last executing test programs: 2m38.110314742s ago: executing program 0 (id=2120): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a000080880000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d6320000000000000020010000000000000000000000000000000000000000000000000000070000000000"], 0x23c}}, 0x4004000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810) 2m37.958411522s ago: executing program 0 (id=2123): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x106, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4e21, 0x9, @mcast1, 0x9}, r1, 0x8001}}, 0x48) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 2m37.836256536s ago: executing program 0 (id=2125): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000500)={0xb4, 0x0, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x78, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'sit0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x24000081}, 0x800) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmsg$AUDIT_ADD_RULE(r1, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000008c0)=ANY=[], 0x424}, 0x1, 0x0, 0x0, 0x4000}, 0x4084) write$binfmt_elf32(r1, &(0x7f0000000640)=ANY=[], 0x58) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r1) sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)={0x14, r2, 0x300, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x400c084) syz_genetlink_get_family_id$devlink(&(0x7f0000000d80), r1) 2m37.741373255s ago: executing program 0 (id=2127): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) close(r2) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000340)=ANY=[@ANYRES16=r0, @ANYRES32=r0]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r5) socket(0x10, 0x803, 0x0) ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2m37.363245436s ago: executing program 0 (id=2133): r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$revoke(0x3, r0) 2m37.259113757s ago: executing program 0 (id=2135): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x4) ioctl$NBD_DO_IT(r0, 0xab03) 2m21.766386217s ago: executing program 32 (id=2135): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) ioctl$NBD_SET_SOCK(r0, 0xab00, r1) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x4) ioctl$NBD_DO_IT(r0, 0xab03) 4.056804569s ago: executing program 4 (id=3265): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2b, 0xa1, 0xef, 0x40, 0x5ac, 0x245, 0xa3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1c, 0x0, 0x0, 0x3, 0x4a, 0x2}}]}}]}}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) 3.242450789s ago: executing program 3 (id=3266): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a000080", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d63200000000000000200100000000000000000000000000000000000000000000000000000700"], 0x23c}}, 0x4004000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810) 3.187378649s ago: executing program 3 (id=3267): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 2.950284891s ago: executing program 1 (id=3270): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x120) 2.876076264s ago: executing program 2 (id=3271): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd29, 0xfffffffc, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0x5, 0x801) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0xdd, 0x0, 0x1, r3}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x1fe, 0x1, 0xd000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_CAP_HYPERV_TLBFLUSH(r2, 0x4068aea3, &(0x7f0000000000)) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x8) ioctl$KVM_RUN(r4, 0xae80, 0x0) 2.84320631s ago: executing program 1 (id=3272): syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="0420ff6a"], 0xf) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x12, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x437, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0xd, 0x20000005, 0x80, 0x9, 0x9, 0x6, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x4800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403e, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0xffffffff, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) readv(r0, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x8001, 0x6, 0x1, 0x0, 0x2, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x5, 0x1a449, 0x4, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0xb, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]}) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4610, &(0x7f00000001c0)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000000021000040000000"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_open_dev$char_usb(0xc, 0xb4, 0xe) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000043000701fefffffffcdbdf25017c000004004580bd5b2bbf334181ea5743d622ec889185efc80fa5346ba75d5d1da88d51118cf5d086bf62f0bd5f7dc451552188fda3e192432c2238f2cc3ae206808dcb08039f6a975d7b13971a4ef96d9e4a8920ef14fa6e9e9354322c08ab65c09cd7210dcd74924a3df4adc0cc5000e21e164556b44c9765dce5f31423943f73120e0b064baed92891af9305867b30f8d358af5af10c13eba913d53227d4d747e26cfcc2d8a15ce86ddbcaf7633681d5dd086fc03c5c50e88cb50993947b72924fc703e336f6f6653805f8aba9fa"], 0x18}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000280)={0x1, @default, @bpq0, 0xfffd, 'syz0\x00', @default, 0xfffffdb8, 0x2, [@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getsockopt$bt_BT_RCVMTU(r9, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000140)=0x2) 2.831309151s ago: executing program 3 (id=3273): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 2.618811536s ago: executing program 2 (id=3274): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf"], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.908101875s ago: executing program 3 (id=3275): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a000080", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d63200000000000000200100000000000000000000000000000000000000000000000000000700"], 0x23c}}, 0x4004000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810) 1.857748529s ago: executing program 1 (id=3276): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 1.837162617s ago: executing program 3 (id=3277): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x4040000) recvmmsg(r1, &(0x7f0000000600)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x8}], 0x1, 0x10023, 0x0) 1.77384448s ago: executing program 2 (id=3278): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) write$UHID_INPUT(r1, 0x0, 0x0) 1.710646149s ago: executing program 3 (id=3279): r0 = syz_open_procfs$userns(0x0, &(0x7f00000001c0)) open_by_handle_at(r0, &(0x7f0000000900)=ANY=[@ANYBLOB="10000000f10000009800000000000000000000048f"], 0x400040) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x3, 0x0) r3 = syz_usb_connect(0x2, 0x24, &(0x7f00000004c0)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000640)={0x44, &(0x7f00000001c0)={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r3, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000c40)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r3, 0x0, &(0x7f0000000880)={0x34, &(0x7f0000000700)={0x20, 0x1}, 0x0, &(0x7f00000005c0)={0x0, 0x8, 0x1, 0x2}, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000100)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x20, 0x83, 0x2, 0x6}, 0x0, 0x0}) syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000bc0)={0x34, &(0x7f00000006c0)={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000280)={0x20, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000980)={0x802}, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, 0x52, 0x1, 0xfffffffc, 0x0, {0xa}}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x58, r4, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="a9"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x28, 0x51, 0x0, 0x1, [{0x24, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "a3446ceb1c5a6525e8f56e2add"}]}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4010}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r6, 0x100, 0x70bd25, 0x25dfdbff, {}, [@NL80211_ATTR_WIPHY_RETRY_LONG={0x5}, @NL80211_ATTR_WIPHY_DYN_ACK={0x4}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x4}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x80000001}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8, 0x6a, 0xff}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1d14}, @NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 1.692885199s ago: executing program 2 (id=3280): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x120) 1.64794609s ago: executing program 2 (id=3281): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 1.428195089s ago: executing program 2 (id=3282): mq_open(&(0x7f0000000000)='\':\x00', 0x40, 0x3, &(0x7f0000000040)={0x10001, 0x4, 0x80000001, 0x3}) syz_io_uring_setup(0x5e81, &(0x7f0000000240)={0x0, 0x0, 0x13290, 0x1, 0xef}, 0x0, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$SNDCTL_TMR_START(r0, 0x5402) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x6, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5c, 0x9, 0x5, 0x2, 0x0, 0x6, 0x3, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0xb, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x406, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x6, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x5, 0x1000, 0xfffffffc, 0x43, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0x0, 0xfffffffe, 0x8, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x4, 0xfb, 0x5, 0x8000, 0x5f31, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0xb, 0xa, 0x1, 0x9, 0x9, 0x2, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x7, 0x3, 0x9, 0x48c93690, 0x42, 0x400004], [0x6, 0x6, 0x80000001, 0x2, 0xff, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x1f0, 0xfffffffd, 0x2, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800003, 0x200, 0x80, 0x2, 0xcc52, 0x950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xac8, 0xbf, 0x10002, 0x403, 0x7ff, 0x3, 0x0, 0x1, 0xffff, 0x0, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0xff], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x7, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe620, 0x2, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0xffff, 0x6, 0x1, 0x10080, 0x6, 0x8, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000200)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x18, 0x0, 0x6d, "a63f1d9a", "8173828d"}}, 0x0}, 0x0) 974.760389ms ago: executing program 4 (id=3283): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r4, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r6, @ANYBLOB], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 951.029117ms ago: executing program 1 (id=3284): syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="0420ff6a"], 0xf) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000a00)={'syz1\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0x0, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x3, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0x0, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0xf7, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x100, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x12, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0x200, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x437, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0xd, 0x20000005, 0x80, 0x9, 0x9, 0x6, 0x2, 0x3, 0x4, 0x7, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x4, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x5, 0x2, 0xd9, 0x0, 0x7ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x8, 0x763, 0xb, 0x402, 0x4800, 0x2, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x403e, 0x2, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x40, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0xfffffffd, 0x7, 0xe, 0xffffffff, 0xe, 0xf, 0x133, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r0, 0x5501) readv(r0, &(0x7f0000001900)=[{0x0, 0xea}], 0x1) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f00000000c0)={'pcl812\x00', [0x8001, 0x6, 0x1, 0x0, 0x2, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x8, 0x4, 0x6, 0xffffffff, 0x5, 0x1a449, 0x4, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0xb, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]}) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4610, &(0x7f00000001c0)) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000"]) ioctl$KVM_RUN(r5, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) syz_open_dev$char_usb(0xc, 0xb4, 0xe) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10) ioctl$sock_netdev_private(r7, 0x8914, &(0x7f0000000000)) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="1800000043000701fefffffffcdbdf25017c000004004580bd5b2bbf334181ea5743d622ec889185efc80fa5346ba75d5d1da88d51118cf5d086bf62f0bd5f7dc451552188fda3e192432c2238f2cc3ae206808dcb08039f6a975d7b13971a4ef96d9e4a8920ef14fa6e9e9354322c08ab65c09cd7210dcd74924a3df4adc0cc5000e21e164556b44c9765dce5f31423943f73120e0b064baed92891af9305867b30f8d358af5af10c13eba913d53227d4d747e26cfcc2d8a15ce86ddbcaf7633681d5dd086fc03c5c50e88cb50993947b72924fc703e336f6f6653805f8aba9fa"], 0x18}, 0x1, 0x0, 0x0, 0xc004}, 0xc000) ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000280)={0x1, @default, @bpq0, 0xfffd, 'syz0\x00', @default, 0xfffffdb8, 0x2, [@default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) r9 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getsockopt$bt_BT_RCVMTU(r9, 0x112, 0xd, &(0x7f0000000100)=0x3, &(0x7f0000000140)=0x2) 712.178387ms ago: executing program 1 (id=3285): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a000080", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffffffff00000000000000004fc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000084010500ac1414bb000000000000000000000000000000006c0000000a0000007f0000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000004d6320000000000000020010000000000000000000000000000000000000000000000000000070000000000"], 0x23c}}, 0x4004000) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810) 661.050373ms ago: executing program 1 (id=3286): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="0100280570"], 0x398}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 137.980783ms ago: executing program 4 (id=3287): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000440)=[{0x6, 0xfc, 0x0, 0x1}]}, 0x10) listen(r0, 0xfffffff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10) sendto$inet6(r1, &(0x7f0000000080)="699292", 0x3, 0x10, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x10000000000) 50.791734ms ago: executing program 4 (id=3288): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0xa20, 0x0, 0x101, 0x100, 0x3f}}) 40.707989ms ago: executing program 4 (id=3289): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x120) 0s ago: executing program 4 (id=3290): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) kernel console output (not intermixed with test programs): und, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 386.371970][ T5913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.380229][ T5913] usb 3-1: Product: syz [ 386.384637][ T5913] usb 3-1: Manufacturer: syz [ 386.389291][ T5913] usb 3-1: SerialNumber: syz [ 386.398135][ T5913] usb 3-1: config 0 descriptor?? [ 386.434132][T11936] fuse: Unknown parameter '0x0000000000000003' [ 386.493699][ T5881] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 386.525266][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 386.531564][T11940] input: syz1 as /devices/virtual/input/input65 [ 386.614032][ T5913] adutux 3-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 386.821314][ T5913] usb 3-1: USB disconnect, device number 21 [ 386.904923][T11952] fuse: Unknown parameter 'user00000000000000000000' [ 386.914632][T11953] block nbd3: shutting down sockets [ 387.059025][ T5881] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 387.061852][T11957] fuse: Unknown parameter '0x0000000000000003' [ 387.071965][ T5881] usb 2-1: USB disconnect, device number 24 [ 387.145769][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 387.148817][T11961] input: syz1 as /devices/virtual/input/input66 [ 387.409680][T11970] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2384'. [ 387.476213][T11973] netlink: 892 bytes leftover after parsing attributes in process `syz.2.2384'. [ 387.522183][T11974] block nbd3: shutting down sockets [ 387.615086][T11978] fuse: Unknown parameter '0x0000000000000003' [ 387.695195][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 387.703216][T11982] input: syz1 as /devices/virtual/input/input67 [ 388.079464][ T5873] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 388.234791][T11969] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 388.241123][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 388.255520][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 388.265388][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 388.276365][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 388.290171][ T5873] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 388.299220][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.307262][ T5873] usb 5-1: Product: syz [ 388.311478][ T5873] usb 5-1: Manufacturer: syz [ 388.316124][ T5873] usb 5-1: SerialNumber: syz [ 388.323608][ T5873] usb 5-1: config 0 descriptor?? [ 388.534675][ T5873] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 388.738145][ T5933] usb 5-1: USB disconnect, device number 5 [ 388.811236][T11993] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2401'. [ 388.883416][T11997] netlink: 892 bytes leftover after parsing attributes in process `syz.1.2401'. [ 388.891384][T11998] block nbd3: shutting down sockets [ 388.980087][T12000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2396'. [ 389.043639][T12001] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2396'. [ 389.112435][ T5147] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 389.122139][ T5147] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 389.132066][ T5147] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 389.140878][ T5147] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 389.148901][ T5147] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 389.209598][T12002] vcan0 speed is unknown, defaulting to 1000 [ 389.329728][T12005] fuse: Unknown parameter '0x0000000000000003' [ 389.562219][ T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.631716][T11992] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.658891][ T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.715830][T12002] chnl_net:caif_netlink_parms(): no params data found [ 389.749118][ T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.812631][ T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.887621][T12002] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.895698][T12002] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.905468][T12002] bridge_slave_0: entered allmulticast mode [ 389.913998][T12002] bridge_slave_0: entered promiscuous mode [ 389.919558][ T5881] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 389.928653][T12002] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.936297][T12002] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.943845][T12002] bridge_slave_1: entered allmulticast mode [ 389.954447][T12002] bridge_slave_1: entered promiscuous mode [ 389.962596][T12019] fuse: Unknown parameter 'user_i00000000000000000000' [ 390.002808][T12002] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 390.022811][T12002] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 390.067215][T12002] team0: Port device team_slave_0 added [ 390.080080][ T5881] usb 5-1: Using ep0 maxpacket: 8 [ 390.082270][T12002] team0: Port device team_slave_1 added [ 390.097002][ T5881] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 390.106948][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 390.119805][ T5881] usb 5-1: Product: syz [ 390.130328][ T5881] usb 5-1: Manufacturer: syz [ 390.135039][ T5881] usb 5-1: SerialNumber: syz [ 390.149657][ T5881] usb 5-1: config 0 descriptor?? [ 390.149926][T12002] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 390.170146][T12002] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 390.197702][T12002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 390.212676][ T36] bridge_slave_1: left allmulticast mode [ 390.218403][ T36] bridge_slave_1: left promiscuous mode [ 390.225058][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.242329][ T36] bridge_slave_0: left allmulticast mode [ 390.248122][ T36] bridge_slave_0: left promiscuous mode [ 390.262996][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.357520][ T5881] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 390.395076][T12024] block nbd1: shutting down sockets [ 390.685486][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 390.696616][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 390.707574][ T36] bond0 (unregistering): Released all slaves [ 390.721533][T12002] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 390.728625][T12002] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 390.755669][T12002] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.884454][ T36] tipc: Left network mode [ 390.893857][T12002] hsr_slave_0: entered promiscuous mode [ 390.904781][T12002] hsr_slave_1: entered promiscuous mode [ 390.918281][T12002] debugfs: 'hsr0' already exists in 'hsr' [ 390.925476][T12002] Cannot create hsr debugfs directory [ 390.960497][T12030] fuse: Unknown parameter '0x0000000000000003' [ 391.046870][ T5881] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 391.062278][ T5881] usb 5-1: USB disconnect, device number 6 [ 391.240083][ T5832] Bluetooth: hci2: command tx timeout [ 391.341070][ T36] hsr_slave_0: left promiscuous mode [ 391.347085][ T36] hsr_slave_1: left promiscuous mode [ 391.367574][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 391.376181][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 391.392501][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 391.401169][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 391.426785][ T36] veth1_macvtap: left promiscuous mode [ 391.432420][ T36] veth0_macvtap: left promiscuous mode [ 391.438007][ T36] veth1_vlan: left promiscuous mode [ 391.444705][ T36] veth0_vlan: left promiscuous mode [ 391.671657][T12036] netlink: 892 bytes leftover after parsing attributes in process `syz.3.2410'. [ 391.800610][T12042] netlink: 892 bytes leftover after parsing attributes in process `syz.3.2410'. [ 391.830644][T12046] fuse: Unknown parameter 'user_i00000000000000000000' [ 391.913288][T12047] block nbd1: shutting down sockets [ 392.044250][ T36] team0 (unregistering): Port device team_slave_1 removed [ 392.092042][ T36] team0 (unregistering): Port device team_slave_0 removed [ 392.470099][T12035] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 392.605729][T12053] fuse: Unknown parameter '0x0000000000000003' [ 392.746980][T12002] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 392.771057][T12002] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 392.799151][T12002] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 392.816761][T12002] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 392.948245][T12002] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.966448][T12069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2420'. [ 392.974432][T12002] 8021q: adding VLAN 0 to HW filter on device team0 [ 392.998889][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.006224][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.028394][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.035704][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.046132][T12070] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2420'. [ 393.238668][T12074] block nbd3: shutting down sockets [ 393.260409][ T5873] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 393.293604][T12002] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.310366][ T5832] Bluetooth: hci2: command tx timeout [ 393.335103][T12081] fuse: Unknown parameter 'fd0x0000000000000003' [ 393.377547][T12002] veth0_vlan: entered promiscuous mode [ 393.394759][T12002] veth1_vlan: entered promiscuous mode [ 393.427571][T12083] fuse: Unknown parameter 'user_i00000000000000000000' [ 393.439861][ T5873] usb 5-1: Using ep0 maxpacket: 8 [ 393.446621][T12002] veth0_macvtap: entered promiscuous mode [ 393.451604][ T5873] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 393.458152][T12002] veth1_macvtap: entered promiscuous mode [ 393.468108][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.478394][ T5873] usb 5-1: Product: syz [ 393.484664][ T5873] usb 5-1: Manufacturer: syz [ 393.490866][ T5873] usb 5-1: SerialNumber: syz [ 393.491893][T12002] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.513982][ T5873] usb 5-1: config 0 descriptor?? [ 393.515708][T12002] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 393.537645][ T50] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.546581][ T50] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.557860][ T50] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.566973][ T50] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.644665][ T1336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.654787][ T1336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.686628][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 393.698060][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 393.724514][ T5873] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 393.919894][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 394.211914][ T5147] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 394.239054][ T5147] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 394.248865][ T5147] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 394.258041][ T5147] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 394.267718][ T5147] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 394.334041][T12092] vcan0 speed is unknown, defaulting to 1000 [ 394.650046][ T5873] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 394.684746][ T5873] usb 5-1: USB disconnect, device number 7 [ 395.041983][T12103] block nbd2: shutting down sockets [ 395.084190][T12092] chnl_net:caif_netlink_parms(): no params data found [ 395.146126][T12108] fuse: Unknown parameter 'fd0x0000000000000003' [ 395.172397][ T1140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.307264][ T5147] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 395.368808][T12117] fuse: Unknown parameter 'user_id00000000000000000000' [ 395.371411][ T1140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.386732][T12096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 395.399282][ T5147] Bluetooth: hci2: command tx timeout [ 395.478320][ T1140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.522176][T12092] bridge0: port 1(bridge_slave_0) entered blocking state [ 395.530189][T12092] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.537439][T12092] bridge_slave_0: entered allmulticast mode [ 395.546494][T12092] bridge_slave_0: entered promiscuous mode [ 395.579153][ T1140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.596888][T12092] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.604962][T12092] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.613569][T12092] bridge_slave_1: entered allmulticast mode [ 395.625612][T12092] bridge_slave_1: entered promiscuous mode [ 395.713299][T12092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 395.725634][T12092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 395.778362][T12092] team0: Port device team_slave_0 added [ 395.779777][T12126] block nbd2: shutting down sockets [ 395.788081][T12092] team0: Port device team_slave_1 added [ 395.857463][T12092] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 395.867473][T12092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 395.894954][T12092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 395.915492][ T1140] bridge_slave_1: left allmulticast mode [ 395.923164][ T1140] bridge_slave_1: left promiscuous mode [ 395.931766][ T1140] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.932010][T12129] fuse: Unknown parameter 'fd0x0000000000000003' [ 395.952382][ T1140] bridge_slave_0: left allmulticast mode [ 395.958150][ T1140] bridge_slave_0: left promiscuous mode [ 395.966373][ T1140] bridge0: port 1(bridge_slave_0) entered disabled state [ 396.042342][T12132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2440'. [ 396.163103][T12135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2440'. [ 396.281205][ T5147] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 396.351241][ T5147] Bluetooth: hci1: command tx timeout [ 396.378153][ T1140] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 396.388894][ T1140] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 396.399086][ T1140] bond0 (unregistering): Released all slaves [ 396.411678][T12092] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 396.418777][T12092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 396.445175][T12092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.531637][ T5912] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 396.542767][ T1140] tipc: Left network mode [ 396.555691][T12092] hsr_slave_0: entered promiscuous mode [ 396.562813][T12092] hsr_slave_1: entered promiscuous mode [ 396.568905][T12092] debugfs: 'hsr0' already exists in 'hsr' [ 396.574707][T12092] Cannot create hsr debugfs directory [ 396.700132][ T5912] usb 4-1: Using ep0 maxpacket: 8 [ 396.719504][ T5912] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 396.737325][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.749532][ T5912] usb 4-1: Product: syz [ 396.753749][ T5912] usb 4-1: Manufacturer: syz [ 396.769384][ T5912] usb 4-1: SerialNumber: syz [ 396.795549][ T5912] usb 4-1: config 0 descriptor?? [ 396.960281][T12148] block nbd4: shutting down sockets [ 397.026682][ T5912] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 397.163776][ T1140] hsr_slave_0: left promiscuous mode [ 397.175082][ T1140] hsr_slave_1: left promiscuous mode [ 397.181632][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 397.189074][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.198827][ T1140] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 397.207236][ T1140] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.224644][ T1140] veth1_macvtap: left promiscuous mode [ 397.230203][ T1140] veth0_macvtap: left promiscuous mode [ 397.235838][ T1140] veth1_vlan: left promiscuous mode [ 397.241337][ T1140] veth0_vlan: left promiscuous mode [ 397.471220][ T5147] Bluetooth: hci2: command tx timeout [ 397.597077][ T5912] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 397.613786][ T5912] usb 4-1: USB disconnect, device number 20 [ 397.737169][ T1140] team0 (unregistering): Port device team_slave_1 removed [ 397.774350][ T1140] team0 (unregistering): Port device team_slave_0 removed [ 397.811373][T12149] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 397.996603][T12156] fuse: Unknown parameter 'user_id00000000000000000000' [ 398.166409][ T62] smc: removing ib device syz1 [ 398.226860][ T5834] vcan0 speed is unknown, defaulting to 1000 [ 398.238342][ T5834] syz1: Port: 1 Link DOWN [ 398.259185][ T5147] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 398.429569][ T5147] Bluetooth: hci1: command tx timeout [ 398.908753][T12092] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 398.944055][T12092] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 398.985973][T12092] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 398.999925][T12174] fuse: Unknown parameter 'user_id00000000000000000000' [ 399.009721][T12175] block nbd3: shutting down sockets [ 399.031698][T12092] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 399.248648][T12092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 399.287399][T12092] 8021q: adding VLAN 0 to HW filter on device team0 [ 399.306063][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.313374][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.340088][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.347386][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.725960][T12092] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 399.843929][T12092] veth0_vlan: entered promiscuous mode [ 399.930469][T12092] veth1_vlan: entered promiscuous mode [ 400.015264][T12092] veth0_macvtap: entered promiscuous mode [ 400.033200][T12193] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2457'. [ 400.046701][T12092] veth1_macvtap: entered promiscuous mode [ 400.088074][T12092] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 400.104507][T12092] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 400.123023][ T1336] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.134096][ T1336] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.145928][T12196] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2457'. [ 400.151080][ T1336] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.164259][ T1336] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.225708][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.235020][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.257354][ T1336] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.266260][ T1336] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.390438][ T5147] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 400.519480][ T5147] Bluetooth: hci1: command tx timeout [ 400.534470][ T5834] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 400.558589][T12207] fuse: Bad value for 'fd' [ 400.710588][ T5834] usb 3-1: Using ep0 maxpacket: 8 [ 400.719700][ T5834] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 400.729160][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.737249][ T5834] usb 3-1: Product: syz [ 400.741522][ T5834] usb 3-1: Manufacturer: syz [ 400.746097][ T5834] usb 3-1: SerialNumber: syz [ 400.754630][ T5834] usb 3-1: config 0 descriptor?? [ 400.755158][T12187] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 400.962460][ T5834] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 401.399586][T12213] block nbd3: shutting down sockets [ 401.520233][ T5834] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 401.532867][ T5834] usb 3-1: USB disconnect, device number 22 [ 401.743220][ T5147] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 401.813645][T12227] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2474'. [ 401.886202][T12231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2474'. [ 401.933750][T12234] fuse: Bad value for 'fd' [ 402.589418][ T5147] Bluetooth: hci1: command tx timeout [ 402.639108][T12226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.688721][T12229] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 402.862361][T12240] block nbd1: shutting down