last executing test programs: 1m6.650272816s ago: executing program 3 (id=3316): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000000c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x4, '\x00\x00'}]}}}}}}}}, 0x0) 1m6.312365559s ago: executing program 3 (id=3321): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x1000001, 0x6100) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x2000000000001]}}) 1m6.068151904s ago: executing program 3 (id=3324): chdir(0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x92) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x800, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) 1m5.864222762s ago: executing program 3 (id=3326): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 1m4.230139222s ago: executing program 3 (id=3340): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) fchown(r1, 0x0, 0x0) 1m3.89889302s ago: executing program 3 (id=3343): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 48.737983636s ago: executing program 32 (id=3343): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073597a31000000000900010073797a300000000008000540000000218c0000000c0a01030000000000000000070000000900020073797a31000000000900010073797a3000000000600003805c000080080003400000000250000b80200001800a00010071756f7461000000100002800c00014000000000000000002c0001800a0001006c696d69740000001c0002800c00024000000000100000000c0001"], 0x110}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[@ANYBLOB="340000003e0007010000000000000000017c00000400fc800c000180060006006558000008000280040011"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 30.557032569s ago: executing program 1 (id=3541): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="580000001000050400"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000380012800b00010065727370616e0000280002800800140000000000050016000100000006000e00000000000600030000000000040012"], 0x58}}, 0x0) 29.199352925s ago: executing program 1 (id=3543): pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r2 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0xb2) 28.560732238s ago: executing program 2 (id=3546): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r1, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x1c}}, 0x24044080) 28.021391768s ago: executing program 0 (id=3547): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3e8, 0x218, 0x0, 0x130, 0xa00, 0x300, 0x300, 0x7fffffe, 0x0, {[{{@arp={@local, @empty, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'pimreg\x00', 'veth0_to_bridge\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f67b23ffdfa27f907a03732da3acbc6518e62a77ca06f258762e88c0d9f9d2f413b94a105f4bdf01425ce81c5d000000000000000500ffffffff00"}}}, {{@arp={@multicast2, @empty, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) ptrace(0x10, r0) ptrace$setsig(0x4203, r0, 0x6, &(0x7f0000000000)={0xd, 0x8, 0x8}) 28.021022281s ago: executing program 1 (id=3548): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) flock(r0, 0x1) fcntl$setlease(r0, 0x400, 0x1) close(r0) 28.000348345s ago: executing program 2 (id=3549): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 27.351274164s ago: executing program 1 (id=3552): r0 = socket$inet6(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4) sendto$inet6(r0, &(0x7f0000000000)="cc34", 0x2, 0x0, &(0x7f00000000c0)={0xa, 0xfffc, 0x27b6a97, @private2, 0x9}, 0x1c) getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f00000006c0)=""/4097, &(0x7f0000000040)=0x1001) 26.652459601s ago: executing program 0 (id=3553): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1642, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000030100c0"]) 25.730179705s ago: executing program 1 (id=3554): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async', 0x42, 0x0) io_setup(0x20, &(0x7f0000001140)=0x0) io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r0, &(0x7f0000000a80)='71\a', 0x3, 0x20000000000000}]) 24.830537766s ago: executing program 0 (id=3556): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040), 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = dup(r0) ioctl$KVM_SET_CPUID2(r1, 0xc008ae09, &(0x7f0000000000)=ANY=[@ANYRES64=r0]) 24.317584681s ago: executing program 1 (id=3558): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000440)) 23.900839963s ago: executing program 0 (id=3559): r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01) setreuid(0x0, 0xee00) syz_emit_ethernet(0x46, &(0x7f00000000c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) 23.292046081s ago: executing program 0 (id=3561): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "fd"}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x14}]}}}, {0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) close_range(r0, r0, 0x0) 22.701820356s ago: executing program 0 (id=3563): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x20000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}]}, 0x3c}}, 0x0) 21.965266682s ago: executing program 4 (id=3564): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x1}) fcntl$lock(r0, 0x25, &(0x7f00000000c0)={0x0, 0x0, 0x9, 0x7}) fcntl$lock(r0, 0x25, &(0x7f0000000180)={0x0, 0x1, 0x7f00, 0x80000000}) 21.410374797s ago: executing program 4 (id=3565): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000340), &(0x7f0000000380)=0x8) 21.292211025s ago: executing program 4 (id=3566): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)={0x20, 0x6, 0x6, "36e55a3d09b9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 18.654212368s ago: executing program 2 (id=3567): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x18}, &(0x7f0000000100), &(0x7f00000000c0)) 18.426502146s ago: executing program 4 (id=3568): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4a1e, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb}, 0x1c) syz_emit_ethernet(0xd9, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd6001010000a31100fe8000000000000000000000000000bbfe8000000000000000000000000000aa4e200e22"], 0x0) 18.143250961s ago: executing program 4 (id=3569): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c00000000010104000000000000000002001000240002801400018008000100e000000108000200e00000010c00028005000100000000001c0010800800014000000000d97405010000000008000240000000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x800) 17.946337766s ago: executing program 4 (id=3570): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x5c, 0x30, 0x301, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x5c}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 16.531746978s ago: executing program 2 (id=3571): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000003880)=[{{&(0x7f0000000280)={0xa, 0x4e20, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x5}, 0x1c, &(0x7f0000000600)=[{&(0x7f0000000380)='^', 0x1}], 0x1}}], 0x1, 0x4) shutdown(r0, 0x1) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000002c0)={0x0, 0x9}, &(0x7f0000000440)=0x8) 16.365382669s ago: executing program 2 (id=3572): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0xd40, 0xd2) close(r0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000c40)='./file1\x00', &(0x7f00000000c0), 0x200000, &(0x7f0000000c80)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 15.419781637s ago: executing program 2 (id=3573): sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001"], 0x38}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="440000001a0001000000fbdbdf250a808020"], 0x44}}, 0x0) 8.963813759s ago: executing program 33 (id=3558): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x300000c, 0x204031, 0xffffffffffffffff, 0xffffd000) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000440)) 7.409790854s ago: executing program 34 (id=3563): r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'tunl0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x20000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}]}, 0x3c}}, 0x0) 2.498632599s ago: executing program 35 (id=3570): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x38}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x5c, 0x30, 0x301, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x5c}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 0s ago: executing program 36 (id=3573): sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001"], 0x38}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="440000001a0001000000fbdbdf250a808020"], 0x44}}, 0x0) kernel console output (not intermixed with test programs): : syz [ 350.189117][ T5916] usb 5-1: SerialNumber: syz [ 350.216377][ T5916] usb 5-1: config 0 descriptor?? [ 350.248690][T10611] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 350.248974][T10611] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 350.521197][T10611] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 350.522467][T10611] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 350.937714][ T5916] asix 5-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 350.938080][ T5916] asix 5-1:0.251: probe with driver asix failed with error -524 [ 351.174905][ T6024] usb 5-1: USB disconnect, device number 14 [ 351.712312][ T6024] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 351.872635][ T6024] usb 1-1: Using ep0 maxpacket: 16 [ 351.875793][ T6024] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 351.875821][ T6024] usb 1-1: config 0 has no interface number 0 [ 351.875878][ T6024] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 351.875904][ T6024] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 351.880775][ T6024] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 351.880806][ T6024] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.880826][ T6024] usb 1-1: Product: syz [ 351.880840][ T6024] usb 1-1: Manufacturer: syz [ 351.880854][ T6024] usb 1-1: SerialNumber: syz [ 351.969239][ T6024] usb 1-1: config 0 descriptor?? [ 351.970655][T10627] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 351.970805][T10627] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 352.225826][T10627] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 352.226082][T10627] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 352.355068][T10641] sctp: [Deprecated]: syz.2.2050 (pid 10641) Use of int in max_burst socket option. [ 352.355068][T10641] Use struct sctp_assoc_value instead [ 352.843171][ T6024] asix 1-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 352.843203][ T6024] asix 1-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 352.843567][ T6024] asix 1-1:0.251: probe with driver asix failed with error -71 [ 352.861569][ T6024] usb 1-1: USB disconnect, device number 23 [ 352.962383][ T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 353.152628][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 353.155742][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.155775][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.155798][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 353.155844][ T10] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 353.155867][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.175408][ T10] usb 3-1: config 0 descriptor?? [ 353.649269][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x2 [ 353.649632][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649664][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649688][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649713][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649739][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649764][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649789][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.649814][ T10] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 353.690621][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0011/input/input15 [ 353.774284][ T10] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 353.858690][ T10] usb 3-1: USB disconnect, device number 14 [ 355.059543][T10682] vlan2: entered promiscuous mode [ 355.059567][T10682] hsr0: entered promiscuous mode [ 355.657466][T10693] netlink: 'syz.2.2077': attribute type 2 has an invalid length. [ 356.274251][ T6024] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 356.432730][ T6024] usb 1-1: Using ep0 maxpacket: 32 [ 356.435300][ T6024] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 356.435327][ T6024] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 356.435348][ T6024] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 356.435448][ T6024] usb 1-1: config 1 has no interface number 0 [ 356.435503][ T6024] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 356.435530][ T6024] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 356.435576][ T6024] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 