last executing test programs: 14.168537176s ago: executing program 0 (id=1100): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e21, @broadcast}, 0x10) sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x40002) r5 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0) read$msr(r5, &(0x7f0000048040)=""/102392, 0x18ff8) socket$inet(0x2b, 0x801, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000180)={0x0, 0x1, 0x7, 0x15, 0x200, &(0x7f0000000880)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a7309002500000000000f4743f490c585108c1331c7749299a25a705f5096cb268cbc60efd680e1be250700000000000000472471ff550c0010000007f3c7b61abe4162256004ea8ca512b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413fcea0ce9ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3f303a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a3cff46591ccaff3075b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a2b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6d07002ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293e37966611602f297de6ff5408777d7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f63520cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c909cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f80000000000000000000000000000000000000000000000000200"}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r4, r1, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r4, r7, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r8, &(0x7f00000002c0)=[{}], 0xdeadbeef, 0x8, 0x1}) ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000300)={0x8, r8}) ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f0000000380)={0x24, 0x0, r4, 0x1c, &(0x7f00000003c0)=""/28}) ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000400)={0x8, r3}) close(r0) 12.452480061s ago: executing program 0 (id=1105): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000000200)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2) sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2000c000) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0xfffe, 0x2}, 0xe) connect$packet(r0, &(0x7f00000001c0)={0x1f, 0x8, 0x0, 0x1, 0x2, 0x6, @remote}, 0x14) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(0x0, r3) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IP_VS_SO_SET_STARTDAEMON(r6, 0x0, 0x48b, &(0x7f0000000040)={0x1, 'syz_tun\x00', 0x1}, 0x18) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14) ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000180)={'wpan0\x00'}) 10.642159321s ago: executing program 1 (id=1109): syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40383, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_ONE_REG(r0, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, &(0x7f0000000300)=0xd8}) ioctl$KVM_RUN(r0, 0xae80, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000340)={@broadcast, @private}, &(0x7f0000000380)=0xc) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r3], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000440)={'ip6_vti0\x00', &(0x7f00000003c0)={'syztnl2\x00', 0x0, 0x29, 0x8, 0x3, 0x1, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x10, 0x8000, 0x8, 0x2}}) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r2, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x5) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) r4 = fanotify_init(0x4, 0x101000) fanotify_mark(r4, 0x1, 0x8100000, 0xffffffffffffffff, 0x0) r5 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x1c, 0x8002, [@TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x1d}, @TCA_FQ_PIE_BETA={0x8, 0x6, 0xf}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd2d8}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 9.940399226s ago: executing program 0 (id=1110): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x1411, 0x301, 0x70bd2a, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x24048041}, 0x20000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}) 9.871156729s ago: executing program 2 (id=1111): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000440)='B'}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000200)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 8.536645236s ago: executing program 3 (id=1112): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000400)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x68c81, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = syz_open_dev$vivid(&(0x7f0000000240), 0x0, 0x2) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r7 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e000000013"], 0xe0}}, 0x0) ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000500)={0xe, @pix={0x4, 0x5, 0x38415261, 0x2, 0x80000001, 0x1, 0xa, 0xc, 0x1, 0x2, 0x1, 0x5}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x6000) openat$comedi(0xffffffffffffff9c, 0x0, 0x22c00, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000100)) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 8.511931727s ago: executing program 1 (id=1113): syz_open_dev$video(&(0x7f0000000000), 0x7fff, 0x40800) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') syz_emit_ethernet(0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaa000000e0193d2209b7610000000088a80000810000"], 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = userfaultfd(0x801) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) unshare(0x2c020400) syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x5888, 0x800, 0x2, 0x212}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x104, 0x0, 0x1}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc018aa06, &(0x7f0000000100)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) getdents64(r0, &(0x7f0000000100)=""/83, 0x53) 7.486590808s ago: executing program 2 (id=1114): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleav']) chdir(&(0x7f0000000240)='./file0\x00') r0 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 7.321127306s ago: executing program 1 (id=1115): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, r1, {0x2, 0x9}}, './file0\x00'}) sendmsg$NFT_BATCH(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000af0000000000a0108000000000000000000000003c3000600ea140d3d27d2844b13b2787322b5f9c3339d4c8283cbfe6d4bb8f21b38b2aa583c8c4549efb2d013650f6dd34caccedb8db4cf58a41defc977723f4261a78270cc2c4b6e56b83a3234df6a6fbfc31edf62676a07b902d01e4f09f283bf5764996a511039d35934a46252c136b405b8d703b718ae87246a70895bb2e67c7a84f33b3805f98c8bcdea5256ba7a6fd0d57e60252c2296f8e6bfa33438875378585cd7a61f77990c59eba48e595c8cd4bebdbdffab360d6440cbf49d7ec957da7300040006000900010073797a3100000000080002400000000294010000140a0500000000000000000000000004b60008004084e3e675277a5055639cdbb18e2227a6ff83c98178976938014c7fcde75068d9a8e34bfe9badba78b379f20000000000000032af0fcf4a587bbf8a9c65745126e5022408ace1064ec7c4e03ad8e5d527ec15e3666c21e644ee787bb1734e43296e45e6931c9474fb3be1574c5191857534288e938ab17b6e71fc7b6ca73b295ee1bcc649517f39939ba183231d1723cdfdda66294d9a29b7abc41c90d5bf26da50ddce6b95e87f3337dcda1b3a452c023a00009a000800a8d3e9d2ff7753353bf5021f5bf25ad1b779528ae3195e65def675f8da060caf2507bb5661cfc8ea90cbc817ccb7b7bb8a5bc5516183dad191dc5c7e40c1d69038e1e89af0244994afd8438f8cace09b8836930e525c52a3b068835d3f936b981c57ddf281d0a7e2535be86ee172e20f9a9da7cd7dd130744ecf07d800bdb6b8112c31e74f9a97139335f440ceff9f5a57b4e1a0b98bb55b1ddb72c7197d664e00000900010073797a300000000008000340000000030900020073797a32000000000c0006400000000000000002300000000c0a000000000000000000000700000a08000440000000030900010073797a310000000008000440000000011c000000090a01010000000000000000050000060800084000000000b80000000b0a01010000000000000000040000060c001040000000000000000108000840000000000900020073797a310000000063000d40bbed57afad0f0c7acab5e7"], 0x3b0}, 0x1, 0x0, 0x0, 0x40000001}, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xf8e14000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, 0x0, 0x0, 0x2, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1) sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000000300), 0x0) r6 = socket(0x10, 0x2, 0x0) write(r6, &(0x7f0000000480)="1c0000001a009b8a140000003b000000000000000000000000000000fda35065733173ae72a0d270d958f739b6d44c893b03599f77a332b446ea93568ae2ff534952656c6a18b6c0fdcec321127ee28705f2496eb43654255c5cc688f71db82bab173f4e19361ac01c1b0a2d22", 0x6d) recvmmsg(r6, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180), 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[], 0x0) 6.496432627s ago: executing program 2 (id=1116): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000005c0)={0x50, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x15, 0x13, [{0x30, 0x1}, {0x36}, {0x2, 0x1}, {0x4}, {0x36}, {0x4, 0x1}, {0x36}, {0x48, 0x1}, {0x60}, {0x36, 0x1}, {0x1, 0x1}, {0x36, 0x1}, {0x5, 0x1}, {0x6, 0x1}, {0x30, 0x1}, {0xc}, {0xc}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x4000010) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000000c0)=0x2009, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000004c0)="4d24fab17cc53b5340bc33eb4fc3132b2c67f0896f1ec98372502616929291d24104940c060021dcd5d1719ae9d9f0e6d4667c8d249aa2008237a26db05cd6a1a922193831774c6e79eb1bc887354c559f462b92bd81fde5cca654a99e6690da0f3bba8d3d61e8175739597b045a93d84fcd2d027e642500e7e79d2660ad3ed3cf26ffaed60ca6b64d13e34dedc24f2cb3086044a9ebc98045", 0x99) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r7 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, 0x0, 0x800) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000280), &(0x7f00000002c0)=0x4) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 6.335266985s ago: executing program 0 (id=1117): socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [0x8, 0x1]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, 0x0) close(0x3) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x900, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_SETGAMMA(0xffffffffffffffff, 0xc02064a5, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000240)="8f0978d21b640fc79ca50000c0fe470f06430f01c2440f20c0ac0a0000e39d9d0f22c066460f38809bf77f00000f214a0fc73d0d0000003e653666400fc7775f400f01c4", 0x44}], 0x1, 0x10, 0x0, 0x0) openat$dma_heap(0xffffffffffffff9c, 0x0, 0x2040, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.156216194s ago: executing program 1 (id=1118): bpf$PROG_LOAD(0x5, 0x0, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8) fcntl$setownex(0xffffffffffffffff, 0xf, 0x0) io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000003c0)={0x7, @pix={0x6, 0x2, 0x1017411, 0x9, 0x5, 0x8a, 0xa, 0x8, 0x0, 0x8, 0x0, 0x6}}) socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$rds(0x15, 0x5, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1, 0x3}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f00000004c0)}}], 0x90}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80) r4 = dup3(r3, r2, 0x0) recvmmsg$unix(r4, &(0x7f0000002700)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000002c0)=""/146, 0x92}], 0x1}}, {{0x0, 0x0, &(0x7f0000001fc0)=[{&(0x7f0000001a40)=""/25, 0x19}], 0x1}}, {{0x0, 0x0, &(0x7f0000001100)=[{&(0x7f0000002940)=""/206, 0xce}], 0x1}}, {{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000002340)=""/191, 0xbf}, {0x0}], 0x2, &(0x7f00000026c0)}}], 0x4, 0x58ca0280, 0x0) 5.419719321s ago: executing program 2 (id=1119): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f00000023c0)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {0x0, 0x5, 0x20000000}, {0x0, 0x8, 0x1}, {0x0, 0x10}, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xf329, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x6}) 5.092639927s ago: executing program 2 (id=1120): getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x12, 0x4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{}, &(0x7f0000000100)=0x7d8, &(0x7f0000000140)='%pi6 \x00'}, 0x20) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) 4.129390205s ago: executing program 3 (id=1121): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x5cee313670d5fda3}) socket$inet_tcp(0x2, 0x1, 0x0) socket$kcm(0x10, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000fcfeffff8500000013000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x23}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1805000000000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000003c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0xa, [@struct={0x8, 0x4, 0x0, 0xf, 0x0, 0xffffffff, [{0xe, 0x0, 0x3}, {0x7, 0x3, 0xfffffffd}, {0x8, 0x0, 0x2}, {0xf, 0x1, 0xf48e}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x5e, 0x0, 0x6}, 0x28) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) syz_init_net_socket$netrom(0x6, 0x5, 0x0) pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file1/file4\x00', &(0x7f0000000280), 0x804010, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@aname={'aname', 0x3d, '/dev/snd/midiC#D#\x00'}}]}}) 4.080669177s ago: executing program 1 (id=1122): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, &(0x7f0000001300)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r0 = socket$key(0xf, 0x3, 0x2) recvmmsg(r0, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @remote}, 0x1c) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x12, r3, 0x108000) ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, 0x0) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r4 = socket$netlink(0x10, 0x3, 0xc) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x10}}, 0xc) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=""/137, &(0x7f0000695ffc)=0xbf) bind$netlink(r4, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x40102, 0x0) 4.02442284s ago: executing program 0 (id=1123): pselect6(0x9a, &(0x7f0000000100)={0x4, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x1}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 2.244520739s ago: executing program 2 (id=1124): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleav']) chdir(&(0x7f0000000240)='./file0\x00') r0 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0) ftruncate(r0, 