selecting invalid altsetting 0 [ 321.525720][ T37] audit: type=1326 audit(1759086718.630:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.1.2594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 321.525773][ T37] audit: type=1326 audit(1759086718.640:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.1.2594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 321.525814][ T37] audit: type=1326 audit(1759086718.640:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.1.2594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 321.525855][ T37] audit: type=1326 audit(1759086718.640:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11725 comm="syz.1.2594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb6979eec9 code=0x7ffc0000 [ 321.625639][ T6014] usb 3-1: USB disconnect, device number 24 [ 321.799662][ T990] usb 4-1: USB disconnect, device number 23 [ 322.082524][ T8100] udevd[8100]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 322.351944][T11742] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 322.655706][T11754] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2606'. [ 323.715747][T11775] netlink: 'syz.2.2616': attribute type 3 has an invalid length. [ 323.715771][T11775] netlink: 666 bytes leftover after parsing attributes in process `syz.2.2616'. [ 324.809824][T11793] atomic_op ffff8880237f5a18 conn xmit_atomic 0000000000000000 [ 325.446529][T11807] bridge: RTM_NEWNEIGH with unconfigured vlan 3 on bridge0 [ 325.927947][T11825] delete_channel: no stack [ 325.940756][T11828] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2639'. [ 325.940788][T11828] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 325.951200][T11823] delete_channel: no stack [ 326.285847][T11836] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2643'. [ 327.626800][T11872] pimreg: entered allmulticast mode [ 327.926478][T11874] veth3: entered promiscuous mode [ 328.141947][T11882] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2665'. [ 328.861224][T11898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2673'. [ 328.861248][T11898] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2673'. [ 328.861263][T11898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2673'. [ 328.861276][T11898] netlink: 'syz.0.2673': attribute type 5 has an invalid length. [ 329.145489][ T44] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 329.298562][ T44] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 329.298591][ T44] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 329.298610][ T44] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 329.298629][ T44] usb 3-1: config 220 has no interface number 2 [ 329.298721][ T44] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 329.298749][ T44] usb 3-1: config 220 interface 0 has no altsetting 0 [ 329.298776][ T44] usb 3-1: config 220 interface 76 has no altsetting 0 [ 329.298794][ T44] usb 3-1: config 220 interface 1 has no altsetting 0 [ 329.303400][ T44] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 329.303426][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.303441][ T44] usb 3-1: Product: syz [ 329.303454][ T44] usb 3-1: Manufacturer: syz [ 329.303467][ T44] usb 3-1: SerialNumber: syz [ 329.589657][ T44] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 329.589695][ T44] usb 3-1: No valid video chain found. [ 329.592380][ T44] usb 3-1: selecting invalid altsetting 0 [ 329.661000][ T44] usb 3-1: selecting invalid altsetting 0 [ 329.661041][ T44] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 329.718161][ T44] usb 3-1: USB disconnect, device number 25 [ 330.244477][T11922] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2683'. [ 331.027633][ T44] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 331.189008][ T44] usb 4-1: Using ep0 maxpacket: 16 [ 331.191510][ T44] usb 4-1: config 0 interface 0 altsetting 220 endpoint 0x81 has an invalid bInterval 135, changing to 11 [ 331.191542][ T44] usb 4-1: config 0 interface 0 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 331.191569][ T44] usb 4-1: config 0 interface 0 has no altsetting 0 [ 331.191601][ T44] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.00 [ 331.191624][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.232295][ T44] usb 4-1: config 0 descriptor?? [ 331.795011][ T44] input: HID 054c:03d5 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:054C:03D5.003A/input/input25 [ 331.945120][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 331.962387][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 331.963646][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 331.966453][ T44] sony 0003:054C:03D5.003A: input,hidraw0: USB HID v5.f2 Joystick [HID 054c:03d5] on usb-dummy_hcd.3-1/input0 [ 331.983902][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 331.987564][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 332.003355][ T44] usb 4-1: USB disconnect, device number 24 [ 332.146966][T11943] fido_id[11943]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 333.193683][ T37] kauditd_printk_skb: 12 callbacks suppressed [ 333.193701][ T37] audit: type=1326 audit(1759086730.310:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11963 comm="syz.2.2701" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f634004eec9 code=0x0 [ 334.047125][ T57] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.141088][ T5841] Bluetooth: hci5: command tx timeout [ 334.658284][ T57] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 334.901647][ T37] audit: type=1326 audit(1759086732.020:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.901700][ T37] audit: type=1326 audit(1759086732.020:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.958923][ T37] audit: type=1326 audit(1759086732.080:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.958974][ T37] audit: type=1326 audit(1759086732.080:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.959015][ T37] audit: type=1326 audit(1759086732.080:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.965536][ T37] audit: type=1326 audit(1759086732.080:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 334.965584][ T37] audit: type=1326 audit(1759086732.080:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11992 comm="syz.3.2715" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd46b9eec9 code=0x7ffc0000 [ 335.300795][ T57] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 335.841821][T12013] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 335.994134][ T37] audit: type=1326 audit(1759086733.110:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12016 comm="syz.2.2726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 336.022566][ T37] audit: type=1326 audit(1759086733.110:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12016 comm="syz.2.2726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f634004eec9 code=0x7ffc0000 [ 336.054301][ T57] bond0: (slave netdevsim0): Releasing backup interface [ 336.125965][ T57] netdevsim netdevsim5 netdevsim0 (unregistering): left allmulticast mode [ 336.134877][ T57] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.215703][ T5841] Bluetooth: hci5: command tx timeout [ 336.485206][T12028] delete_channel: no stack [ 336.730447][T11940] chnl_net:caif_netlink_parms(): no params data found [ 337.368282][T12044] can0: slcan on ttynull. [ 337.674184][T12043] can0 (unregistered): slcan off ttynull. [ 337.745607][ C0] syz_tun: tun_net_xmit 70 [ 338.232982][T11940] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.233127][T11940] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.233321][T11940] bridge_slave_0: entered allmulticast mode [ 338.258962][T11940] bridge_slave_0: entered promiscuous mode [ 338.284939][T11940] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.285170][T11940] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.295719][ T5841] Bluetooth: hci5: command tx timeout [ 338.307019][T11940] bridge_slave_1: entered allmulticast mode [ 338.309973][T11940] bridge_slave_1: entered promiscuous mode [ 338.718771][ T57] bridge_slave_1: left allmulticast mode [ 338.718802][ T57] bridge_slave_1: left promiscuous mode [ 338.719065][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.837994][ T57] bridge_slave_0: left allmulticast mode [ 338.838028][ T57] bridge_slave_0: left promiscuous mode [ 338.839184][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.375663][ T5841] Bluetooth: hci5: command tx timeout [ 342.529644][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 342.596447][ T57] bond_slave_0: left allmulticast mode [ 342.646324][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 342.696587][ T57] bond_slave_1: left allmulticast mode [ 342.743977][ T57] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 342.779241][ T57] mac80211_hwsim hwsim13 wlan1: left allmulticast mode [ 342.894397][ T57] bond0 (unregistering): Released all slaves [ 342.908610][ T5156] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 342.913018][ T5156] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 342.914849][ T5156] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 342.941054][ T5156] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 342.941794][ T5156] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 343.046065][T12069] Zero length message leads to an empty skb [ 343.051270][T11940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.485225][T11940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.495182][ T57] tipc: Disabling bearer [ 343.576683][ T57] tipc: Left network mode [ 343.600542][T12096] vlan3: entered allmulticast mode [ 344.132495][ C0] vkms_vblank_simulate: vblank timer overrun [ 344.413623][T11940] team0: Port device team_slave_0 added [ 344.457928][T11940] team0: Port device team_slave_1 added [ 344.535620][ C0] vkms_vblank_simulate: vblank timer overrun [ 345.096871][ T5841] Bluetooth: hci0: command tx timeout [ 345.435680][ T5926] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 345.455821][T11940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 345.455840][T11940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.455865][T11940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 345.485621][T11940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 345.485638][T11940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 345.485663][T11940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 345.588331][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.588364][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.588402][ T5926] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 345.588424][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.599948][ T5926] usb 4-1: config 0 descriptor?? [ 345.640260][ T57] hsr_slave_0: left promiscuous mode [ 345.685662][ T57] hsr_slave_1: left promiscuous mode [ 345.687209][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.687244][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 345.752538][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 345.752570][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 345.948743][T12141] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2780'. [ 346.064437][ T57] veth1_macvtap: left promiscuous mode [ 346.064758][ T57] veth1_vlan: left promiscuous mode [ 346.064968][ T57] veth0_vlan: left promiscuous mode [ 346.069468][ T5926] kone 0003:1E7D:2CED.003B: unknown main item tag 0x4 [ 346.099254][ T5926] kone 0003:1E7D:2CED.003B: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.3-1/input0 [ 346.278087][ T6000] usb 4-1: USB disconnect, device number 25 [ 346.888611][T12157] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 346.915288][ C0] vkms_vblank_simulate: vblank timer overrun [ 347.058016][ T6000] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 347.190555][ T5841] Bluetooth: hci0: command tx timeout [ 347.230016][ T6000] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 347.230043][ T6000] usb 3-1: config 0 has no interface number 0 [ 347.230091][ T6000] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 347.230114][ T6000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.283453][ T6000] usb 3-1: config 0 descriptor?? [ 347.307080][ T6000] usb 3-1: selecting invalid altsetting 1 [ 347.308393][ T6000] dvb_ttusb_budget: ttusb_init_controller: error [ 347.308410][ T6000] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 347.466457][ T6000] DVB: Unable to find symbol cx22700_attach() [ 347.549401][ T6000] DVB: Unable to find symbol tda10046_attach() [ 347.549416][ T6000] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 347.563304][ T6000] usb 3-1: USB disconnect, device number 26 [ 347.713238][T12171] vivid-002: disconnect [ 347.732380][T12170] vivid-002: reconnect [ 349.255670][ T5156] Bluetooth: hci0: command tx timeout [ 349.259496][ T57] team0 (unregistering): Port device team_slave_1 removed [ 349.476708][ T57] team0 (unregistering): Port device team_slave_0 removed [ 351.335537][ T5156] Bluetooth: hci0: command tx timeout [ 352.088150][T12182] tipc: Enabled bearer , priority 10 [ 352.397893][T12191] netlink: 'syz.3.2801': attribute type 8 has an invalid length. [ 352.464103][T12188] sp0: Synchronizing with TNC [ 352.511063][T11940] hsr_slave_0: entered promiscuous mode [ 352.516385][T11940] hsr_slave_1: entered promiscuous mode [ 352.520765][T11940] debugfs: 'hsr0' already exists in 'hsr' [ 352.520800][T11940] Cannot create hsr debugfs directory [ 353.340339][T12216] netlink: 'syz.0.2811': attribute type 1 has an invalid length. [ 353.340361][T12216] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2811'. [ 353.485279][T12223] tmpfs: Cannot change global quota limit on remount [ 353.607674][ T37] kauditd_printk_skb: 6 callbacks suppressed [ 353.607692][ T37] audit: type=1800 audit(1759086750.710:75): pid=12224 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.2814" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 353.836268][T12233] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2818'. [ 353.836290][T12233] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2818'. [ 353.836316][T12233] netlink: 'syz.2.2818': attribute type 11 has an invalid length. [ 354.025694][ T6014] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 354.184713][ T6014] usb 4-1: Using ep0 maxpacket: 16 [ 354.191165][ T6014] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.191197][ T6014] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.191218][ T6014] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 354.191260][ T6014] usb 4-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.00 [ 354.191282][ T6014] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.198998][ T6014] usb 4-1: config 0 descriptor?? [ 354.314413][ T57] IPVS: stop unused estimator thread 0... [ 354.504867][T12087] chnl_net:caif_netlink_parms(): no params data found [ 354.668412][ T6014] lg-g15 0003:046D:C227.003C: hidraw0: USB HID v0.00 Device [HID 046d:c227] on usb-dummy_hcd.3-1/input0 [ 354.828289][ T6000] usb 4-1: USB disconnect, device number 26 [ 354.999887][T12246] fido_id[12246]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 355.124520][T12249] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2825'. [ 355.124599][T12249] tipc: Enabling of bearer rejected, failed to enable media [ 356.184764][T12278] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2838'. [ 356.184911][T12278] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2838'. [ 356.749313][T12297] binder_alloc: binder_alloc_mmap_handler: 12296 200000ffc000-200001000000 already mapped failed -16 [ 356.860148][ T57] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.897474][T12300] GUP no longer grows the stack in syz.2.2848 (12300): 200000005000-200000008000 (200000004000) [ 356.897535][T12300] CPU: 0 UID: 0 PID: 12300 Comm: syz.2.2848 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 356.897559][T12300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 356.897578][T12300] Call Trace: [ 356.897586][T12300] [ 356.897596][T12300] dump_stack_lvl+0x189/0x250 [ 356.897641][T12300] ? __pfx_dump_stack_lvl+0x10/0x10 [ 356.897669][T12300] ? __pfx__printk+0x10/0x10 [ 356.897687][T12300] ? find_vma+0xe7/0x160 [ 356.897727][T12300] fixup_user_fault+0x661/0x720 [ 356.897761][T12300] fault_in_user_writeable+0x72/0xe0 [ 356.897784][T12300] futex_lock_pi+0x765/0xa70 [ 356.897822][T12300] ? __pfx_futex_lock_pi+0x10/0x10 [ 356.897878][T12300] ? __pfx_futex_wake_mark+0x10/0x10 [ 356.897918][T12300] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 356.897949][T12300] do_futex+0x292/0x420 [ 356.897978][T12300] ? __pfx_do_futex+0x10/0x10 [ 356.898002][T12300] ? __vm_munmap+0x301/0x3d0 [ 356.898030][T12300] __se_sys_futex+0x36f/0x400 [ 356.898058][T12300] ? __pfx___se_sys_futex+0x10/0x10 [ 356.898082][T12300] ? rcu_is_watching+0x15/0xb0 [ 356.898114][T12300] ? __x64_sys_futex+0x21/0xf0 [ 356.898137][T12300] do_syscall_64+0xfa/0x3b0 [ 356.898154][T12300] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.898180][T12300] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.898199][T12300] ? clear_bhb_loop+0x60/0xb0 [ 356.898221][T12300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.898246][T12300] RIP: 0033:0x7f634004eec9 [ 356.898268][T12300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 356.898285][T12300] RSP: 002b:00007f633e2ae038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 356.898315][T12300] RAX: ffffffffffffffda RBX: 00007f63402a5fa0 RCX: 00007f634004eec9 [ 356.898331][T12300] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 356.898345][T12300] RBP: 00007f63400d1f91 R08: 0000000000000000 R09: 0000000000000000 [ 356.898358][T12300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.898369][T12300] R13: 00007f63402a6038 R14: 00007f63402a5fa0 R15: 00007ffcea82cca8 [ 356.898402][T12300] [ 357.244358][T12087] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.250993][T12087] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.251234][T12087] bridge_slave_0: entered allmulticast mode [ 357.261735][T12087] bridge_slave_0: entered promiscuous mode [ 357.271654][T12087] bridge0: port 2(bridge_slave_1) entered blocking state [ 357.276067][T12087] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.276312][T12087] bridge_slave_1: entered allmulticast mode [ 357.296438][T12087] bridge_slave_1: entered promiscuous mode [ 357.560611][ T37] audit: type=1800 audit(1759086754.680:76): pid=12313 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.2854" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 357.562252][T11940] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 357.806393][T11940] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 357.817769][T12321] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 357.924705][T12323] netlink: 'syz.2.2860': attribute type 11 has an invalid length. [ 357.924735][T12323] netlink: 212 bytes leftover after parsing attributes in process `syz.2.2860'. [ 358.156438][ T57] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 358.205170][T12087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.208936][T11940] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 358.310246][T12087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.314510][T11940] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 358.596588][T12336] MTD: Attempt to mount non-MTD device "/dev/nbd2" [ 