356.435599][ T6024] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.480691][ T6024] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 356.720763][ T6024] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 357.150081][ T5924] usb 1-1: USB disconnect, device number 24 [ 357.167556][ T5924] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 358.489083][T10740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2094'. [ 359.078818][ T5924] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 359.235568][ T5924] usb 3-1: config 0 has no interfaces? [ 359.235611][ T5924] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 359.235634][ T5924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.286735][ T5924] usb 3-1: config 0 descriptor?? [ 359.583575][ T5924] usb 3-1: USB disconnect, device number 15 [ 360.059012][T10770] sctp: [Deprecated]: syz.3.2106 (pid 10770) Use of int in maxseg socket option. [ 360.059012][T10770] Use struct sctp_assoc_value instead [ 360.543203][ T10] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 360.548598][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 360.548618][ T37] audit: type=1800 audit(1758661177.342:1096): pid=10784 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.2113" name="nullb0" dev="devtmpfs" ino=2897 res=0 errno=0 [ 360.747559][ T10] usb 3-1: config 128 has an invalid interface number: 72 but max is 0 [ 360.747592][ T10] usb 3-1: config 128 has no interface number 0 [ 360.747650][ T10] usb 3-1: config 128 interface 72 has no altsetting 0 [ 360.752666][ T10] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=e9.21 [ 360.752698][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.752718][ T10] usb 3-1: Product: syz [ 360.752733][ T10] usb 3-1: Manufacturer: syz [ 360.752747][ T10] usb 3-1: SerialNumber: syz [ 361.094826][ T10] usb 3-1: USB disconnect, device number 16 [ 361.138471][T10799] vivid-008: disconnect [ 361.139306][T10798] vivid-008: reconnect [ 361.862750][ T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 362.035697][ T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 362.035732][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.035752][ T10] usb 2-1: Product: syz [ 362.035766][ T10] usb 2-1: Manufacturer: syz [ 362.035780][ T10] usb 2-1: SerialNumber: syz [ 362.098047][ T10] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 362.382792][ T990] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 363.231280][T10836] program syz.2.2135 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 363.241577][T10834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 363.245335][T10834] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 363.495974][T10841] input: syz0 as /devices/virtual/input/input16 [ 363.540961][ T990] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 363.573254][ T990] ath9k_htc: Failed to initialize the device [ 363.740700][ T990] usb 2-1: ath9k_htc: USB layer deinitialized [ 363.785181][ T5916] usb 2-1: USB disconnect, device number 23 [ 363.980540][T10850] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2140'. [ 364.050196][T10854] tipc: Started in network mode [ 364.050228][T10854] tipc: Node identity ac14140f, cluster identity 4711 [ 364.089935][T10854] tipc: New replicast peer: 255.255.255.255 [ 364.126292][T10854] tipc: Enabled bearer , priority 10 [ 364.128397][T10854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2142'. [ 364.128422][T10854] tipc: Disabling bearer [ 364.532288][ T5924] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 364.692485][ T5924] usb 3-1: Using ep0 maxpacket: 32 [ 364.697960][ T5924] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 364.697989][ T5924] usb 3-1: config 0 has no interface number 0 [ 364.707853][ T5924] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 364.707882][ T5924] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.707900][ T5924] usb 3-1: Product: syz [ 364.707913][ T5924] usb 3-1: Manufacturer: syz [ 364.707925][ T5924] usb 3-1: SerialNumber: syz [ 364.738920][ T5924] usb 3-1: config 0 descriptor?? [ 364.752484][ T5924] quatech2 3-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected [ 365.033164][ T5924] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 365.070318][ T5924] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 365.414909][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 365.416788][ T6034] usb 3-1: USB disconnect, device number 17 [ 365.448018][ T6034] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 365.489418][ T6034] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 365.490264][ T6034] quatech2 3-1:0.1: device disconnected [ 365.557665][T10881] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2153'. [ 365.762465][ T5924] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 365.915565][ T5924] usb 4-1: Using ep0 maxpacket: 16 [ 365.921748][ T5924] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 365.921782][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.921803][ T5924] usb 4-1: Product: syz [ 365.921818][ T5924] usb 4-1: Manufacturer: syz [ 365.921832][ T5924] usb 4-1: SerialNumber: syz [ 365.938652][ T5924] usb 4-1: config 0 descriptor?? [ 365.963833][ T5924] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 366.193645][ T5924] gp8psk: usb in 128 operation failed. [ 366.202584][ T5924] gp8psk: usb in 137 operation failed. [ 366.202605][ T5924] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 366.204189][ T5924] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 366.204290][ T5924] usb 4-1: media controller created [ 366.417733][T10891] support for cryptoloop has been removed. Use dm-crypt instead. [ 366.434229][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 366.585567][ T5924] gp8psk_fe: Frontend revision 1 attached [ 366.599601][ T5924] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 366.634203][ T5924] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 367.187863][ T5924] gp8psk: usb in 137 operation failed. [ 367.187887][ T5924] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 367.187900][ T5924] gp8psk: found Genpix USB device pID = 201 (hex) [ 367.205962][ T5924] usb 4-1: USB disconnect, device number 19 [ 367.262658][ T990] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 367.427854][ T990] usb 1-1: config 0 has an invalid interface number: 217 but max is 0 [ 367.427884][ T990] usb 1-1: config 0 has no interface number 0 [ 367.431724][ T990] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 367.431751][ T990] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.431769][ T990] usb 1-1: Product: syz [ 367.431782][ T990] usb 1-1: Manufacturer: syz [ 367.431796][ T990] usb 1-1: SerialNumber: syz [ 367.548577][ T990] usb 1-1: config 0 descriptor?? [ 367.557554][ T990] hub 1-1:0.217: bad descriptor, ignoring hub [ 367.557601][ T990] hub 1-1:0.217: probe with driver hub failed with error -5 [ 367.771119][ T5924] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 367.815805][ T990] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 367.870102][ T990] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 367.881998][ T990] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 367.882068][ T990] usb 1-1: media controller created [ 367.941321][ T990] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 368.073714][ T37] audit: type=1326 audit(1758661184.872:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.073783][ T37] audit: type=1326 audit(1758661184.872:1098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123270][ T37] audit: type=1326 audit(1758661184.912:1099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123324][ T37] audit: type=1326 audit(1758661184.912:1100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123368][ T37] audit: type=1326 audit(1758661184.912:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123409][ T37] audit: type=1326 audit(1758661184.922:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123449][ T37] audit: type=1326 audit(1758661184.922:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.123489][ T37] audit: type=1326 audit(1758661184.922:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.132344][ T37] audit: type=1326 audit(1758661184.922:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.132399][ T37] audit: type=1326 audit(1758661184.922:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10921 comm="syz.3.2173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 368.185688][ T990] DVB: Unable to find symbol dib7000p_attach() [ 368.185707][ T990] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 368.403859][ T990] rc_core: IR keymap rc-dib0700-rc5 not found [ 368.403884][ T990] Registered IR keymap rc-empty [ 368.404241][ T990] dvb-usb: could not initialize remote control. [ 368.404251][ T990] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 368.411366][ T990] usb 1-1: USB disconnect, device number 25 [ 368.561494][ T990] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 369.472568][ T5924] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 369.622597][ T5924] usb 2-1: Using ep0 maxpacket: 8 [ 369.626154][ T5924] usb 2-1: unable to get BOS descriptor or descriptor too short [ 369.627967][ T5924] usb 2-1: config 4 interface 0 has no altsetting 0 [ 369.637108][ T5924] usb 2-1: string descriptor 0 read error: -22 [ 369.637268][ T5924] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 369.637290][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.698125][ T5924] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 369.797337][ T5924] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 369.797942][ T5924] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 369.798010][ T5924] usb 2-1: media controller created [ 369.968986][ T5924] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 371.073352][ T5924] zl10353_read_register: readreg error (reg=127, ret==0) [ 371.270262][ T5924] usb 2-1: USB disconnect, device number 24 [ 372.035693][T10999] binder: 10997:10999 ioctl 40046205 0 returned -22 [ 372.473011][T11008] input: syz1 as /devices/virtual/input/input18 [ 372.977233][T11026] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 373.328193][T11040] netlink: 'syz.4.2227': attribute type 9 has an invalid length. [ 373.328218][T11040] netlink: 211988 bytes leftover after parsing attributes in process `syz.4.2227'. [ 373.384189][ T6034] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 373.548592][ T6034] usb 4-1: Using ep0 maxpacket: 32 [ 373.556557][ T6034] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 373.556587][ T6034] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.578509][ T6034] usb 4-1: config 0 descriptor?? [ 373.831427][ T6034] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 373.845749][ T6034] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 373.853274][ T6034] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 373.853471][ T6034] usb 4-1: media controller created [ 373.929129][ T6034] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 374.060515][ T6034] az6027: usb out operation failed. (-71) [ 374.065664][ T6034] az6027: usb out operation failed. (-71) [ 374.065682][ T6034] stb0899_attach: Driver disabled by Kconfig [ 374.065691][ T6034] az6027: no front-end attached [ 374.065691][ T6034] [ 374.072232][ T6034] az6027: usb out operation failed. (-71) [ 374.072248][ T6034] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 374.075333][ T6034] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19 [ 374.133139][ T6034] dvb-usb: schedule remote query interval to 400 msecs. [ 374.133171][ T6034] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 374.142703][ T6034] usb 4-1: USB disconnect, device number 20 [ 374.168302][ C1] vcan0: j1939_tp_rxtimer: 0xffff888030824c00: rx timeout, send abort [ 374.172817][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888030824c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 374.505776][ T6034] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 375.658204][T11091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2248'. [ 376.892394][ T5928] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 377.045051][ T5928] usb 3-1: Using ep0 maxpacket: 16 [ 377.047628][ T5928] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 377.047654][ T5928] usb 3-1: config 0 has no interface number 0 [ 377.047698][ T5928] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.047725][ T5928] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.047767][ T5928] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 377.047789][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.053787][ T5928] usb 3-1: config 0 descriptor?? [ 377.062274][ T5924] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 