0x2007ffc) sendfile(r0, r0, 0x0, 0x800000009) 2.244054889s ago: executing program 0 (id=1125): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x350, 0xffffffff, 0x1b0, 0x0, 0xe0, 0xfeffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @multicast1}, [0xff, 0x0, 0xff000000, 0xffffff00], [0xffffffff, 0xffffff00, 0xffffffff, 0xff000000], 'ip6erspan0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x23, 0x3, 0x2}, 0x2f2, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x4, 0x3}, {0xffffffffffffffff, 0x1, 0x1}, {0x3, 0x5, 0x6}, 0x10000}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x4}}}, {{@ipv6={@private0, @rand_addr=' \x01\x00', [0xff, 0x0, 0xff000000], [0x0, 0xffffffff, 0xff000000, 0xffffff00], 'macvtap0\x00', 'batadv_slave_0\x00', {0xff}, {0xff}, 0x2c, 0x79, 0x4, 0x44}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettfilter={0x3c, 0x2e, 0x400, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xf, 0xfff1}, {0xe, 0xf}, {0x8, 0xffff}}, [{0x8, 0xb, 0x9}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0xc0e}]}, 0x3c}}, 0x0) socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x8000, 0x0) getdents64(r0, &(0x7f0000000e00)=""/4102, 0x1006) r1 = creat(&(0x7f0000000200)='./file0\x00', 0x17e) close(r1) lseek(0xffffffffffffffff, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r3, &(0x7f00000000c0)={0x1d, r4}, 0x18) connect$can_j1939(r3, &(0x7f0000000140)={0x1d, r4, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r3, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000240)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, 0x0, 0x10) sendmsg$xdp(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4090}, 0x0) sendmsg$alg(r5, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) 2.139557564s ago: executing program 1 (id=1126): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x1411, 0x301, 0x70bd2a, 0x25dfdbfb}, 0x10}, 0x1, 0x0, 0x0, 0x24048041}, 0x20000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x300, 0x3f, 0x32, 0x1, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe07, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3}) 2.044081739s ago: executing program 3 (id=1127): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20000014) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f00000005c0)={0x50, r5, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x15, 0x13, [{0x30, 0x1}, {0x36}, {0x2, 0x1}, {0x4}, {0x36}, {0x4, 0x1}, {0x36}, {0x48, 0x1}, {0x60}, {0x36, 0x1}, {0x1, 0x1}, {0x36, 0x1}, {0x5, 0x1}, {0x6, 0x1}, {0x30, 0x1}, {0xc}, {0xc}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc0}, 0x4000010) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000000c0)=0x2009, 0x4) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$rtc(0xffffff9c, &(0x7f0000000040), 0xa200, 0x0) write$dsp(0xffffffffffffffff, &(0x7f00000004c0)="4d24fab17cc53b5340bc33eb4fc3132b2c67f0896f1ec98372502616929291d24104940c060021dcd5d1719ae9d9f0e6d4667c8d249aa2008237a26db05cd6a1a922193831774c6e79eb1bc887354c559f462b92bd81fde5cca654a99e6690da0f3bba8d3d61e8175739597b045a93d84fcd2d027e642500e7e79d2660ad3ed3cf26ffaed60ca6b64d13e34dedc24f2cb3086044a9ebc98045", 0x99) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r7 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000)={0x9, @remote}, 0x0, 0x800) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000280), &(0x7f00000002c0)=0x4) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 1.889178276s ago: executing program 3 (id=1128): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) socket(0x840000000002, 0x3, 0xff) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x3f, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x3, &(0x7f0000000500)=ANY=[@ANYRES8=r1], &(0x7f0000000140)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xd}, 0x94) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) socket(0xa, 0x5, 0x0) fanotify_init(0x0, 0x0) r5 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r5, 0x0) 1.130686814s ago: executing program 3 (id=1129): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000400)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x68c81, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = syz_open_dev$vivid(&(0x7f0000000240), 0x0, 0x2) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'essiv(authenc(rmd160-generic,cbc-camellia-aesni-avx2),sha1-avx)\x00'}, 0x58) r7 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$nl_crypto(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e000000013"], 0xe0}}, 0x0) ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000500)={0xe, @pix={0x4, 0x5, 0x38415261, 0x2, 0x80000001, 0x1, 0xa, 0xc, 0x1, 0x2, 0x1, 0x5}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x6000) openat$comedi(0xffffffffffffff9c, 0x0, 0x22c00, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000100)) ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000}) 0s ago: executing program 3 (id=1130): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = syz_open_dev$vim2m(0x0, 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285628, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x6) bind$alg(r1, 0x0, 0x0) accept(r1, 0x0, 0x0) bind$alg(r1, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xfff7e002, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {0xffff, 0xffff}, {0x6, 0xc}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000041}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. [ 58.358249][ T5749] cgroup: Unknown subsys name 'net' [ 58.492305][ T5749] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.871370][ T5749] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 61.925324][ T5771] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 61.934006][ T5771] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 61.943205][ T5771] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 61.951525][ T5771] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 61.959174][ T5771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 61.966892][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 61.975612][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 61.975908][ T5777] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 61.991424][ T5779] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.991852][ T5777] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 62.007004][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 62.014730][ T5779] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 62.014898][ T5777] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 62.029855][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 62.032257][ T5777] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 62.043313][ T5771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 62.045451][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 62.056646][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 62.069041][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 62.076482][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 62.084978][ T5779] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 62.099096][ T5778] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 62.107896][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 62.116172][ T5778] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 62.502567][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 62.537084][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 62.643393][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 62.720481][ T5761] chnl_net:caif_netlink_parms(): no params data found [ 62.749470][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.757511][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.765746][ T5764] bridge_slave_0: entered allmulticast mode [ 62.774057][ T5764] bridge_slave_0: entered promiscuous mode [ 62.789217][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.797161][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.804391][ T5763] bridge_slave_0: entered allmulticast mode [ 62.811321][ T5763] bridge_slave_0: entered promiscuous mode [ 62.818889][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.826378][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.833555][ T5763] bridge_slave_1: entered allmulticast mode [ 62.840452][ T5763] bridge_slave_1: entered promiscuous mode [ 62.851528][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.861786][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.869038][ T5764] bridge_slave_1: entered allmulticast mode [ 62.875767][ T5764] bridge_slave_1: entered promiscuous mode [ 62.943491][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.975159][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.988322][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.003633][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.021611][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.030733][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.038561][ T5762] bridge_slave_0: entered allmulticast mode [ 63.045261][ T5762] bridge_slave_0: entered promiscuous mode [ 63.054598][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.062162][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.070417][ T5762] bridge_slave_1: entered allmulticast mode [ 63.078181][ T5762] bridge_slave_1: entered promiscuous mode [ 63.143483][ T5763] team0: Port device team_slave_0 added [ 63.161585][ T5764] team0: Port device team_slave_0 added [ 63.182062][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.194189][ T5763] team0: Port device team_slave_1 added [ 63.212315][ T5764] team0: Port device team_slave_1 added [ 63.227378][ T5761] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.234555][ T5761] bridge0: port 1(bridge_slave_0) entered disabled state [ 63.242314][ T5761] bridge_slave_0: entered allmulticast mode [ 63.249254][ T5761] bridge_slave_0: entered promiscuous mode [ 63.257754][ T5761] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.264871][ T5761] bridge0: port 2(bridge_slave_1) entered disabled state [ 63.273078][ T5761] bridge_slave_1: entered allmulticast mode [ 63.280505][ T5761] bridge_slave_1: entered promiscuous mode [ 63.289105][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.324251][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.331323][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.358689][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.390161][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.397295][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.424105][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.436314][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.443284][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.469572][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.501135][ T5762] team0: Port device team_slave_0 added [ 63.514950][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.522558][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.549120][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.563363][ T5761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 63.575867][ T5761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 63.586597][ T5762] team0: Port device team_slave_1 added [ 63.634042][ T5761] team0: Port device team_slave_0 added [ 63.642960][ T5761] team0: Port device team_slave_1 added [ 63.665497][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.672815][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.699252][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.718937][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.725908][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.753269][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.790964][ T5763] hsr_slave_0: entered promiscuous mode [ 63.798094][ T5763] hsr_slave_1: entered promiscuous mode [ 63.821458][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.828537][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.854771][ T5761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.870241][ T5764] hsr_slave_0: entered promiscuous mode [ 63.877786][ T5764] hsr_slave_1: entered promiscuous mode [ 63.884233][ T5764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.893363][ T5764] Cannot create hsr debugfs directory [ 63.917383][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.924351][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.953054][ T5761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 64.043314][ T5762] hsr_slave_0: entered promiscuous mode [ 64.050211][ T5762] hsr_slave_1: entered promiscuous mode [ 64.056640][ T5762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.064213][ T5762] Cannot create hsr debugfs directory [ 64.117442][ T5778] Bluetooth: hci0: command tx timeout [ 64.117454][ T51] Bluetooth: hci2: command tx timeout [ 64.142924][ T5761] hsr_slave_0: entered promiscuous mode [ 64.149381][ T5761] hsr_slave_1: entered promiscuous mode [ 64.155398][ T5761] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 64.163514][ T5761] Cannot create hsr debugfs directory [ 64.196266][ T5778] Bluetooth: hci1: command tx timeout [ 64.196309][ T51] Bluetooth: hci3: command tx timeout [ 64.443501][ T5764] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 64.469071][ T5764] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.478879][ T5764] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.499099][ T5764] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.557099][ T5763] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 64.577200][ T5763] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 64.589922][ T5763] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 64.602032][ T5763] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 64.681321][ T5761] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 64.699313][ T5761] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 64.709504][ T5761] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 64.719460][ T5761] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 