sockets [ 403.061324][ T5147] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 403.231931][T12258] fuse: Bad value for 'fd' [ 403.303970][T12264] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2489'. [ 403.392646][T12269] block nbd4: shutting down sockets [ 403.709742][ T5873] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 403.869745][ T5873] usb 2-1: Using ep0 maxpacket: 8 [ 403.877952][ T5873] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 403.887169][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.895221][ T5873] usb 2-1: Product: syz [ 403.899577][ T5873] usb 2-1: Manufacturer: syz [ 403.904184][ T5873] usb 2-1: SerialNumber: syz [ 403.910778][ T5873] usb 2-1: config 0 descriptor?? [ 404.088382][T12279] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2495'. [ 404.118180][ T5873] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 404.135857][T12281] fuse: Unknown parameter '0x0000000000000005' [ 404.152567][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2495'. [ 404.390926][T12284] input: syz1 as /devices/virtual/input/input74 [ 404.638789][ T5873] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 404.650862][ T5873] usb 2-1: USB disconnect, device number 25 [ 404.916210][T12278] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 405.013423][T12291] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2498'. [ 405.180291][T12295] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2509'. [ 405.373527][T12305] block nbd1: shutting down sockets [ 405.433114][T12287] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 405.476210][T12309] input: syz1 as /devices/virtual/input/input75 [ 405.503469][T12311] fuse: Unknown parameter '0x0000000000000005' [ 405.989871][T12320] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2511'. [ 406.092031][ T5881] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 406.249405][ T5881] usb 2-1: Using ep0 maxpacket: 8 [ 406.258142][ T5881] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 406.267470][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.276285][ T5881] usb 2-1: Product: syz [ 406.280675][ T5881] usb 2-1: Manufacturer: syz [ 406.285467][ T5881] usb 2-1: SerialNumber: syz [ 406.292064][ T5881] usb 2-1: config 0 descriptor?? [ 406.297295][T12329] block nbd3: shutting down sockets [ 406.464915][T12337] fuse: Unknown parameter '0x0000000000000005' [ 406.473505][T12338] input: syz1 as /devices/virtual/input/input76 [ 406.505458][ T5881] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 406.684144][T12345] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2520'. [ 406.999065][ T5881] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 407.012233][ T5881] usb 2-1: USB disconnect, device number 26 [ 407.338049][T12339] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 407.559031][T12351] fuse: Unknown parameter '0x0000000000000005' [ 407.568703][T12353] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2522'. [ 407.635538][T12357] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2522'. [ 407.761089][T12360] block nbd2: shutting down sockets [ 407.830502][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2528'. [ 407.885112][T12366] input: syz1 as /devices/virtual/input/input77 [ 408.075134][T12370] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2530'. [ 408.397016][T12352] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 408.599447][ T5834] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 408.673536][T12384] block nbd4: shutting down sockets [ 408.737251][T12388] input: syz1 as /devices/virtual/input/input78 [ 408.749482][ T5834] usb 4-1: Using ep0 maxpacket: 8 [ 408.758142][ T5834] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 408.770836][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.778859][ T5834] usb 4-1: Product: syz [ 408.783065][ T5834] usb 4-1: Manufacturer: syz [ 408.787743][ T5834] usb 4-1: SerialNumber: syz [ 408.794173][ T5834] usb 4-1: config 0 descriptor?? [ 408.966942][T12393] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2540'. [ 409.006889][ T5834] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 409.076312][T12399] fuse: Unknown parameter '0x0000000000000005' [ 409.546003][T12385] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 409.681357][ T5834] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 409.694849][ T5834] usb 4-1: USB disconnect, device number 21 [ 409.992960][T12410] input: syz1 as /devices/virtual/input/input79 [ 410.036912][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2549'. [ 410.116754][T12415] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2550'. [ 410.346819][T12426] fuse: Unknown parameter '0x0000000000000005' [ 411.167419][T12423] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.252292][T12439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2560'. [ 411.394542][T12447] input: syz1 as /devices/virtual/input/input80 [ 411.605524][T12453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2566'. [ 411.712845][T12455] fuse: Unknown parameter 'fd0x0000000000000005' [ 411.727109][T12433] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.769396][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 411.919392][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 411.928154][ T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 411.939448][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.947487][ T9] usb 3-1: Product: syz [ 411.955608][ T9] usb 3-1: Manufacturer: syz [ 411.960252][ T9] usb 3-1: SerialNumber: syz [ 411.966644][ T9] usb 3-1: config 0 descriptor?? [ 412.174566][ T9] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 412.523506][T12464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2571'. [ 412.622428][T12468] input: syz1 as /devices/virtual/input/input81 [ 412.795588][ T9] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 412.810726][ T9] usb 3-1: USB disconnect, device number 23 [ 412.897825][T12481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2578'. [ 412.960128][T12482] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2578'. [ 413.230897][T12486] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2580'. [ 413.273922][T12488] fuse: Unknown parameter 'fd0x0000000000000005' [ 413.440758][T12496] input: syz1 as /devices/virtual/input/input82 [ 413.633924][T12475] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 413.799022][T12508] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2589'. [ 414.186347][T12512] fuse: Unknown parameter 'fd0x0000000000000005' [ 414.272082][ T56] block nbd0: Possible stuck request ffff8880255f4b40: control (read@0,4096B). Runtime 60 seconds [ 414.649411][ T5912] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 414.654544][T12523] input: syz1 as /devices/virtual/input/input83 [ 414.799444][ T5912] usb 4-1: Using ep0 maxpacket: 8 [ 414.812042][ T5912] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 414.832658][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.841498][ T5912] usb 4-1: Product: syz [ 414.845708][ T5912] usb 4-1: Manufacturer: syz [ 414.850920][ T5912] usb 4-1: SerialNumber: syz [ 414.858950][ T5912] usb 4-1: config 0 descriptor?? [ 414.963008][T12509] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 414.975396][T12531] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2599'. [ 415.073945][ T5912] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 415.643606][T12546] input: syz1 as /devices/virtual/input/input84 [ 415.691376][ T5912] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 415.702468][ T5912] usb 4-1: USB disconnect, device number 22 [ 415.858674][T12550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2606'. [ 415.887619][T12532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 415.922433][T12551] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2606'. [ 416.283149][T12561] __nla_validate_parse: 1 callbacks suppressed [ 416.283162][T12561] netlink: 884 bytes leftover after parsing attributes in process `syz.3.2610'. [ 416.466056][T12565] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2612'. [ 416.538684][T12569] input: syz1 as /devices/virtual/input/input85 [ 416.790854][T12577] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2617'. [ 417.060635][T12559] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 417.309433][ T5914] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 417.459451][ T5914] usb 5-1: Using ep0 maxpacket: 8 [ 417.470399][ T5914] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 417.479611][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.487784][ T5914] usb 5-1: Product: syz [ 417.491987][ T5914] usb 5-1: Manufacturer: syz [ 417.496616][ T5914] usb 5-1: SerialNumber: syz [ 417.502989][ T5914] usb 5-1: config 0 descriptor?? [ 417.711300][ T5914] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 417.715545][T12591] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2622'. [ 417.795765][ T5147] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 417.806158][T12595] input: syz1 as /devices/virtual/input/input86 [ 418.337843][ T5914] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 418.349115][ T5914] usb 5-1: USB disconnect, device number 8 [ 418.471545][T12585] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 418.868309][T12610] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2629'. [ 418.979909][T12614] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2632'. [ 419.040163][T12617] netlink: 884 bytes leftover after parsing attributes in process `syz.4.2631'. [ 419.058573][ T5147] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 419.071989][T12621] input: syz1 as /devices/virtual/input/input87 [ 419.553504][T12633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2638'. [ 419.812278][T12615] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.123463][T12643] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2642'. [ 420.217346][ T5147] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 420.220810][T12649] input: syz1 as /devices/virtual/input/input88 [ 420.413229][T12655] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2647'. [ 420.878364][T12639] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 421.377852][ T5147] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 421.383714][T12674] input: syz1 as /devices/virtual/input/input89 [ 421.469419][ T5147] Bluetooth: hci0: command 0x0406 tx timeout [ 421.589798][ T5873] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 421.741684][ T5873] usb 5-1: config 4 has an invalid interface number: 28 but max is 0 [ 421.750088][ T5873] usb 5-1: config 4 has no interface number 0 [ 421.758284][ T5873] usb 5-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 421.769150][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.777265][ T5873] usb 5-1: Product: syz [ 421.781560][ T5873] usb 5-1: Manufacturer: syz [ 421.786144][ T5873] usb 5-1: SerialNumber: syz [ 421.796492][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:4.28/input/input90 [ 422.010347][ T5182] bcm5974 5-1:4.28: could not read from device [ 422.017544][ T5182] bcm5974 5-1:4.28: could not read from device [ 422.025920][ T5182] bcm5974 5-1:4.28: could not read from device [ 422.027070][ T5873] usb 5-1: USB disconnect, device number 9 [ 422.038923][ T5182] bcm5974 5-1:4.28: could not read from device [ 422.311841][T12690] __nla_validate_parse: 2 callbacks suppressed [ 422.311861][T12690] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2660'. [ 422.355053][T12692] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2661'. [ 422.467263][T12698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2664'. [ 422.534302][T12699] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2664'. [ 422.822505][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 422.825775][T12707] input: syz1 as /devices/virtual/input/input91 [ 423.326677][T12717] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2670'. [ 423.367920][T12719] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2671'. [ 423.446112][T12700] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 423.498431][T12703] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 424.325233][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 424.334256][T12731] input: syz1 as /devices/virtual/input/input92 [ 424.589460][ T5914] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 424.741272][ T5914] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 424.749726][ T5914] usb 3-1: config 4 has no interface number 0 [ 424.758091][ T5914] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 424.767527][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.776234][ T5914] usb 3-1: Product: syz [ 424.782028][ T5914] usb 3-1: Manufacturer: syz [ 424.786750][ T5914] usb 3-1: SerialNumber: syz [ 424.804744][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input93 [ 425.016112][ T5182] bcm5974 3-1:4.28: could not read from device [ 425.023405][ T5182] bcm5974 3-1:4.28: could not read from device [ 425.032021][ T5182] bcm5974 3-1:4.28: could not read from device [ 425.033111][ T5914] usb 3-1: USB disconnect, device number 24 [ 425.143253][T12728] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 425.572438][T12740] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2679'. [ 425.649439][T12745] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2680'. [ 425.836480][T12749] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2681'. [ 425.897229][T12754] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2681'. [ 426.023905][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 426.950888][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 426.963050][T12763] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.619811][T12770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 427.995031][T12801] __nla_validate_parse: 4 callbacks suppressed [ 427.995044][T12801] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2703'. [ 428.096353][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 428.378382][T12814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2709'. [ 428.448633][T12815] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2709'. [ 428.778758][T12821] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2712'. [ 428.885151][T12827] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2715'. [ 428.947586][T12828] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2715'. [ 429.009999][T12809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 429.058194][T12811] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 429.547128][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 429.715062][T12826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 429.746397][T12845] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2722'. [ 429.815440][T12849] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2724'. [ 429.880208][T12850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2724'. [ 430.389488][ T5873] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 430.551900][ T5873] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 430.560205][ T5873] usb 3-1: config 4 has no interface number 0 [ 430.568318][ T5873] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 430.578205][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.587004][ T5873] usb 3-1: Product: syz [ 430.591260][ T5873] usb 3-1: Manufacturer: syz [ 430.595861][ T5873] usb 3-1: SerialNumber: syz [ 430.605544][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input95 [ 430.689262][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 430.838199][T12862] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2729'. [ 431.320955][T12856] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 431.966684][T12872] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 432.516573][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 433.157662][ T5182] bcm5974 3-1:4.28: could not read from device [ 433.165311][ T5182] bcm5974 3-1:4.28: could not read from device [ 433.181868][ T5182] bcm5974 3-1:4.28: could not read from device [ 433.191133][ T5873] usb 3-1: USB disconnect, device number 25 [ 433.197950][ T5182] bcm5974 3-1:4.28: could not read from device [ 433.714546][T12893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 433.732877][T12904] __nla_validate_parse: 7 callbacks suppressed [ 433.732891][T12904] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2747'. [ 433.780342][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 433.783427][T12906] input: syz1 as /devices/virtual/input/input98 [ 433.803432][T12898] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 434.047410][T12914] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2751'. [ 434.529694][ T5914] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 434.681854][ T5914] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 434.690108][ T5914] usb 2-1: config 4 has no interface number 0 [ 434.698457][ T5914] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 434.707642][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.715703][ T5914] usb 2-1: Product: syz [ 434.719932][ T5914] usb 2-1: Manufacturer: syz [ 434.724539][ T5914] usb 2-1: SerialNumber: syz [ 434.734974][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input99 [ 434.930913][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 434.942946][T12930] input: syz1 as /devices/virtual/input/input100 [ 435.294927][T12940] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2761'. [ 435.401063][T12943] netlink: 