377.085695][T11124] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2263'. [ 377.245329][ T5924] usb 2-1: Using ep0 maxpacket: 16 [ 377.252588][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.252625][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.252648][ T5924] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 377.252747][ T5924] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 377.252770][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.301448][ T5924] usb 2-1: config 0 descriptor?? [ 377.706022][ T5928] uclogic 0003:28BD:0071.0012: pen parameters not found [ 377.706117][ T5928] uclogic 0003:28BD:0071.0012: interface is invalid, ignoring [ 377.747327][ T5924] HID 045e:07da: Invalid code 65791 type 1 [ 377.747693][ T5924] HID 045e:07da: Invalid code 768 type 1 [ 377.747711][ T5924] HID 045e:07da: Invalid code 769 type 1 [ 377.747725][ T5924] HID 045e:07da: Invalid code 770 type 1 [ 377.747739][ T5924] HID 045e:07da: Invalid code 771 type 1 [ 377.747752][ T5924] HID 045e:07da: Invalid code 772 type 1 [ 377.747764][ T5924] HID 045e:07da: Invalid code 773 type 1 [ 377.747777][ T5924] HID 045e:07da: Invalid code 774 type 1 [ 377.747789][ T5924] HID 045e:07da: Invalid code 775 type 1 [ 377.747803][ T5924] HID 045e:07da: Invalid code 776 type 1 [ 377.767336][ T5924] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0013/input/input20 [ 377.835521][ T5924] microsoft 0003:045E:07DA.0013: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 377.909126][ T5924] usb 3-1: USB disconnect, device number 18 [ 378.026021][ T6034] usb 2-1: USB disconnect, device number 25 [ 378.242959][ T10] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 378.426483][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 378.426520][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 378.426566][ T10] usb 5-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00 [ 378.426591][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.485182][ T10] usb 5-1: config 0 descriptor?? [ 378.486252][T11136] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 378.542372][ T6024] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 378.661861][ T31] hid-generic 0005:16C0:05DF.0014: item fetching failed at offset 0/1 [ 378.665237][ T31] hid-generic 0005:16C0:05DF.0014: probe with driver hid-generic failed with error -22 [ 378.712371][ T6024] usb 1-1: Using ep0 maxpacket: 8 [ 378.718943][ T6024] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 378.719221][ T6024] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.776041][T11150] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2275'. [ 378.776067][T11150] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2275'. [ 378.776086][T11150] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2275'. [ 378.776151][T11150] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2275'. [ 378.834070][ T6024] pvrusb2: Hardware description: Terratec Grabster AV400 [ 378.834092][ T6024] pvrusb2: ********** [ 378.834099][ T6024] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 378.834183][ T6024] pvrusb2: Important functionality might not be entirely working. [ 378.834194][ T6024] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 378.834206][ T6024] pvrusb2: ********** [ 378.896515][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.897970][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.945145][ T10] glorious 0003:22D4:1503.0015: item fetching failed at offset 5/7 [ 378.948068][ T10] glorious 0003:22D4:1503.0015: probe with driver glorious failed with error -22 [ 379.009930][ T2363] pvrusb2: Invalid write control endpoint [ 379.125493][ T6024] usb 5-1: USB disconnect, device number 15 [ 379.143795][ T2363] pvrusb2: Invalid write control endpoint [ 379.143811][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 379.143820][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 379.143829][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 379.143839][ T2363] pvrusb2: Device being rendered inoperable [ 379.143870][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 379.143929][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 379.145052][ T2363] pvrusb2: Attached sub-driver cx25840 [ 379.145072][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 379.145083][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 379.238314][T11143] pvrusb2: Killing an I2C write to 1 that is too large (desired=8192 limit=61) [ 379.240193][ T10] usb 1-1: USB disconnect, device number 26 [ 379.592637][T11164] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2282'. [ 379.625410][T11165] tap0: tun_chr_ioctl cmd 1074025675 [ 379.625436][T11165] tap0: persist disabled [ 380.029845][T11178] loop9: detected capacity change from 0 to 8 [ 380.047051][T11178] Dev loop9: unable to read RDB block 8 [ 380.047101][T11178] loop9: unable to read partition table [ 380.047371][T11178] loop9: partition table beyond EOD, truncated [ 380.047393][T11178] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 380.431792][T11191] syzkaller1: tun_chr_ioctl cmd 1074025676 [ 380.431817][T11191] syzkaller1: owner set to 778 [ 380.773513][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2298'. [ 381.473133][ T6024] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 381.635489][ T6024] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 381.635518][ T6024] usb 5-1: config 0 has no interfaces? [ 381.635550][ T6024] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 381.635572][ T6024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.678992][ T6024] usb 5-1: config 0 descriptor?? [ 381.897714][T11217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 381.898216][T11217] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 381.926297][ T5924] usb 5-1: USB disconnect, device number 16 [ 381.972378][T11231] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 382.439887][T11241] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2314'. [ 382.802396][ T5928] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 382.955506][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.955544][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.955586][ T5928] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 382.955611][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.975322][ T5928] usb 2-1: config 0 descriptor?? [ 383.419741][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419799][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419826][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419851][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419877][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419902][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.419927][ T5928] pyra 0003:1E7D:2CF6.0016: unknown main item tag 0x0 [ 383.445645][ T5928] pyra 0003:1E7D:2CF6.0016: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0 [ 383.762587][ T5916] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 383.819565][ T5928] pyra 0003:1E7D:2CF6.0016: couldn't init struct pyra_device [ 383.819626][ T5928] pyra 0003:1E7D:2CF6.0016: couldn't install mouse [ 383.828727][ T5928] pyra 0003:1E7D:2CF6.0016: probe with driver pyra failed with error -71 [ 383.862894][ T5928] usb 2-1: USB disconnect, device number 26 [ 383.938430][ T5916] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 383.938464][ T5916] usb 3-1: config 0 has no interface number 0 [ 383.945176][ T5916] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 383.945204][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.945221][ T5916] usb 3-1: Product: syz [ 383.945234][ T5916] usb 3-1: Manufacturer: syz [ 383.945246][ T5916] usb 3-1: SerialNumber: syz [ 383.971122][ T5916] usb 3-1: config 0 descriptor?? [ 384.424792][ T5916] usb 3-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 384.424824][ T5916] usb 3-1: Firmware version (0.0) predates our first public release. [ 384.424844][ T5916] usb 3-1: Please update to version 0.2 or newer [ 384.547887][T11280] netlink: 'syz.0.2330': attribute type 1 has an invalid length. [ 384.547915][T11280] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2330'. [ 384.657348][T11283] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2332'. [ 385.437253][ T5916] usb 3-1: USB disconnect, device number 19 [ 385.724352][T11304] veth0_to_team: entered promiscuous mode [ 385.942359][ T5928] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 386.098284][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 386.098319][ T5928] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 386.098344][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 386.098367][ T5928] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 386.098408][ T5928] usb 1-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 386.098431][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.108829][ T5928] usb 1-1: config 0 descriptor?? [ 386.162312][ T5916] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 386.320457][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 386.320562][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.320587][ T5916] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 386.320633][ T5916] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 386.320656][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.372463][ T5928] hdpvr 1-1:0.0: firmware version 0x0 dated [ 386.372486][ T5928] hdpvr 1-1:0.0: untested firmware, the driver might not work. [ 386.374678][ T5916] usb 3-1: config 0 descriptor?? [ 387.060165][ T5916] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 387.063733][ T5928] hdpvr 1-1:0.0: Could not setup controls [ 387.064522][ T5928] hdpvr 1-1:0.0: registering videodev failed [ 387.106960][ T5928] hdpvr 1-1:0.0: probe with driver hdpvr failed with error -71 [ 387.115919][ T5928] usb 1-1: USB disconnect, device number 27 [ 387.323073][ T5928] usb 3-1: USB disconnect, device number 20 [ 387.823307][T11349] smc: net device bond0 applied user defined pnetid SYZ0 [ 387.828237][T11349] smc: net device bond0 erased user defined pnetid SYZ0 [ 389.220899][T11382] netlink: 'syz.4.2374': attribute type 14 has an invalid length. [ 389.333328][T11384] net_ratelimit: 45 callbacks suppressed [ 389.333352][T11384] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 389.363013][ T5928] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 389.629008][T11395] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2381'. [ 390.082522][ T5916] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 391.148712][T11434] netlink: 212296 bytes leftover after parsing attributes in process `syz.0.2399'. [ 391.194651][T11435] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2398'. [ 392.912312][ T5924] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 393.065936][ T5924] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 393.065969][ T5924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.104040][ T5924] usb 4-1: config 0 descriptor?? [ 393.340931][ T5924] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 393.587528][ T5924] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 393.587555][ T5924] [drm] Initialized udl on minor 2 [ 393.662878][T11484] sp0: Synchronizing with TNC [ 393.677338][T11484] sp0: Found TNC [ 393.753538][ T5924] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 393.754016][ T5924] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 393.984783][ T5916] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 393.991119][ T31] usb 4-1: USB disconnect, device number 21 [ 393.994847][ T5916] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 393.995070][ T5916] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 396.782377][T11510] syz.2.2433 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 397.456629][T11556] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2452'. [ 398.231575][T11576] program syz.2.2461 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 398.572939][ T6024] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 398.738951][ T6024] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 398.738990][ T6024] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 398.739036][ T6024] usb 3-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00 [ 398.739058][ T6024] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.798375][ T6024] usb 3-1: config 0 descriptor?? [ 398.799737][T11579] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 399.254465][ T6024] glorious 0003:22D4:1503.0018: hidraw0: USB HID v0.00 Device [Glorious Model I] on usb-dummy_hcd.2-1/input0 [ 399.336771][T11598] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2472'. [ 399.447497][ T6024] usb 3-1: USB disconnect, device number 21 [ 399.842385][ T5916] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 399.925998][T11620] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2481'. [ 399.995356][ T5916] usb 4-1: Using ep0 maxpacket: 8 [ 399.998282][ T5916] usb 4-1: config 3 has an invalid interface number: 45 but max is 0 [ 399.998312][ T5916] usb 4-1: config 3 contains an unexpected descriptor of type 0x1, skipping [ 399.998330][ T5916] usb 4-1: config 3 has no interface number 0 [ 399.998384][ T5916] usb 4-1: config 3 interface 45 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 399.998517][ T5916] usb 4-1: config 3 interface 45 has no altsetting 0 [ 400.003118][ T5916] usb 4-1: New USB device found, idVendor=0582, idProduct=e6ca, bcdDevice=d3.0b [ 400.003156][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.003174][ T5916] usb 4-1: Product: syz [ 400.003186][ T5916] usb 4-1: Manufacturer: syz [ 400.003199][ T5916] usb 4-1: SerialNumber: syz [ 400.410204][ T5916] usb 4-1: USB disconnect, device number 22 [ 401.493879][T11663] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2494'. [ 402.737805][T11699] netlink: 84 bytes leftover after parsing attributes in process `syz.0.2510'. [ 402.823474][T11701] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2511'. [ 403.323681][ T5924] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 403.712421][ T6024] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 403.882008][ T6024] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 403.882039][ T6024] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.882057][ T6024] usb 3-1: Product: syz [ 403.905436][ T6024] usb 3-1: Manufacturer: syz [ 403.905460][ T6024] usb 3-1: SerialNumber: syz [ 403.944624][ T6024] usb 3-1: config 0 descriptor?? [ 404.238497][ T6024] usb 3-1: USB disconnect, device number 22 [ 404.762814][T11748] program syz.3.2530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 405.632427][ T6034] usb 1-1: new low-speed USB device number 28 using dummy_hcd [ 405.744214][T11776] lo: entered allmulticast mode [ 405.754449][T11776] tunl0: entered allmulticast mode [ 405.781636][T11776] gre0: entered allmulticast mode [ 405.807019][ T6034] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 405.807052][ T6034] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.836817][ T6034] usb 1-1: config 0 descriptor?? [ 405.864384][T11776] gretap0: entered allmulticast mode [ 405.957954][T11776] erspan0: entered allmulticast mode [ 405.997057][T11776] ip_vti0: entered allmulticast mode [ 406.038558][T11776] ip6_vti0: entered allmulticast mode [ 406.062861][T11776] sit0: entered allmulticast mode [ 406.100553][T11776] ip6tnl0: entered allmulticast mode [ 406.109434][T11776] ip6gre0: entered allmulticast mode [ 406.180950][T11776] syz_tun: entered allmulticast mode [ 406.199849][ T5839] Bluetooth: hci3: unexpected event for opcode 0x2042 [ 406.254490][T11776] ip6gretap0: entered allmulticast mode [ 406.285673][T11776] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.289267][T11776] bridge0: port 1(bridge_slave_0) entered disabled state [ 406.440483][T11773] debugfs: 'ptm0' already exists in 'caif_serial' [ 406.612822][T11776] bridge0: entered allmulticast mode [ 406.729129][T11776] vcan0: entered allmulticast mode [ 406.788086][T11776] bond0: entered allmulticast mode [ 406.788111][T11776] bond_slave_0: entered allmulticast mode [ 406.788136][T11776] bond_slave_1: entered allmulticast mode [ 406.853422][T11776] team0: entered allmulticast mode [ 406.853448][T11776] team_slave_0: entered allmulticast mode [ 406.853472][T11776] team_slave_1: entered allmulticast mode [ 406.899084][T11776] dummy0: entered allmulticast mode [ 406.981498][ T6034] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 406.981542][ T6034] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 406.992847][ T6034] asix 1-1:0.0: probe with driver asix failed with error -71 [ 407.022652][ T6034] usb 1-1: USB disconnect, device number 28 [ 407.028001][T11776] nlmon0: entered allmulticast mode [ 407.046645][T11776] caif0: entered allmulticast mode [ 407.047478][T11776] batadv0: entered allmulticast mode [ 407.069068][T11776] vxcan0: entered allmulticast mode [ 407.071677][T11776] vxcan1: entered allmulticast mode [ 407.093826][T11776] veth0: entered allmulticast mode [ 407.102012][T11776] veth1: entered allmulticast mode [ 407.282744][T11776] wg0: entered allmulticast mode [ 407.412584][T11776] wg1: entered allmulticast mode [ 407.562512][T11776] wg2: entered allmulticast mode [ 407.597527][T11776] veth0_to_bridge: entered allmulticast mode [ 407.671061][T11776] veth1_to_bridge: entered allmulticast mode [ 407.690981][T11807] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 407.716533][T11776] veth0_to_bond: entered allmulticast mode [ 407.758835][T11776] veth1_to_bond: entered allmulticast mode [ 407.794450][T11776] veth0_to_team: entered allmulticast mode [ 407.815036][T11776] veth1_to_team: entered allmulticast mode [ 407.841188][T11776] veth0_to_batadv: entered allmulticast mode [ 407.854570][T11776] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 407.855327][T11776] batadv_slave_0: entered allmulticast mode [ 407.892952][T11776] veth1_to_batadv: entered allmulticast mode [ 407.899214][T11776] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 407.899966][T11776] batadv_slave_1: entered allmulticast mode [ 407.925141][T11776] xfrm0: entered allmulticast mode [ 407.931456][T11776] veth0_to_hsr: entered allmulticast mode [ 408.025573][T11776] hsr_slave_0: entered allmulticast mode [ 408.055798][T11776] veth1_to_hsr: entered allmulticast mode [ 408.136976][T11776] hsr_slave_1: entered allmulticast mode [ 408.207043][T11776] hsr0: entered allmulticast mode [ 408.269171][T11776] veth1_virt_wifi: entered allmulticast mode [ 408.335620][T11776] veth0_virt_wifi: entered allmulticast mode [ 408.356717][T11776] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 408.365758][T11776] veth1_vlan: entered allmulticast mode [ 408.390437][T11776] veth0_vlan: entered allmulticast mode [ 408.439267][T11776] vlan0: entered allmulticast mode [ 408.440843][T11776] vlan1: entered allmulticast mode [ 408.473373][T11776] macvlan0: entered allmulticast mode [ 408.551901][T11776] macvlan1: entered allmulticast mode [ 408.600155][T11776] ipvlan0: entered allmulticast mode [ 408.600459][T11776] ipvlan1: entered allmulticast mode [ 408.607674][T11776] veth1_macvtap: entered allmulticast mode [ 408.742318][T11776] macvtap0: entered allmulticast mode [ 408.761520][T11776] macsec0: entered allmulticast mode [ 408.872659][T11776] geneve0: entered allmulticast mode [ 408.942486][T11776] geneve1: entered allmulticast mode [ 409.008999][T11776] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 409.112622][T11776] netdevsim netdevsim3 netdevsim1: entered allmulticast mode [ 409.212626][T11776] netdevsim netdevsim3 netdevsim2: entered allmulticast mode [ 409.283753][T11776] netdevsim netdevsim3 netdevsim3: entered allmulticast mode [ 409.437246][T11776] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 409.559394][T11828] misc userio: Can't change port type on an already running userio instance [ 409.577337][T11776] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode [ 409.598469][T11776] bond1: entered allmulticast mode [ 409.858915][ T57] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.126011][ T57] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.247420][ T5839] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 410.247558][ T5839] Bluetooth: hci3: Injecting HCI hardware error event [ 410.250854][ T5839] Bluetooth: hci3: hardware error 0x00 [ 410.297405][ T57] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.297474][ T57] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.003714][T11854] pimreg: tun_chr_ioctl cmd 1074025677 [ 411.003883][T11854] pimreg: linktype set to 6 [ 411.852641][T11809] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 412.002827][T11809] usb 1-1: Using ep0 maxpacket: 16 [ 412.005509][T11809] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 412.005544][T11809] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 412.009312][T11809] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 412.009344][T11809] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.009366][T11809] usb 1-1: Product: syz [ 412.009380][T11809] usb 1-1: Manufacturer: syz [ 412.009395][T11809] usb 1-1: SerialNumber: syz [ 412.091136][T11809] usb 1-1: config 0 descriptor?? [ 412.108969][T11809] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 412.109008][T11809] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 412.322366][ T5839] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 412.418852][T11892] netlink: 'syz.4.2586': attribute type 1 has an invalid length. [ 412.418948][T11892] netlink: 'syz.4.2586': attribute type 4 has an invalid length. [ 412.418964][T11892] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2586'. [ 412.418981][T11892] NCSI netlink: No device for ifindex 458760 [ 412.440663][T11891] tap0: tun_chr_ioctl cmd 2147767506 [ 412.739486][T11809] em28xx 1-1:0.0: chip ID is em28178 [ 412.958408][T11809] usb 1-1: USB disconnect, device number 29 [ 412.974661][T11809] em28xx 1-1:0.0: Disconnecting em28xx [ 413.013079][T11809] em28xx 1-1:0.0: Freeing device [ 413.276044][T11913] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2596'. [ 413.902393][T11809] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 414.032575][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 414.032594][ T37] audit: type=1326 audit(1758661230.822:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.032646][ T37] audit: type=1326 audit(1758661230.832:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.038741][ T37] audit: type=1326 audit(1758661230.832:1111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.039076][ T37] audit: type=1326 audit(1758661230.832:1112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.039655][ T37] audit: type=1326 audit(1758661230.832:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.042301][ T37] audit: type=1326 audit(1758661230.832:1114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.052381][T11809] usb 5-1: Using ep0 maxpacket: 16 [ 414.055852][T11809] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 414.055907][T11809] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 414.055932][T11809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.062371][T11788] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 414.098169][ T37] audit: type=1326 audit(1758661230.892:1115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11931 comm="syz.3.2605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbaef3ceec9 code=0x7ffc0000 [ 414.222235][T11788] usb 2-1: Using ep0 maxpacket: 32 [ 414.224838][T11788] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 414.224957][T11788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.236219][T11788] usb 2-1: config 0 descriptor?? [ 414.294853][T11809] usb 5-1: config 0 descriptor?? [ 414.486032][T11788] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 414.500714][T11788] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 414.505625][T11788] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 414.505686][T11788] usb 2-1: media controller created [ 414.648347][T11788] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 414.730220][T11788] az6027: usb out operation failed. (-71) [ 414.730679][T11788] az6027: usb out operation failed. (-71) [ 414.730694][T11788] stb0899_attach: Driver disabled by Kconfig [ 414.730705][T11788] az6027: no front-end attached [ 414.730705][T11788] [ 414.731153][T11788] az6027: usb out operation failed. (-71) [ 414.731168][T11788] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 414.738139][T11788] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input23 [ 414.750887][T11788] dvb-usb: schedule remote query interval to 400 msecs. [ 414.750914][T11788] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 414.762654][T11788] usb 2-1: USB disconnect, device number 27 [ 414.826547][T11809] creative-sb0540 0003:041E:3100.0019: unknown main item tag 0x0 [ 414.826583][T11809] creative-sb0540 0003:041E:3100.0019: item fetching failed at offset 3/5 [ 414.827473][T11809] creative-sb0540 0003:041E:3100.0019: parse failed [ 414.827592][T11809] creative-sb0540 0003:041E:3100.0019: probe with driver creative-sb0540 failed with error -22 [ 414.946507][T11809] usb 5-1: USB disconnect, device number 17 [ 415.116574][T11788] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 415.694495][T11955] netlink: 312 bytes leftover after parsing attributes in process `syz.4.2614'. [ 416.232813][T11974] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2624'. [ 