358.813229][ T57] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.047073][T12087] team0: Port device team_slave_0 added [ 359.242345][T12357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2872'. [ 359.551225][ T57] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.619185][T12087] team0: Port device team_slave_1 added [ 359.652861][T12357] ip6gretap0: entered promiscuous mode [ 359.710649][T12357] ip6gretap0: left promiscuous mode [ 360.303259][T12087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 360.303275][T12087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.303301][T12087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 360.313008][T12087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 360.313023][T12087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 360.313048][T12087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 360.861130][T12087] hsr_slave_0: entered promiscuous mode [ 360.862408][T12087] hsr_slave_1: entered promiscuous mode [ 360.863316][T12087] debugfs: 'hsr0' already exists in 'hsr' [ 360.863339][T12087] Cannot create hsr debugfs directory [ 360.918495][T12395] bad cache= option: no%e [ 360.918495][T12395] [ 360.919673][T12395] CIFS: VFS: bad cache= option: no%e [ 361.054109][T12399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2891'. [ 361.791980][ T57] bridge_slave_1: left allmulticast mode [ 361.792012][ T57] bridge_slave_1: left promiscuous mode [ 361.792258][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.893449][ T57] bridge_slave_0: left allmulticast mode [ 361.893482][ T57] bridge_slave_0: left promiscuous mode [ 361.897676][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.065525][ T1777] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 362.235526][ T1777] usb 3-1: Using ep0 maxpacket: 16 [ 362.238416][ T1777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.238448][ T1777] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.238471][ T1777] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 362.238513][ T1777] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 362.238536][ T1777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.312543][ T1777] usb 3-1: config 0 descriptor?? [ 362.741915][ T1777] microsoft 0003:045E:07DA.003D: report is too long [ 362.741950][ T1777] microsoft 0003:045E:07DA.003D: item 0 4 0 8 parsing failed [ 362.742765][ T1777] microsoft 0003:045E:07DA.003D: parse failed [ 362.742872][ T1777] microsoft 0003:045E:07DA.003D: probe with driver microsoft failed with error -22 [ 362.827326][T12444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2912'. [ 362.954038][ T1777] usb 3-1: USB disconnect, device number 27 [ 364.734640][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 364.806855][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 364.830062][ T57] bond0 (unregistering): Released all slaves [ 365.125983][ T57] tipc: Left network mode [ 365.349780][T11940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 365.827323][T11940] 8021q: adding VLAN 0 to HW filter on device team0 [ 366.014044][T12488] netlink: 'syz.0.2932': attribute type 3 has an invalid length. [ 366.505004][T12490] sp0: Synchronizing with TNC [ 366.617302][ T1470] bridge0: port 1(bridge_slave_0) entered blocking state [ 366.617433][ T1470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 366.701070][ T990] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 366.791008][T12507] bridge0: port 3(syz_tun) entered blocking state [ 366.813366][T12507] bridge0: port 3(syz_tun) entered disabled state [ 366.813974][T12507] syz_tun: entered allmulticast mode [ 366.841821][T12507] syz_tun: entered promiscuous mode [ 366.844088][T12507] bridge0: port 3(syz_tun) entered blocking state [ 366.844254][T12507] bridge0: port 3(syz_tun) entered forwarding state [ 366.865481][ T990] usb 3-1: Using ep0 maxpacket: 16 [ 366.867318][ T990] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 366.867367][ T990] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.867389][ T990] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 366.867407][ T990] usb 3-1: config 0 interface 0 has no altsetting 0 [ 366.867435][ T990] usb 3-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 366.867454][ T990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.912486][ T1427] bridge0: port 2(bridge_slave_1) entered blocking state [ 366.912638][ T1427] bridge0: port 2(bridge_slave_1) entered forwarding state [ 366.950242][ T990] usb 3-1: config 0 descriptor?? [ 367.164723][ T57] hsr_slave_0: left promiscuous mode [ 367.175746][ T57] hsr_slave_1: left promiscuous mode [ 367.176502][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 367.176536][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 367.246719][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 367.246901][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 367.399745][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399784][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399811][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399839][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399870][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399897][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399923][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399951][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.399978][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.400005][ T990] kye 0003:0458:0153.003E: unknown main item tag 0x0 [ 367.462299][ T57] veth1_macvtap: left promiscuous mode [ 367.463701][ T57] veth0_macvtap: left promiscuous mode [ 367.463993][ T57] veth1_vlan: left promiscuous mode [ 367.464186][ T57] veth0_vlan: left promiscuous mode [ 367.509619][ T990] kye 0003:0458:0153.003E: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.2-1/input0 [ 367.605939][ T6000] usb 3-1: USB disconnect, device number 28 [ 368.233465][T12520] xt_socket: unknown flags 0x40 [ 370.077741][ T57] team0 (unregistering): Port device team_slave_1 removed [ 370.336041][ T57] team0 (unregistering): Port device team_slave_0 removed [ 371.690148][ T57] vxcan1 (unregistering): left allmulticast mode [ 372.887020][T12087] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 372.959640][T12087] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 373.012325][T12087] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 373.080473][T12087] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 373.227456][T12537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2955'. [ 373.627743][T12550] netlink: 'syz.2.2958': attribute type 10 has an invalid length. [ 373.685007][T12550] team0: Port device dummy0 added [ 373.693400][T12554] netlink: 'syz.2.2958': attribute type 10 has an invalid length. [ 373.818715][T12554] team0: Port device dummy0 removed [ 373.823659][T12554] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 374.199832][T12087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 374.298221][T11940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 374.359576][T12087] 8021q: adding VLAN 0 to HW filter on device team0 [ 374.403972][ T3203] bridge0: port 1(bridge_slave_0) entered blocking state [ 374.405573][ T3203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 374.450282][ T1007] bridge0: port 2(bridge_slave_1) entered blocking state [ 374.455573][ T1007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 374.980535][T12590] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2971'. [ 375.809640][T11940] veth0_vlan: entered promiscuous mode [ 375.842798][T12087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.886307][T11940] veth1_vlan: entered promiscuous mode [ 376.145614][T11940] veth0_macvtap: entered promiscuous mode [ 376.190171][T11940] veth1_macvtap: entered promiscuous mode [ 376.231397][T12585] syz.3.2970 (12585): drop_caches: 2 [ 376.251541][T12611] netlink: 88 bytes leftover after parsing attributes in process `syz.0.2978'. [ 376.314580][T11940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.377689][T11940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.467516][ T3203] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.504422][ T1389] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.536109][ T3203] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.565777][ T1408] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 377.057308][T12624] gtp0: entered promiscuous mode [ 377.471552][ T1389] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.471573][ T1389] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.690738][ T1470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 377.690763][ T1470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 377.882992][T12087] veth0_vlan: entered promiscuous mode [ 377.928932][T12087] veth1_vlan: entered promiscuous mode [ 378.063176][T12087] veth0_macvtap: entered promiscuous mode [ 378.099680][T12087] veth1_macvtap: entered promiscuous mode [ 378.138270][T12087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 378.181940][T12087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 378.212470][ T1389] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.228495][ T1389] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.229347][ T1389] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.251496][ T1389] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 378.700034][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.700122][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.983295][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 378.983314][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.101338][ T1007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 379.101359][ T1007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 379.338041][T12678] binder: 12677:12678 ioctl c0306201 2000000003c0 returned -22 [ 380.800600][T12727] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3027'. [ 380.805242][T12728] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3028'. [ 380.825175][T12727] netlink: 'syz.7.3027': attribute type 8 has an invalid length. [ 381.578239][T12754] netlink: 'syz.6.3039': attribute type 2 has an invalid length. [ 382.057098][ T5825] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 382.208142][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.208191][ T5825] usb 3-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00 [ 382.208214][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.222621][ T5825] usb 3-1: config 0 descriptor?? [ 382.621709][T12787] usb usb8: usbfs: process 12787 (syz.3.3056) did not claim interface 0 before use [ 382.666186][T12788] tmpfs: Bad value for 'mpol' [ 382.700125][ T5825] kye 0003:0458:501B.003F: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 382.742157][ T5825] kye 0003:0458:501B.003F: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.2-1/input0 [ 382.742191][ T5825] kye 0003:0458:501B.003F: tablet-enabling feature report not found [ 382.742206][ T5825] kye 0003:0458:501B.003F: tablet enabling failed [ 382.908781][ T10] usb 3-1: USB disconnect, device number 29 [ 382.955971][T12794] fido_id[12794]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 383.971175][T12831] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3076'. [ 384.210426][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3080'. [ 384.587157][T12852] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 384.588322][T12852] team0: Device ipvlan2 is already an upper device of the team interface [ 385.186789][T12868] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 385.892701][T12889] [U]  [ 385.892715][T12889] [U] K{ [ 385.892726][T12889] [U] t 1ŠFfˊ`GJgo/mC [ 385.892750][T12889] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 385.892771][T12889] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 385.892803][T12889] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 385.892853][T12889] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 385.892877][T12889] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 385.892894][T12889] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 385.892916][T12889] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 385.893044][T12889] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 385.893060][T12889] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 385.893073][T12889] [U] 22Ʃx?0;3u [ 385.893093][T12889] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 385.893116][T12889] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 385.893129][T12889] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 385.893141][T12889] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 385.893156][T12889] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 385.893167][T12889] [U] ec [ 385.893180][T12889] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 385.894431][T12885] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 387.912113][T12943] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3130'. [ 388.963794][T12976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3145'. [ 389.626030][T12999] sch_tbf: burst 0 is lower than device veth1 mtu (1514) ! [ 389.960525][T13012] netlink: 'syz.7.3164': attribute type 1 has an invalid length. [ 389.960547][T13012] netlink: 204 bytes leftover after parsing attributes in process `syz.7.3164'. [ 389.960562][T13012] netlink: 'syz.7.3164': attribute type 1 has an invalid length. [ 389.992907][T13013] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 390.209879][T13019] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 390.209895][T13019] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 390.209906][T13019] overlayfs: missing 'lowerdir' [ 391.488845][T13072] sctp: [Deprecated]: syz.7.3190 (pid 13072) Use of int in max_burst socket option. [ 391.488845][T13072] Use struct sctp_assoc_value instead [ 391.613251][T13076] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 391.806055][T13081] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3196'. [ 392.938629][T13123] syz_tun: entered promiscuous mode [ 392.938747][T13123] vlan2: entered promiscuous mode [ 394.056764][ T6000] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 394.206064][ T6000] usb 7-1: Using ep0 maxpacket: 16 [ 394.208652][ T6000] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 394.208697][ T6000] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 394.208739][ T6000] usb 7-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00 [ 394.208762][ T6000] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.287302][ T6000] usb 7-1: config 0 descriptor?? [ 394.738177][ T6000] kye 0003:0458:5019.0040: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 394.763781][ T6000] kye 0003:0458:5019.0040: unexpected long global item [ 394.764459][ T6000] kye 0003:0458:5019.0040: parse failed [ 394.764532][ T6000] kye 0003:0458:5019.0040: probe with driver kye failed with error -22 [ 394.936215][ T6014] usb 7-1: USB disconnect, device number 2 [ 395.395625][ T990] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 395.566562][ T990] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.566596][ T990] usb 3-1: config 0 interface 0 has no altsetting 0 [ 395.566630][ T990] usb 3-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00 [ 395.566651][ T990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.592222][ T990] usb 3-1: config 0 descriptor?? [ 396.066058][ T990] nti 0003:0757:0A00.0041: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.2-1/input0 [ 396.252606][ T6000] usb 3-1: USB disconnect, device number 30 [ 396.282788][T13224] fido_id[13224]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 396.629090][T13240] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3272'. [ 397.889709][T13281] ipvlan2: entered promiscuous mode [ 398.770413][T13309] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 399.386230][ T5912] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 399.548444][ T5912] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.548472][ T5912] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 399.548525][ T5912] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 399.548547][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.566378][ T5912] usb 4-1: config 0 descriptor?? [ 399.599067][ T5912] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 399.599123][ T5912] dvb-usb: bulk message failed: -22 (3/0) [ 399.614648][ T5912] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 399.621569][ T5912] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 399.621629][ T5912] usb 4-1: media controller created [ 399.680904][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 399.727165][ T5912] dvb-usb: bulk message failed: -22 (6/0) [ 399.727300][ T5912] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 399.728110][T13340] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3321'. [ 399.756164][ T5912] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input26 [ 399.761514][ T5912] dvb-usb: schedule remote query interval to 150 msecs. [ 399.761535][ T5912] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 399.848294][ T990] usb 4-1: USB disconnect, device number 27 [ 400.032094][ T990] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 400.036542][T13348] netlink: 140 bytes leftover after parsing attributes in process `syz.6.3322'. [ 400.036603][T13348] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3322'. [ 400.036620][T13348] netlink: 5 bytes leftover after parsing attributes in process `syz.6.3322'. [ 400.655446][ T6000] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 400.811263][ T6000] usb 1-1: New USB device found, idVendor=0b05, idProduct=19b6, bcdDevice= 0.00 [ 400.811293][ T6000] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.840462][ T6000] usb 1-1: config 0 descriptor?? [ 401.324231][ T6000] asus 0003:0B05:19B6.0042: hidraw0: USB HID v0.04 Device [HID 0b05:19b6] on usb-dummy_hcd.0-1/input0 [ 401.324265][ T6000] asus 0003:0B05:19B6.0042: Asus input not registered [ 401.371577][ T6000] asus 0003:0B05:19B6.0042: probe with driver asus failed with error -12 [ 401.515969][ T6000] usb 1-1: USB disconnect, device number 23 [ 401.592002][T13387] netlink: 100 bytes leftover after parsing attributes in process `syz.2.3343'. [ 401.780586][T13386] fido_id[13386]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 402.251234][T13409] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3353'. [ 402.881971][ T6000] IPVS: starting estimator thread 0... [ 402.965527][T13428] IPVS: using max 8 ests per chain, 19200 per kthread [ 405.041759][T13488] netlink: 'syz.6.3390': attribute type 58 has an invalid length. [ 405.041781][T13488] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3390'. [ 405.297874][ T5156] Bluetooth: hci1: unexpected event for opcode 0x2042 [ 405.629332][ T37] audit: type=1326 audit(1759086802.750:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.629383][ T37] audit: type=1326 audit(1759086802.750:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637289][ T37] audit: type=1326 audit(1759086802.760:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637346][ T37] audit: type=1326 audit(1759086802.760:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637387][ T37] audit: type=1326 audit(1759086802.760:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637424][ T37] audit: type=1326 