884 bytes leftover after parsing attributes in process `syz.3.2762'. [ 435.896592][T12946] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2763'. [ 436.721893][T12944] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.338906][ T5182] bcm5974 2-1:4.28: could not read from device [ 437.352400][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 437.354267][ T5182] bcm5974 2-1:4.28: could not read from device [ 437.359694][ T5914] usb 2-1: USB disconnect, device number 27 [ 437.364110][T12966] input: syz1 as /devices/virtual/input/input101 [ 438.213072][T12986] "syz.3.2779" (12986) uses obsolete ecb(arc4) skcipher [ 438.364557][T12994] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2783'. [ 438.400551][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 438.403788][T12996] input: syz1 as /devices/virtual/input/input102 [ 438.549582][ T5914] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 438.689653][T13006] nbd3: detected capacity change from 0 to 8 [ 438.697335][T13007] block nbd3: shutting down sockets [ 438.711424][ T5914] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 438.720005][ T5914] usb 2-1: config 4 has no interface number 0 [ 438.730692][ T5914] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 438.740493][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.748643][ T5914] usb 2-1: Product: syz [ 438.754618][ T5914] usb 2-1: Manufacturer: syz [ 438.759529][ T5914] usb 2-1: SerialNumber: syz [ 438.783544][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input103 [ 439.421334][T13017] "syz.4.2791" (13017) uses obsolete ecb(arc4) skcipher [ 439.496337][T13019] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2792'. [ 439.603690][T13025] netlink: 884 bytes leftover after parsing attributes in process `syz.2.2794'. [ 439.681604][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 439.685297][T13027] input: syz1 as /devices/virtual/input/input104 [ 439.874880][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.882049][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.378264][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 440.389444][T13032] input: syz1 as /devices/virtual/input/input105 [ 440.611679][T13039] nbd4: detected capacity change from 0 to 8 [ 440.636192][T13043] block nbd4: shutting down sockets [ 440.774827][T13050] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2802'. [ 441.325223][ T5182] bcm5974 2-1:4.28: could not read from device [ 441.330497][ T5834] usb 2-1: USB disconnect, device number 28 [ 441.461726][T13059] netlink: 884 bytes leftover after parsing attributes in process `syz.2.2806'. [ 441.516721][T13061] "syz.3.2807" (13061) uses obsolete ecb(arc4) skcipher [ 441.688822][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 441.692199][T13063] input: syz1 as /devices/virtual/input/input106 [ 442.540404][T13077] nbd1: detected capacity change from 0 to 8 [ 442.551246][T13082] block nbd1: shutting down sockets [ 442.689592][ T5881] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 442.699554][T13088] netlink: 884 bytes leftover after parsing attributes in process `syz.1.2816'. [ 442.841436][ T5881] usb 4-1: config 4 has an invalid interface number: 28 but max is 0 [ 442.849752][ T5881] usb 4-1: config 4 has no interface number 0 [ 442.858034][ T5881] usb 4-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 442.868577][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.876666][ T5881] usb 4-1: Product: syz [ 442.880902][ T5881] usb 4-1: Manufacturer: syz [ 442.885526][ T5881] usb 4-1: SerialNumber: syz [ 442.896537][ T5881] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.28/input/input107 [ 443.610121][T13098] netlink: 884 bytes leftover after parsing attributes in process `syz.4.2819'. [ 443.665437][T13100] "syz.1.2822" (13100) uses obsolete ecb(arc4) skcipher [ 444.272461][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 444.277450][T13104] input: syz1 as /devices/virtual/input/input108 [ 444.350306][ T56] block nbd0: Possible stuck request ffff8880255f4b40: control (read@0,4096B). Runtime 90 seconds [ 445.467400][ T5182] bcm5974 4-1:4.28: could not read from device [ 445.500870][ T5182] bcm5974 4-1:4.28: could not read from device [ 445.510298][ T5881] usb 4-1: USB disconnect, device number 23 [ 445.517504][ T5182] bcm5974 4-1:4.28: could not read from device [ 445.609474][T13124] nbd4: detected capacity change from 0 to 8 [ 445.839410][ T5881] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 445.969404][ T5881] usb 4-1: device descriptor read/64, error -71 [ 446.098253][T13132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2834'. [ 446.229476][ T5881] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 446.357448][ T5832] block nbd4: Receive control failed (result -32) [ 446.357681][T13124] block nbd4: shutting down sockets [ 446.364350][ T5881] usb 4-1: device descriptor read/64, error -71 [ 446.407153][T13135] "syz.4.2835" (13135) uses obsolete ecb(arc4) skcipher [ 446.445271][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 446.453950][T13137] input: syz1 as /devices/virtual/input/input109 [ 446.469940][ T5881] usb usb4-port1: attempt power cycle [ 446.809356][ T5881] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 446.831030][ T5881] usb 4-1: device descriptor read/8, error -71 [ 447.069471][ T5881] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 447.090011][ T5881] usb 4-1: device descriptor read/8, error -71 [ 447.210611][ T5881] usb usb4-port1: unable to enumerate USB device [ 447.282048][T13144] batadv_slave_0: entered promiscuous mode [ 447.539479][ T5895] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 447.689354][ T5895] usb 5-1: Using ep0 maxpacket: 32 [ 447.697295][ T5895] usb 5-1: config 9 has an invalid interface number: 130 but max is 2 [ 447.705840][ T5895] usb 5-1: config 9 has an invalid interface number: 168 but max is 2 [ 447.714351][ T5895] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 447.724493][ T5895] usb 5-1: config 9 has 2 interfaces, different from the descriptor's value: 3 [ 447.733540][ T5895] usb 5-1: config 9 has no interface number 0 [ 447.739693][ T5895] usb 5-1: config 9 has no interface number 1 [ 447.745810][ T5895] usb 5-1: config 9 interface 168 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 447.758953][ T5895] usb 5-1: config 9 interface 130 has no altsetting 0 [ 447.765843][ T5895] usb 5-1: config 9 interface 168 has no altsetting 0 [ 447.775293][ T5895] usb 5-1: New USB device found, idVendor=124a, idProduct=4025, bcdDevice=38.6a [ 447.785699][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.794213][ T5895] usb 5-1: Manufacturer: 㿵힚铢斎䪆튡遶칵ꥄ钷ᯰ귐켤ἁ늻끅캫之ᓽ謲恜㩒紵뚝㩈ف瞲漃ᚪ劭蜠㟘몁᎛ [ 447.808327][ T5895] usb 5-1: SerialNumber: syz [ 448.021753][T13143] batadv_slave_0: left promiscuous mode [ 448.030745][ T5895] hub 5-1:9.130: Invalid hub with more than one config or interface [ 448.038862][ T5895] hub 5-1:9.130: probe with driver hub failed with error -22 [ 448.052962][ T5895] usb 5-1: USB disconnect, device number 10 [ 448.089407][ T5933] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 448.243085][ T5933] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 448.251584][ T5933] usb 3-1: config 4 has no interface number 0 [ 448.260570][ T5933] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 448.271994][ T5933] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.280241][ T5933] usb 3-1: Product: syz [ 448.284450][ T5933] usb 3-1: Manufacturer: syz [ 448.290854][ T5933] usb 3-1: SerialNumber: syz [ 448.301492][ T5933] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input110 [ 448.670519][T13157] nbd4: detected capacity change from 0 to 8 [ 448.713218][T13161] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2845'. [ 449.112661][T13164] "syz.1.2846" (13164) uses obsolete ecb(arc4) skcipher [ 449.176178][T13166] FAULT_INJECTION: forcing a failure. [ 449.176178][T13166] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 449.193144][T13166] CPU: 0 UID: 0 PID: 13166 Comm: syz.1.2847 Not tainted syzkaller #0 PREEMPT(full) [ 449.193173][T13166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 449.193183][T13166] Call Trace: [ 449.193189][T13166] [ 449.193195][T13166] dump_stack_lvl+0x189/0x250 [ 449.193217][T13166] ? __pfx____ratelimit+0x10/0x10 [ 449.193236][T13166] ? __pfx_dump_stack_lvl+0x10/0x10 [ 449.193261][T13166] ? __pfx__printk+0x10/0x10 [ 449.193279][T13166] ? __might_fault+0xb0/0x130 [ 449.193306][T13166] should_fail_ex+0x414/0x560 [ 449.193330][T13166] _copy_from_user+0x2d/0xb0 [ 449.193343][T13166] __se_sys_mount+0x18b/0x410 [ 449.193357][T13166] ? __pfx___se_sys_mount+0x10/0x10 [ 449.193369][T13166] ? do_syscall_64+0xbe/0xfa0 [ 449.193380][T13166] ? __x64_sys_mount+0x20/0xc0 [ 449.193393][T13166] do_syscall_64+0xfa/0xfa0 [ 449.193413][T13166] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.193428][T13166] ? clear_bhb_loop+0x60/0xb0 [ 449.193446][T13166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.193460][T13166] RIP: 0033:0x7ff25b38f6c9 [ 449.193474][T13166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.193485][T13166] RSP: 002b:00007ff25c155038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 449.193496][T13166] RAX: ffffffffffffffda RBX: 00007ff25b5e5fa0 RCX: 00007ff25b38f6c9 [ 449.193503][T13166] RDX: 0000200000000000 RSI: 0000200000000100 RDI: 0000000000000000 [ 449.193509][T13166] RBP: 00007ff25c155090 R08: 0000200000000200 R09: 0000000000000000 [ 449.193515][T13166] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 449.193521][T13166] R13: 00007ff25b5e6038 R14: 00007ff25b5e5fa0 R15: 00007ffc10d72838 [ 449.193535][T13166] [ 449.196175][T13166] overlayfs: failed to get inode (-116) [ 449.384399][T13166] overlayfs: failed to get inode (-116) [ 449.394915][T13166] overlayfs: failed to resolve './bus': -116 [ 449.438709][T13157] block nbd4: shutting down sockets [ 449.499696][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 449.504420][T13170] input: syz1 as /devices/virtual/input/input111 [ 450.546089][T13188] "syz.3.2855" (13188) uses obsolete ecb(arc4) skcipher [ 450.579480][ T5914] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 450.626623][T13191] batadv_slave_0: entered promiscuous mode [ 450.752882][ T5914] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 450.762063][ T5914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.772886][ T5914] usb 2-1: config 0 descriptor?? [ 450.871841][ T5182] bcm5974 3-1:4.28: could not read from device [ 450.882024][ T5182] bcm5974 3-1:4.28: could not read from device [ 450.889800][ T5895] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 450.892353][ T5933] usb 3-1: USB disconnect, device number 26 [ 450.999445][T13195] nbd2: detected capacity change from 0 to 8 [ 451.049555][ T5895] usb 4-1: Using ep0 maxpacket: 32 [ 451.066196][ T5895] usb 4-1: config 9 has an invalid interface number: 130 but max is 2 [ 451.074875][ T5895] usb 4-1: config 9 has an invalid interface number: 168 but max is 2 [ 451.083533][ T5895] usb 4-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 451.095754][ T5895] usb 4-1: config 9 has 2 interfaces, different from the descriptor's value: 3 [ 451.105187][ T5895] usb 4-1: config 9 has no interface number 0 [ 451.111647][ T5895] usb 4-1: config 9 has no interface number 1 [ 451.127110][ T5895] usb 4-1: config 9 interface 168 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 451.140557][ T5895] usb 4-1: config 9 interface 130 has no altsetting 0 [ 451.141402][T13196] sg_read: process 229 (syz.1.2851) changed security contexts after opening file descriptor, this is not allowed. [ 451.147353][ T5895] usb 4-1: config 9 interface 168 has no altsetting 0 [ 451.151025][ T5895] usb 4-1: New USB device found, idVendor=124a, idProduct=4025, bcdDevice=38.6a [ 451.177301][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.185607][ T5895] usb 4-1: Manufacturer: 㿵힚铢斎䪆튡遶칵ꥄ钷ᯰ귐켤ἁ늻끅캫之ᓽ謲恜㩒紵뚝㩈ف瞲漃ᚪ劭蜠㟘몁᎛ [ 451.199977][ T5895] usb 4-1: SerialNumber: syz [ 451.393843][T13199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2858'. [ 451.420666][ T5895] hub 4-1:9.130: Invalid hub with more than one config or interface [ 451.428863][ T5895] hub 4-1:9.130: probe with driver hub failed with error -22 [ 451.429205][T13190] batadv_slave_0: left promiscuous mode [ 451.452881][ T5895] usb 4-1: USB disconnect, device number 28 [ 451.756364][ T5832] block nbd2: Receive control failed (result -32) [ 451.760061][T13195] block nbd2: shutting down sockets [ 451.883511][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 451.887380][T13204] input: syz1 as /devices/virtual/input/input112 [ 452.233849][T13215] "syz.2.2864" (13215) uses obsolete ecb(arc4) skcipher [ 452.549385][ T5895] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 452.702051][ T5895] usb 5-1: config 4 has an invalid interface number: 28 but max is 0 [ 452.710585][ T5895] usb 5-1: config 4 has no interface number 0 [ 452.718785][ T5895] usb 5-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 452.728861][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.737142][ T5895] usb 5-1: Product: syz [ 452.741467][ T5895] usb 5-1: Manufacturer: syz [ 452.746079][ T5895] usb 5-1: SerialNumber: syz [ 452.758510][ T5895] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:4.28/input/input113 [ 453.012491][T13223] block nbd3: shutting down sockets [ 453.068118][T13225] overlayfs: missing 'lowerdir' [ 453.079411][T13225] overlayfs: failed to resolve './bus': -2 [ 453.132916][T13228] overlay: filesystem on ./bus not supported as upperdir [ 453.189844][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 453.194073][T13231] input: syz1 as /devices/virtual/input/input114 [ 453.230909][ T5914] ath6kl: Failed to read usb control message: -110 [ 453.237869][ T5914] ath6kl: Unable to read the bmi data from the device: -110 [ 453.245901][ T5914] ath6kl: Unable to recv target info: -110 [ 453.259508][ T5914] ath6kl: Failed to init ath6kl core: -110 [ 453.265983][ T5914] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 453.348037][ T5914] usb 2-1: USB disconnect, device number 29 [ 453.419487][ T5873] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 453.520542][T13241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2873'. [ 453.589431][ T5873] usb 4-1: Using ep0 maxpacket: 8 [ 453.598548][ T5873] usb 4-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 453.608797][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 453.620472][ T5873] usb 4-1: Product: syz [ 453.624670][ T5873] usb 4-1: Manufacturer: syz [ 453.629270][ T5873] usb 4-1: SerialNumber: syz [ 453.637713][ T5873] usb 4-1: config 0 descriptor?? [ 454.131612][T13244] "syz.2.2874" (13244) uses obsolete ecb(arc4) skcipher [ 454.497359][ T5873] usb 4-1: USB disconnect, device number 29 [ 454.545628][T13251] batadv_slave_0: entered promiscuous mode [ 454.821578][ T5834] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 454.989482][ T5834] usb 2-1: Using ep0 maxpacket: 32 [ 454.997185][ T5834] usb 2-1: config 9 has an invalid interface number: 130 but max is 2 [ 455.005536][ T5834] usb 2-1: config 9 has an invalid interface number: 168 but max is 2 [ 455.013876][ T5834] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 455.024236][ T5834] usb 2-1: config 9 has 2 interfaces, different from the descriptor's value: 3 [ 455.033375][ T5834] usb 2-1: config 9 has no interface number 0 [ 455.039867][ T5834] usb 2-1: config 9 has no interface number 1 [ 455.046036][ T5834] usb 2-1: config 9 interface 168 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 14 [ 455.062607][ T5834] usb 2-1: config 9 interface 130 has no altsetting 0 [ 455.069826][ T5834] usb 2-1: config 9 interface 168 has no altsetting 0 [ 455.080611][ T5834] usb 2-1: New USB device found, idVendor=124a, idProduct=4025, bcdDevice=38.6a [ 455.090120][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.098194][ T5834] usb 2-1: Manufacturer: 㿵힚铢斎䪆튡遶칵ꥄ钷ᯰ귐켤ἁ늻끅캫之ᓽ謲恜㩒紵뚝㩈ف瞲漃ᚪ劭蜠㟘몁᎛ [ 455.112621][ T5834] usb 2-1: SerialNumber: syz [ 455.344937][T13250] batadv_slave_0: left promiscuous mode [ 455.346450][ T5834] hub 2-1:9.130: Invalid hub with more than one config or interface [ 455.362889][ T5182] bcm5974 5-1:4.28: could not read from device [ 455.379406][ T5834] hub 2-1:9.130: probe with driver hub failed with error -22 [ 455.392882][ T5873] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 455.393462][ T5182] bcm5974 5-1:4.28: could not read from device [ 455.420057][ T5895] usb 5-1: USB disconnect, device number 11 [ 455.463588][ T5182] bcm5974 5-1:4.28: could not read from device [ 455.469479][ T5834] usb 2-1: USB disconnect, device number 30 [ 455.617569][ T5873] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 455.637544][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.658563][ T5873] usb 3-1: Product: syz [ 455.665044][ T5873] usb 3-1: Manufacturer: syz [ 455.670621][ T5873] usb 3-1: SerialNumber: syz [ 455.679985][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 455.692219][T13265] input: syz1 as /devices/virtual/input/input115 [ 455.727723][T13267] "syz.4.2884" (13267) uses obsolete ecb(arc4) skcipher [ 455.862794][T13270] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2885'. [ 456.090176][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 456.102296][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 456.319390][ T5895] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 456.471235][ T5895] usb 4-1: config 4 has an invalid interface number: 28 but max is 0 [ 