416.232843][T11974] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2624'. [ 416.976404][T11978] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 416.976696][T11978] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 417.002171][T11978] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 417.003573][T11978] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 417.079217][T11978] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 417.147691][T11978] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 417.887775][T12009] bond0: entered promiscuous mode [ 417.887801][T12009] bond_slave_0: entered promiscuous mode [ 417.888109][T12009] bond_slave_1: entered promiscuous mode [ 417.917697][T12009] dummy0: entered promiscuous mode [ 417.922494][T12009] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network [ 417.922518][T12009] hsr1: Slave B (dummy0) is not up; please bring it up to get a fully working HSR network [ 417.923186][T12009] hsr1: entered promiscuous mode [ 417.923224][T12009] hsr1: entered allmulticast mode [ 418.074186][T12016] netlink: 'syz.2.2639': attribute type 2 has an invalid length. [ 418.562229][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 418.671599][T12033] netlink: 'syz.3.2647': attribute type 83 has an invalid length. [ 419.042340][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 419.042447][ T5158] Bluetooth: hci4: command 0x0c1a tx timeout [ 419.572423][T12055] nbd1: detected capacity change from 0 to 127 [ 419.573797][ T5839] block nbd1: Receive control failed (result -32) [ 419.686626][T12060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2659'. [ 421.122479][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 421.122519][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 421.616142][T12107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2681'. [ 422.372330][T11790] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 422.522461][T11790] usb 3-1: Using ep0 maxpacket: 8 [ 422.525256][T11790] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 422.525287][T11790] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.526205][T12139] overlay: filesystem on ./file0 is read-only [ 422.561424][T11790] pvrusb2: Hardware description: Terratec Grabster AV400 [ 422.561442][T11790] pvrusb2: ********** [ 422.561448][T11790] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 422.561459][T11790] pvrusb2: Important functionality might not be entirely working. [ 422.561467][T11790] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 422.561476][T11790] pvrusb2: ********** [ 422.670055][ T5928] kernel write not supported for file /media1 (pid: 5928 comm: kworker/1:6) [ 422.780854][ T2363] pvrusb2: Invalid write control endpoint [ 422.947067][ T2363] pvrusb2: Invalid write control endpoint [ 422.947085][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 422.947095][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 422.947104][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 422.947115][ T2363] pvrusb2: Device being rendered inoperable [ 422.948592][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 422.948675][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 422.949864][ T2363] pvrusb2: Attached sub-driver cx25840 [ 422.949874][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 422.949884][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 423.009155][T12125] pvrusb2: Attempted to execute control transfer when device not ok [ 423.010959][ T5928] usb 3-1: USB disconnect, device number 23 [ 423.204450][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 423.358768][T12162] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2706'. [ 423.739473][T12172] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 424.302780][ T6024] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 424.477126][ T6024] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 424.477159][ T6024] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.485662][ T6024] usb 3-1: config 0 descriptor?? [ 424.516820][ T6024] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 424.781373][ T6024] gspca_cpia1: usb_control_msg 05, error -71 [ 424.781854][ T6024] gspca_cpia1: usb_control_msg 01, error -71 [ 424.781869][ T6024] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 424.801819][ T6024] usb 3-1: USB disconnect, device number 24 [ 425.282457][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 427.313017][T12252] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 427.551267][T12255] vxcan3: entered allmulticast mode [ 428.866039][T12285] syzkaller0: tun_chr_ioctl cmd 1074812118 [ 429.488837][T12296] dvmrp0: tun_chr_ioctl cmd 2148553947 [ 430.133994][T12307] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2772'. [ 430.424139][T11789] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 430.458696][T12313] 8021q: adding VLAN 0 to HW filter on device bond2 [ 430.462521][T12313] bond2: entered promiscuous mode [ 430.462711][T12313] bond2: entered allmulticast mode [ 430.463500][T12313] bond0: (slave bond2): Enslaving as an active interface with an up link [ 430.463666][T12316] netlink: 'syz.4.2776': attribute type 1 has an invalid length. [ 430.463681][T12316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2776'. [ 430.463793][T12316] bridge0: port 1(bridge_slave_0) entered disabled state [ 430.572272][T11789] usb 2-1: Using ep0 maxpacket: 32 [ 430.575069][T11789] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 430.575098][T11789] usb 2-1: config 0 has no interface number 0 [ 430.578663][T11789] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 430.578691][T11789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.578711][T11789] usb 2-1: Product: syz [ 430.578725][T11789] usb 2-1: Manufacturer: syz [ 430.578741][T11789] usb 2-1: SerialNumber: syz [ 430.594873][T11789] usb 2-1: config 0 descriptor?? [ 430.853158][T11789] radio-si470x 2-1:0.35: this is not a si470x device. [ 430.893511][T11789] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 431.099009][T11789] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 431.318050][T11809] usb 2-1: USB disconnect, device number 28 [ 431.320791][T11809] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 431.606566][T12336] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2782'. [ 431.824825][T11813] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 431.978565][T11813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 245, setting to 64 [ 431.978620][T11813] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 431.978642][T11813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.018963][T11813] usb 4-1: config 0 descriptor?? [ 432.229678][T11813] ath6kl: Failed to submit usb control message: -71 [ 432.229742][T11813] ath6kl: unable to send the bmi data to the device: -71 [ 432.229757][T11813] ath6kl: Unable to send get target info: -71 [ 432.285428][T11813] ath6kl: Failed to init ath6kl core: -71 [ 432.287398][T11813] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 432.327676][T11813] usb 4-1: USB disconnect, device number 24 [ 433.048097][T12349] pimreg: entered allmulticast mode [ 434.172839][T12380] bridge0: port 1(bridge_slave_0) entered disabled state [ 434.192586][T12385] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2805'. [ 434.444393][T12392] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2808'. [ 434.625454][T12399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2811'. [ 434.625490][T12399] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2811'. [ 434.671299][T12399] ip6gretap1: entered allmulticast mode [ 435.112557][T12412] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2818'. [ 436.121362][T12445] syzkaller1: tun_chr_ioctl cmd 1074025678 [ 436.121386][T12445] syzkaller1: group set to 0 [ 438.465151][ T5928] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 438.612230][ T5928] usb 5-1: Using ep0 maxpacket: 8 [ 438.614944][ T5928] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 438.616620][ T5928] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 438.616647][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 438.616668][ T5928] usb 5-1: SerialNumber: syz [ 438.621869][ T5928] usb 5-1: config 0 descriptor?? [ 438.677548][ T5928] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 438.702484][ T5928] usb 5-1: Failed to create links for entity 255 [ 438.702511][ T5928] usb 5-1: Failed to register entities (-22). [ 438.920788][ T5928] usb 5-1: USB disconnect, device number 18 [ 439.004814][ T37] audit: type=1326 audit(1758661255.802:1116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12527 comm="syz.1.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 439.005104][ T37] audit: type=1326 audit(1758661255.802:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12527 comm="syz.1.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 439.006120][ T37] audit: type=1326 audit(1758661255.802:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12527 comm="syz.1.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 439.006397][ T37] audit: type=1326 audit(1758661255.802:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12527 comm="syz.1.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 439.007096][ T37] audit: type=1326 audit(1758661255.802:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12527 comm="syz.1.2870" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 439.657951][T12546] netlink: 27 bytes leftover after parsing attributes in process `syz.3.2878'. [ 440.333877][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.333956][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.682304][ T6024] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 440.845225][ T6024] usb 2-1: Using ep0 maxpacket: 16 [ 440.851317][ T6024] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 440.851350][ T6024] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 440.851371][ T6024] usb 2-1: Product: syz [ 440.851385][ T6024] usb 2-1: Manufacturer: syz [ 440.851398][ T6024] usb 2-1: SerialNumber: syz [ 440.862288][T11813] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 440.878867][ T6024] usb 2-1: config 0 descriptor?? [ 441.014539][T11813] usb 1-1: Using ep0 maxpacket: 16 [ 441.017096][T11813] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 441.017130][T11813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 441.020930][T11813] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 441.020957][T11813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.020977][T11813] usb 1-1: Product: syz [ 441.020991][T11813] usb 1-1: Manufacturer: syz [ 441.021005][T11813] usb 1-1: SerialNumber: syz [ 441.041581][T11813] usb 1-1: config 0 descriptor?? [ 441.056666][T11813] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 441.056699][T11813] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 441.225262][ T6024] usb 2-1: USB disconnect, device number 29 [ 441.704949][T11813] em28xx 1-1:0.0: chip ID is em2710 [ 441.906864][T11813] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 441.907493][T11813] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 441.907513][T11813] em28xx 1-1:0.0: No AC97 audio processor [ 441.936538][T11813] usb 1-1: USB disconnect, device number 30 [ 441.944116][T11813] em28xx 1-1:0.0: Disconnecting em28xx [ 441.961270][T11813] em28xx 1-1:0.0: Freeing device [ 442.917320][T12616] input: syz1 as /devices/virtual/input/input27 [ 443.704734][T12643] Invalid ELF header magic: != ELF [ 443.782357][ T5928] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 443.958598][ T5928] usb 2-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 443.958631][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.958652][ T5928] usb 2-1: Product: syz [ 443.958666][ T5928] usb 2-1: Manufacturer: syz [ 443.958680][ T5928] usb 2-1: SerialNumber: syz [ 443.987679][ T5928] r8152-cfgselector 2-1: Unknown version 0x0000 [ 443.987705][ T5928] r8152-cfgselector 2-1: config 0 descriptor?? [ 444.352492][ T5928] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 444.433065][T11788] r8152-cfgselector 2-1: USB disconnect, device number 30 [ 444.506756][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 444.506813][ T5928] usb 4-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 444.506839][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.515867][ T5928] usb 4-1: config 0 descriptor?? [ 444.847227][T12664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2933'. [ 444.985083][ T5928] uclogic 0003:2179:0077.001A: interface is invalid, ignoring [ 445.154535][T11813] usb 4-1: USB disconnect, device number 25 [ 446.482319][ T5928] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 446.852371][ T5928] usb 3-1: Using ep0 maxpacket: 