64.798068][ T5762] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.810016][ T5762] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.828645][ T5762] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.844397][ T5762] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.952184][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.965370][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.005838][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.041154][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.048556][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.069216][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.090713][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.097844][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.121880][ T5761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.134089][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.142369][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.163148][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.171127][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.211524][ T5761] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.235336][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.275445][ T3443] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.283249][ T3443] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.299456][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.314912][ T3443] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.322233][ T3443] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.360655][ T3459] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.367786][ T3459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.381127][ T3459] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.388456][ T3459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.803156][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.858642][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.905397][ T5761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.988553][ T5763] veth0_vlan: entered promiscuous mode [ 66.004677][ T5764] veth0_vlan: entered promiscuous mode [ 66.044802][ T5764] veth1_vlan: entered promiscuous mode [ 66.054657][ T5763] veth1_vlan: entered promiscuous mode [ 66.072542][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.106165][ T5761] veth0_vlan: entered promiscuous mode [ 66.132892][ T5763] veth0_macvtap: entered promiscuous mode [ 66.150724][ T5763] veth1_macvtap: entered promiscuous mode [ 66.165491][ T5761] veth1_vlan: entered promiscuous mode [ 66.192700][ T5764] veth0_macvtap: entered promiscuous mode [ 66.199182][ T51] Bluetooth: hci0: command tx timeout [ 66.206807][ T51] Bluetooth: hci2: command tx timeout [ 66.230149][ T5762] veth0_vlan: entered promiscuous mode [ 66.238591][ T5764] veth1_macvtap: entered promiscuous mode [ 66.267082][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.277645][ T51] Bluetooth: hci3: command tx timeout [ 66.282879][ T5778] Bluetooth: hci1: command tx timeout [ 66.300066][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.323083][ T5763] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.333357][ T5763] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.343192][ T5763] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.352154][ T5763] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.363707][ T5761] veth0_macvtap: entered promiscuous mode [ 66.372744][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.384213][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.396472][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.404464][ T5762] veth1_vlan: entered promiscuous mode [ 66.442568][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.453491][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.465617][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.478047][ T5761] veth1_macvtap: entered promiscuous mode [ 66.499592][ T5764] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.508965][ T5764] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.519468][ T5764] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.529614][ T5764] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.574319][ T5762] veth0_macvtap: entered promiscuous mode [ 66.583645][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.594763][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.608124][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.619342][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.630965][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.642716][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.655352][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.669699][ T5761] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.681108][ T5761] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.692781][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.703213][ T5762] veth1_macvtap: entered promiscuous mode [ 66.731884][ T5761] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.741790][ T5761] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.751345][ T5761] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.760934][ T5761] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.793261][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.804078][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.814866][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.825466][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.835874][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.847122][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.858955][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.903378][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.924535][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.934880][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.946687][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.957564][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.968331][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.980035][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.013346][ T3443] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.022714][ T3443] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.029361][ T5762] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.043068][ T5762] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.051939][ T5762] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.061153][ T5762] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.120831][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.138039][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.166253][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.177997][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.274146][ T3443] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.288642][ T3443] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.304749][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.339841][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.373750][ T3443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.385102][ T3443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.393670][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.402930][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.503689][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.522595][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.049744][ T5778] Bluetooth: hci2: command tx timeout [ 69.055302][ T5778] Bluetooth: hci0: command tx timeout [ 69.056770][ T51] Bluetooth: hci3: command tx timeout [ 69.061560][ T5778] Bluetooth: hci1: command tx timeout [ 69.490982][ T5823] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 69.804472][ T5823] usb 3-1: Using ep0 maxpacket: 16 [ 69.896875][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 69.978673][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.039256][ T5823] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 70.074344][ T5823] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 70.093735][ T5823] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.305372][ T5823] usb 3-1: config 0 descriptor?? [ 70.823573][ T5823] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 70.873677][ T5823] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 70.905426][ T5823] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 70.970636][ T5823] appleir 0003:05AC:8241.0001: unknown main item tag 0x0 [ 71.052572][ T5823] appleir 0003:05AC:8241.0001: item fetching failed at offset 4/5 [ 71.077972][ T5779] Bluetooth: hci3: command tx timeout [ 71.077990][ T5778] Bluetooth: hci0: command tx timeout [ 71.083653][ T51] Bluetooth: hci1: command tx timeout [ 71.089453][ T5778] Bluetooth: hci2: command tx timeout [ 71.203881][ T5823] appleir 0003:05AC:8241.0001: parse failed [ 71.227375][ T5823] appleir: probe of 0003:05AC:8241.0001 failed with error -22 [ 71.297766][ T5854] Zero length message leads to an empty skb [ 71.346543][ T5823] usb 3-1: USB disconnect, device number 2 [ 71.647000][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.663980][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.974982][ T5868] syz.2.14[5868]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.113713][ T5868] netlink: 36 bytes leftover after parsing attributes in process `syz.2.14'. [ 75.442538][ T5888] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 75.830608][ T5888] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 76.933673][ T5888] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.229493][ T5888] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.346137][ T788] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 77.497212][ T5888] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.578307][ T788] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 77.598951][ T5888] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.608495][ T788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.650901][ T788] usb 1-1: Product: syz [ 77.651412][ T5888] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.655195][ T788] usb 1-1: Manufacturer: syz [ 77.695676][ T788] usb 1-1: SerialNumber: syz [ 77.737316][ T788] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 77.773604][ T5825] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 77.788157][ T5888] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.808045][ T5922] binder: 5921:5922 ioctl c0306201 200000000140 returned -14 [ 79.094651][ T968] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 79.173868][ T8] usb 1-1: USB disconnect, device number 2 [ 79.199122][ T28] audit: type=1326 audit(1774505542.900:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5926 comm="syz.1.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2fb79c799 code=0x7ffc0000 [ 79.240927][ T28] audit: type=1326 audit(1774505542.980:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5926 comm="syz.1.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2fb79c799 code=0x7ffc0000 [ 79.386179][ T968] usb 4-1: Using ep0 maxpacket: 16 [ 79.438184][ T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.686576][ T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.696946][ T968] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 79.706178][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 79.711237][ T968] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 79.737831][ T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.742794][ T5825] usb 1-1: Service connection timeout for: 256 [ 79.758542][ T5825] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 79.773757][ T968] usb 4-1: config 0 descriptor?? [ 79.777444][ T5825] ath9k_htc: Failed to initialize the device [ 79.795585][ T8] usb 1-1: ath9k_htc: USB layer deinitialized [ 80.199086][ T5952] netlink: 56 bytes leftover after parsing attributes in process `syz.1.25'. [ 80.373910][ T968] appleir 0003:05AC:8241.0002: unknown main item tag 0x0 [ 81.184033][ T968] appleir 0003:05AC:8241.0002: unknown main item tag 0x0 [ 81.191660][ T968] appleir 0003:05AC:8241.0002: unknown main item tag 0x0 [ 81.206602][ T968] appleir 0003:05AC:8241.0002: unknown main item tag 0x0 [ 81.213762][ T968] appleir 0003:05AC:8241.0002: item fetching failed at offset 4/5 [ 81.222639][ T968] appleir 0003:05AC:8241.0002: parse failed [ 81.228964][ T968] appleir: probe of 0003:05AC:8241.0002 failed with error -22 [ 81.284989][ T968] usb 4-1: USB disconnect, device number 2 [ 81.888633][ T27] cfg80211: failed to load regulatory.db [ 83.435376][ T5975] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 83.448809][ T5975] warning: `syz.3.30' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 84.429661][ T5980] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.586666][ T5991] netlink: 64 bytes leftover after parsing attributes in process `syz.0.33'. [ 84.689622][ T5980] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 84.912176][ T5980] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 85.060688][ T5980] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 86.761200][ T5980] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.878712][ T5980] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.225074][ T5980] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.242842][ T5980] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.499057][ T6026] syzkaller1: entered promiscuous mode [ 87.511357][ T6026] syzkaller1: entered allmulticast mode [ 87.925099][ T6038] netlink: 112 bytes leftover after parsing attributes in process `syz.1.40'. [ 88.923661][ T6043] netlink: 20 bytes leftover after parsing attributes in process `syz.1.42'. [ 90.472921][ T6050] sched: RT throttling activated [ 92.493526][ T6056] use of bytesused == 0 is deprecated and will be removed in the future, [ 92.513139][ T6056] use the actual size instead. [ 92.718181][ T6085] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 92.940629][ T6085] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.113710][ T6085] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 