456.479502][ T5895] usb 4-1: config 4 has no interface number 0 [ 456.488839][ T5895] usb 4-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 456.498069][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.506350][ T5895] usb 4-1: Product: syz [ 456.511941][ T5895] usb 4-1: Manufacturer: syz [ 456.516881][ T5895] usb 4-1: SerialNumber: syz [ 456.528356][ T5895] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.28/input/input116 [ 457.034721][T13289] validate_nla: 2 callbacks suppressed [ 457.034741][T13289] netlink: 'syz.1.2892': attribute type 2 has an invalid length. [ 457.048874][T13289] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2892'. [ 457.120746][T13293] "syz.1.2893" (13293) uses obsolete ecb(arc4) skcipher [ 457.188112][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 457.194688][T13295] input: syz1 as /devices/virtual/input/input117 [ 457.320802][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE [ 457.744686][T13305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2897'. [ 457.947579][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -EPROTO [ 457.963812][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO [ 457.976298][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 457.987010][ T5873] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 457.999092][ T5873] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71 [ 458.012477][ T5873] usb 3-1: USB disconnect, device number 27 [ 458.497326][T13311] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2899'. [ 458.831141][T13327] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2906'. [ 459.002044][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 459.006627][T13331] input: syz1 as /devices/virtual/input/input118 [ 459.073358][ T5182] bcm5974 4-1:4.28: could not read from device [ 459.084503][ T5182] bcm5974 4-1:4.28: could not read from device [ 459.096009][ T5895] usb 4-1: USB disconnect, device number 30 [ 459.099853][ T5182] bcm5974 4-1:4.28: could not read from device [ 459.117670][ T5182] bcm5974 4-1:4.28: could not read from device [ 459.136490][T13334] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2908'. [ 459.235819][T13339] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2910'. [ 459.386790][T13345] FAULT_INJECTION: forcing a failure. [ 459.386790][T13345] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.404573][T13345] CPU: 1 UID: 0 PID: 13345 Comm: syz.3.2913 Not tainted syzkaller #0 PREEMPT(full) [ 459.404601][T13345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 459.404614][T13345] Call Trace: [ 459.404622][T13345] [ 459.404630][T13345] dump_stack_lvl+0x189/0x250 [ 459.404661][T13345] ? __pfx____ratelimit+0x10/0x10 [ 459.404687][T13345] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.404721][T13345] ? __pfx__printk+0x10/0x10 [ 459.404746][T13345] ? __might_fault+0xb0/0x130 [ 459.404784][T13345] should_fail_ex+0x414/0x560 [ 459.404817][T13345] _copy_from_user+0x2d/0xb0 [ 459.404841][T13345] ___sys_recvmsg+0x12e/0x510 [ 459.404877][T13345] ? __pfx____sys_recvmsg+0x10/0x10 [ 459.404933][T13345] ? __fget_files+0x3a0/0x420 [ 459.404967][T13345] do_recvmmsg+0x307/0x770 [ 459.405005][T13345] ? __pfx_do_recvmmsg+0x10/0x10 [ 459.405048][T13345] ? _copy_from_user+0x94/0xb0 [ 459.405087][T13345] __x64_sys_recvmmsg+0x1af/0x240 [ 459.405118][T13345] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 459.405151][T13345] ? do_syscall_64+0xbe/0xfa0 [ 459.405182][T13345] do_syscall_64+0xfa/0xfa0 [ 459.405210][T13345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.405230][T13345] ? clear_bhb_loop+0x60/0xb0 [ 459.405255][T13345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.405275][T13345] RIP: 0033:0x7fe758d8f6c9 [ 459.405293][T13345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.405309][T13345] RSP: 002b:00007fe759b68038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 459.405332][T13345] RAX: ffffffffffffffda RBX: 00007fe758fe5fa0 RCX: 00007fe758d8f6c9 [ 459.405347][T13345] RDX: 04000000000003b4 RSI: 00002000000037c0 RDI: 0000000000000003 [ 459.405361][T13345] RBP: 00007fe759b68090 R08: 0000200000003700 R09: 0000000000000000 [ 459.405373][T13345] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000001 [ 459.405385][T13345] R13: 00007fe758fe6038 R14: 00007fe758fe5fa0 R15: 00007ffc16254b78 [ 459.405420][T13345] [ 459.722930][T13353] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2917'. [ 459.805405][T13358] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2919'. [ 459.875840][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 459.883384][T13362] input: syz1 as /devices/virtual/input/input119 [ 459.929395][ T5873] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 460.082073][ T5873] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 460.090544][ T5873] usb 3-1: config 4 has no interface number 0 [ 460.099772][ T5873] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 460.110654][ T5873] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.118766][ T5873] usb 3-1: Product: syz [ 460.123588][ T5873] usb 3-1: Manufacturer: syz [ 460.128225][ T5873] usb 3-1: SerialNumber: syz [ 460.138305][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input120 [ 460.918260][T13377] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2927'. [ 461.041235][T13381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2929'. [ 461.044162][T13383] FAULT_INJECTION: forcing a failure. [ 461.044162][T13383] name failslab, interval 1, probability 0, space 0, times 1 [ 461.091409][T13383] CPU: 1 UID: 0 PID: 13383 Comm: syz.4.2930 Not tainted syzkaller #0 PREEMPT(full) [ 461.091440][T13383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 461.091453][T13383] Call Trace: [ 461.091461][T13383] [ 461.091470][T13383] dump_stack_lvl+0x189/0x250 [ 461.091501][T13383] ? __pfx____ratelimit+0x10/0x10 [ 461.091528][T13383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 461.091551][T13383] ? __pfx__printk+0x10/0x10 [ 461.091577][T13383] ? __pfx___might_resched+0x10/0x10 [ 461.091600][T13383] ? fs_reclaim_acquire+0x7d/0x100 [ 461.091640][T13383] should_fail_ex+0x414/0x560 [ 461.091680][T13383] should_failslab+0xa8/0x100 [ 461.091709][T13383] kmem_cache_alloc_noprof+0x88/0x700 [ 461.091733][T13383] ? ima_match_policy+0x115/0x21e0 [ 461.091762][T13383] ? vm_area_dup+0x2b/0x680 [ 461.091793][T13383] vm_area_dup+0x2b/0x680 [ 461.091822][T13383] __split_vma+0x1a9/0xa00 [ 461.091853][T13383] ? __pfx___split_vma+0x10/0x10 [ 461.091890][T13383] ? process_measurement+0x72d/0x1a40 [ 461.091920][T13383] vms_gather_munmap_vmas+0x2e2/0x12e0 [ 461.091949][T13383] ? up_write+0x1c4/0x420 [ 461.091987][T13383] ? mtree_range_walk+0x6a7/0x840 [ 461.092018][T13383] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 461.092062][T13383] ? mas_find+0xa7d/0xd30 [ 461.092094][T13383] mmap_region+0x72b/0x1d30 [ 461.092136][T13383] ? __pfx_mmap_region+0x10/0x10 [ 461.092153][T13383] ? __lock_acquire+0xab9/0xd20 [ 461.092265][T13383] ? aa_file_perm+0x139/0x1540 [ 461.092289][T13383] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 461.092327][T13383] ? cap_mmap_addr+0xb0/0x100 [ 461.092357][T13383] ? bpf_lsm_mmap_addr+0x9/0x20 [ 461.092384][T13383] ? security_mmap_addr+0x71/0x270 [ 461.092416][T13383] ? shmem_mapping+0xd/0x50 [ 461.092443][T13383] ? memfd_check_seals_mmap+0xc5/0x200 [ 461.092472][T13383] do_mmap+0xc45/0x10d0 [ 461.092509][T13383] ? __pfx_do_mmap+0x10/0x10 [ 461.092553][T13383] ? down_write_killable+0x178/0x230 [ 461.092586][T13383] ? __pfx_down_write_killable+0x10/0x10 [ 461.092616][T13383] ? common_file_perm+0x1b5/0x230 [ 461.092647][T13383] vm_mmap_pgoff+0x2a6/0x4d0 [ 461.092687][T13383] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 461.092710][T13383] ? __fget_files+0x2a/0x420 [ 461.092735][T13383] ? __fget_files+0x2a/0x420 [ 461.092758][T13383] ? __fget_files+0x2a/0x420 [ 461.092783][T13383] ksys_mmap_pgoff+0x51f/0x760 [ 461.092814][T13383] do_syscall_64+0xfa/0xfa0 [ 461.092841][T13383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.092870][T13383] ? clear_bhb_loop+0x60/0xb0 [ 461.092895][T13383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.092914][T13383] RIP: 0033:0x7f670db8f6c9 [ 461.092934][T13383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.092970][T13383] RSP: 002b:00007f670ea69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 461.092992][T13383] RAX: ffffffffffffffda RBX: 00007f670dde5fa0 RCX: 00007f670db8f6c9 [ 461.093006][T13383] RDX: 0000000002000008 RSI: 0000000000002028 RDI: 0000200000002000 [ 461.093018][T13383] RBP: 00007f670ea69090 R08: 0000000000000003 R09: 0000000052342000 [ 461.093031][T13383] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001 [ 461.093043][T13383] R13: 00007f670dde6038 R14: 00007f670dde5fa0 R15: 00007ffcc03ee048 [ 461.093078][T13383] [ 461.554397][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 461.559982][T13392] input: syz1 as /devices/virtual/input/input121 [ 462.415218][T13404] netlink: 'syz.3.2938': attribute type 6 has an invalid length. [ 462.426074][T13404] __nla_validate_parse: 1 callbacks suppressed [ 462.426094][T13404] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2938'. [ 462.512473][T13406] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2939'. [ 462.742619][ T5182] bcm5974 3-1:4.28: could not read from device [ 462.778200][T13418] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2945'. [ 462.788484][ T5182] bcm5974 3-1:4.28: could not read from device [ 462.802066][ T5182] bcm5974 3-1:4.28: could not read from device [ 462.803949][ T5873] usb 3-1: USB disconnect, device number 28 [ 462.814935][ T5182] bcm5974 3-1:4.28: could not read from device [ 462.859729][ T5914] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 462.922310][T13427] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2949'. [ 462.964216][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 462.967379][T13429] input: syz1 as /devices/virtual/input/input122 [ 463.031111][ T5914] usb 4-1: config 7 has an invalid interface number: 101 but max is 0 [ 463.041282][ T5914] usb 4-1: config 7 has no interface number 0 [ 463.050244][ T5914] usb 4-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 463.059759][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.067793][ T5914] usb 4-1: Product: syz [ 463.072168][ T5914] usb 4-1: Manufacturer: syz [ 463.076785][ T5914] usb 4-1: SerialNumber: syz [ 463.726229][T13446] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2956'. [ 463.759571][ T5873] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 463.834879][T13450] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2958'. [ 463.849582][ T5914] as10x_usb: device has been detected [ 463.863953][ T5914] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 463.892610][ T5914] usb 4-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 463.931468][ T5873] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 463.938689][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 463.949617][ T5873] usb 2-1: config 4 has no interface number 0 [ 463.959247][T13455] input: syz1 as /devices/virtual/input/input123 [ 464.012438][ T5873] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 464.022062][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.040257][ T5873] usb 2-1: Product: syz [ 464.044493][ T5873] usb 2-1: Manufacturer: syz [ 464.049215][ T5873] usb 2-1: SerialNumber: syz [ 464.127961][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input124 [ 464.169721][ T5914] as10x_usb: error during firmware upload part1 [ 464.180141][ T5914] Registered device Elgato EyeTV DTT Deluxe [ 465.254566][T13470] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2966'. [ 465.633601][ T5834] usb 4-1: USB disconnect, device number 31 [ 465.659771][ T5834] Unregistered device Elgato EyeTV DTT Deluxe [ 465.662145][ T5834] as10x_usb: device has been disconnected [ 466.336108][T13490] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2975'. [ 466.553642][ T5182] bcm5974 2-1:4.28: could not read from device [ 466.571554][ T5182] bcm5974 2-1:4.28: could not read from device [ 466.587043][ T5182] bcm5974 2-1:4.28: could not read from device [ 466.600914][ T5873] usb 2-1: USB disconnect, device number 31 [ 466.894427][T13515] veth1_macvtap: left promiscuous mode [ 466.900177][T13515] macsec0: entered allmulticast mode [ 466.916093][T13515] veth1_macvtap: entered promiscuous mode [ 466.928842][T13515] veth1_macvtap: entered allmulticast mode [ 466.935318][T13515] macsec0: left allmulticast mode [ 466.940479][T13515] veth1_macvtap: left allmulticast mode [ 466.946214][T13515] FAULT_INJECTION: forcing a failure. [ 466.946214][T13515] name failslab, interval 1, probability 0, space 0, times 0 [ 466.959125][T13515] CPU: 0 UID: 0 PID: 13515 Comm: syz.4.2986 Not tainted syzkaller #0 PREEMPT(full) [ 466.959147][T13515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 466.959154][T13515] Call Trace: [ 466.959160][T13515] [ 466.959166][T13515] dump_stack_lvl+0x189/0x250 [ 466.959190][T13515] ? __pfx____ratelimit+0x10/0x10 [ 466.959209][T13515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 466.959227][T13515] ? __pfx__printk+0x10/0x10 [ 466.959257][T13515] should_fail_ex+0x414/0x560 [ 466.959290][T13515] should_failslab+0xa8/0x100 [ 466.959313][T13515] __kmalloc_cache_noprof+0x84/0x700 [ 466.959333][T13515] ? do_raw_spin_lock+0x121/0x290 [ 466.959352][T13515] ? __hw_addr_add_ex+0x1f4/0x770 [ 466.959381][T13515] __hw_addr_add_ex+0x1f4/0x770 [ 466.959409][T13515] dev_mc_add+0xa1/0x120 [ 466.959436][T13515] igmp_group_added+0x1c1/0x8f0 [ 466.959466][T13515] ? __pfx_igmp_group_added+0x10/0x10 [ 466.959492][T13515] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 466.959511][T13515] ? do_raw_spin_unlock+0x122/0x240 [ 466.959536][T13515] ____ip_mc_inc_group+0x993/0xde0 [ 466.959568][T13515] ip_mc_up+0x125/0x300 [ 466.959584][T13515] inetdev_event+0xfb3/0x15f0 [ 466.959602][T13515] ? __pfx_del_netdev_default_ips_join+0x10/0x10 [ 466.959621][T13515] ? __pfx_is_eth_port_inactive_slave_filter+0x10/0x10 [ 466.959644][T13515] ? __pfx_is_ndev_for_default_gid_filter+0x10/0x10 [ 466.959676][T13515] ? __pfx_inetdev_event+0x10/0x10 [ 466.959709][T13515] notifier_call_chain+0x1b6/0x3e0 [ 466.959757][T13515] __dev_notify_flags+0x18d/0x2e0 [ 466.959787][T13515] ? __pfx___dev_notify_flags+0x10/0x10 [ 466.959811][T13515] ? __dev_change_flags+0x52e/0x6d0 [ 466.959843][T13515] ? __pfx___dev_change_flags+0x10/0x10 [ 466.959870][T13515] ? full_name_hash+0x92/0xe0 [ 466.959900][T13515] netif_change_flags+0xe8/0x1a0 [ 466.959930][T13515] dev_change_flags+0x130/0x260 [ 466.959961][T13515] dev_ioctl+0x7b4/0x1150 [ 466.959990][T13515] sock_do_ioctl+0x22c/0x300 [ 466.960063][T13515] ? __pfx_sock_do_ioctl+0x10/0x10 [ 466.960094][T13515] sock_ioctl+0x576/0x790 [ 466.960119][T13515] ? __pfx_sock_ioctl+0x10/0x10 [ 466.960144][T13515] ? __fget_files+0x3a0/0x420 [ 466.960160][T13515] ? __fget_files+0x2a/0x420 [ 466.960179][T13515] ? bpf_lsm_file_ioctl+0x9/0x20 [ 466.960199][T13515] ? __pfx_sock_ioctl+0x10/0x10 [ 466.960221][T13515] __se_sys_ioctl+0xfc/0x170 [ 466.960244][T13515] do_syscall_64+0xfa/0xfa0 [ 466.960267][T13515] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.960282][T13515] ? clear_bhb_loop+0x60/0xb0 [ 466.960302][T13515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 466.960317][T13515] RIP: 0033:0x7f670db8f6c9 [ 466.960334][T13515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 466.960352][T13515] RSP: 002b:00007f670ea69038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.960374][T13515] RAX: ffffffffffffffda RBX: 00007f670dde5fa0 RCX: 00007f670db8f6c9 [ 466.960388][T13515] RDX: 0000200000000240 RSI: 0000000000008914 RDI: 0000000000000003 [ 466.960402][T13515] RBP: 00007f670ea69090 R08: 0000000000000000 R09: 0000000000000000 [ 466.960413][T13515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 466.960425][T13515] R13: 00007f670dde6038 R14: 00007f670dde5fa0 R15: 00007ffcc03ee048 [ 466.960459][T13515] [ 467.500023][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 467.505485][T13526] input: syz1 as /devices/virtual/input/input125 [ 467.729125][T13532] "syz.2.2992" (13532) uses obsolete ecb(arc4) skcipher [ 468.019706][T13551] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.3001' resets device [ 468.030667][T13551] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.3001' sets config #7 [ 468.119666][ T5912] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 468.146533][T13559] "syz.2.3005" (13559) uses obsolete ecb(arc4) skcipher [ 468.294026][ T5912] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 468.305375][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.317098][ T5912] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.327220][ T5912] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 468.341548][ T5912] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 468.351441][ T5912] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 468.361294][ T5912] usb 2-1: Manufacturer: syz [ 468.367654][ T5912] usb 2-1: config 0 descriptor?? [ 468.571313][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 468.575826][T13543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 468.575891][T13566] input: syz1 as /devices/virtual/input/input126 [ 468.583775][T13543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 468.612712][T13543] binder: 13542:13543 ioctl c0306201 2000000001c0 returned -14 [ 468.824707][ T5912] appleir 0003:05AC:8243.000D: unknown main item tag 0x0 [ 468.838514][ T5912] appleir 0003:05AC:8243.000D: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 469.028646][T13580] "syz.4.3014" (13580) uses obsolete ecb(arc4) skcipher [ 469.077802][T13582] warning: `syz.3.3015' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 469.091718][T13543] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 469.110812][T13543] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 469.191343][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 469.195524][T13589] input: syz1 as /devices/virtual/input/input127 [ 469.349414][ T5914] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 469.499392][ T5914] usb 4-1: Using ep0 maxpacket: 8 [ 469.506787][ T5914] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 469.518967][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 469.530124][ T5914] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 800 [ 469.541302][ T5914] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 469.554503][ T5914] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 469.563717][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.778074][ T5914] usb 4-1: GET_CAPABILITIES returned 0 [ 469.783768][ T5914] usbtmc 4-1:16.0: can't read capabilities [ 469.940261][T13597] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3021'. [ 469.983920][ T5912] usb 4-1: USB disconnect, device number 32 [ 470.006795][T13598] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3021'. [ 470.290400][ T5914] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 470.431659][ T5914] usb 5-1: device descriptor read/64, error -71 [ 470.669585][ T5914] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 470.717899][T13606] "syz.1.3024" (13606) uses obsolete ecb(arc4) skcipher [ 470.800350][ T5914] usb 5-1: device descriptor read/64, error -71 [ 470.856052][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 470.862291][T13612] input: syz1 as /devices/virtual/input/input128 [ 470.903909][ T5881] usb 2-1: USB disconnect, device number 32 [ 470.920926][ T5914] usb usb5-port1: attempt power cycle [ 471.070237][ T5834] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 471.231448][ T5834] usb 4-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 471.240630][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.251269][ T5834] usb 4-1: config 0 descriptor?? [ 471.258144][ T5834] asix 4-1:0.0: probe with driver asix failed with error -22 [ 471.269419][ T5914] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 471.290480][ T5914] usb 5-1: device descriptor read/8, error -71 [ 471.484304][ T5834] usb 4-1: USB disconnect, device number 33 [ 471.529457][ T5914] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 471.550974][ T5914] usb 5-1: device descriptor read/8, error -71 [ 471.659705][ T5914] usb usb5-port1: unable to enumerate USB device [ 471.947058][T13628] syz.2.3034 (13628): attempted to duplicate a private mapping with mremap. This is not supported. [ 471.996494][T13630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3035'. [ 472.059788][T13631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3035'. [ 472.087208][T13633] "syz.3.3036" (13633) uses obsolete ecb(arc4) skcipher [ 472.126098][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 472.129066][T13635] input: syz1 as /devices/virtual/input/input129 [ 472.864611][T13649] FAULT_INJECTION: forcing a failure. [ 472.864611][T13649] name failslab, interval 1, probability 0, space 0, times 0 [ 472.879733][T13649] CPU: 0 UID: 0 PID: 13649 Comm: syz.1.3043 Not tainted syzkaller #0 PREEMPT(full) [ 472.879763][T13649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 472.879775][T13649] Call Trace: [ 472.879783][T13649] [ 472.879793][T13649] dump_stack_lvl+0x189/0x250 [ 472.879824][T13649] ? __pfx____ratelimit+0x10/0x10 [ 472.879851][T13649] ? __pfx_dump_stack_lvl+0x10/0x10 [ 472.879882][T13649] ? __pfx__printk+0x10/0x10 [ 472.879923][T13649] ? __pfx___might_resched+0x10/0x10 [ 472.879953][T13649] should_fail_ex+0x414/0x560 [ 472.879986][T13649] should_failslab+0xa8/0x100 [ 472.880016][T13649] __kmalloc_noprof+0xdf/0x800 [ 472.880042][T13649] ? ioctl_standard_iw_point+0x4d5/0xd40 [ 472.880072][T13649] ? rcu_is_watching+0x15/0xb0 [ 472.880102][T13649] ioctl_standard_iw_point+0x4d5/0xd40 [ 472.880148][T13649] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 472.880175][T13649] ? __pfx_ioctl_standard_iw_point+0x10/0x10 [ 472.880206][T13649] ? __pfx___mutex_lock+0x10/0x10 [ 472.880242][T13649] ? full_name_hash+0x92/0xe0 [ 472.880269][T13649] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 472.880295][T13649] ioctl_standard_call+0xaf/0x1b0 [ 472.880328][T13649] ? __pfx_cfg80211_wext_giwessid+0x10/0x10 [ 472.880351][T13649] wext_ioctl_dispatch+0xee/0x410 [ 472.880378][T13649] ? __pfx_ioctl_standard_call+0x10/0x10 [ 472.880410][T13649] wext_handle_ioctl+0x100/0x1c0 [ 472.880442][T13649] ? __pfx_wext_handle_ioctl+0x10/0x10 [ 472.880490][T13649] sock_ioctl+0x15f/0x790 [ 472.880526][T13649] ? __pfx_sock_ioctl+0x10/0x10 [ 472.880562][T13649] ? __fget_files+0x3a0/0x420 [ 472.880585][T13649] ? __fget_files+0x2a/0x420 [ 472.880612][T13649] ? bpf_lsm_file_ioctl+0x9/0x20 [ 472.880641][T13649] ? __pfx_sock_ioctl+0x10/0x10 [ 472.880671][T13649] __se_sys_ioctl+0xfc/0x170 [ 472.880704][T13649] do_syscall_64+0xfa/0xfa0 [ 472.880732][T13649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.880753][T13649] ? clear_bhb_loop+0x60/0xb0 [ 472.880780][T13649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.880800][T13649] RIP: 0033:0x7ff25b38f6c9 [ 472.880819][T13649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 472.880835][T13649] RSP: 002b:00007ff25c155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 472.880858][T13649] RAX: ffffffffffffffda RBX: 00007ff25b5e5fa0 RCX: 00007ff25b38f6c9 [ 472.880872][T13649] RDX: 0000200000000040 RSI: 0000000000008b1b RDI: 0000000000000003 [ 472.880886][T13649] RBP: 00007ff25c155090 R08: 0000000000000000 R09: 0000000000000000 [ 472.880899][T13649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 472.880920][T13649] R13: 00007ff25b5e6038 R14: 00007ff25b5e5fa0 R15: 00007ffc10d72838 [ 472.880957][T13649] [ 472.955708][T13653] "syz.2.3045" (13653) uses obsolete ecb(arc4) skcipher [ 473.049461][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 473.122836][T13656] input: syz1 as /devices/virtual/input/input130 [ 473.417277][T13671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3052'. [ 473.482476][T13672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3052'. [ 473.619393][ T5895] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 473.781094][ T5895] usb 4-1: config 4 has an invalid interface number: 28 but max is 0 [ 473.791027][ T5895] usb 4-1: config 4 has no interface number 0 [ 473.799246][ T5895] usb 4-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 473.808701][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.816897][ T5895] usb 4-1: Product: syz [ 473.821096][ T5895] usb 4-1: Manufacturer: syz [ 473.825683][ T5895] usb 4-1: SerialNumber: syz [ 473.835450][ T5895] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.28/input/input131 [ 474.226747][T13680] "syz.2.3056" (13680) uses obsolete ecb(arc4) skcipher [ 474.439475][ T56] block nbd0: Possible stuck request ffff8880255f4b40: control (read@0,4096B). Runtime 120 seconds [ 474.899957][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 474.906793][T13689] input: syz1 as /devices/virtual/input/input132 [ 475.886891][T13702] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 475.947134][T13704] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 475.959133][T13704] FAULT_INJECTION: forcing a failure. [ 475.959133][T13704] name failslab, interval 1, probability 0, space 0, times 0 [ 475.972022][T13704] CPU: 1 UID: 0 PID: 13704 Comm: syz.1.3065 Not tainted syzkaller #0 PREEMPT(full) [ 475.972045][T13704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 475.972054][T13704] Call Trace: [ 475.972060][T13704] [ 475.972066][T13704] dump_stack_lvl+0x189/0x250 [ 475.972091][T13704] ? __pfx____ratelimit+0x10/0x10 [ 475.972112][T13704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.972130][T13704] ? __pfx__printk+0x10/0x10 [ 475.972154][T13704] ? __pfx___might_resched+0x10/0x10 [ 475.972184][T13704] should_fail_ex+0x414/0x560 [ 475.972210][T13704] should_failslab+0xa8/0x100 [ 475.972233][T13704] __kmalloc_noprof+0xdf/0x800 [ 475.972251][T13704] ? kfree+0x4d/0x6d0 [ 475.972266][T13704] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 475.972293][T13704] tomoyo_realpath_from_path+0xe3/0x5d0 [ 475.972319][T13704] ? tomoyo_domain+0xd8/0x130 [ 475.972349][T13704] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 475.972379][T13704] tomoyo_path_number_perm+0x1e8/0x5a0 [ 475.972412][T13704] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 475.972503][T13704] ? __fget_files+0x2a/0x420 [ 475.972533][T13704] ? __fget_files+0x3a0/0x420 [ 475.972554][T13704] ? __fget_files+0x2a/0x420 [ 475.972582][T13704] security_file_ioctl+0xcb/0x2d0 [ 475.972633][T13704] __se_sys_ioctl+0x47/0x170 [ 475.972664][T13704] do_syscall_64+0xfa/0xfa0 [ 475.972692][T13704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.972712][T13704] ? clear_bhb_loop+0x60/0xb0 [ 475.972738][T13704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.972757][T13704] RIP: 0033:0x7ff25b38f6c9 [ 475.972776][T13704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.972792][T13704] RSP: 002b:00007ff25c155038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 475.972814][T13704] RAX: ffffffffffffffda RBX: 00007ff25b5e5fa0 RCX: 00007ff25b38f6c9 [ 475.972829][T13704] RDX: 0000200000000280 RSI: 0000000000003b8d RDI: 0000000000000003 [ 475.972843][T13704] RBP: 00007ff25c155090 R08: 0000000000000000 R09: 0000000000000000 [ 475.972854][T13704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.972866][T13704] R13: 00007ff25b5e6038 R14: 00007ff25b5e5fa0 R15: 00007ffc10d72838 [ 475.972900][T13704] [ 475.972910][T13704] ERROR: Out of memory at tomoyo_realpath_from_path. [ 476.302089][T13714] "syz.1.3069" (13714) uses obsolete ecb(arc4) skcipher [ 476.384711][ T5182] bcm5974 4-1:4.28: could not read from device [ 476.393947][ T5182] bcm5974 4-1:4.28: could not read from device [ 476.403570][ T5895] usb 4-1: USB disconnect, device number 34 [ 476.410579][ T5182] bcm5974 4-1:4.28: could not read from device [ 476.439749][ T5881] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 476.589422][ T5881] usb 3-1: Using ep0 maxpacket: 8 [ 476.596289][ T5881] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 476.607191][ T5881] usb 3-1: config 0 has no interfaces? [ 476.613002][ T5881] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 476.622273][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.632087][ T5881] usb 3-1: config 0 descriptor?? [ 476.842205][ T5912] usb 3-1: USB disconnect, device number 29 [ 477.020640][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 477.024017][T13719] input: syz1 as /devices/virtual/input/input133 [ 477.247199][T13725] input: syz0 as /devices/virtual/input/input134 [ 477.273350][T13725] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 477.670048][ T5912] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 477.861786][ T5912] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 477.870440][ T5912] usb 3-1: config 4 has no interface number 0 [ 477.878787][ T5912] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 477.889394][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.897431][ T5912] usb 3-1: Product: syz [ 477.901680][ T5912] usb 3-1: Manufacturer: syz [ 477.906281][ T5912] usb 3-1: SerialNumber: syz [ 477.916138][ T5912] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input135 [ 478.118790][T13741] "syz.4.3080" (13741) uses obsolete ecb(arc4) skcipher [ 478.234338][T13746] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 478.243556][T13746] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 478.311075][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 478.315217][T13749] input: syz1 as /devices/virtual/input/input136 [ 478.490021][ T5873] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 480.154175][T13781] "syz.1.3093" (13781) uses obsolete ecb(arc4) skcipher [ 480.448720][ T5182] bcm5974 3-1:4.28: could not read from device [ 480.457194][ T5182] bcm5974 3-1:4.28: could not read from device [ 480.468038][ T5912] usb 3-1: USB disconnect, device number 30 [ 480.474941][ T5182] bcm5974 3-1:4.28: could not read from device [ 480.525685][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 480.528699][T13789] input: syz1 as /devices/virtual/input/input137 [ 480.659830][ T5834] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 480.809385][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 480.816152][ T5834] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 480.825104][ T5834] usb 4-1: config 0 has no interface number 0 [ 480.836081][ T5834] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 480.845681][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 480.855286][ T5834] usb 4-1: Product: syz [ 480.859661][ T5834] usb 4-1: Manufacturer: syz [ 480.864272][ T5834] usb 4-1: SerialNumber: syz [ 480.871996][ T5834] usb 4-1: config 0 descriptor?? [ 480.878697][ T5834] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 481.083841][ T5834] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 481.097044][ T5834] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 481.284647][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6 [ 481.560884][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 481.571040][ T5914] usb 4-1: USB disconnect, device number 36 [ 481.585870][ T5914] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 481.601479][ T5914] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 481.615484][ T5914] quatech2 4-1:0.51: device disconnected [ 481.899430][ T5912] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 482.069395][ T5912] usb 3-1: Using ep0 maxpacket: 32 [ 482.076409][ T5912] usb 3-1: unable to get BOS descriptor or descriptor too short [ 482.086734][ T5912] usb 3-1: config 244 has an invalid interface number: 68 but max is 0 [ 482.095327][ T5912] usb 3-1: config 244 has no interface number 0 [ 482.101895][ T5912] usb 3-1: config 244 interface 68 altsetting 3 has an endpoint descriptor with address 0xF8, changing to 0x88 [ 482.114011][ T5912] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 482.119387][ T5914] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 482.125324][ T5912] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 482.145023][ T5912] usb 3-1: config 244 interface 68 altsetting 3 endpoint 0xA has invalid wMaxPacketSize 0 [ 482.157063][ T5912] usb 3-1: config 244 interface 68 has no altsetting 0 [ 482.167807][ T5912] usb 3-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=24.0f [ 482.177219][ T5912] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.188807][ T5912] usb 3-1: Product: syz [ 482.195016][ T5912] usb 3-1: Manufacturer: syz [ 482.200775][ T5912] usb 3-1: SerialNumber: syz [ 482.302780][ T5914] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 482.311438][ T5914] usb 2-1: config 4 has no interface number 0 [ 482.321647][ T5914] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 482.331002][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.339235][ T5914] usb 2-1: Product: syz [ 482.343714][ T5914] usb 2-1: Manufacturer: syz [ 482.348466][ T5914] usb 2-1: SerialNumber: syz [ 482.385793][ T5914] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input138 [ 482.436767][T13806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.456005][T13816] "syz.4.3109" (13816) uses obsolete ecb(arc4) skcipher [ 482.465546][T13806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.474048][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 482.479535][T13818] input: syz1 as /devices/virtual/input/input139 [ 482.486343][ T5912] comedi comedi5: Endpoint has wrong direction [ 482.502443][ T5912] dt9812 3-1:244.68: driver 'dt9812' failed to auto-configure device. [ 482.516350][ T5912] usb 3-1: USB disconnect, device number 31 [ 483.898957][T13843] netlink: 'syz.3.3117': attribute type 10 has an invalid length. [ 483.977142][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 483.985696][T13845] input: syz1 as /devices/virtual/input/input140 [ 484.238885][T13854] "syz.3.3121" (13854) uses obsolete ecb(arc4) skcipher [ 484.931101][ T5182] bcm5974 2-1:4.28: could not read from device [ 484.938690][ T5912] usb 2-1: USB disconnect, device number 33 [ 484.954609][ T5182] bcm5974 2-1:4.28: could not read from device [ 485.162037][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 485.165231][T13874] input: syz1 as /devices/virtual/input/input141 [ 485.381392][ T5914] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 485.539417][ T5914] usb 4-1: Using ep0 maxpacket: 32 [ 485.546279][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.557708][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.571424][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.583238][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.595554][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.606844][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.619007][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.630491][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.644911][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.656216][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.669941][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 