32 [ 446.854865][ T5928] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 446.854893][ T5928] usb 3-1: config 0 has no interface number 0 [ 446.854951][ T5928] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 446.854979][ T5928] usb 3-1: config 0 interface 196 has no altsetting 0 [ 446.858279][ T5928] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 446.858317][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.858337][ T5928] usb 3-1: Product: syz [ 446.858351][ T5928] usb 3-1: Manufacturer: syz [ 446.858366][ T5928] usb 3-1: SerialNumber: syz [ 446.870465][ T5928] usb 3-1: config 0 descriptor?? [ 446.873685][T12696] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 447.151741][T12713] netlink: 'syz.1.2955': attribute type 7 has an invalid length. [ 447.151765][T12713] netlink: 'syz.1.2955': attribute type 8 has an invalid length. [ 447.151778][T12713] netlink: 'syz.1.2955': attribute type 4 has an invalid length. [ 447.151791][T12713] netlink: 212 bytes leftover after parsing attributes in process `syz.1.2955'. [ 447.248356][T12716] openvswitch: netlink: Multiple metadata blocks provided [ 447.561979][ T5928] ipheth 3-1:0.196: ipheth_enable_ncm: usb_control_msg: -71 [ 447.616884][ T5928] ipheth 3-1:0.196: Apple iPhone USB Ethernet device attached [ 447.640582][ T5928] usb 3-1: USB disconnect, device number 25 [ 447.933433][ T5928] ipheth 3-1:0.196: Apple iPhone USB Ethernet now disconnected [ 448.903943][ T37] audit: type=1326 audit(1758661265.702:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.904366][ T37] audit: type=1326 audit(1758661265.702:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.904745][ T37] audit: type=1326 audit(1758661265.702:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.913524][ T37] audit: type=1326 audit(1758661265.712:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.964603][ T37] audit: type=1326 audit(1758661265.762:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.966088][ T37] audit: type=1326 audit(1758661265.762:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.967873][ T37] audit: type=1326 audit(1758661265.762:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.971066][ T37] audit: type=1326 audit(1758661265.762:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.988197][ T37] audit: type=1326 audit(1758661265.782:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 448.989557][ T37] audit: type=1326 audit(1758661265.782:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12749 comm="syz.1.2971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ef53af79 code=0x7ffc0000 [ 449.158807][T12755] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2972'. [ 450.197296][T12769] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2979'. [ 450.461310][T12777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2983'. [ 450.493352][T12777] veth1_macvtap: left promiscuous mode [ 450.604987][T11789] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 450.762314][T11789] usb 4-1: Using ep0 maxpacket: 16 [ 450.764968][T11789] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 450.765023][T11789] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 450.765046][T11789] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.771835][T11789] usb 4-1: config 0 descriptor?? [ 450.787874][T11789] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input28 [ 451.013058][ T5194] bcm5974 4-1:0.0: could not read from device [ 451.050463][T11789] bcm5974 4-1:0.0: could not read from device [ 451.106144][ T5194] bcm5974 4-1:0.0: could not read from device [ 451.188062][T11789] input: failed to attach handler mousedev to device input28, error: -5 [ 451.201150][ T5194] bcm5974 4-1:0.0: could not read from device [ 451.208209][T11789] usb 4-1: USB disconnect, device number 26 [ 451.365924][T12789] cgroup: fork rejected by pids controller in /syz2 [ 452.735934][T13094] netlink: 165 bytes leftover after parsing attributes in process `syz.4.3006'. [ 453.292260][T11788] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 453.466208][T11788] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 453.466243][T11788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.466272][T11788] usb 2-1: Product: syz [ 453.466287][T11788] usb 2-1: Manufacturer: syz [ 453.466301][T11788] usb 2-1: SerialNumber: syz [ 454.227659][T11788] (unnamed net_device) (uninitialized): Assigned a random MAC address: 2e:8f:e2:3c:42:f2 [ 454.324273][T11788] rtl8150 2-1:1.0: eth1: rtl8150 is detected [ 454.452182][T11788] usb 2-1: USB disconnect, device number 31 [ 456.512287][T11789] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 456.665142][T11789] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 456.665188][T11789] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 456.665235][T11789] usb 3-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 456.665259][T11789] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.675891][T11789] usb 3-1: config 0 descriptor?? [ 456.722514][ T6024] usb 2-1: new full-speed USB device number 32 using dummy_hcd [ 456.875349][ T6024] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 456.875378][ T6024] usb 2-1: config 0 has no interfaces? [ 456.875524][ T6024] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 456.875549][ T6024] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.918035][ T6024] usb 2-1: config 0 descriptor?? [ 457.126324][ T6024] usb 2-1: USB disconnect, device number 32 [ 457.163674][T11789] hid-led 0003:1294:1320.001B: item fetching failed at offset 0/3 [ 457.164772][T11789] hid-led 0003:1294:1320.001B: probe with driver hid-led failed with error -22 [ 457.375592][T11789] usb 3-1: USB disconnect, device number 26 [ 457.842391][T11789] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 457.998588][T11789] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.998625][T11789] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.998666][T11789] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 457.998689][T11789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.018816][T11789] usb 5-1: config 0 descriptor?? [ 458.495008][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495049][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495076][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495101][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495127][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495162][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.495188][T11789] steelseries 0003:1038:12B6.001C: unknown main item tag 0x0 [ 458.516757][T11789] steelseries 0003:1038:12B6.001C: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.4-1/input0 [ 458.989306][ T6024] usb 5-1: USB disconnect, device number 19 [ 459.865354][ T37] kauditd_printk_skb: 552 callbacks suppressed [ 459.865375][ T37] audit: type=1326 audit(1758661276.662:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.865737][ T37] audit: type=1326 audit(1758661276.662:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.925498][ T37] audit: type=1326 audit(1758661276.722:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13246 comm="syz.4.3074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc0d371eec9 code=0x0 [ 459.925559][ T37] audit: type=1326 audit(1758661276.722:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.927784][ T37] audit: type=1326 audit(1758661276.722:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.938159][ T37] audit: type=1326 audit(1758661276.722:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.940620][ T37] audit: type=1326 audit(1758661276.732:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.940674][ T37] audit: type=1326 audit(1758661276.732:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.967204][ T37] audit: type=1326 audit(1758661276.762:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 459.967265][ T37] audit: type=1326 audit(1758661276.762:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13249 comm="syz.2.3075" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 461.275152][T13287] hugetlbfs: syz.0.3093 (13287): Using mlock ulimits for SHM_HUGETLB is obsolete [ 461.454595][T13291] kvm: user requested TSC rate below hardware speed [ 461.526412][T13295] netlink: 260 bytes leftover after parsing attributes in process `syz.0.3097'. [ 461.572322][ T5928] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 461.732031][ T5928] usb 4-1: unable to get BOS descriptor or descriptor too short [ 461.746696][ T5928] usb 4-1: config 6 has an invalid interface number: 158 but max is 0 [ 461.746724][ T5928] usb 4-1: config 6 has no interface number 0 [ 461.746774][ T5928] usb 4-1: config 6 interface 158 has no altsetting 0 [ 461.749878][ T5928] usb 4-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29 [ 461.749901][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.749920][ T5928] usb 4-1: Product: syz [ 461.749932][ T5928] usb 4-1: Manufacturer: syz [ 461.749945][ T5928] usb 4-1: SerialNumber: syz [ 462.590665][T13311] ./file0: Can't lookup blockdev [ 462.803319][ T5928] rtsx_usb 4-1:6.158: probe with driver rtsx_usb failed with error -71 [ 462.855432][ T5928] usb 4-1: USB disconnect, device number 27 [ 464.005127][ T5158] Bluetooth: hci1: command 0x0c1a tx timeout [ 464.417450][T13344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.490960][T13344] bond0: (slave rose0): Enslaving as an active interface with an up link [ 465.637156][T13376] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3126'. [ 465.947015][T13385] netlink: 'syz.3.3129': attribute type 3 has an invalid length. [ 466.575227][T13403] netlink: 'syz.1.3136': attribute type 1 has an invalid length. [ 466.575254][T13403] netlink: 'syz.1.3136': attribute type 1 has an invalid length. [ 466.575267][T13403] netlink: 160 bytes leftover after parsing attributes in process `syz.1.3136'. [ 466.575284][T13403] netlink: 'syz.1.3136': attribute type 1 has an invalid length. [ 466.575297][T13403] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3136'. [ 466.758827][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758870][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758894][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758918][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758943][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758967][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.758991][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.759015][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.759039][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.759063][T11813] hid-generic 0000:0000:0000.001D: unknown main item tag 0x0 [ 466.766387][T13407] UHID_CREATE from different security context by process 1492 (syz.0.3137), this is not allowed. [ 466.833347][T11813] hid-generic 0000:0000:0000.001D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 466.965373][T13411] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3138'. [ 468.162819][T11789] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 468.312350][T11789] usb 5-1: Using ep0 maxpacket: 8 [ 468.318857][T11789] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 468.318890][T11789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.318911][T11789] usb 5-1: Product: syz [ 468.318925][T11789] usb 5-1: Manufacturer: syz [ 468.318940][T11789] usb 5-1: SerialNumber: syz [ 468.378375][T11789] usb 5-1: config 0 descriptor?? [ 468.623282][T11789] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 469.237309][T11789] usb write operation failed. (-71) [ 469.257713][T11789] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 469.275882][T11789] dvbdev: DVB: registering new adapter (Terratec H7) [ 469.275952][T11789] usb 5-1: media controller created [ 469.295093][T11789] usb read operation failed. (-71) [ 469.308758][T11789] usb write operation failed. (-71) [ 469.326545][T11789] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 469.345600][T11789] usb 5-1: USB disconnect, device number 20 [ 469.466323][T13487] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3165'. [ 469.908732][T13497] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 470.398559][T13514] netlink: 'syz.2.3176': attribute type 1 has an invalid length. [ 470.792326][T11789] usb 2-1: new low-speed USB device number 33 using dummy_hcd [ 470.911499][T13529] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3184'. [ 470.920896][T13529] netlink: 'syz.2.3184': attribute type 12 has an invalid length. [ 470.920919][T13529] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3184'. [ 470.948419][T13531] netlink: 'syz.0.3185': attribute type 1 has an invalid length. [ 470.973834][T11789] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 