93.847151][ T6085] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 95.176789][ T6085] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.204129][ T6085] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.221447][ T6085] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.406789][ T6120] Device name cannot be null; rc = [-22] [ 95.475721][ T6085] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.857435][ T6124] netlink: 20 bytes leftover after parsing attributes in process `syz.0.56'. [ 96.912857][ T6131] Bluetooth: MGMT ver 1.22 [ 96.933811][ T6131] Bluetooth: hci0: invalid len left 7, exp >= 104 [ 100.234225][ T6165] Device name cannot be null; rc = [-22] [ 100.851066][ T6177] netlink: 'syz.2.69': attribute type 8 has an invalid length. [ 101.621359][ T6186] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 111.006299][ T968] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 112.296415][ T968] usb 1-1: Using ep0 maxpacket: 16 [ 112.310159][ T968] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 112.322527][ T968] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 112.336234][ T968] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 112.352199][ T968] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 112.362080][ T968] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 112.373987][ T968] usb 1-1: config 0 descriptor?? [ 112.884704][ T968] usbhid 1-1:0.0: can't add hid device: -71 [ 112.895056][ T968] usbhid: probe of 1-1:0.0 failed with error -71 [ 112.953096][ T968] usb 1-1: USB disconnect, device number 3 [ 113.433500][ T6307] netlink: 16 bytes leftover after parsing attributes in process `syz.3.108'. [ 116.630928][ T6335] netlink: 56 bytes leftover after parsing attributes in process `syz.1.114'. [ 117.748692][ T6343] netlink: 64 bytes leftover after parsing attributes in process `syz.2.117'. [ 118.096077][ T6346] blktrace: Concurrent blktraces are not allowed on nullb0 [ 120.867563][ T6363] netlink: 20 bytes leftover after parsing attributes in process `syz.1.123'. [ 120.902363][ T6363] comedi comedi0: comedi_config --init_data is deprecated [ 122.473693][ T6378] netlink: 56 bytes leftover after parsing attributes in process `syz.1.127'. [ 123.679890][ T6392] blktrace: Concurrent blktraces are not allowed on nullb0 [ 128.030869][ T6422] netlink: 56 bytes leftover after parsing attributes in process `syz.3.141'. [ 128.629400][ T6426] netlink: 'syz.0.142': attribute type 8 has an invalid length. [ 130.845624][ T6437] ubi31: attaching mtd0 [ 130.863510][ T6437] ubi31: scanning is finished [ 130.869077][ T6437] ubi31: empty MTD device detected [ 131.542406][ T6437] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 133.081816][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.853451][ T6445] netlink: 16 bytes leftover after parsing attributes in process `syz.3.146'. [ 135.942165][ T6466] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 136.928749][ T6466] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.091439][ T6474] Device name cannot be null; rc = [-22] [ 137.550132][ T6466] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 137.663170][ T6466] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 138.237989][ T6466] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.326889][ T6466] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.379538][ T6466] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.447643][ T6466] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 138.501411][ T6486] netlink: 'syz.3.156': attribute type 8 has an invalid length. [ 139.751812][ T6500] netlink: 16 bytes leftover after parsing attributes in process `syz.2.159'. [ 140.071029][ T6512] netlink: 64 bytes leftover after parsing attributes in process `syz.0.160'. [ 140.277572][ T6516] lo speed is unknown, defaulting to 1000 [ 140.306919][ T6516] lo speed is unknown, defaulting to 1000 [ 140.337487][ T6516] lo speed is unknown, defaulting to 1000 [ 140.347920][ T6516] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 140.364899][ T6516] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 140.500046][ T6516] lo speed is unknown, defaulting to 1000 [ 140.538075][ T6516] lo speed is unknown, defaulting to 1000 [ 140.557110][ T6516] lo speed is unknown, defaulting to 1000 [ 140.565528][ T6516] lo speed is unknown, defaulting to 1000 [ 141.121444][ T6527] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.759585][ T6527] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.746992][ T6527] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.938286][ T6527] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.275691][ T6527] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.356847][ T6527] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.407398][ T6527] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.551450][ T6527] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.875567][ T6549] netlink: 20 bytes leftover after parsing attributes in process `syz.0.170'. [ 143.907279][ T6549] comedi comedi0: comedi_config --init_data is deprecated [ 144.343337][ T6560] netlink: 'syz.3.173': attribute type 8 has an invalid length. [ 152.576048][ T6611] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 153.263341][ T6615] Device name cannot be null; rc = [-22] [ 153.583435][ T6617] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'. [ 155.869092][ T6632] syzkaller0: entered promiscuous mode [ 155.891461][ T6632] syzkaller0: entered allmulticast mode [ 157.640534][ T6648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.201'. [ 158.268340][ T6653] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 163.356162][ T6695] blktrace: Concurrent blktraces are not allowed on nullb0 [ 165.786701][ T6712] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 166.016595][ T6713] Device name cannot be null; rc = [-22] [ 167.027814][ T6733] binder: 6731:6733 ioctl c0306201 200000000140 returned -14 [ 167.353830][ T6737] blktrace: Concurrent blktraces are not allowed on nullb0 [ 172.473829][ T6786] blktrace: Concurrent blktraces are not allowed on nullb0 [ 172.487373][ T6784] process 'syz.0.240' launched './file1' with NULL argv: empty string added [ 172.856045][ T968] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 173.323760][ T6795] netlink: 332 bytes leftover after parsing attributes in process `syz.1.244'. [ 173.333796][ T6795] netlink: 196 bytes leftover after parsing attributes in process `syz.1.244'. [ 173.650887][ T968] usb 1-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 173.682420][ T968] usb 1-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 173.701476][ T968] usb 1-1: Product: syz [ 173.708897][ T968] usb 1-1: Manufacturer: syz [ 173.713539][ T968] usb 1-1: SerialNumber: syz [ 173.738479][ T968] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 173.766387][ T6796] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 1, id = 0 [ 175.413748][ T6815] netlink: 'syz.2.249': attribute type 8 has an invalid length. [ 175.748589][ T968] vp7045: USB control message 'out' went wrong. [ 175.762962][ T968] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 175.783731][ T968] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 175.831107][ T968] usb 1-1: USB disconnect, device number 4 [ 177.528554][ T6832] syz.0.254 (6832): attempted to duplicate a private mapping with mremap. This is not supported. [ 178.177106][ T6838] blktrace: Concurrent blktraces are not allowed on nullb0 [ 180.306637][ T6851] nbd0: detected capacity change from 0 to 127 [ 180.339940][ T5778] block nbd0: Receive control failed (result -104) [ 180.789386][ T6857] Device name cannot be null; rc = [-22] [ 182.796271][ T6883] blktrace: Concurrent blktraces are not allowed on nullb0 [ 183.976554][ T6902] netlink: 16 bytes leftover after parsing attributes in process `syz.3.269'. [ 187.508082][ T6934] netlink: 16 bytes leftover after parsing attributes in process `syz.2.275'. [ 187.861162][ T6947] blktrace: Concurrent blktraces are not allowed on nullb0 [ 187.983912][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 187.990301][ T5767] Bluetooth: hci2: command 0x0406 tx timeout [ 188.050737][ T5778] Bluetooth: hci0: command 0x0406 tx timeout [ 188.308679][ T6949] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 193.128782][ T6997] syzkaller0: entered promiscuous mode [ 193.134450][ T6997] syzkaller0: entered allmulticast mode [ 194.192422][ T7010] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 194.535782][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.031273][ T7046] netlink: 64 bytes leftover after parsing attributes in process `syz.1.301'. [ 199.324492][ T7058] netlink: 332 bytes leftover after parsing attributes in process `syz.3.304'. [ 199.341897][ T7058] netlink: 196 bytes leftover after parsing attributes in process `syz.3.304'. [ 202.082946][ T7096] netlink: 64 bytes leftover after parsing attributes in process `syz.1.312'. [ 204.762577][ T27] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 204.967924][ T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 204.987608][ T27] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 205.013502][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.034436][ T27] usb 1-1: config 0 descriptor?? [ 205.074491][ T27] pwc: Askey VC010 type 2 USB webcam detected. [ 205.185935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 206.365939][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 207.125918][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 207.245922][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 207.736632][ T27] pwc: recv_control_msg error -71 req 02 val 2b00 [ 207.755820][ T27] pwc: recv_control_msg error -71 req 02 val 2700 [ 207.781268][ T27] pwc: recv_control_msg error -71 req 02 val 2c00 [ 207.788465][ T27] pwc: recv_control_msg error -71 req 04 val 1000 [ 207.796614][ T27] pwc: recv_control_msg error -71 req 04 val 1300 [ 207.810346][ T27] pwc: recv_control_msg error -71 req 04 val 1400 [ 207.826023][ T27] pwc: recv_control_msg error -71 req 02 val 2000 [ 207.838414][ T27] pwc: recv_control_msg error -71 req 02 val 2100 [ 207.855657][ T27] pwc: recv_control_msg error -71 req 04 val 1500 [ 207.869424][ T27] pwc: recv_control_msg error -71 req 02 val 2500 [ 207.887818][ T27] pwc: recv_control_msg error -71 req 02 val 2400 [ 207.906410][ T27] pwc: recv_control_msg error -71 req 02 val 2600 [ 207.920789][ T27] pwc: recv_control_msg error -71 req 02 val 2900 [ 207.940737][ T27] pwc: recv_control_msg error -71 req 02 val 2800 [ 207.970181][ T27] pwc: recv_control_msg error -71 req 04 val 1100 [ 208.002652][ T27] pwc: recv_control_msg error -71 req 04 val 1200 [ 208.191405][ T27] pwc: Registered as video103. [ 208.404416][ T27] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 208.679158][ T27] usb 1-1: USB disconnect, device number 5 [ 209.450878][ T7157] netlink: 64 bytes leftover after parsing attributes in process `syz.2.327'. [ 210.517568][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 30 seconds [ 210.530569][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 30 seconds [ 210.541821][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 30 seconds [ 210.552887][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 30 seconds [ 214.506115][ T5805] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 214.776030][ T5805] usb 3-1: device descriptor read/64, error -71 [ 215.067204][ T5805] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 215.332408][ T5805] usb 3-1: device descriptor read/64, error -71 [ 216.270066][ T5805] usb usb3-port1: attempt power cycle [ 216.716008][ T5805] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 216.766964][ T5805] usb 3-1: device descriptor read/8, error -71 [ 217.036137][ T5805] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 217.086916][ T5805] usb 3-1: device descriptor read/8, error -71 [ 217.207350][ T5805] usb usb3-port1: unable to enumerate USB device [ 220.356051][ T27] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 220.446084][ T5823] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 220.556132][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 220.577384][ T27] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.595280][ T27] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 220.604922][ T27] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 220.617307][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.626133][ T5823] usb 1-1: Using ep0 maxpacket: 8 [ 220.633769][ T5823] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 220.642573][ T5823] usb 1-1: config 179 has no interface number 0 [ 220.644444][ T27] usb 3-1: config 0 descriptor?? [ 220.663430][ T5823] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 220.692736][ T5823] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 220.704557][ T5823] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 220.716203][ T5823] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 220.739040][ T5823] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 220.757968][ T5823] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 220.774437][ T5823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.788702][ T7265] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 221.246591][ T5823] usb 1-1: USB disconnect, device number 6 [ 221.246648][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 221.260917][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 223.065059][ T27] usb 3-1: USB disconnect, device number 7 [ 224.359969][ T7307] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.718490][ T7307] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.829593][ T7307] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.947318][ T7307] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 226.098394][ T7307] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.147791][ T7307] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.198486][ T7307] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.262091][ T7307] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 227.937965][ T7344] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 230.878571][ T7361] binder: 7360:7361 ioctl c0306201 0 returned -14 [ 231.040707][ T7368] binder: 7360:7368 ioctl c0306201 200000000140 returned -14 [ 236.449344][ T7406] netlink: 332 bytes leftover after parsing attributes in process `syz.3.397'. [ 236.458843][ T7406] netlink: 196 bytes leftover after parsing attributes in process `syz.3.397'. [ 236.807429][ T7409] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 1, id = 0 [ 239.091629][ T7425] binder: 7424:7425 ioctl c0306201 0 returned -14 [ 239.166769][ T7426] binder: 7424:7426 ioctl c0306201 200000000140 returned -14 [ 240.602557][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 60 seconds [ 240.613611][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 60 seconds [ 240.624702][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 60 seconds [ 240.645980][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 60 seconds [ 242.891989][ T7463] binder: 7462:7463 ioctl c0306201 0 returned -14 [ 242.967150][ T7466] binder: 7462:7466 ioctl c0306201 200000000140 returned -14 [ 246.200578][ T5806] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 246.531034][ T5806] usb 4-1: Using ep0 maxpacket: 16 [ 246.542989][ T5806] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.554339][ T5806] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 246.586099][ T5806] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 246.605637][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.638461][ T5806] usb 4-1: config 0 descriptor?? [ 246.650316][ T5806] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 248.653698][ T7514] binder: 7510:7514 ioctl c0306201 200000000140 returned -14 [ 250.272027][ T5768] usb 4-1: USB disconnect, device number 3 [ 254.453216][ T7550] binder: 7544:7550 ioctl c0306201 200000000140 returned -14 [ 256.264950][ T7568] netlink: 64 bytes leftover after parsing attributes in process `syz.0.447'. [ 256.270568][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.300055][ T7565] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 256.408462][ T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 256.757839][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 256.866948][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.981631][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 257.028492][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 257.045687][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.073479][ T8] usb 3-1: config 0 descriptor?? [ 257.093209][ T8] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 257.758215][ T7596] binder: 7591:7596 ioctl c0306201 200000000140 returned -14 [ 257.904865][ T7601] netlink: 16 bytes leftover after parsing attributes in process `syz.3.451'. [ 258.903872][ T5806] usb 3-1: USB disconnect, device number 8 [ 260.098262][ T7606] netlink: 64 bytes leftover after parsing attributes in process `syz.0.458'. [ 262.236017][ T5778] Bluetooth: hci0: unexpected event for opcode 0x080c [ 262.697311][ T7640] binder: 7634:7640 ioctl c0306201 200000000140 returned -14 [ 262.956118][ T27] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 263.136034][ T27] usb 2-1: Using ep0 maxpacket: 16 [ 263.186500][ T27] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 263.357008][ T27] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 263.486207][ T27] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 263.516051][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.567742][ T27] usb 2-1: config 0 descriptor?? [ 263.618867][ T27] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 264.521110][ T7647] netlink: 64 bytes leftover after parsing attributes in process `syz.0.470'. [ 264.857372][ T7666] blktrace: Concurrent blktraces are not allowed on nullb0 [ 265.611967][ T7678] netlink: 16 bytes leftover after parsing attributes in process `syz.3.475'. [ 265.637474][ T7680] netlink: 12 bytes leftover after parsing attributes in process `syz.2.477'. [ 265.658827][ T27] usb 2-1: USB disconnect, device number 2 [ 265.821307][ T7687] binder: 7682:7687 ioctl c0306201 200000000140 returned -14 [ 266.161287][ T7694] netlink: 64 bytes leftover after parsing attributes in process `syz.2.480'. [ 267.030187][ T7708] blktrace: Concurrent blktraces are not allowed on nullb0 [ 268.946930][ T7726] binder: 7721:7726 ioctl c0306201 200000000140 returned -14 [ 269.149704][ T27] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 269.376217][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 269.412044][ T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 269.554724][ T7740] netlink: 56 bytes leftover after parsing attributes in process `syz.3.493'. [ 269.586867][ T27] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 269.712695][ T27] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 269.764903][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.827091][ T27] usb 1-1: config 0 descriptor?? [ 269.856901][ T27] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 270.676383][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 90 seconds [ 270.687137][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 90 seconds [ 270.698091][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 90 seconds [ 270.709600][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 90 seconds [ 270.984514][ T7748] blktrace: Concurrent blktraces are not allowed on nullb0 [ 271.828218][ T968] usb 1-1: USB disconnect, device number 7 [ 272.154336][ T7761] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.237458][ T7761] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.291839][ T7763] netlink: 16 bytes leftover after parsing attributes in process `syz.1.497'. [ 272.349290][ T7761] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.770895][ T7761] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.912337][ T7761] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.944480][ T7761] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 273.991204][ T7779] netlink: 56 bytes leftover after parsing attributes in process `syz.0.503'. [ 274.152952][ T7761] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.173465][ T7761] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 274.438860][ T5778] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 275.526198][ T27] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 275.976651][ T27] usb 4-1: Using ep0 maxpacket: 16 [ 276.132244][ T27] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 276.180278][ T27] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 276.237344][ T27] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 276.276480][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.406120][ T27] usb 4-1: config 0 descriptor?? [ 276.414358][ T27] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 278.154697][ T7811] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.259426][ T5778] Bluetooth: hci3: link tx timeout [ 278.265446][ T5778] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 278.635828][ T7811] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 278.637168][ T8] usb 4-1: USB disconnect, device number 4 [ 278.713946][ T7811] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.143023][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 279.158718][ T7811] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.399831][ T7811] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.536901][ T7823] netlink: 16 bytes leftover after parsing attributes in process `syz.3.516'. [ 279.558202][ T7811] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.576416][ T7811] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.592795][ T7811] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 280.356157][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 281.549560][ T7845] overlayfs: failed to resolve './file0': -2 [ 281.624177][ T7846] netlink: 56 bytes leftover after parsing attributes in process `syz.2.518'. [ 282.693650][ T5805] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 283.056112][ T5805] usb 1-1: Using ep0 maxpacket: 16 [ 283.080437][ T5805] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 283.095941][ T5805] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 283.129379][ T5805] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 283.165971][ T5805] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.178345][ T5805] usb 1-1: config 0 descriptor?? [ 283.197575][ T5805] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 283.813226][ T5778] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 283.979808][ T7860] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 284.947079][ T5805] usb 1-1: USB disconnect, device number 8 [ 285.330138][ T7879] netlink: 16 bytes leftover after parsing attributes in process `syz.3.529'. [ 287.577328][ T5778] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 288.538902][ T7906] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 289.436203][ T5824] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 289.686005][ T5824] usb 2-1: Using ep0 maxpacket: 16 [ 290.535287][ T5824] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 290.565936][ T5824] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 290.597064][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.616169][ T5824] usb 2-1: config 0 descriptor?? [ 290.628255][ T5824] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 292.290607][ T7933] netlink: 16 bytes leftover after parsing attributes in process `syz.3.546'. [ 292.590381][ T8] usb 2-1: USB disconnect, device number 3 [ 295.713134][ T7963] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 295.838784][ T5137] udevd[5137]: worker [5775] /devices/virtual/block/nbd0 is taking a long time [ 297.106096][ T5825] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 297.122565][ T7973] binder: BINDER_SET_CONTEXT_MGR already set [ 297.130183][ T7971] binder: 7970:7971 ioctl c0306201 200000000140 returned -14 [ 297.135008][ T7973] binder: 7972:7973 ioctl 4018620d 2000000002c0 returned -16 [ 297.248091][ T7976] netlink: 36 bytes leftover after parsing attributes in process `syz.1.561'. [ 297.335990][ T5825] usb 3-1: Using ep0 maxpacket: 16 [ 297.356247][ T5825] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17 [ 297.381593][ T5825] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 297.393184][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.433981][ T5825] usb 3-1: config 0 descriptor?? [ 297.449016][ T5825] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 297.532573][ T7985] netlink: 64 bytes leftover after parsing attributes in process `syz.1.562'. [ 299.852808][ T5752] usb 3-1: USB disconnect, device number 9 [ 300.020281][ T8007] binder: 8006:8007 ioctl c0306201 200000000140 returned -14 [ 300.355777][ T8010] netlink: 36 bytes leftover after parsing attributes in process `syz.2.570'. [ 300.756311][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 120 seconds [ 300.767237][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 120 seconds [ 300.778250][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 120 seconds [ 300.789486][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 120 seconds [ 301.563508][ T8020] netlink: 64 bytes leftover after parsing attributes in process `syz.3.572'. [ 302.151166][ T8031] syzkaller0: entered promiscuous mode [ 302.158836][ T8031] syzkaller0: entered allmulticast mode [ 303.059367][ T8038] binder: 8035:8038 ioctl c0306201 200000000140 returned -14 [ 303.389708][ T8041] netlink: 332 bytes leftover after parsing attributes in process `syz.3.579'. [ 303.400295][ T8041] netlink: 196 bytes leftover after parsing attributes in process `syz.3.579'. [ 304.391377][ T8057] blktrace: Concurrent blktraces are not allowed on nullb0 [ 306.182495][ T8073] binder: 8072:8073 ioctl c0306201 200000000140 returned -14 [ 306.395696][ T8080] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 307.237826][ T8085] netlink: 332 bytes leftover after parsing attributes in process `syz.1.591'. [ 307.247450][ T8085] netlink: 196 bytes leftover after parsing attributes in process `syz.1.591'. [ 309.246118][ T5825] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 309.537050][ T5825] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 309.566312][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.584642][ T5825] usb 1-1: Product: syz [ 309.594758][ T5825] usb 1-1: Manufacturer: syz [ 309.604871][ T5825] usb 1-1: SerialNumber: syz [ 309.619642][ T5825] usb 1-1: config 0 descriptor?? [ 310.068134][ T5825] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 310.217306][ T8110] binder: 8109:8110 ioctl c0306201 200000000140 returned -14 [ 310.785877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 310.925888][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 311.688417][ T8118] syzkaller0: entered promiscuous mode [ 311.694033][ T8118] syzkaller0: entered allmulticast mode [ 311.915882][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 311.985884][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 312.125884][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 312.235881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 313.172797][ T5825] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71 [ 313.200497][ T5825] usb 1-1: USB disconnect, device number 9 [ 314.355958][ T5825] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 314.555945][ T5825] usb 3-1: Using ep0 maxpacket: 16 [ 314.577206][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.612064][ T5825] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 314.645589][ T5825] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 314.674624][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.722591][ T5825] usb 3-1: config 0 descriptor?? [ 314.750507][ T5825] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 315.692342][ T8150] syzkaller0: entered promiscuous mode [ 315.698112][ T8150] syzkaller0: entered allmulticast mode [ 317.403870][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.815238][ T5752] usb 3-1: USB disconnect, device number 10 [ 319.560668][ T8173] syzkaller0: entered promiscuous mode [ 319.579488][ T8173] syzkaller0: entered allmulticast mode [ 321.930909][ T5825] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 323.185952][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 323.218309][ T5825] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.228607][ T5825] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 323.244331][ T5825] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 323.260400][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.293845][ T5825] usb 4-1: config 0 descriptor?? [ 323.313428][ T5825] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 325.371130][ T5806] usb 4-1: USB disconnect, device number 5 [ 326.887542][ T8227] blktrace: Concurrent blktraces are not allowed on nullb0 [ 327.412264][ T8222] netlink: 64 bytes leftover after parsing attributes in process `syz.0.634'. [ 328.906123][ T8240] netlink: 332 bytes leftover after parsing attributes in process `syz.3.635'. [ 328.915425][ T8240] netlink: 196 bytes leftover after parsing attributes in process `syz.3.635'. [ 331.478955][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 150 seconds [ 331.489817][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 150 seconds [ 331.501212][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 150 seconds [ 331.512245][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 150 seconds [ 334.488065][ T8284] binder: 8278:8284 ioctl c0306201 200000000140 returned -14 [ 336.194716][ T5778] Bluetooth: hci3: link tx timeout [ 336.200368][ T5778] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 338.446810][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 344.516588][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 346.391866][ T5805] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 346.625946][ T5805] usb 4-1: Using ep0 maxpacket: 16 [ 346.708736][ T5805] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.913005][ T5805] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.953676][ T5805] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 347.008091][ T5805] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 347.060117][ T5805] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.509396][ T5805] usb 4-1: config 0 descriptor?? [ 347.945259][ T5805] usbhid 4-1:0.0: can't add hid device: -71 [ 347.971631][ T5805] usbhid: probe of 4-1:0.0 failed with error -71 [ 347.998881][ T5805] usb 4-1: USB disconnect, device number 6 [ 353.312500][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 358.578836][ T5773] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 358.636388][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 358.837210][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 358.853965][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.969115][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.053111][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 359.076454][ T8] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 359.100050][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.188460][ T8] usb 2-1: config 0 descriptor?? [ 359.615061][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 359.630561][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 360.950862][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 360.985332][ T8] usb 2-1: USB disconnect, device number 4 [ 361.699967][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 180 seconds [ 361.711002][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 180 seconds [ 362.881210][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 180 seconds [ 362.893102][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 180 seconds [ 363.576828][ T5773] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 364.152368][ T8596] netlink: 16 bytes leftover after parsing attributes in process `syz.0.711'. [ 364.435982][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 364.756278][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 364.766377][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 364.781249][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 364.791291][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 364.888200][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 364.899658][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.920956][ T8] usb 3-1: config 0 descriptor?? [ 365.356571][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 365.406468][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 365.432833][ T8] usb 3-1: USB disconnect, device number 11 [ 366.138193][ T8627] syzkaller0: entered promiscuous mode [ 366.161866][ T8627] syzkaller0: entered allmulticast mode [ 366.519381][ T8633] syz.3.721 uses obsolete (PF_INET,SOCK_PACKET) [ 369.190043][ T8647] netlink: 64 bytes leftover after parsing attributes in process `syz.2.723'. [ 369.316701][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 369.817128][ T8655] netlink: 16 bytes leftover after parsing attributes in process `syz.0.725'. [ 371.338704][ T8669] binder: BINDER_SET_CONTEXT_MGR already set [ 371.360702][ T8669] binder: 8668:8669 ioctl 4018620d 2000000002c0 returned -16 [ 371.628311][ T8672] syzkaller0: entered promiscuous mode [ 371.633935][ T8672] syzkaller0: entered allmulticast mode [ 373.831309][ T5137] udevd[5137]: worker [5775] /devices/virtual/block/nbd0 timeout; kill it [ 373.857036][ T5137] udevd[5137]: seq 10859 '/devices/virtual/block/nbd0' killed [ 373.905935][ T5773] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 374.888405][ T8703] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 376.532332][ T8708] ======================================================= [ 376.532332][ T8708] WARNING: The mand mount option has been deprecated and [ 376.532332][ T8708] and is ignored by this kernel. Remove the mand [ 376.532332][ T8708] option from the mount to silence this warning. [ 376.532332][ T8708] ======================================================= [ 376.571977][ T8708] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 377.952797][ T8716] netlink: 16 bytes leftover after parsing attributes in process `syz.2.740'. [ 378.181803][ T8722] netlink: 28 bytes leftover after parsing attributes in process `syz.0.743'. [ 378.201268][ T8722] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.062813][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.777647][ T8722] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.880892][ T8722] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 379.932924][ T8722] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.041708][ T8739] netlink: 'syz.3.746': attribute type 8 has an invalid length. [ 380.333427][ T8722] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.386365][ T8722] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.413152][ T8722] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.431998][ T8722] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 380.686026][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 384.159271][ T8786] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.183236][ T5773] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 384.688196][ T8786] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.829749][ T8786] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 384.960966][ T8786] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 385.060797][ T8786] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.115285][ T8786] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.154272][ T8786] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 385.171774][ T8786] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.384513][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 387.477490][ T5778] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 387.708652][ T8836] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.224203][ T8836] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.310659][ T8836] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.065134][ T8836] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.073832][ T8836] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.111194][ T8836] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.139738][ T8836] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 390.158552][ T8836] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 392.291259][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 210 seconds [ 392.895857][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 210 seconds [ 392.907818][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 210 seconds [ 392.935099][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 210 seconds [ 393.705447][ T5778] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 394.653736][ T8897] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.377061][ T8897] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.427882][ T8912] netlink: 64 bytes leftover after parsing attributes in process `syz.2.786'. [ 395.567410][ T8897] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 395.779613][ T8897] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 397.627015][ T8928] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 398.711323][ T5778] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 400.109223][ T8945] netlink: 64 bytes leftover after parsing attributes in process `syz.3.797'. [ 402.280973][ T8897] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.314597][ T8897] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.396881][ T8897] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.689059][ T8897] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.783644][ T5778] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 403.047076][ T8976] overlayfs: failed to resolve './file1': -2 [ 403.927759][ T8998] netlink: 64 bytes leftover after parsing attributes in process `syz.0.806'. [ 403.966019][ T5806] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 404.155986][ T5806] usb 4-1: Using ep0 maxpacket: 16 [ 404.171182][ T5806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 404.203259][ T5806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 404.234548][ T5806] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 404.273595][ T5806] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 404.340911][ T5806] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.452737][ T5806] usb 4-1: config 0 descriptor?? [ 406.091258][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 406.505300][ T5806] usbhid 4-1:0.0: can't add hid device: -71 [ 406.514707][ T5806] usbhid: probe of 4-1:0.0 failed with error -71 [ 406.540235][ T5806] usb 4-1: USB disconnect, device number 7 [ 407.452198][ T9018] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 407.652203][ T9018] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.599352][ T9018] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.727485][ T9018] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 408.886360][ T5752] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 408.945965][ T5773] Bluetooth: hci1: unexpected event for opcode 0x1005 [ 409.166295][ T5752] usb 3-1: Using ep0 maxpacket: 16 [ 409.173427][ T5752] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 409.183757][ T5752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 409.198113][ T5752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 409.208048][ T5752] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 409.551157][ T9034] syz.0.815 (9034) used greatest stack depth: 17896 bytes left [ 410.021557][ T5752] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 410.038677][ T5752] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 410.047945][ T5752] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 410.056001][ T5752] usb 3-1: Manufacturer: syz [ 410.075245][ T5752] usb 3-1: config 0 descriptor?? [ 410.144554][ T9018] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.877733][ T9018] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.934808][ T9018] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.988118][ T9018] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 412.056009][ T5752] rc_core: IR keymap rc-hauppauge not found [ 412.087979][ T5752] Registered IR keymap rc-empty [ 412.093359][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 412.166213][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 412.201695][ T5752] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 412.266034][ T5752] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input6 [ 412.309513][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 412.355943][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.159235][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.197223][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.250719][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.306078][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.345914][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.388136][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.436018][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.496329][ T5752] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 413.528736][ T5752] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 413.668958][ T5752] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 413.714098][ T5752] usb 3-1: USB disconnect, device number 12 [ 415.416024][ T5823] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 416.448265][ T5823] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 416.454564][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 416.680184][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 416.912159][ T5823] usb 3-1: Product: syz [ 416.930553][ T5823] usb 3-1: Manufacturer: syz [ 416.945103][ T5823] usb 3-1: SerialNumber: syz [ 416.999160][ T5823] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 418.666657][ T9101] overlayfs: failed to resolve './file0': -2 [ 419.077762][ T5823] vp7045: USB control message 'out' went wrong. [ 419.215913][ T5823] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 419.235946][ T5823] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 420.276469][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 420.486366][ T5752] usb 3-1: USB disconnect, device number 13 [ 422.377858][ T96] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 240 seconds [ 422.460714][ T9136] overlayfs: failed to resolve './file0': -2 [ 422.928881][ T96] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 240 seconds [ 422.956086][ T96] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 240 seconds [ 422.976629][ T96] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 240 seconds [ 423.742831][ T9134] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 423.760537][ T9134] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 423.828941][ T9134] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 423.856792][ T9134] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 424.236952][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 424.300281][ T9134] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 424.346060][ T9134] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 424.407029][ T9134] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 425.392652][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 425.876016][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 426.369102][ T5773] Bluetooth: hci2: command 0x0406 tx timeout [ 426.446259][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 426.855920][ T5825] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 427.068436][ T9176] netlink: 64 bytes leftover after parsing attributes in process `syz.1.849'. [ 427.176395][ T5825] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 427.205906][ T5825] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 427.254315][ T5825] usb 3-1: Product: syz [ 427.260303][ T5825] usb 3-1: Manufacturer: syz [ 427.288178][ T5825] usb 3-1: SerialNumber: syz [ 427.328976][ T5825] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 427.379907][ T9185] overlayfs: failed to resolve './file0': -2 [ 427.486451][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 427.955962][ T5773] Bluetooth: hci1: command 0x0406 tx timeout [ 428.436023][ T5773] Bluetooth: hci2: command 0x0406 tx timeout [ 430.214408][ T5825] vp7045: USB control message 'out' went wrong. [ 430.225886][ T5825] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 430.237455][ T5825] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 432.286678][ T9] usb 3-1: USB disconnect, device number 14 [ 432.624549][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 435.627886][ T9220] netlink: 64 bytes leftover after parsing attributes in process `syz.0.861'. [ 436.275921][ T5823] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 436.555153][ T5823] usb 1-1: Using ep0 maxpacket: 32 [ 436.587881][ T5823] usb 1-1: config 0 has an invalid interface number: 146 but max is 0 [ 436.610681][ T5823] usb 1-1: config 0 has no interface number 0 [ 436.630938][ T5823] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 436.665940][ T5823] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xE3, skipping [ 436.696663][ T5823] usb 1-1: config 0 interface 146 altsetting 0 has an invalid endpoint with address 0xF2, skipping [ 436.735902][ T5823] usb 1-1: config 0 interface 146 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 436.766102][ T5823] usb 1-1: config 0 interface 146 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 436.809685][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 436.937083][ T5823] usb 1-1: New USB device found, idVendor=05da, idProduct=009a, bcdDevice=62.95 [ 436.971422][ T5823] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.048789][ T5823] usb 1-1: Product: syz [ 437.049360][ T5823] usb 1-1: Manufacturer: syz [ 437.049375][ T5823] usb 1-1: SerialNumber: syz [ 437.051588][ T5823] usb 1-1: config 0 descriptor?? [ 437.392482][ T9236] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 437.439621][ T5823] microtek usb (rev 0.4.3): expecting 3 got 1 endpoints! Bailing out. [ 437.473341][ T9] IPVS: starting estimator thread 0... [ 437.576259][ T9245] IPVS: using max 19 ests per chain, 45600 per kthread [ 437.687851][ T5824] usb 1-1: USB disconnect, device number 10 [ 439.891201][ T9266] netlink: 64 bytes leftover after parsing attributes in process `syz.3.875'. [ 440.270608][ T5773] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 440.280740][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.018639][ T9318] netlink: 64 bytes leftover after parsing attributes in process `syz.1.885'. [ 448.396458][ T5773] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 451.765753][ T9363] netlink: 64 bytes leftover after parsing attributes in process `syz.0.895'. [ 452.436496][ T9331] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 270 seconds [ 452.609856][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 453.286465][ T9331] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 270 seconds [ 453.297544][ T9331] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 270 seconds [ 453.331400][ T9331] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 270 seconds [ 455.418508][ T9418] netlink: 64 bytes leftover after parsing attributes in process `syz.2.909'. [ 455.716153][ T9426] binder: 9424:9426 ioctl 4018620d 0 returned -22 [ 456.146327][ T9] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 456.329938][ T9] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 456.351037][ T9] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 456.361167][ T9] usb 3-1: Product: syz [ 456.365399][ T9] usb 3-1: Manufacturer: syz [ 456.371034][ T9] usb 3-1: SerialNumber: syz [ 456.398340][ T9] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 457.297777][ T5823] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 457.656393][ T5823] usb 2-1: Using ep0 maxpacket: 16 [ 457.663984][ T5823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.677331][ T5823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.695554][ T5823] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 457.709658][ T5823] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 457.719982][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.732727][ T5823] usb 2-1: config 0 descriptor?? [ 457.975055][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 458.171434][ T5823] appleir 0003:05AC:8241.0003: unknown main item tag 0x0 [ 458.186725][ T5823] appleir 0003:05AC:8241.0003: unknown main item tag 0x0 [ 458.194231][ T5823] appleir 0003:05AC:8241.0003: unknown main item tag 0x0 [ 458.202601][ T5823] appleir 0003:05AC:8241.0003: unknown main item tag 0x0 [ 458.210392][ T5823] appleir 0003:05AC:8241.0003: unknown main item tag 0x0 [ 458.223659][ T5823] appleir 0003:05AC:8241.0003: No inputs registered, leaving [ 458.274367][ T5823] appleir 0003:05AC:8241.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 458.419400][ T5823] usb 2-1: USB disconnect, device number 5 [ 458.437672][ T9] vp7045: USB control message 'out' went wrong. [ 458.460967][ T9] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 458.494261][ T9] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 458.553557][ T9454] fido_id[9454]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 458.770543][ T788] usb 3-1: USB disconnect, device number 15 [ 458.992104][ T9458] binder: BINDER_SET_CONTEXT_MGR already set [ 459.011074][ T9458] binder: 9457:9458 ioctl 4018620d 2000000002c0 returned -16 [ 459.905598][ T9464] syz.2.924 (9464): drop_caches: 2 [ 460.810947][ T9489] blktrace: Concurrent blktraces are not allowed on nullb0 [ 461.282097][ T5773] Bluetooth: hci2: unexpected event for opcode 0x1005 [ 461.536263][ T5823] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 461.737101][ T5823] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 461.749127][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 461.764520][ T5823] usb 4-1: Product: syz [ 461.774660][ T5823] usb 4-1: Manufacturer: syz [ 461.780294][ T5823] usb 4-1: SerialNumber: syz [ 461.811496][ T5823] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 461.916237][ T5806] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 462.096311][ T5806] usb 3-1: Using ep0 maxpacket: 16 [ 462.103646][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.116316][ T5806] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.126876][ T5806] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 462.153303][ T5806] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 462.169654][ T5806] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.187570][ T5806] usb 3-1: config 0 descriptor?? [ 462.455124][ T9502] binder: BINDER_SET_CONTEXT_MGR already set [ 462.461606][ T9502] binder: 9501:9502 ioctl 4018620d 2000000002c0 returned -16 [ 462.847413][ T9] IPVS: starting estimator thread 0... [ 463.058540][ T5806] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 463.073671][ T5806] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 463.085702][ T5806] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 463.094348][ T5806] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 463.102949][ T5806] appleir 0003:05AC:8241.0004: unknown main item tag 0x0 [ 463.112038][ T5806] appleir 0003:05AC:8241.0004: No inputs registered, leaving [ 463.141158][ T5806] appleir 0003:05AC:8241.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0 [ 463.156457][ T9507] IPVS: using max 36 ests per chain, 86400 per kthread [ 463.191325][ T5806] usb 3-1: USB disconnect, device number 16 [ 463.713437][ T5823] vp7045: USB control message 'out' went wrong. [ 463.737769][ T5823] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 463.741963][ T9509] fido_id[9509]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 463.766951][ T5823] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 463.847032][ T5823] usb 4-1: USB disconnect, device number 8 [ 464.126422][ T9523] blktrace: Concurrent blktraces are not allowed on nullb0 [ 464.975734][ T9514] syz.0.937 (9514): drop_caches: 2 [ 465.876029][ T788] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 466.264937][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 466.306598][ T788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 466.349606][ T788] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 466.366933][ T788] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 466.416188][ T788] usb 1-1: Manufacturer: syz [ 466.428105][ T788] usb 1-1: config 0 descriptor?? [ 466.468484][ T9538] overlayfs: missing 'lowerdir' [ 466.657512][ T9544] binder: BINDER_SET_CONTEXT_MGR already set [ 466.663618][ T9544] binder: 9542:9544 ioctl 4018620d 2000000002c0 returned -16 [ 467.066581][ T5752] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 467.265718][ T788] uclogic 0003:256C:006D.0005: failed retrieving string descriptor #100: -71 [ 467.286548][ T788] uclogic 0003:256C:006D.0005: failed retrieving pen parameters: -71 [ 467.300957][ T788] uclogic 0003:256C:006D.0005: failed probing pen v1 parameters: -71 [ 467.316259][ T788] uclogic 0003:256C:006D.0005: failed probing parameters: -71 [ 467.460196][ T788] uclogic: probe of 0003:256C:006D.0005 failed with error -71 [ 467.470114][ T5752] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 467.485160][ T5752] usb 4-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 467.505496][ T788] usb 1-1: USB disconnect, device number 11 [ 467.511728][ T5752] usb 4-1: Product: syz [ 467.521463][ T5752] usb 4-1: Manufacturer: syz [ 467.529309][ T5752] usb 4-1: SerialNumber: syz [ 467.559869][ T5752] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 468.886286][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 468.966423][ T5805] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 469.156539][ T5805] usb 2-1: Using ep0 maxpacket: 8 [ 469.164564][ T5805] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 469.178759][ T5805] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 469.206643][ T5805] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 469.219890][ T5805] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.228810][ T5805] usb 2-1: Product: syz [ 469.235618][ T5805] usb 2-1: Manufacturer: syz [ 469.249454][ T5805] usb 2-1: SerialNumber: syz [ 469.265645][ T5805] usb 2-1: config 0 descriptor?? [ 469.301310][ T5805] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 469.443882][ T5805] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 469.535485][ T9508] udevd[9508]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 469.581114][ T5805] usb 2-1: USB disconnect, device number 6 [ 469.641871][ T5752] vp7045: USB control message 'out' went wrong. [ 469.656300][ T5752] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 469.675828][ T5752] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 469.724107][ T5823] usb 4-1: USB disconnect, device number 9 [ 470.360796][ T5823] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 470.525218][ T9585] binder: 9584:9585 ioctl c0306201 0 returned -14 [ 471.885219][ T5805] Process accounting resumed [ 472.690964][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 473.518297][ T9631] binder: 9630:9631 ioctl c0306201 0 returned -14 [ 475.612463][ T9664] netlink: 64 bytes leftover after parsing attributes in process `syz.0.977'. [ 475.736414][ T5823] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 476.006981][ T5823] usb 4-1: Using ep0 maxpacket: 8 [ 476.021965][ T5823] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 476.215135][ T5823] usb 4-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 476.350247][ T5823] usb 4-1: config 6 has no interface number 0 [ 476.477130][ T5823] usb 