204, changing to 11 [ 485.681136][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 32908, setting to 1024 [ 485.692358][ T5914] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 485.701472][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.712275][ T5914] usb 4-1: config 0 descriptor?? [ 486.127781][T13872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.136781][T13872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.259604][ T5834] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 486.299432][ T5881] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 486.407945][T13893] "syz.4.3137" (13893) uses obsolete ecb(arc4) skcipher [ 486.426454][ T5834] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 486.435048][ T5834] usb 2-1: config 4 has no interface number 0 [ 486.444155][ T5834] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 486.454371][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.463096][ T5881] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 486.463484][ T5834] usb 2-1: Product: syz [ 486.477834][ T5834] usb 2-1: Manufacturer: syz [ 486.485700][ T5834] usb 2-1: SerialNumber: syz [ 486.487469][ T5881] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 486.499646][ T5834] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input142 [ 486.521089][ T5881] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 486.533582][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 486.541834][ T5881] usb 3-1: SerialNumber: syz [ 486.677146][ T5914] usbhid 4-1:0.0: can't add hid device: -71 [ 486.686021][ T5914] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 486.702867][ T5914] usb 4-1: USB disconnect, device number 37 [ 486.727588][ T5832] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 486.733148][T13898] input: syz1 as /devices/virtual/input/input143 [ 486.754798][T13886] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.764732][T13886] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.777948][ T5881] usb 3-1: 0:2 : does not exist [ 486.785701][ T5881] usb 3-1: unit 255 not found! [ 486.809128][ T5881] usb 3-1: USB disconnect, device number 32 [ 488.079456][ T5881] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 488.229399][ T5881] usb 4-1: Using ep0 maxpacket: 32 [ 488.237063][ T5881] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 488.245940][ T5881] usb 4-1: config 0 has no interface number 0 [ 488.252181][ T5881] usb 4-1: config 0 interface 12 has no altsetting 0 [ 488.261750][ T5881] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 488.279417][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.287552][ T5881] usb 4-1: Product: syz [ 488.302444][ T5881] usb 4-1: Manufacturer: syz [ 488.307105][ T5881] usb 4-1: SerialNumber: syz [ 488.317138][ T5881] usb 4-1: config 0 descriptor?? [ 488.372245][T13917] "syz.2.3146" (13917) uses obsolete ecb(arc4) skcipher [ 488.393910][T13915] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3145'. [ 488.403045][T13915] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3145'. [ 488.466909][T13921] comedi comedi2: pcl816: I/O port conflict (0x4,16) [ 488.556092][ T5832] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 488.566532][T13925] input: syz1 as /devices/virtual/input/input144 [ 489.046743][ T5182] bcm5974 2-1:4.28: could not read from device [ 489.053482][ T5834] usb 2-1: USB disconnect, device number 34 [ 489.465474][T13939] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3154'. [ 489.596376][ T5881] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 489.609798][ T5881] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 489.617184][ T5881] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 489.625127][ T5881] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 489.636157][ T5881] usb 4-1: USB disconnect, device number 38 [ 489.740236][T13946] "syz.2.3156" (13946) uses obsolete ecb(arc4) skcipher [ 489.991497][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 489.998020][T13953] input: syz1 as /devices/virtual/input/input145 [ 490.299055][T13963] netlink: 84 bytes leftover after parsing attributes in process `syz.1.3163'. [ 490.459409][ T5881] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 490.631205][ T5881] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 490.639483][ T5881] usb 3-1: config 4 has no interface number 0 [ 490.647786][ T5881] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 490.657056][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.666319][ T5881] usb 3-1: Product: syz [ 490.671562][ T5881] usb 3-1: Manufacturer: syz [ 490.676154][ T5881] usb 3-1: SerialNumber: syz [ 490.693044][ T5881] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input146 [ 491.121126][T13971] "syz.3.3165" (13971) uses obsolete ecb(arc4) skcipher [ 491.236635][T13976] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3166'. [ 491.378863][T13981] netlink: 'syz.4.3168': attribute type 27 has an invalid length. [ 491.392032][T13981] netlink: 796 bytes leftover after parsing attributes in process `syz.4.3168'. [ 491.509354][ T5834] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 491.661451][ T5834] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 491.671857][ T5834] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 491.681201][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.692167][ T5834] usb 4-1: config 0 descriptor?? [ 491.700890][ T5834] pwc: Askey VC010 type 2 USB webcam detected. [ 492.101970][ T5834] pwc: recv_control_msg error -32 req 02 val 2b00 [ 492.110773][ T5834] pwc: recv_control_msg error -32 req 02 val 2700 [ 492.123163][ T5834] pwc: recv_control_msg error -32 req 02 val 2c00 [ 492.130396][ T5834] pwc: recv_control_msg error -32 req 04 val 1000 [ 492.137731][ T5834] pwc: recv_control_msg error -32 req 04 val 1300 [ 492.145146][ T5834] pwc: recv_control_msg error -32 req 04 val 1400 [ 492.152546][ T5834] pwc: recv_control_msg error -32 req 02 val 2000 [ 492.160063][ T5834] pwc: recv_control_msg error -32 req 02 val 2100 [ 492.167483][ T5834] pwc: recv_control_msg error -32 req 04 val 1500 [ 492.189935][ T5834] pwc: recv_control_msg error -71 req 02 val 2500 [ 492.196819][ T5834] pwc: recv_control_msg error -71 req 02 val 2400 [ 492.204975][ T5834] pwc: recv_control_msg error -71 req 02 val 2600 [ 492.212566][ T5834] pwc: recv_control_msg error -71 req 02 val 2900 [ 492.227589][ T5834] pwc: recv_control_msg error -71 req 02 val 2800 [ 492.239786][ T5834] pwc: recv_control_msg error -71 req 04 val 1100 [ 492.246964][ T5834] pwc: recv_control_msg error -71 req 04 val 1200 [ 492.260670][ T5834] pwc: Registered as video103. [ 492.268640][ T5834] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input147 [ 492.351714][ T5832] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 492.364483][T13987] input: syz1 as /devices/virtual/input/input148 [ 493.162087][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 493.268958][ T5182] bcm5974 3-1:4.28: could not read from device [ 493.287523][ T5182] bcm5974 3-1:4.28: could not read from device [ 493.304267][ T5881] usb 3-1: USB disconnect, device number 33 [ 493.311083][ T5182] bcm5974 3-1:4.28: could not read from device [ 493.330516][ T5834] usb 4-1: USB disconnect, device number 39 [ 493.682288][T14000] "syz.3.3174" (14000) uses obsolete ecb(arc4) skcipher [ 494.569458][ T43] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 494.581015][ T5834] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 494.739518][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 494.746293][ T43] usb 4-1: config 0 has an invalid interface number: 48 but max is 0 [ 494.754507][ T43] usb 4-1: config 0 has no interface number 0 [ 494.760803][ T43] usb 4-1: config 0 interface 48 has no altsetting 0 [ 494.769747][ T5834] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 494.778155][ T5834] usb 3-1: config 4 has no interface number 0 [ 494.785929][ T43] usb 4-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=a8.98 [ 494.795175][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.803395][ T43] usb 4-1: Product: syz [ 494.808268][ T43] usb 4-1: Manufacturer: syz [ 494.813160][ T43] usb 4-1: SerialNumber: syz [ 494.818651][ T5834] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 494.828719][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.838134][ T43] usb 4-1: config 0 descriptor?? [ 494.843341][ T5834] usb 3-1: Product: syz [ 494.847548][ T5834] usb 3-1: Manufacturer: syz [ 494.854845][ T5834] usb 3-1: SerialNumber: syz [ 494.864664][ T5834] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input149 [ 495.059241][T14016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.068145][T14016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.079035][T14016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.090217][T14016] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.107615][ T43] usb 4-1: USB disconnect, device number 40 [ 495.146619][T14023] "syz.4.3183" (14023) uses obsolete ecb(arc4) skcipher [ 495.197142][ T52] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 495.201112][T14025] input: syz1 as /devices/virtual/input/input150 [ 496.299410][ T43] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 496.459385][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 496.468056][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.480747][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.492979][ T43] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 496.505676][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.518269][ T43] usb 2-1: config 0 descriptor?? [ 496.944331][ T43] hid-multitouch 0003:1FD2:6007.000E: invalid report_count 33296 [ 496.952165][ T43] hid-multitouch 0003:1FD2:6007.000E: item 0 2 1 9 parsing failed [ 496.962154][ T43] hid-multitouch 0003:1FD2:6007.000E: probe with driver hid-multitouch failed with error -22 [ 497.148753][ T43] usb 2-1: USB disconnect, device number 35 [ 497.206209][T14051] "syz.4.3192" (14051) uses obsolete ecb(arc4) skcipher [ 497.360539][ T5182] bcm5974 3-1:4.28: could not read from device [ 497.369023][ T5182] bcm5974 3-1:4.28: could not read from device [ 497.378395][ T5182] bcm5974 3-1:4.28: could not read from device [ 497.378705][ T5834] usb 3-1: USB disconnect, device number 34 [ 497.393610][ T5182] bcm5974 3-1:4.28: could not read from device [ 497.959386][ T10] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 498.112561][ T10] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 498.122242][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.130618][ T5832] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 498.132609][T14062] input: syz1 as /devices/virtual/input/input151 [ 498.134453][ T10] usb 4-1: config 0 descriptor?? [ 498.154671][ T10] cp210x 4-1:0.0: cp210x converter detected [ 498.269474][ T5832] Bluetooth: hci5: command 0x0406 tx timeout [ 498.369152][T14060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.381392][T14060] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.586216][ T10] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 498.614331][ T10] cp210x 4-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 498.641993][ T10] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 498.656742][T14076] "syz.1.3201" (14076) uses obsolete ecb(arc4) skcipher [ 498.661100][ T10] usb 4-1: cp210x converter now attached to ttyUSB0 [ 498.682557][ T10] usb 4-1: USB disconnect, device number 41 [ 498.693113][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 498.702266][ T10] cp210x 4-1:0.0: device disconnected [ 498.955222][T14080] veth1_macvtap: left promiscuous mode [ 498.961144][T14080] macsec0: entered promiscuous mode [ 498.969332][T14080] macsec0: entered allmulticast mode [ 499.020723][ T5834] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 499.201516][ T5834] usb 2-1: config 4 has an invalid interface number: 28 but max is 0 [ 499.209801][ T5834] usb 2-1: config 4 has no interface number 0 [ 499.219824][ T5834] usb 2-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 499.229677][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 499.237821][ T5834] usb 2-1: Product: syz [ 499.242733][ T5834] usb 2-1: Manufacturer: syz [ 499.259338][ T5834] usb 2-1: SerialNumber: syz [ 499.276405][ T5834] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:4.28/input/input152 [ 499.873042][ T52] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 499.876929][T14090] input: syz1 as /devices/virtual/input/input153 [ 500.120911][T14099] "syz.3.3210" (14099) uses obsolete ecb(arc4) skcipher [ 500.439529][ T43] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 500.603595][ T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 500.613899][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 500.626129][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 500.636121][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 500.649964][ T43] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 500.659014][ T43] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 500.667140][ T43] usb 5-1: Manufacturer: syz [ 500.675408][ T43] usb 5-1: config 0 descriptor?? [ 500.939489][ T43] rc_core: IR keymap rc-hauppauge not found [ 500.945528][ T43] Registered IR keymap rc-empty [ 500.950939][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 500.969425][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 500.991425][ T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 501.005137][ T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input154 [ 501.317636][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.324145][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.767692][ T5182] bcm5974 2-1:4.28: could not read from device [ 501.805096][T14106] macsec0: left allmulticast mode [ 501.812135][T14106] veth1_macvtap: entered promiscuous mode [ 501.820942][ T5182] bcm5974 2-1:4.28: could not read from device [ 501.822736][ T5834] usb 2-1: USB disconnect, device number 36 [ 501.829605][T14106] macsec0: left promiscuous mode [ 501.840997][ T5182] bcm5974 2-1:4.28: could not read from device [ 501.859943][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 501.903776][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 501.953178][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 501.991187][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.022173][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.059753][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.081347][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.110622][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.149550][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.209922][ T43] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 502.295270][ T43] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 502.309380][ T43] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 502.339414][ T43] usb 5-1: USB disconnect, device number 16 [ 502.568660][T14121] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 502.745805][T14126] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3219'. [ 502.746896][ T52] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 502.764699][T14128] input: syz1 as /devices/virtual/input/input155 [ 502.811114][T14131] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3219'. [ 502.946691][T14136] "syz.3.3222" (14136) uses obsolete ecb(arc4) skcipher [ 503.059374][ T43] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 503.211313][ T43] usb 3-1: config 4 has an invalid interface number: 28 but max is 0 [ 503.219930][ T43] usb 3-1: config 4 has no interface number 0 [ 503.229009][ T43] usb 3-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 503.241978][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.250762][ T43] usb 3-1: Product: syz [ 503.255070][ T43] usb 3-1: Manufacturer: syz [ 503.261690][ T43] usb 3-1: SerialNumber: syz [ 503.286490][ T43] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:4.28/input/input156 [ 503.707884][ T52] Bluetooth: hci5: unexpected event 0x20 length: 12 > 7 [ 503.718907][T14156] input: syz1 as /devices/virtual/input/input157 [ 503.944030][T14161] "syz.3.3231" (14161) uses obsolete ecb(arc4) skcipher [ 504.022599][T14163] kvm: user requested TSC rate below hardware speed [ 504.034216][T14163] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 504.143297][T14165] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3233'. [ 504.375152][T14173] netlink: 892 bytes leftover after parsing attributes in process `syz.3.3237'. [ 504.442057][T14176] netlink: 892 bytes leftover after parsing attributes in process `syz.3.3237'. [ 504.512683][ T56] block nbd0: Possible stuck request ffff8880255f4b40: control (read@0,4096B). Runtime 150 seconds [ 504.566478][ T52] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 504.573011][T14178] input: syz1 as /devices/virtual/input/input158 [ 504.902309][T14182] "syz.4.3240" (14182) uses obsolete ecb(arc4) skcipher [ 504.983109][T14184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3241'. [ 505.436709][ T52] Bluetooth: hci4: unexpected event 0x20 length: 12 > 7 [ 505.441503][T14201] input: syz1 as /devices/virtual/input/input159 [ 505.478719][T14202] netlink: 884 bytes leftover after parsing attributes in process `syz.3.3247'. [ 505.666498][T14206] "syz.4.3249" (14206) uses obsolete ecb(arc4) skcipher [ 505.847643][ T5182] bcm5974 3-1:4.28: could not read from device [ 505.850310][ T43] usb 3-1: USB disconnect, device number 35 [ 505.861275][ T5182] bcm5974 3-1:4.28: could not read from device [ 505.920834][T14216] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3253'. [ 505.983627][T14218] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3253'. [ 506.372558][T14223] veth1_macvtap: left promiscuous mode [ 506.378301][T14223] macsec0: entered promiscuous mode [ 506.389622][T14223] veth1_macvtap: entered promiscuous mode [ 506.395721][T14223] macsec0: left promiscuous mode [ 506.473869][ T52] Bluetooth: hci2: unexpected event 0x20 length: 12 > 7 [ 506.480320][T14225] input: syz1 as /devices/virtual/input/input160 [ 506.501340][T14229] "syz.1.3258" (14229) uses obsolete ecb(arc4) skcipher [ 506.582827][T14232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.602005][T14232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.677390][T14238] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3262'. [ 506.811844][ T43] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 506.972066][ T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 506.981967][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 506.994842][ T43] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 507.004034][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.014336][ T43] usb 2-1: config 0 descriptor?? [ 507.029434][ T5881] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 507.182472][ T5881] usb 5-1: config 4 has an invalid interface number: 28 but max is 0 [ 507.190926][ T5881] usb 5-1: config 4 has no interface number 0 [ 507.200439][ T5881] usb 5-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 507.209705][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.217737][ T5881] usb 5-1: Product: syz [ 507.223019][T14233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.231664][ T5881] usb 5-1: Manufacturer: syz [ 507.236318][ T5881] usb 5-1: SerialNumber: syz [ 507.244288][T14233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.253855][T14233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.262880][T14233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.275287][T14233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.284646][T14233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.288428][ T5881] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:4.28/input/input161 [ 507.295102][T14233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.311880][T14233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.338266][ T43] usbhid 2-1:0.0: can't add hid device: -71 [ 507.344657][ T43] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 507.355518][ T43] usb 2-1: USB disconnect, device number 37 [ 507.706936][T14252] "syz.2.3268" (14252) uses obsolete ecb(arc4) skcipher [ 507.856381][T14255] netlink: 'syz.2.3269': attribute type 1 has an invalid length. [ 508.042689][ T52] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 508.048265][T14261] input: syz1 as /devices/virtual/input/input162 [ 508.075629][T14263] __nla_validate_parse: 1 callbacks suppressed [ 508.075647][T14263] netlink: 892 bytes leftover after parsing attributes in process `syz.3.3273'. [ 508.147689][T14266] netlink: 892 bytes leftover after parsing attributes in process `syz.3.3273'. [ 509.040261][T14278] "syz.3.3277" (14278) uses obsolete ecb(arc4) skcipher [ 509.369373][ T10] usb 4-1: new full-speed USB device number 42 using dummy_hcd [ 509.533292][ T10] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 509.542564][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.552910][ T10] usb 4-1: Product: syz [ 509.557206][ T10] usb 4-1: Manufacturer: syz [ 509.561888][ T10] usb 4-1: SerialNumber: syz [ 509.568364][ T10] usb 4-1: config 0 descriptor?? [ 509.739511][ T5914] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 509.811454][ T5182] bcm5974 5-1:4.28: could not read from device [ 509.823127][ T5182] bcm5974 5-1:4.28: could not read from device [ 509.837399][ T5881] usb 5-1: USB disconnect, device number 17 [ 509.844850][ T5182] bcm5974 5-1:4.28: could not read from device [ 509.859168][T14292] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3283'. [ 509.889392][ T5914] usb 3-1: Using ep0 maxpacket: 32 [ 509.897175][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.915292][ T5914] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.921465][T14294] input: syz1 as /devices/virtual/input/input163 [ 509.925797][ T52] Bluetooth: hci1: unexpected event 0x20 length: 12 > 7 [ 509.932670][ T5914] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 509.938080][T14295] netlink: 892 bytes leftover after parsing attributes in process `syz.4.3283'. [ 509.942403][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.973433][ T5914] usb 3-1: config 0 descriptor?? [ 509.978576][ T10] airspy 4-1:0.0: Board ID: 00 [ 509.983450][ T10] airspy 4-1:0.0: Firmware version: [ 509.991617][ T5914] hub 3-1:0.0: USB hub found [ 510.194424][ T5914] hub 3-1:0.0: 2 ports detected [ 510.400412][ T5914] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 510.407342][ T5914] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 510.418204][ T5914] usbhid 3-1:0.0: can't add hid device: -71 [ 510.424394][ T5914] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 510.450339][ T5914] usb 3-1: USB disconnect, device number 36 [ 510.909493][ T31] INFO: task udevd:5197 blocked for more than 143 seconds. [ 510.919316][ T31] Not tainted syzkaller #0 [ 510.924308][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 510.954599][ T31] task:udevd state:D stack:22664 pid:5197 tgid:5197 ppid:1 task_flags:0x400140 flags:0x00080000 [ 510.975457][ T31] Call Trace: [ 510.979020][ T31] [ 510.982148][ T31] __schedule+0x1848/0x4ec0 [ 511.001316][ T31] ? kasan_save_free_info+0x46/0x50 [ 511.014842][ T10] airspy 4-1:0.0: usb_control_msg() failed -71 request 10 [ 511.023183][ T31] ? tomoyo_check_open_permission+0x2c2/0x3b0 [ 511.031567][ T31] ? do_dentry_open+0x384/0x13f0 [ 511.037409][ T31] ? do_sys_openat2+0x121/0x1c0 [ 511.048357][ T10] airspy 4-1:0.0: Registered as swradio24 [ 511.063364][ T31] ? __lock_acquire+0xab9/0xd20 [ 511.078717][ T10] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 511.089385][ T31] ? __lock_acquire+0xab9/0xd20 [ 511.094282][ T31] ? __pfx___schedule+0x10/0x10 [ 511.102100][ T31] ? schedule+0x91/0x360 [ 511.106422][ T31] schedule+0x165/0x360 [ 511.111174][ T10] usb 4-1: USB disconnect, device number 42 [ 511.124749][ T31] schedule_preempt_disabled+0x13/0x30 [ 511.130843][ T31] __mutex_lock+0x7e6/0x1350 [ 511.135641][ T31] ? __mutex_lock+0x5bb/0x1350 [ 511.140944][ T31] ? bdev_open+0xe0/0xd30 [ 511.145752][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 511.152405][ T31] ? disk_block_events+0xab/0x120 [ 511.157484][ T31] ? bdev_open+0xaf/0xd30 [ 511.161939][ T31] bdev_open+0xe0/0xd30 [ 511.168237][ T31] blkdev_open+0x457/0x600 [ 511.172749][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 511.177699][ T31] do_dentry_open+0x953/0x13f0 [ 511.182687][ T31] vfs_open+0x3b/0x340 [ 511.186798][ T31] ? path_openat+0x2ecd/0x3830 [ 511.191893][ T31] path_openat+0x2ee5/0x3830 [ 511.196571][ T31] ? kasan_save_stack+0x3e/0x60 [ 511.201587][ T31] ? call_rcu+0x157/0x9c0 [ 511.205930][ T31] ? __pfx_path_openat+0x10/0x10 [ 511.210912][ T31] do_filp_open+0x1fa/0x410 [ 511.215440][ T31] ? __lock_acquire+0xab9/0xd20 [ 511.220441][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 511.225514][ T31] ? _raw_spin_unlock+0x28/0x50 [ 511.230614][ T31] ? alloc_fd+0x64c/0x6c0 [ 511.235057][ T31] do_sys_openat2+0x121/0x1c0 [ 511.240108][ T31] ? fput_close_sync+0x113/0x220 [ 511.245119][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 511.250435][ T31] ? fput_close_sync+0x113/0x220 [ 511.255380][ T31] ? __pfx_fput_close_sync+0x10/0x10 [ 511.261004][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 511.267475][ T31] __x64_sys_openat+0x138/0x170 [ 511.272415][ T31] do_syscall_64+0xfa/0xfa0 [ 511.276931][ T31] ? irqentry_exit+0x10f/0x640 [ 511.282155][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.288265][ T31] ? clear_bhb_loop+0x60/0xb0 [ 511.293584][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.299639][ T31] RIP: 0033:0x7f63398a7407 [ 511.304059][ T31] RSP: 002b:00007fff30486a00 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 511.312540][ T31] RAX: ffffffffffffffda RBX: 00007f633a099880 RCX: 00007f63398a7407 [ 511.320845][ T31] RDX: 00000000000a0800 RSI: 000055893e49ed60 RDI: ffffffffffffff9c [ 511.328972][ T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 511.337091][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 511.345211][ T31] R13: 0000558916fa0100 R14: 0000000000000000 R15: 00007fff30486c90 [ 511.353255][ T31] [ 511.356319][ T31] INFO: task syz.0.2135:11354 blocked for more than 143 seconds. [ 511.364358][ T31] Not tainted syzkaller #0 [ 511.370213][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 511.379530][ T31] task:syz.0.2135 state:D stack:28040 pid:11354 tgid:11353 ppid:8621 task_flags:0x400140 flags:0x00080002 [ 511.391624][ T31] Call Trace: [ 511.394921][ T31] [ 511.397843][ T31] __schedule+0x1848/0x4ec0 [ 511.402468][ T31] ? __lock_acquire+0xab9/0xd20 [ 511.407339][ T31] ? __lock_acquire+0xab9/0xd20 [ 511.412303][ T31] ? __pfx___schedule+0x10/0x10 [ 511.417239][ T31] ? schedule+0x91/0x360 [ 511.421719][ T31] schedule+0x165/0x360 [ 511.425919][ T31] schedule_preempt_disabled+0x13/0x30 [ 511.431519][ T31] __mutex_lock+0x7e6/0x1350 [ 511.436140][ T31] ? __mutex_lock+0x5bb/0x1350 [ 511.441085][ T31] ? bdev_release+0x1a9/0x650 [ 511.445828][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 511.450923][ T31] ? dput+0x80/0x2b0 [ 511.454850][ T31] ? __pfx___fsnotify_parent+0x10/0x10 [ 511.460392][ T31] ? do_raw_spin_lock+0x121/0x290 [ 511.465467][ T31] bdev_release+0x1a9/0x650 [ 511.471577][ T31] ? __pfx_blkdev_release+0x10/0x10 [ 511.476819][ T31] blkdev_release+0x15/0x20 [ 511.481452][ T31] __fput+0x44c/0xa70 [ 511.485476][ T31] task_work_run+0x1d4/0x260 [ 511.490127][ T31] ? __pfx_task_work_run+0x10/0x10 [ 511.495354][ T31] ? __fput_deferred+0x215/0x390 [ 511.500491][ T31] ? exit_to_user_mode_loop+0x55/0x4f0 [ 511.505976][ T31] exit_to_user_mode_loop+0xff/0x4f0 [ 511.511442][ T31] ? rcu_is_watching+0x15/0xb0 [ 511.516217][ T31] do_syscall_64+0x2e9/0xfa0 [ 511.520849][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.527002][ T31] ? clear_bhb_loop+0x60/0xb0 [ 511.531858][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.537781][ T31] RIP: 0033:0x7f5eaaf8f6c9 [ 511.542424][ T31] RSP: 002b:00007f5eabd7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 511.556507][ T31] RAX: 0000000000000000 RBX: 00007f5eab1e5fa0 RCX: 00007f5eaaf8f6c9 [ 511.568615][ T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000003 [ 511.580100][ T31] RBP: 00007f5eab011f91 R08: 0000000000000000 R09: 0000000000000000 [ 511.588117][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.596130][ T31] R13: 00007f5eab1e6038 R14: 00007f5eab1e5fa0 R15: 00007ffc4b49f2a8 [ 511.604263][ T31] [ 511.607320][ T31] [ 511.607320][ T31] Showing all locks held in the system: [ 511.615102][ T31] 1 lock held by khungtaskd/31: [ 511.620092][ T31] #0: ffffffff8e33b6e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 511.630121][ T31] 3 locks held by kworker/u9:0/52: [ 511.635250][ T31] #0: ffff88806833b948 ((wq_completion)hci2){+.+.}-{0:0}, at: process_one_work+0x841/0x15d0 [ 511.645500][ T31] #1: ffffc90000bd7b80 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15d0 [ 511.657603][ T31] #2: ffff888033fccdc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d3/0x400 [ 511.667572][ T31] 1 lock held by syslogd/5179: [ 511.672419][ T31] #0: ffff8880b873a1d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 511.684466][ T31] 1 lock held by udevd/5197: [ 511.689099][ T31] #0: ffff888141b29358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 511.698537][ T31] 2 locks held by getty/5591: [ 511.703259][ T31] #0: ffff888034a310a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 511.713189][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 511.723459][ T31] 1 lock held by udevd/5839: [ 511.728085][ T31] #0: ffff888141b29358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30 [ 511.737435][ T31] 2 locks held by kworker/u8:7/6002: [ 511.742785][ T31] #0: ffff888144e83148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x841/0x15d0 [ 511.753479][ T31] #1: ffffc9000a8dfb80 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x868/0x15d0 [ 511.765081][ T31] 1 lock held by syz.0.2135/11354: [ 511.770240][ T31] #0: ffff888141b29358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x1a9/0x650 [ 511.781332][ T31] [ 511.783709][ T31] ============================================= [ 511.783709][ T31] [ 511.798564][ T31] NMI backtrace for cpu 1 [ 511.798582][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 511.798604][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 511.798616][ T31] Call Trace: [ 511.798624][ T31] [ 511.798633][ T31] dump_stack_lvl+0x189/0x250 [ 511.798667][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 511.798692][ T31] ? __pfx__printk+0x10/0x10 [ 511.798739][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 511.798764][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 511.798789][ T31] ? __pfx__printk+0x10/0x10 [ 511.798816][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 511.798851][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 511.798876][ T31] watchdog+0xfa9/0xff0 [ 511.798906][ T31] ? watchdog+0x1f4/0xff0 [ 511.798956][ T31] kthread+0x711/0x8a0 [ 511.798987][ T31] ? __pfx_watchdog+0x10/0x10 [ 511.799011][ T31] ? __pfx_kthread+0x10/0x10 [ 511.799039][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 511.799064][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 511.799090][ T31] ? __pfx_kthread+0x10/0x10 [ 511.799118][ T31] ret_from_fork+0x599/0xb30 [ 511.799141][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 511.799173][ T31] ? __switch_to_asm+0x39/0x70 [ 511.799198][ T31] ? __switch_to_asm+0x33/0x70 [ 511.799223][ T31] ? __pfx_kthread+0x10/0x10 [ 511.799254][ T31] ret_from_fork_asm+0x1a/0x30 [ 511.799297][ T31] [ 511.941193][ T31] Sending NMI from CPU 1 to CPUs 0: [ 511.946451][ C0] NMI backtrace for cpu 0 [ 511.946469][ C0] CPU: 0 UID: 0 PID: 62 Comm: kworker/u8:4 Not tainted syzkaller #0 PREEMPT(full) [ 511.946488][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 511.946499][ C0] Workqueue: bat_events batadv_mcast_mla_update [ 511.946523][ C0] RIP: 0010:kasan_check_range+0x9f/0x2c0 [ 511.946548][ C0] Code: 00 fc ff df 4d 8d 34 19 4d 89 f4 4d 29 dc 49 83 fc 10 7f 29 4d 85 e4 0f 84 41 01 00 00 4c 89 cb 48 f7 d3 4c 01 fb 41 80 3b 00 <0f> 85 de 01 00 00 49 ff c3 48 ff c3 75 ee e9 21 01 00 00 44 89 dd [ 511.946562][ C0] RSP: 0018:ffffc9000213f3b0 EFLAGS: 00000246 [ 511.946576][ C0] RAX: ffff88801bfc9e01 RBX: fffffffffffffffa RCX: ffffffff817457a6 [ 511.946588][ C0] RDX: 0000000000000001 RSI: 0000000000000060 RDI: ffffc9000213f468 [ 511.946599][ C0] RBP: 0000000000000000 R08: ffffc9000213f4c7 R09: 1ffff92000427e98 [ 511.946611][ C0] R10: dffffc0000000000 R11: fffff52000427e93 R12: 000000000000000c [ 511.946622][ C0] R13: ffff88801bfc9e80 R14: fffff52000427e99 R15: 1ffff92000427e8d [ 511.946635][ C0] FS: 0000000000000000(0000) GS:ffff888125a8b000(0000) knlGS:0000000000000000 [ 511.946648][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 511.946659][ C0] CR2: 00007ff25b5b3ad8 CR3: 0000000075d46000 CR4: 00000000003526f0 [ 511.946676][ C0] Call Trace: [ 511.946682][ C0] [ 511.946692][ C0] __asan_memset+0x22/0x50 [ 511.946710][ C0] __unwind_start+0x36/0x760 [ 511.946732][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 511.946763][ C0] arch_stack_walk+0xe4/0x150 [ 511.946786][ C0] stack_trace_save+0x9c/0xe0 [ 511.946808][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 511.946832][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 511.946855][ C0] ? arch_stack_walk+0x11c/0x150 [ 511.946872][ C0] kasan_save_track+0x3e/0x80 [ 511.946915][ C0] __kasan_kmalloc+0x93/0xb0 [ 511.946936][ C0] __kmalloc_cache_noprof+0x3e2/0x700 [ 511.946957][ C0] ? batadv_mcast_mla_update+0xf9a/0x3600 [ 511.946976][ C0] batadv_mcast_mla_update+0xf9a/0x3600 [ 511.946992][ C0] ? batadv_mcast_mla_update+0x179/0x3600 [ 511.947012][ C0] ? register_lock_class+0x51/0x320 [ 511.947028][ C0] ? __pfx_batadv_mcast_mla_update+0x10/0x10 [ 511.947047][ C0] ? __lock_acquire+0xab9/0xd20 [ 511.947071][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 511.947092][ C0] ? process_one_work+0x868/0x15d0 [ 511.947107][ C0] process_one_work+0x94a/0x15d0 [ 511.947122][ C0] ? __lock_acquire+0xab9/0xd20 [ 511.947147][ C0] ? __pfx_process_one_work+0x10/0x10 [ 511.947166][ C0] ? assign_work+0x3a1/0x410 [ 511.947185][ C0] worker_thread+0x9b0/0xee0 [ 511.947213][ C0] kthread+0x711/0x8a0 [ 511.947239][ C0] ? __pfx_worker_thread+0x10/0x10 [ 511.947256][ C0] ? __pfx_kthread+0x10/0x10 [ 511.947276][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 511.947294][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 511.947313][ C0] ? __pfx_kthread+0x10/0x10 [ 511.947333][ C0] ret_from_fork+0x599/0xb30 [ 511.947349][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 511.947369][ C0] ? __switch_to_asm+0x39/0x70 [ 511.947389][ C0] ? __switch_to_asm+0x33/0x70 [ 511.947408][ C0] ? __pfx_kthread+0x10/0x10 [ 511.947427][ C0] ret_from_fork_asm+0x1a/0x30 [ 511.947455][ C0] [ 513.629496][ T5832] Bluetooth: hci2: command 0x0406 tx timeout