470.973863][T11789] usb 2-1: config 8 has 0 interfaces, different from the descriptor's value: 1 [ 470.977602][T11789] usb 2-1: string descriptor 0 read error: -22 [ 470.977792][T11789] usb 2-1: New USB device found, idVendor=10c5, idProduct=b401, bcdDevice=10.1c [ 470.977816][T11789] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.247091][ T5928] usb 2-1: USB disconnect, device number 33 [ 471.328156][T13541] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3190'. [ 471.712277][ T5928] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 471.959667][ T5928] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 471.959704][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.965472][ T5928] usb 4-1: config 0 descriptor?? [ 471.997955][ T5928] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 472.396245][ T5928] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 472.452301][T11790] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 472.596216][ T5928] gspca_cpia1: usb_control_msg 01, error -32 [ 472.599562][ T5928] gspca_cpia1: usb_control_msg 01, error -71 [ 472.599587][ T5928] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 472.603481][T11790] usb 1-1: Using ep0 maxpacket: 32 [ 472.606053][T11790] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 472.606079][T11790] usb 1-1: config 0 has no interface number 0 [ 472.606128][T11790] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 472.606153][T11790] usb 1-1: config 0 interface 85 has no altsetting 0 [ 472.610407][T11790] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 472.610434][T11790] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.610451][T11790] usb 1-1: Product: syz [ 472.610464][T11790] usb 1-1: Manufacturer: syz [ 472.610477][T11790] usb 1-1: SerialNumber: syz [ 472.658722][T11790] usb 1-1: config 0 descriptor?? [ 472.689107][ T5928] usb 4-1: USB disconnect, device number 28 [ 473.322320][T11790] appletouch 1-1:0.85: Geyser mode initialized. [ 473.334125][T11790] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input29 [ 473.540118][T11790] usb 1-1: USB disconnect, device number 31 [ 473.544677][ T6024] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 473.660670][T13586] dvmrp1: tun_chr_ioctl cmd 1074025677 [ 473.660851][T13586] dvmrp1: linktype set to 823 [ 473.720342][ T6024] usb 2-1: config 0 has no interfaces? [ 473.739556][T11790] appletouch 1-1:0.85: input: appletouch disconnected [ 473.742751][ T6024] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 473.742781][ T6024] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.742799][ T6024] usb 2-1: Product: syz [ 473.742812][ T6024] usb 2-1: Manufacturer: syz [ 473.742824][ T6024] usb 2-1: SerialNumber: syz [ 473.803107][ T6024] usb 2-1: config 0 descriptor?? [ 474.034438][T11790] usb 2-1: USB disconnect, device number 34 [ 474.281159][T13594] netlink: 1036 bytes leftover after parsing attributes in process `syz.4.3214'. [ 474.281186][T13594] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 475.362363][T11790] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 475.512235][T11790] usb 2-1: Using ep0 maxpacket: 8 [ 475.515329][T11790] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 475.515361][T11790] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.543541][ T6024] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 475.592440][T11790] pvrusb2: Hardware description: Terratec Grabster AV400 [ 475.592462][T11790] pvrusb2: ********** [ 475.592469][T11790] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 475.592481][T11790] pvrusb2: Important functionality might not be entirely working. [ 475.592490][T11790] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 475.592503][T11790] pvrusb2: ********** [ 475.699853][ T6024] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 475.708760][ T6024] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 475.708795][ T6024] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.708814][ T6024] usb 3-1: Product: syz [ 475.708827][ T6024] usb 3-1: Manufacturer: syz [ 475.708840][ T6024] usb 3-1: SerialNumber: syz [ 475.822297][ T2363] pvrusb2: Invalid write control endpoint [ 475.910789][ T2363] pvrusb2: Invalid write control endpoint [ 475.910806][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 475.910817][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 475.910825][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 475.910836][ T2363] pvrusb2: Device being rendered inoperable [ 475.911142][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 475.911192][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 475.969657][ T2363] pvrusb2: Attached sub-driver cx25840 [ 475.969683][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 475.969692][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 476.026831][T13614] pvrusb2: Attempted to execute control transfer when device not ok [ 476.033233][ T5928] usb 2-1: USB disconnect, device number 35 [ 476.391151][T13651] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.3241'. [ 476.412564][T13652] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3239'. [ 476.414353][T13649] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3239'. [ 476.420060][T13649] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3239'. [ 476.480867][T13654] bridge0: port 3(ipvlan2) entered blocking state [ 476.481148][T13654] bridge0: port 3(ipvlan2) entered disabled state [ 476.481378][T13654] ipvlan2: entered allmulticast mode [ 476.521401][T13654] ipvlan2: left allmulticast mode [ 476.605074][ T6024] cdc_ncm 3-1:1.0: SET_CRC_MODE failed [ 476.605580][ T6024] cdc_ncm 3-1:1.0: SET_NTB_FORMAT failed [ 476.623569][ T6024] cdc_ncm 3-1:1.0: bind() failure [ 476.663593][ T6024] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 476.663650][ T6024] cdc_ncm 3-1:1.1: bind() failure [ 476.707449][ T6024] usb 3-1: USB disconnect, device number 27 [ 477.424815][T13679] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3253'. [ 477.655416][ T6024] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 477.806667][ T6024] usb 2-1: config 0 interface 0 altsetting 127 endpoint 0x81 has invalid wMaxPacketSize 0 [ 477.806709][ T6024] usb 2-1: config 0 interface 0 has no altsetting 0 [ 477.806746][ T6024] usb 2-1: New USB device found, idVendor=0b05, idProduct=1a30, bcdDevice= 0.00 [ 477.806771][ T6024] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.835123][ T6024] usb 2-1: config 0 descriptor?? [ 477.934013][T11813] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 478.112251][T11813] usb 1-1: Using ep0 maxpacket: 16 [ 478.121962][T11813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 478.121997][T11813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 478.125583][T11813] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 478.125676][T11813] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.171882][T11813] usb 1-1: config 0 descriptor?? [ 478.294905][ T6024] hid (null): unknown global tag 0xd [ 478.294953][ T6024] hid (null): invalid report_size 17387 [ 478.295552][ T6024] hid (null): report_id 2176741362 is invalid [ 478.295580][ T6024] hid (null): unknown global tag 0xc [ 478.295605][ T6024] hid (null): report_id 0 is invalid [ 478.459010][ T6024] hid_parser_main: 73 callbacks suppressed [ 478.459111][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459151][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459177][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459201][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459295][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459321][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459346][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459372][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459465][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.459490][ T6024] asus 0003:0B05:1A30.001E: unknown main item tag 0x0 [ 478.479754][ T6024] asus 0003:0B05:1A30.001E: collection stack underflow [ 478.479782][ T6024] asus 0003:0B05:1A30.001E: item 0 2 0 12 parsing failed [ 478.484791][ T6024] asus 0003:0B05:1A30.001E: Asus hid parse failed: -22 [ 478.485298][ T6024] asus 0003:0B05:1A30.001E: probe with driver asus failed with error -22 [ 478.531355][ T6024] usb 2-1: USB disconnect, device number 36 [ 478.692971][T11813] playstation 0003:054C:05C4.001F: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.0-1/input0 [ 478.853846][T11813] playstation 0003:054C:05C4.001F: Invalid byte count transferred, expected 16 got 0 [ 478.853878][T11813] playstation 0003:054C:05C4.001F: Failed to retrieve DualShock4 pairing info: -22 [ 478.853938][T11813] playstation 0003:054C:05C4.001F: Failed to get MAC address from DualShock4 [ 478.853955][T11813] playstation 0003:054C:05C4.001F: Failed to create dualshock4. [ 478.857151][T11813] playstation 0003:054C:05C4.001F: probe with driver playstation failed with error -22 [ 479.060533][ T6024] usb 1-1: USB disconnect, device number 32 [ 479.251815][T13706] block device autoloading is deprecated and will be removed. [ 479.362850][T13708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3267'. [ 481.706682][T13772] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 483.830267][T11813] kernel write not supported for file /amidi2 (pid: 11813 comm: kworker/0:14) [ 484.108056][T13838] loop7: detected capacity change from 0 to 7 [ 484.127864][T13838] Dev loop7: unable to read RDB block 7 [ 484.127901][T13838] loop7: AHDI p1 p2 [ 484.127936][T13838] loop7: partition table partially beyond EOD, truncated [ 484.128062][T13838] loop7: p1 start 1702000233 is beyond EOD, truncated [ 484.337379][T13844] overlayfs: conflicting lowerdir path [ 484.732259][T11813] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 484.882224][T11813] usb 4-1: Using ep0 maxpacket: 8 [ 484.891278][T11813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 484.891331][T11813] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 484.891355][T11813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.915941][T11813] usb 4-1: config 0 descriptor?? [ 485.155706][T11813] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 485.267279][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 485.267299][ T37] audit: type=1326 audit(1758661302.062:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.267350][ T37] audit: type=1326 audit(1758661302.062:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.284644][ T37] audit: type=1326 audit(1758661302.082:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.284698][ T37] audit: type=1326 audit(1758661302.082:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.284739][ T37] audit: type=1326 audit(1758661302.082:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.285800][ T37] audit: type=1326 audit(1758661302.082:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.293287][ T37] audit: type=1326 audit(1758661302.082:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.293340][ T37] audit: type=1326 audit(1758661302.092:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.300919][ T37] audit: type=1326 audit(1758661302.092:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 485.300970][ T37] audit: type=1326 audit(1758661302.092:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13871 comm="syz.1.3336" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ff00000 [ 485.415562][T11813] usb 4-1: USB disconnect, device number 29 [ 485.953939][T13879] libceph: resolve '0..' (ret=-3): failed [ 486.321346][T13884] netlink: 'syz.2.3341': attribute type 25 has an invalid length. [ 486.321369][T13884] netlink: 'syz.2.3341': attribute type 8 has an invalid length. [ 487.682292][ T57] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 488.540248][T13917] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3356'. [ 488.895702][T13924] overlayfs: failed to clone lowerpath [ 489.692433][ T6024] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 489.847804][ T6024] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 226, changing to 11 [ 489.847852][ T6024] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 34456, setting to 1024 [ 489.847898][ T6024] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 489.847923][ T6024] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.901894][ T6024] usb 2-1: config 0 descriptor?? [ 489.925181][T13936] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 490.242349][ T5928] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 490.367219][ T6024] hid_parser_main: 382 callbacks suppressed [ 490.367245][ T6024] cm6533_jd 0003:0D8C:0022.0020: unknown main item tag 0x0 [ 490.367382][ T6024] cm6533_jd 0003:0D8C:0022.0020: item fetching failed at offset 4/5 [ 490.368357][ T6024] cm6533_jd 