audit(1759086802.760:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637462][ T37] audit: type=1326 audit(1759086802.760:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.637500][ T37] audit: type=1326 audit(1759086802.760:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13509 comm="syz.0.3401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8cf525eec9 code=0x7ffc0000 [ 405.985838][T13522] netlink: 'syz.2.3408': attribute type 2 has an invalid length. [ 406.606016][T13546] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3418'. [ 406.617345][T13548] netlink: 'syz.2.3421': attribute type 1 has an invalid length. [ 406.772027][T13554] netlink: 'syz.3.3423': attribute type 29 has an invalid length. [ 406.773148][T13554] netlink: 'syz.3.3423': attribute type 29 has an invalid length. [ 407.833244][T13593] netlink: 209840 bytes leftover after parsing attributes in process `syz.6.3441'. [ 408.544923][T13613] syz.2.3450 (13613) used greatest stack depth: 17608 bytes left [ 409.335657][ T5156] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 409.338695][ T5156] Bluetooth: hci1: Injecting HCI hardware error event [ 409.343779][ T5841] Bluetooth: hci1: hardware error 0x00 [ 410.585546][ T990] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 410.748166][ T990] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.748213][ T990] usb 4-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 410.748237][ T990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.754701][ T990] usb 4-1: config 0 descriptor?? [ 411.202677][ T990] hid_parser_main: 1235 callbacks suppressed [ 411.202701][ T990] zydacron 0003:13EC:0006.0043: unknown main item tag 0x0 [ 411.202732][ T990] zydacron 0003:13EC:0006.0043: unknown main item tag 0x0 [ 411.202765][ T990] zydacron 0003:13EC:0006.0043: unknown main item tag 0x0 [ 411.202793][ T990] zydacron 0003:13EC:0006.0043: unknown main item tag 0x0 [ 411.202819][ T990] zydacron 0003:13EC:0006.0043: unknown main item tag 0x0 [ 411.257268][ T990] zydacron 0003:13EC:0006.0043: hidraw0: USB HID v0.01 Device [HID 13ec:0006] on usb-dummy_hcd.3-1/input0 [ 411.401994][ T990] usb 4-1: USB disconnect, device number 28 [ 411.481393][T13708] fido_id[13708]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 411.575625][ T5841] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 411.908488][T13726] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3503'. [ 412.805495][ T990] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 412.965817][ T990] usb 4-1: Using ep0 maxpacket: 16 [ 412.968279][ T990] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.968419][ T990] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.968442][ T990] usb 4-1: config 0 interface 0 has no altsetting 0 [ 412.968476][ T990] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 412.968499][ T990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.086472][ T990] usb 4-1: config 0 descriptor?? [ 413.526783][ T990] nzxt-smart2 0003:1E71:2009.0044: item fetching failed at offset 2/5 [ 413.527721][ T990] nzxt-smart2 0003:1E71:2009.0044: probe with driver nzxt-smart2 failed with error -22 [ 413.721894][ T6014] usb 4-1: USB disconnect, device number 29 [ 414.288582][T13778] vivid-000: disconnect [ 414.289166][T13776] vivid-000: reconnect [ 415.725487][ T6000] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 415.950310][ T6000] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 415.950337][ T6000] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 415.950356][ T6000] usb 1-1: config 0 has no interface number 0 [ 415.950404][ T6000] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 415.950426][ T6000] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 416.012206][ T6000] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 416.012236][ T6000] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.012255][ T6000] usb 1-1: Product: syz [ 416.012268][ T6000] usb 1-1: Manufacturer: syz [ 416.012282][ T6000] usb 1-1: SerialNumber: syz [ 416.066228][ T6000] usb 1-1: config 0 descriptor?? [ 416.501076][ T6000] usbtouchscreen 1-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 416.577310][ T6000] usb 1-1: USB disconnect, device number 24 [ 417.125518][ T44] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 417.285469][ T44] usb 3-1: Using ep0 maxpacket: 16 [ 417.289498][ T44] usb 3-1: config 0 interface 0 has no altsetting 0 [ 417.289535][ T44] usb 3-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00 [ 417.289560][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.335983][ T44] usb 3-1: config 0 descriptor?? [ 417.677668][T13859] netlink: 104 bytes leftover after parsing attributes in process `syz.7.3564'. [ 417.770889][ T44] waltop 0003:172F:0037.0045: unknown main item tag 0x0 [ 417.770926][ T44] waltop 0003:172F:0037.0045: unknown main item tag 0x0 [ 417.770950][ T44] waltop 0003:172F:0037.0045: item fetching failed at offset 4/5 [ 417.771806][ T44] waltop 0003:172F:0037.0045: probe with driver waltop failed with error -22 [ 418.016041][ T990] usb 3-1: USB disconnect, device number 31 [ 419.007311][T13895] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3582'. [ 419.995423][ T6014] usb 7-1: new full-speed USB device number 3 using dummy_hcd [ 420.132082][T13925] comedi comedi0: Minor 3 specified more than once! [ 420.151706][ T6014] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 420.151732][ T6014] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 420.151786][ T6014] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 420.151809][ T6014] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.195843][ T6014] usb 7-1: config 0 descriptor?? [ 420.212924][ T6014] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 420.212975][ T6014] dvb-usb: bulk message failed: -22 (3/0) [ 420.230389][ T6014] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 420.233830][ T6014] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 420.233882][ T6014] usb 7-1: media controller created [ 420.264447][ T6014] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 420.287498][ T6014] dvb-usb: bulk message failed: -22 (6/0) [ 420.287584][ T6014] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 420.309420][ T6014] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input29 [ 420.314682][ T6014] dvb-usb: schedule remote query interval to 150 msecs. [ 420.314705][ T6014] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 420.469590][ T44] dvb-usb: bulk message failed: -22 (1/0) [ 420.469643][ T44] dvb-usb: error while querying for an remote control event. [ 420.500468][T13913] dvb-usb: bulk message failed: -22 (2/0) [ 420.500556][T13913] dvb-usb: bulk message failed: -22 (4/0) [ 420.520893][ T10] usb 7-1: USB disconnect, device number 3 [ 420.751185][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 420.885645][T13941] program syz.3.3603 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 421.161962][ T37] audit: type=1326 audit(1759086818.280:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13949 comm="syz.7.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41883eeec9 code=0x7ffc0000 [ 421.163180][ T37] audit: type=1326 audit(1759086818.280:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13949 comm="syz.7.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f41883eeec9 code=0x7ffc0000 [ 421.163306][ T37] audit: type=1326 audit(1759086818.280:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13949 comm="syz.7.3609" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41883eeec9 code=0x7ffc0000 [ 421.795440][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 421.945438][ T10] usb 7-1: Using ep0 maxpacket: 32 [ 421.948177][ T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 421.948206][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 421.948230][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 421.948251][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 421.948276][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 421.951459][ T10] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 421.951487][ T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.951505][ T10] usb 7-1: Product: syz [ 421.951518][ T10] usb 7-1: Manufacturer: syz [ 421.951531][ T10] usb 7-1: SerialNumber: syz [ 421.987554][ T10] usb 7-1: config 0 descriptor?? [ 422.414491][ T10] input input30: Device does not respond to id packet M [ 422.616724][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.616776][ T10] input input30: Device does not respond to id packet P [ 422.625049][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.625102][ T10] input input30: Device does not respond to id packet B [ 422.625650][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.625697][ T10] input input30: Device does not respond to id packet N [ 422.630175][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.630657][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.631111][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.633161][ T10] iforce 7-1:0.0: usb_submit_urb failed: -71 [ 422.682912][ T10] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input30 [ 422.786400][ T10] usb 7-1: USB disconnect, device number 4 [ 423.515042][T14003] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3634'. [ 424.619060][ T6000] hid-generic 0000:0004:0000.0046: unknown main item tag 0x0 [ 424.619101][ T6000] hid-generic 0000:0004:0000.0046: unknown main item tag 0x0 [ 424.619127][ T6000] hid-generic 0000:0004:0000.0046: unknown main item tag 0x0 [ 424.746420][ T6000] hid-generic 0000:0004:0000.0046: hidraw0: HID v0.00 Device [syz0] on syz0 [ 425.371575][T14026] fido_id[14026]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 