4-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 476.530889][ T5823] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 476.566458][ T5823] usb 4-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 476.587590][ T5823] usb 4-1: Product: syz [ 476.630799][ T5823] usb 4-1: Manufacturer: syz [ 476.635446][ T5823] usb 4-1: SerialNumber: syz [ 476.682971][ T5823] hso 4-1:6.2: Failed to find INT IN ep [ 477.254509][ T5778] Bluetooth: hci3: unexpected event for opcode 0x1005 [ 477.357663][ T5823] usb 4-1: USB disconnect, device number 10 [ 478.549124][ T9708] netlink: 64 bytes leftover after parsing attributes in process `syz.1.991'. [ 480.401794][ T9721] netlink: 'syz.1.994': attribute type 8 has an invalid length. [ 481.213522][ T5778] Bluetooth: hci0: unexpected event for opcode 0x1005 [ 481.971556][ T5823] IPVS: starting estimator thread 0... [ 482.194546][ T9740] IPVS: using max 19 ests per chain, 45600 per kthread [ 482.543429][ T9331] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 300 seconds [ 483.586576][ T9331] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 300 seconds [ 483.597668][ T9331] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 300 seconds [ 483.617862][ T9331] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 300 seconds [ 486.111401][ T9767] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 486.120667][ T9767] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 486.127675][ T9767] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 486.136852][ T9767] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 487.414808][ T5773] Bluetooth: hci0: command 0x0406 tx timeout [ 487.422239][ T9790] tmpfs: Unknown parameter 'mp' [ 488.201279][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 488.201295][ T5773] Bluetooth: hci3: command 0x0406 tx timeout [ 488.213694][ T5778] Bluetooth: hci2: command 0x0406 tx timeout [ 490.280679][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 491.215208][ T9838] tmpfs: Unknown parameter 'mp' [ 492.356255][ T5778] Bluetooth: hci3: command 0x0406 tx timeout [ 493.442243][ T9865] blktrace: Concurrent blktraces are not allowed on nullb0 [ 493.566232][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 495.013130][ T9874] overlayfs: missing 'workdir' [ 495.897709][ T9878] tmpfs: Bad value for 'mpol' [ 496.225166][ T9891] 9pnet_fd: Insufficient options for proto=fd [ 499.420278][ T9910] blktrace: Concurrent blktraces are not allowed on nullb0 [ 500.073260][ T9914] overlayfs: missing 'workdir' [ 500.369271][ T9922] tmpfs: Bad value for 'mpol' [ 501.722618][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.354345][ T9948] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1058'. [ 502.595084][ T5752] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 502.779808][ T5752] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 503.608381][ T9964] blktrace: Concurrent blktraces are not allowed on nullb0 [ 504.005477][ T9960] fido_id[9960]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 504.114096][ T9966] overlayfs: missing 'workdir' [ 506.171795][ T5823] IPVS: starting estimator thread 0... [ 506.276105][ T9980] IPVS: using max 17 ests per chain, 40800 per kthread [ 506.712705][ T9989] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 508.382477][T10006] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1076'. [ 508.480868][T10007] blktrace: Concurrent blktraces are not allowed on nullb0 [ 511.769809][T10040] tmpfs: Bad value for 'mpol' [ 511.780924][T10042] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 513.225986][ T9331] block nbd0: Possible stuck request ffff888021ea0000: control (read@0,1024B). Runtime 330 seconds [ 513.611140][ T9331] block nbd0: Possible stuck request ffff888021ea0200: control (read@1024,1024B). Runtime 330 seconds [ 513.623062][ T9331] block nbd0: Possible stuck request ffff888021ea0400: control (read@2048,1024B). Runtime 330 seconds [ 513.658550][ T9331] block nbd0: Possible stuck request ffff888021ea0600: control (read@3072,1024B). Runtime 330 seconds [ 515.559472][T10081] binder: 10080:10081 ioctl 4018620d 0 returned -22 [ 515.595529][T10084] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 516.906164][T10092] tmpfs: Bad value for 'mpol' [ 518.530296][T10106] IPVS: sync thread started: state = MASTER, mcast_ifn = syz_tun, syncid = 1, id = 0 [ 519.182485][T10120] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004 [ 521.159516][T10132] binder: 10128:10132 ioctl 4018620d 0 returned -22 [ 522.336392][T10141] tmpfs: Bad value for 'mpol' [ 529.876000][ T29] INFO: task udevd:5775 blocked for more than 143 seconds. [ 529.883604][ T29] Not tainted syzkaller #0 [ 529.921167][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 529.953363][ T29] task:udevd state:D stack:24648 pid:5775 ppid:5137 flags:0x00004006 [ 530.001675][ T29] Call Trace: [ 530.013418][ T29] [ 530.026306][ T29] __schedule+0x1553/0x45a0 [ 530.048812][ T29] ? asan.module_dtor+0x20/0x20 [ 530.090207][ T29] ? mark_lock+0x94/0x320 [ 530.124489][ T29] ? lock_chain_count+0x20/0x20 [ 530.145068][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 530.164293][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 530.188830][ T29] schedule+0xbd/0x170 [ 530.209655][ T29] io_schedule+0x80/0xd0 [ 530.248517][ T29] folio_wait_bit_common+0x714/0xfa0 [ 530.293636][ T29] ? folio_wait_bit+0x30/0x30 [ 530.299306][ T29] ? _compound_head+0x120/0x120 [ 530.304428][ T29] ? filemap_add_folio+0x192/0x3c0 [ 530.314793][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 530.348157][T10216] tmpfs: Bad value for 'mpol' [ 530.353831][ T29] ? blkdev_writepage+0x30/0x30 [ 530.378831][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 530.422527][ T29] ? blkdev_writepage+0x30/0x30 [ 530.440424][ T29] read_part_sector+0xd2/0x340 [ 530.486359][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 530.491812][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 530.519785][ T29] ? put_partition+0x370/0x370 [ 530.524586][ T29] ? alloc_pages+0x4dc/0x740 [ 530.546905][ T29] bdev_disk_changed+0x740/0x1420 [ 530.559999][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 530.607528][ T29] ? iput+0x343/0x920 [ 530.611591][ T29] blkdev_get_whole+0x30d/0x390 [ 530.729543][ T29] blkdev_get_by_dev+0x279/0x600 [ 530.734579][ T29] blkdev_open+0x152/0x360 [ 530.740042][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 530.744666][ T29] do_dentry_open+0x8c6/0x1500 [ 530.750448][ T29] path_openat+0x27f1/0x3230 [ 530.755089][ T29] ? do_sys_openat2+0xda/0x1d0 [ 530.760411][ T29] ? verify_lock_unused+0x140/0x140 [ 530.765619][ T29] ? do_filp_open+0x430/0x430 [ 530.771443][ T29] ? __virt_addr_valid+0x18c/0x540 [ 530.777299][ T29] do_filp_open+0x1f5/0x430 [ 530.782007][ T29] ? vfs_tmpfile+0x490/0x490 [ 530.787250][ T29] ? _raw_spin_unlock+0x28/0x40 [ 530.794471][ T29] ? alloc_fd+0x58f/0x630 [ 530.805004][ T29] do_sys_openat2+0x134/0x1d0 [ 530.817006][ T29] ? do_sys_open+0xe0/0xe0 [ 530.837869][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 530.857531][ T29] ? lock_chain_count+0x20/0x20 [ 530.868928][ T29] __x64_sys_openat+0x139/0x160 [ 530.889039][ T29] do_syscall_64+0x55/0xa0 [ 530.930169][ T29] ? clear_bhb_loop+0x40/0x90 [ 531.015220][ T29] ? clear_bhb_loop+0x40/0x90 [ 531.026007][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 531.035602][ T29] RIP: 0033:0x7fbedd2a7407 [ 531.041751][ T29] RSP: 002b:00007ffc598218e0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 531.050813][ T29] RAX: ffffffffffffffda RBX: 00007fbedda80880 RCX: 00007fbedd2a7407 [ 531.059335][ T29] RDX: 00000000000a0800 RSI: 000055a146f2d430 RDI: ffffffffffffff9c [ 531.067793][ T29] RBP: 000055a146f2c910 R08: 0000000000000000 R09: 0000000000000000 [ 531.076283][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a146f2cfb0 [ 531.084415][ T29] R13: 000055a146f44410 R14: 0000000000000000 R15: 000055a146f2cfb0 [ 531.097718][ T29] [ 531.100967][ T29] [ 531.100967][ T29] Showing all locks held in the system: [ 531.110658][ T29] 1 lock held by khungtaskd/29: [ 531.117153][ T29] #0: ffffffff8d1320a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 531.136156][ T29] 2 locks held by getty/5525: [ 531.141971][ T29] #0: ffff88814c8710a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 531.155467][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 531.174066][ T29] 1 lock held by udevd/5775: [ 531.179196][ T29] #0: ffff888021a874c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 531.189755][ T29] [ 531.192171][ T29] ============================================= [ 531.192171][ T29] [ 531.205154][ T29] NMI backtrace for cpu 1 [ 531.209526][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 531.216741][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 531.226807][ T29] Call Trace: [ 531.230095][ T29] [ 531.233029][ T29] dump_stack_lvl+0x18c/0x250 [ 531.237735][ T29] ? show_regs_print_info+0x20/0x20 [ 531.242956][ T29] ? load_image+0x400/0x400 [ 531.247490][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 531.252441][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 531.258611][ T29] ? _printk+0xde/0x130 [ 531.262869][ T29] ? load_image+0x400/0x400 [ 531.267388][ T29] ? load_image+0x400/0x400 [ 531.271909][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 531.277996][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 531.283996][ T29] watchdog+0xf3d/0xf80 [ 531.288259][ T29] ? watchdog+0x1e1/0xf80 [ 531.292604][ T29] kthread+0x2fa/0x390 [ 531.296685][ T29] ? hungtask_pm_notify+0x90/0x90 [ 531.301727][ T29] ? kthread_blkcg+0xd0/0xd0 [ 531.306326][ T29] ret_from_fork+0x48/0x80 [ 531.310751][ T29] ? kthread_blkcg+0xd0/0xd0 [ 531.315351][ T29] ret_from_fork_asm+0x11/0x20 [ 531.320154][ T29] [ 531.323691][ T29] Sending NMI from CPU 1 to CPUs 0: [ 531.328970][ C0] NMI backtrace for cpu 0 [ 531.328980][ C0] CPU: 0 PID: 1085 Comm: kworker/u4:6 Not tainted syzkaller #0 [ 531.328996][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 531.329005][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 531.329025][ C0] RIP: 0010:__lock_acquire+0x68c/0x7d40 [ 531.329045][ C0] Code: 84 c0 0f 85 9a 64 00 00 83 3d af 6e c4 15 00 0f 84 ad 01 00 00 31 db 48 81 c3 c9 00 00 00 48 89 d8 48 c1 e8 03 42 0f b6 04 00 <84> c0 0f 85 63 63 00 00 45 84 f6 0f 84 76 05 00 00 0f b6 1b 48 8b [ 531.329057][ C0] RSP: 0018:ffffc9000460f5a0 EFLAGS: 00000802 [ 531.329069][ C0] RAX: 0000000000000000 RBX: ffffffff90b2b559 RCX: ffffffff81683584 [ 531.329079][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff911c3500 [ 531.329089][ C0] RBP: ffffc9000460f7e8 R08: dffffc0000000000 R09: 1ffffffff22386a0 [ 531.329099][ C0] R10: dffffc0000000000 R11: fffffbfff22386a1 R12: ffff888023d70ac4 [ 531.329111][ C0] R13: ffff888023d70000 R14: 0000000000000002 R15: ffff888023d70b78 [ 531.329121][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 531.329133][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 531.329143][ C0] CR2: 00007f59c3de92f8 CR3: 000000000cf32000 CR4: 00000000003506f0 [ 531.329157][ C0] Call Trace: [ 531.329163][ C0] [ 531.329176][ C0] ? __lock_acquire+0x1347/0x7d40 [ 531.329194][ C0] ? verify_lock_unused+0x140/0x140 [ 531.329210][ C0] ? verify_lock_unused+0x140/0x140 [ 531.329232][ C0] ? debug_objects_fill_pool+0x8b/0x730 [ 531.329255][ C0] lock_acquire+0x19e/0x420 [ 531.329270][ C0] ? debug_object_activate+0x6c/0x4f0 [ 531.329293][ C0] ? debug_objects_fill_pool+0xcc/0x730 [ 531.329313][ C0] ? read_lock_is_recursive+0x20/0x20 [ 531.329328][ C0] ? do_raw_spin_lock+0x11f/0x2c0 [ 531.329348][ C0] ? debug_object_activate+0x4f0/0x4f0 [ 531.329370][ C0] _raw_spin_lock_irqsave+0xb4/0x100 [ 531.329387][ C0] ? debug_object_activate+0x6c/0x4f0 [ 531.329406][ C0] ? _raw_spin_lock+0x40/0x40 [ 531.329422][ C0] ? do_raw_spin_lock+0x11f/0x2c0 [ 531.329442][ C0] debug_object_activate+0x6c/0x4f0 [ 531.329470][ C0] __mod_timer+0x88d/0xdb0 [ 531.329496][ C0] queue_delayed_work_on+0x131/0x200 [ 531.329513][ C0] ? delayed_work_timer_fn+0x80/0x80 [ 531.329530][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 531.329546][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 531.329564][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 531.329582][ C0] process_scheduled_works+0xa5d/0x15d0 [ 531.329609][ C0] ? worker_attach_to_pool+0x380/0x380 [ 531.329629][ C0] ? assign_work+0x3d2/0x5d0 [ 531.329648][ C0] worker_thread+0xa55/0xfc0 [ 531.329666][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 531.329683][ C0] ? _raw_spin_unlock+0x40/0x40 [ 531.329698][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 531.329722][ C0] kthread+0x2fa/0x390 [ 531.329735][ C0] ? pr_cont_work+0x560/0x560 [ 531.329752][ C0] ? kthread_blkcg+0xd0/0xd0 [ 531.329766][ C0] ret_from_fork+0x48/0x80 [ 531.329783][ C0] ? kthread_blkcg+0xd0/0xd0 [ 531.329796][ C0] ret_from_fork_asm+0x11/0x20 [ 531.329821][ C0] [ 531.333916][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 531.645291][ T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 531.652471][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 531.662514][ T29] Call Trace: [ 531.665781][ T29] [ 531.668696][ T29] dump_stack_lvl+0x18c/0x250 [ 531.673394][ T29] ? show_regs_print_info+0x20/0x20 [ 531.678605][ T29] ? load_image+0x400/0x400 [ 531.683128][ T29] panic+0x2dc/0x730 [ 531.687024][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 531.692646][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 531.697132][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 531.702661][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 531.708799][ T29] watchdog+0xf7c/0xf80 [ 531.712940][ T29] ? watchdog+0x1e1/0xf80 [ 531.717262][ T29] kthread+0x2fa/0x390 [ 531.721311][ T29] ? hungtask_pm_notify+0x90/0x90 [ 531.726321][ T29] ? kthread_blkcg+0xd0/0xd0 [ 531.730895][ T29] ret_from_fork+0x48/0x80 [ 531.735303][ T29] ? kthread_blkcg+0xd0/0xd0 [ 531.739878][ T29] ret_from_fork_asm+0x11/0x20 [ 531.744632][ T29] [ 531.748001][ T29] Kernel Offset: disabled [ 531.752316][ T29] Rebooting in 86400 seconds..