425.925554][ T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 426.085530][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 426.088035][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.088064][ T10] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.088087][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 426.088119][ T10] usb 4-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00 [ 426.088149][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.171080][ T10] usb 4-1: config 0 descriptor?? [ 426.673554][ T10] a4tech 0003:09DA:000A.0047: hidraw0: USB HID v0.00 Device [HID 09da:000a] on usb-dummy_hcd.3-1/input0 [ 426.869506][ T10] usb 4-1: USB disconnect, device number 30 [ 426.980629][T14041] fido_id[14041]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 429.095318][ C1] sched: DL replenish lagged too much [ 430.365034][T14053] program syz.3.3656 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 431.685549][ T5926] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 431.840508][ T5926] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.840558][ T5926] usb 7-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 431.840581][ T5926] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.899252][ T5926] usb 7-1: config 0 descriptor?? [ 431.945532][ T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 432.105598][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 432.122591][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 432.122697][ T10] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 432.122720][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.194967][ T10] usb 3-1: config 0 descriptor?? [ 432.509733][ T5926] hid_mf 0003:0079:1846.0048: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.6-1/input0 [ 432.509767][ T5926] hid_mf 0003:0079:1846.0048: Invalid report, this should never happen! [ 432.510504][ T5926] hid_mf 0003:0079:1846.0048: Force feedback init failed. [ 432.669722][ T5926] usb 7-1: USB disconnect, device number 5 [ 432.730809][ T10] steelseries 0003:1038:1410.0049: missing HID_OUTPUT_REPORT 0 [ 432.935603][ T10] usb 3-1: USB disconnect, device number 32 [ 433.054655][T14085] fido_id[14085]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 440.159365][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.159443][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.413090][T14099] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3676'. [ 442.413114][T14099] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3676'. [ 442.413138][T14099] netlink: 'syz.3.3676': attribute type 12 has an invalid length. [ 442.413152][T14099] netlink: 'syz.3.3676': attribute type 11 has an invalid length. [ 442.493056][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 442.521870][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 442.524148][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 442.552056][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 442.553596][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 444.618398][ T5156] Bluetooth: hci3: command tx timeout [ 446.695774][ T5156] Bluetooth: hci3: command tx timeout [ 447.483435][ T5841] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 447.498979][ T5841] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 447.505605][ T5841] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 447.507093][ T5841] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 447.508204][ T5841] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 448.775611][ T5156] Bluetooth: hci3: command tx timeout [ 449.175491][ T5825] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 449.333404][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 449.333535][ T5825] usb 3-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00 [ 449.333558][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.409050][ T5825] usb 3-1: config 0 descriptor?? [ 449.655687][ T5156] Bluetooth: hci6: command tx timeout [ 449.908189][ T5825] smartjoyplus 0003:0925:8866.004A: unknown main item tag 0x5 [ 449.936762][ T5825] smartjoyplus 0003:0925:8866.004A: hidraw0: USB HID v80.00 Device [HID 0925:8866] on usb-dummy_hcd.2-1/input0 [ 449.936795][ T5825] smartjoyplus 0003:0925:8866.004A: no output reports found [ 450.118076][ T5825] usb 3-1: USB disconnect, device number 33 [ 450.214151][T14134] fido_id[14134]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 450.857655][ T5156] Bluetooth: hci3: command tx timeout [ 451.735590][ T5156] Bluetooth: hci6: command tx timeout [ 452.262997][T14117] chnl_net:caif_netlink_parms(): no params data found [ 453.815637][ T5156] Bluetooth: hci6: command tx timeout [ 454.576886][ T37] audit: type=1326 audit(1759086851.700:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14144 comm="syz.6.3691" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0f289eeec9 code=0x0 [ 455.895541][ T5156] Bluetooth: hci6: command tx timeout [ 456.929748][ T5926] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 457.076374][ T5926] usb 3-1: Using ep0 maxpacket: 16 [ 457.080126][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.080157][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.080178][ T5926] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 457.080219][ T5926] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 457.080242][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.173215][ T5926] usb 3-1: config 0 descriptor?? [ 457.575486][ T5156] Bluetooth: hci5: command 0x0406 tx timeout [ 457.630138][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630564][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630593][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630620][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630656][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630683][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630710][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630737][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630764][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.630791][ T5926] microsoft 0003:045E:07DA.004B: unknown main item tag 0x0 [ 457.748195][ T5926] microsoft 0003:045E:07DA.004B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 457.748229][ T5926] microsoft 0003:045E:07DA.004B: no inputs found [ 457.748242][ T5926] microsoft 0003:045E:07DA.004B: could not initialize ff, continuing anyway [ 457.867681][ T5926] usb 3-1: USB disconnect, device number 34 [ 458.139604][T14159] fido_id[14159]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 463.555496][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 463.705539][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 463.709313][ T10] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 463.709339][ T10] usb 4-1: config 0 has no interface number 0 [ 463.754073][ T10] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 463.754102][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.754122][ T10] usb 4-1: Product: syz [ 463.754142][ T10] usb 4-1: Manufacturer: syz [ 463.754156][ T10] usb 4-1: SerialNumber: syz [ 463.797639][ T10] usb 4-1: config 0 descriptor?? [ 464.240198][ T10] radio-si470x 4-1:0.35: DeviceID=0x9242 ChipID=0x0000 [ 464.240223][ T10] radio-si470x 4-1:0.35: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 464.454098][ T10] radio-si470x 4-1:0.35: si470x_get_report: usb_control_msg returned -71 [ 464.454123][ T10] radio-si470x 4-1:0.35: si470x_get_scratch: si470x_get_report returned -71 [ 464.454496][ T10] radio-si470x 4-1:0.35: probe with driver radio-si470x failed with error -5 [ 464.536139][ T10] radio-raremono 4-1:0.35: this is not Thanko's Raremono. [ 464.577416][ T10] usb 4-1: USB disconnect, device number 31 [ 468.058787][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 475.071992][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 475.095678][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 475.097400][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 475.099227][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 475.134132][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 475.975662][ C0] syz_tun: tun_net_xmit 70 [ 477.255754][ T5156] Bluetooth: hci2: command tx timeout [ 479.335666][ T5156] Bluetooth: hci2: command tx timeout [ 481.420920][ T5156] Bluetooth: hci2: command tx timeout [ 481.986433][ T5841] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 482.020096][ T5841] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 482.023035][ T5841] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 482.041955][ T5841] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 482.044394][ T5841] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 483.495587][ T5156] Bluetooth: hci2: command tx timeout [ 484.135822][ T5156] Bluetooth: hci7: command tx timeout [ 486.218017][ T5156] Bluetooth: hci7: command tx timeout [ 488.295700][ T5156] Bluetooth: hci7: command tx timeout [ 490.375615][ T5156] Bluetooth: hci7: command tx timeout [ 499.226947][ T5841] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 499.252447][ T5841] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 499.253920][ T5841] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 499.273606][ T5841] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 499.282746][ T5841] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 501.335613][ T5156] Bluetooth: hci8: command tx timeout [ 501.611712][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.611789][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.640152][ T5841] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 502.664474][ T5841] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 502.673953][ T5841] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 502.683246][ T5841] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 502.698199][ T5841] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 503.415555][ T5156] Bluetooth: hci8: command tx timeout [ 504.775793][ T5156] Bluetooth: hci9: command tx timeout [ 505.495550][ T5156] Bluetooth: hci8: command tx timeout [ 506.855665][ T5156] Bluetooth: hci9: command tx timeout [ 507.575535][ T5156] Bluetooth: hci8: command tx timeout [ 508.011303][ T5841] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 508.040557][ T5841] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 508.041983][ T5841] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 508.043644][ T5841] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 508.044446][ T5841] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 508.937430][ T5156] Bluetooth: hci9: command tx timeout [ 510.135645][ T5156] Bluetooth: hci10: command tx timeout [ 511.015647][ T5156] Bluetooth: hci9: command tx timeout [ 512.215514][ T5156] Bluetooth: hci10: command tx timeout [ 514.295570][ T5156] Bluetooth: hci10: command tx timeout [ 515.249034][T14117] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 516.375469][ T5156] Bluetooth: hci10: command tx timeout [ 519.325651][T14214] chnl_net:caif_netlink_parms(): no params data found [ 519.560054][T14209] chnl_net:caif_netlink_parms(): no params data found [ 519.600562][T14199] chnl_net:caif_netlink_parms(): no params data found [ 535.534176][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 535.556906][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 535.558294][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 535.587814][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 535.590399][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 538.506674][T14178] bridge0: port 3(syz_tun) entered disabled state [ 541.890348][T14242] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 541.918527][T14244] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 541.922121][T14244] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 541.923541][T14244] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 541.924455][T14244] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 548.718853][T14178] syz_tun (unregistering): left allmulticast mode [ 548.718886][T14178] syz_tun (unregistering): left promiscuous mode [ 548.721763][T14178] bridge0: port 3(syz_tun) entered disabled state [ 553.816036][ T5841] Bluetooth: hci11: command tx timeout [ 553.816745][ T5841] Bluetooth: hci1: command tx timeout [ 555.895582][T14244] Bluetooth: hci1: command tx timeout [ 555.895619][T14244] Bluetooth: hci11: command tx timeout [ 557.976027][ T5841] Bluetooth: hci11: command tx timeout [ 557.976058][ T5841] Bluetooth: hci1: command tx timeout [ 559.575095][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 559.597860][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 559.599241][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 559.600437][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 559.627830][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 560.055510][ T5841] Bluetooth: hci1: command tx timeout [ 560.055541][ T5841] Bluetooth: hci11: command tx timeout [ 561.735594][T14244] Bluetooth: hci3: command tx timeout [ 562.915182][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 562.935147][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 562.943839][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 562.944971][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 562.974332][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 563.022922][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.023001][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.815587][T14244] Bluetooth: hci3: command tx timeout [ 565.016414][T14244] Bluetooth: hci4: command tx timeout [ 565.896139][T14244] Bluetooth: hci3: command tx timeout [ 567.101105][T14244] Bluetooth: hci4: command tx timeout [ 567.975676][T14244] Bluetooth: hci3: command tx timeout [ 568.078631][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 568.081872][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 568.083249][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 568.084397][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 568.105419][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 569.175592][ T5841] Bluetooth: hci4: command tx timeout [ 570.218381][ T5841] Bluetooth: hci5: command tx timeout [ 571.255612][ T5841] Bluetooth: hci4: command tx timeout [ 572.295562][ T5841] Bluetooth: hci5: command tx timeout [ 574.375885][ T5841] Bluetooth: hci5: command tx timeout [ 576.456100][ T5841] Bluetooth: hci5: command tx timeout [ 593.096721][ T38] INFO: task syz.7.3650:14038 blocked for more than 143 seconds. [ 593.096746][ T38] Not tainted syzkaller #0 [ 593.096757][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 593.096766][ T38] task:syz.7.3650 state:D stack:25128 pid:14038 tgid:14038 ppid:12087 task_flags:0x400040 flags:0x00004006 [ 593.096814][ T38] Call Trace: [ 593.096820][ T38] [ 593.096834][ T38] __schedule+0x16f3/0x4c20 [ 593.096889][ T38] ? __lock_acquire+0xab9/0xd20 [ 593.096912][ T38] ? __pfx___schedule+0x10/0x10 [ 593.096953][ T38] ? schedule+0x91/0x360 [ 593.096980][ T38] schedule+0x165/0x360 [ 593.097005][ T38] schedule_timeout+0x9a/0x270 [ 593.097029][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 593.097065][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 593.097089][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 593.097111][ T38] ? wait_for_completion+0x267/0x5d0 [ 593.097137][ T38] wait_for_completion+0x2bf/0x5d0 [ 593.097175][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 593.097213][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 593.097239][ T38] rcu_barrier+0x463/0x570 [ 593.097268][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 593.097293][ T38] netdev_run_todo+0x327/0xea0 [ 593.097317][ T38] ? __pfx_netif_state_change+0x10/0x10 [ 593.097340][ T38] ? __pfx_netdev_run_todo+0x10/0x10 [ 593.097357][ T38] ? kasan_quarantine_put+0xdd/0x220 [ 593.097377][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 593.097410][ T38] ? netdev_state_change+0x1ca/0x220 [ 593.097435][ T38] ? __pfx_tun_chr_close+0x10/0x10 [ 593.097458][ T38] tun_chr_close+0x13f/0x1c0 [ 593.097483][ T38] __fput+0x45b/0xa80 [ 593.097515][ T38] task_work_run+0x1d1/0x260 [ 593.097537][ T38] ? __pfx_task_work_run+0x10/0x10 [ 593.097562][ T38] ? exit_to_user_mode_loop+0x40/0x110 [ 593.097588][ T38] exit_to_user_mode_loop+0xec/0x110 [ 593.097611][ T38] do_syscall_64+0x2bd/0x3b0 [ 593.097628][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 593.097652][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.097670][ T38] ? clear_bhb_loop+0x60/0xb0 [ 593.097692][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.097710][ T38] RIP: 0033:0x7f41883eeec9 [ 593.097727][ T38] RSP: 002b:00007ffd67c96808 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 593.097746][ T38] RAX: 0000000000000000 RBX: 0000000000067e19 RCX: 00007f41883eeec9 [ 593.097759][ T38] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 593.097770][ T38] RBP: 00007f4188647da0 R08: 0000000000000001 R09: 0000000367c96aff [ 593.097783][ T38] R10: 0000001b2f620000 R11: 0000000000000246 R12: 00007f4188645fac [ 593.097795][ T38] R13: 00007f4188645fa0 R14: ffffffffffffffff R15: 00007ffd67c96920 [ 593.097827][ T38] [ 593.097864][ T38] [ 593.097864][ T38] Showing all locks held in the system: [ 593.097874][ T38] 2 locks held by rcuc/1/28: [ 593.097885][ T38] 6 locks held by ktimers/1/29: [ 593.097897][ T38] 1 lock held by khungtaskd/38: [ 593.097907][ T38] #0: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 593.097955][ T38] 3 locks held by kworker/u8:5/69: [ 593.097965][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 593.098012][ T38] #1: ffffc9000154fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 593.098057][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 593.098105][ T38] 3 locks held by kworker/u8:6/1007: [ 593.098115][ T38] #0: ffff88814d36f138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 593.098164][ T38] #1: ffffc9000499fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 593.098216][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 593.098264][ T38] 2 locks held by kworker/u8:12/1470: [ 593.098286][ T38] 2 locks held by getty/5593: [ 593.098296][ T38] #0: ffff88823bf3c8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 593.098336][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 593.098384][ T38] 2 locks held by kworker/1:3/5905: [ 593.098395][ T38] 3 locks held by kworker/0:5/5926: [ 593.098405][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 593.098450][ T38] #1: ffffc9000507fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 593.098495][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 593.098542][ T38] 1 lock held by syz.7.3650/14038: [ 593.098552][ T38] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 593.098594][ T38] 1 lock held by syz.0.3668/14082: [ 593.098604][ T38] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 593.098646][ T38] 1 lock held by syz-executor/14100: [ 593.098656][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 593.098703][ T38] 1 lock held by syz-executor/14117: [ 593.098712][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 593.098759][ T38] 1 lock held by syz.2.3698/14164: [ 593.098769][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 593.098814][ T38] 1 lock held by syz.3.3703/14178: [ 593.098824][ T38] #0: ffffffff8d9ae770 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 593.098865][ T38] 3 locks held by syz-executor/14184: [ 593.098876][ T38] #0: ffff88803b94ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 593.098920][ T38] #1: ffff88803b94c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 593.098967][ T38] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 593.099010][ T38] 1 lock held by syz.6.3711/14198: [ 593.099020][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 593.099070][ T38] 4 locks held by syz-executor/14199: [ 593.099080][ T38] #0: ffff8880417d8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 593.099124][ T38] #1: ffff8880417d80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 593.099170][ T38] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 593.099219][ T38] #3: ffff88803162eb58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 593.099264][ T38] 3 locks held by syz-executor/14203: [ 593.099275][ T38] #0: ffff88803d2e8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 593.099322][ T38] #1: ffff88803d2e80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 593.099372][ T38] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 593.099414][ T38] 2 locks held by syz-executor/14209: [ 593.099425][ T38] #0: ffff888057a40e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 593.099468][ T38] #1: ffff888057a400a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 593.099514][ T38] 3 locks held by syz-executor/14214: [ 593.099524][ T38] #0: ffff888078414e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 593.099568][ T38] #1: ffff8880784140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 593.099614][ T38] #2: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 593.099658][ T38] 1 lock held by syz-executor/14237: [ 593.099668][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 593.099713][ T38] 1 lock held by syz-executor/14240: [ 593.099724][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 593.099769][ T38] 1 lock held by syz-executor/14253: [ 593.099779][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 593.099822][ T38] 1 lock held by syz-executor/14256: [ 593.099833][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 593.099874][ T38] 1 lock held by syz-executor/14262: [ 593.099885][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 593.099927][ T38] [ 593.099932][ T38] ============================================= [ 593.099932][ T38] [ 593.099948][ T38] NMI backtrace for cpu 0 [ 593.099962][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 593.099982][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 593.099992][ T38] Call Trace: [ 593.099999][ T38] [ 593.100007][ T38] dump_stack_lvl+0x189/0x250 [ 593.100035][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 593.100058][ T38] ? __pfx__printk+0x10/0x10 [ 593.100090][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 593.100134][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 593.100158][ T38] ? __pfx__printk+0x10/0x10 [ 593.100182][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 593.100210][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 593.100235][ T38] watchdog+0xf93/0xfe0 [ 593.100261][ T38] ? watchdog+0x1de/0xfe0 [ 593.100287][ T38] kthread+0x711/0x8a0 [ 593.100313][ T38] ? __pfx_watchdog+0x10/0x10 [ 593.100333][ T38] ? __pfx_kthread+0x10/0x10 [ 593.100361][ T38] ? __pfx_kthread+0x10/0x10 [ 593.100385][ T38] ret_from_fork+0x436/0x7d0 [ 593.100409][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 593.100436][ T38] ? __switch_to_asm+0x39/0x70 [ 593.100451][ T38] ? __switch_to_asm+0x33/0x70 [ 593.100466][ T38] ? __pfx_kthread+0x10/0x10 [ 593.100491][ T38] ret_from_fork_asm+0x1a/0x30 [ 593.100522][ T38] [ 593.100529][ T38] Sending NMI from CPU 0 to CPUs 1: [ 593.100555][ C1] NMI backtrace for cpu 1 [ 593.100568][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 593.100586][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 593.100595][ C1] RIP: 0010:kasan_check_range+0x1d4/0x2c0 [ 593.100617][ C1] Code: 01 f3 49 8d 5c 24 07 4d 85 e4 49 0f 49 dc 48 83 e3 f8 49 29 dc 74 12 41 80 3b 00 0f 85 b8 00 00 00 49 ff c3 49 ff cc 75 ee 5b <41> 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 45 84 ff 75 63 41 f7 [ 593.100631][ C1] RSP: 0018:ffffc90000a3ed18 EFLAGS: 00000056 [ 593.100644][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff81c61308 [ 593.100655][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8f1d6230 [ 593.100665][ C1] RBP: ffffc90000a3ede0 R08: ffffffff8f1d6237 R09: 1ffffffff1e3ac46 [ 593.100677][ C1] R10: dffffc0000000000 R11: fffffbfff1e3ac47 R12: 0000000000000001 [ 593.100688][ C1] R13: ffff88806bfbf6c0 R14: fffffbfff1e3ac47 R15: 1ffffffff1e3ac46 [ 593.100699][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 593.100712][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 593.100724][ C1] CR2: 00005563f8c2d548 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 593.100739][ C1] Call Trace: [ 593.100744][ C1] [ 593.100753][ C1] trace_irq_disable+0x28/0x110 [ 593.100771][ C1] _raw_spin_lock_irqsave+0x82/0xf0 [ 593.100791][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 593.100815][ C1] debug_check_no_obj_freed+0x17a/0x470 [ 593.100841][ C1] ? skb_release_data+0x62d/0x7c0 [ 593.100856][ C1] kmem_cache_free+0x113/0x510 [ 593.100877][ C1] skb_release_data+0x62d/0x7c0 [ 593.100896][ C1] consume_skb+0x9e/0xf0 [ 593.100915][ C1] nft_synproxy_eval_v4+0x376/0x560 [ 593.100935][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 593.100952][ C1] ? nf_ip_checksum+0x13c/0x510 [ 593.100970][ C1] nft_synproxy_do_eval+0x345/0x570 [ 593.100989][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 593.101013][ C1] nft_do_chain+0x40c/0x1920 [ 593.101036][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 593.101065][ C1] ? try_to_take_rt_mutex+0x840/0xb00 [ 593.101086][ C1] nft_do_chain_inet+0x25d/0x340 [ 593.101101][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 593.101116][ C1] ? __lock_acquire+0xab9/0xd20 [ 593.101139][ C1] ? NF_HOOK+0x9a/0x3a0 [ 593.101157][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 593.101173][ C1] nf_hook_slow+0xc2/0x220 [ 593.101194][ C1] NF_HOOK+0x206/0x3a0 [ 593.101213][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 593.101231][ C1] ? NF_HOOK+0x9a/0x3a0 [ 593.101248][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 593.101264][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 593.101283][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 593.101303][ C1] ? skb_dst+0x4f/0xd0 [ 593.101320][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 593.101339][ C1] NF_HOOK+0x30c/0x3a0 [ 593.101357][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 593.101374][ C1] ? NF_HOOK+0x9a/0x3a0 [ 593.101391][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 593.101409][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 593.101433][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 593.101454][ C1] __netif_receive_skb+0x143/0x380 [ 593.101471][ C1] ? rt_spin_unlock+0x65/0x80 [ 593.101490][ C1] ? process_backlog+0x27b/0x900 [ 593.101507][ C1] process_backlog+0x31e/0x900 [ 593.101530][ C1] __napi_poll+0xb3/0x540 [ 593.101550][ C1] net_rx_action+0x707/0xe00 [ 593.101577][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 593.101611][ C1] handle_softirqs+0x22c/0x710 [ 593.101633][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 593.101656][ C1] run_ktimerd+0xcf/0x190 [ 593.101673][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 593.101689][ C1] ? schedule+0x91/0x360 [ 593.101711][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 593.101727][ C1] smpboot_thread_fn+0x542/0xa60 [ 593.101744][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 593.101765][ C1] kthread+0x711/0x8a0 [ 593.101789][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 593.101806][ C1] ? __pfx_kthread+0x10/0x10 [ 593.101826][ C1] ? __pfx_kthread+0x10/0x10 [ 593.101845][ C1] ret_from_fork+0x436/0x7d0 [ 593.101864][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 593.101884][ C1] ? __switch_to_asm+0x39/0x70 [ 593.101898][ C1] ? __switch_to_asm+0x33/0x70 [ 593.101911][ C1] ? __pfx_kthread+0x10/0x10 [ 593.101929][ C1] ret_from_fork_asm+0x1a/0x30 [ 593.101950][ C1] [ 593.102558][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 593.102571][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 593.102591][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 593.102601][ T38] Call Trace: [ 593.102608][ T38] [ 593.102615][ T38] dump_stack_lvl+0x99/0x250 [ 593.102640][ T38] ? __asan_memcpy+0x40/0x70 [ 593.102659][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 593.102681][ T38] ? __pfx__printk+0x10/0x10 [ 593.102712][ T38] vpanic+0x281/0x750 [ 593.102737][ T38] ? __pfx_vpanic+0x10/0x10 [ 593.102757][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 593.102775][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 593.102810][ T38] panic+0xb9/0xc0 [ 593.102831][ T38] ? __pfx_panic+0x10/0x10 [ 593.102856][ T38] ? irq_work_queue+0xc3/0x140 [ 593.102881][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 593.102906][ T38] watchdog+0xfd2/0xfe0 [ 593.102932][ T38] ? watchdog+0x1de/0xfe0 [ 593.102958][ T38] kthread+0x711/0x8a0 [ 593.102984][ T38] ? __pfx_watchdog+0x10/0x10 [ 593.103004][ T38] ? __pfx_kthread+0x10/0x10 [ 593.103031][ T38] ? __pfx_kthread+0x10/0x10 [ 593.103055][ T38] ret_from_fork+0x436/0x7d0 [ 593.103079][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 593.103106][ T38] ? __switch_to_asm+0x39/0x70 [ 593.103122][ T38] ? __switch_to_asm+0x33/0x70 [ 593.103137][ T38] ? __pfx_kthread+0x10/0x10 [ 593.103161][ T38] ret_from_fork_asm+0x1a/0x30 [ 593.103193][ T38] [ 593.103350][ T38] Kernel Offset: disabled