0003:0D8C:0022.0020: parse failed [ 490.368476][ T6024] cm6533_jd 0003:0D8C:0022.0020: probe with driver cm6533_jd failed with error -22 [ 490.392415][ T5928] usb 1-1: Using ep0 maxpacket: 32 [ 490.395282][ T5928] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 490.395306][ T5928] usb 1-1: config 0 has no interface number 0 [ 490.395355][ T5928] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 490.395378][ T5928] usb 1-1: config 0 interface 85 has no altsetting 0 [ 490.398694][ T5928] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 490.398719][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.398736][ T5928] usb 1-1: Product: syz [ 490.398748][ T5928] usb 1-1: Manufacturer: syz [ 490.398761][ T5928] usb 1-1: SerialNumber: syz [ 490.464827][ T5928] usb 1-1: config 0 descriptor?? [ 490.575557][ T5921] usb 2-1: USB disconnect, device number 37 [ 490.582326][T11790] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 490.732274][T11790] usb 3-1: Using ep0 maxpacket: 16 [ 490.748507][T11790] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 490.748615][T11790] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.748637][T11790] usb 3-1: Product: syz [ 490.748652][T11790] usb 3-1: Manufacturer: syz [ 490.748666][T11790] usb 3-1: SerialNumber: syz [ 490.774923][T11790] r8152-cfgselector 3-1: Unknown version 0x0000 [ 490.774948][T11790] r8152-cfgselector 3-1: config 0 descriptor?? [ 490.787529][T11790] hub 3-1:0.0: bad descriptor, ignoring hub [ 490.787576][T11790] hub 3-1:0.0: probe with driver hub failed with error -5 [ 491.281232][ T5928] appletouch 1-1:0.85: Geyser mode initialized. [ 491.293606][ T5928] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input30 [ 491.301522][ C1] appletouch 1-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 491.530902][ T5921] r8152-cfgselector 3-1: reset high-speed USB device number 28 using dummy_hcd [ 491.531573][ T6024] usb 1-1: USB disconnect, device number 33 [ 491.798164][ T6024] appletouch 1-1:0.85: input: appletouch disconnected [ 492.132684][ T5921] r8152-cfgselector 3-1: USB disconnect, device number 28 [ 492.162686][T11809] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 492.332252][T11809] usb 2-1: Using ep0 maxpacket: 16 [ 492.334819][T11809] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.334872][T11809] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 492.334897][T11809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.380306][T11809] usb 2-1: config 0 descriptor?? [ 492.885064][T11809] mcp2221 0003:04D8:00DD.0021: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 493.276177][T11809] usb 2-1: USB disconnect, device number 38 [ 493.858422][T14009] ip6gretap1: entered promiscuous mode [ 493.858454][T14009] ip6gretap1: entered allmulticast mode [ 495.038545][ T37] kauditd_printk_skb: 2261 callbacks suppressed [ 495.038567][ T37] audit: type=1326 audit(1758661311.832:3965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.038718][ T37] audit: type=1326 audit(1758661311.832:3966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.074188][ T37] audit: type=1326 audit(1758661311.872:3967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.074645][ T37] audit: type=1326 audit(1758661311.872:3968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.081710][ T37] audit: type=1326 audit(1758661311.872:3969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.081764][ T37] audit: type=1326 audit(1758661311.872:3970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.085292][ T37] audit: type=1326 audit(1758661311.882:3971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 495.852302][ T5921] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 496.012591][ T5921] usb 3-1: Using ep0 maxpacket: 8 [ 496.016181][ T5921] usb 3-1: unable to get BOS descriptor or descriptor too short [ 496.017915][ T5921] usb 3-1: config 4 interface 0 has no altsetting 0 [ 496.045689][ T5921] usb 3-1: string descriptor 0 read error: -22 [ 496.045867][ T5921] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 496.045893][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.091273][ T5921] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 496.109890][ T5921] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 496.110303][ T5921] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 496.110362][ T5921] usb 3-1: media controller created [ 496.199244][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 496.311947][ T37] audit: type=1326 audit(1758661313.102:3972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 496.312564][ T37] audit: type=1326 audit(1758661313.112:3973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14040 comm="syz.1.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ef59eec9 code=0x7ffc0000 [ 496.359290][T14065] program syz.0.3425 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 497.103178][T14072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3428'. [ 497.490369][ T5921] usb 3-1: USB disconnect, device number 29 [ 497.697992][T14086] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3436'. [ 497.984067][ T5921] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 498.138419][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 498.154262][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 498.154297][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 498.214888][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400 [ 498.214909][ T5921] pvrusb2: ********** [ 498.214915][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 498.214927][ T5921] pvrusb2: Important functionality might not be entirely working. [ 498.214937][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 498.214949][ T5921] pvrusb2: ********** [ 498.448004][ T2363] pvrusb2: Invalid write control endpoint [ 498.685136][T11790] usb 1-1: USB disconnect, device number 34 [ 498.699891][ T2363] pvrusb2: Invalid write control endpoint [ 498.699909][ T2363] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 498.699919][ T2363] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 498.699927][ T2363] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 498.699938][ T2363] pvrusb2: Device being rendered inoperable [ 498.701654][ T2363] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 498.701716][ T2363] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 498.709188][ T2363] pvrusb2: Attached sub-driver cx25840 [ 498.709204][ T2363] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 498.709213][ T2363] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 499.205019][T14110] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3445'. [ 499.205055][T14110] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3445'. [ 499.230776][ T3100] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.231658][ T3100] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.231722][ T3100] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.231760][ T3100] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 499.710182][T14119] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3449'. [ 499.761714][T14119] hsr_slave_0: left promiscuous mode [ 499.842443][T14119] hsr_slave_1: left promiscuous mode [ 500.466501][T14129] program syz.4.3453 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 501.767579][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.767667][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.088631][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 503.101843][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 503.119996][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 503.186857][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 503.201289][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 503.318793][ T37] audit: type=1326 audit(1758661320.112:3974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.318950][ T37] audit: type=1326 audit(1758661320.112:3975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.320685][ T37] audit: type=1326 audit(1758661320.112:3976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.320829][ T37] audit: type=1326 audit(1758661320.112:3977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.320971][ T37] audit: type=1326 audit(1758661320.112:3978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.321487][ T37] audit: type=1326 audit(1758661320.112:3979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.321630][ T37] audit: type=1326 audit(1758661320.112:3980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.321801][ T37] audit: type=1326 audit(1758661320.112:3981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14181 comm="syz.2.3476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe332f7eec9 code=0x7ffc0000 [ 503.512835][T14185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3477'. [ 503.512873][T14185] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3477'. [ 503.513251][T14182] tap0: tun_chr_ioctl cmd 1074025677 [ 503.513492][T14182] tap0: linktype set to 1 [ 504.000093][T14191] netlink: 14593 bytes leftover after parsing attributes in process `syz.2.3480'. [ 504.000966][T14193] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3481'. [ 504.629433][T14208] sctp: [Deprecated]: syz.2.3488 (pid 14208) Use of struct sctp_assoc_value in delayed_ack socket option. [ 504.629433][T14208] Use struct sctp_sack_info instead [ 505.055034][T14221] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3494'. [ 505.055060][T14221] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3494'. [ 505.282249][ T5158] Bluetooth: hci2: command tx timeout [ 506.291429][ T5928] kernel write not supported for file /snd/seq (pid: 5928 comm: kworker/1:6) [ 506.813374][ T37] audit: type=1326 audit(1758661323.612:3982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14253 comm="syz.0.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f47159eaf79 code=0x7ffc0000 [ 506.814440][ T37] audit: type=1326 audit(1758661323.612:3983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14253 comm="syz.0.3507" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4715a4eec9 code=0x7ffc0000 [ 506.922747][T11813] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 507.073377][T11813] usb 3-1: Using ep0 maxpacket: 8 [ 507.079050][T11813] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 507.079158][T11813] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 507.079185][T11813] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 507.079226][T11813] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 507.139649][T11813] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 507.139683][T11813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.139705][T11813] usb 3-1: Product: syz [ 507.139719][T11813] usb 3-1: Manufacturer: syz [ 507.139733][T11813] usb 3-1: SerialNumber: syz [ 507.177693][ T1180] bridge_slave_1: left promiscuous mode [ 507.178027][ T1180] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.281143][ T1180] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.362285][ T5158] Bluetooth: hci2: command tx timeout [ 507.449353][T11813] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 507.449382][T11813] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 507.449400][T11813] usb 3-1: 2:1 : sample bitwidth 16 in over sample bytes 1 [ 507.449467][T11813] usb 3-1: 2:1 : invalid channels 0 [ 507.536725][T11813] usb 3-1: USB disconnect, device number 30 [ 508.038516][T14264] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3510'. [ 508.700434][T14270] loop8: detected capacity change from 0 to 1 [ 508.724375][T14270] Dev loop8: unable to read RDB block 1 [ 508.724426][T14270] loop8: unable to read partition table [ 508.724713][T14270] loop8: partition table beyond EOD, truncated [ 508.724732][T14270] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 509.442349][ T5158] Bluetooth: hci2: command tx timeout [ 511.322929][ T1180] bond0 (unregistering): left promiscuous mode [ 511.322957][ T1180] bond_slave_0: left promiscuous mode [ 511.323276][ T1180] bond_slave_1: left promiscuous mode [ 511.323529][ T1180] bond2 (unregistering): left promiscuous mode [ 511.376640][ T1180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 511.432900][ T1180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 511.492681][ T1180] bond0 (unregistering): (slave bond2): Releasing backup interface [ 511.522237][ T5158] Bluetooth: hci2: command tx timeout [ 511.539959][ T1180] bond2 (unregistering): left allmulticast mode [ 511.540382][ T1180] bond0 (unregistering): Released all slaves [ 511.586865][ T1180] bond1 (unregistering): Released all slaves [ 512.475644][ T1180] bond2 (unregistering): Released all slaves [ 512.774335][T14174] chnl_net:caif_netlink_parms(): no params data found [ 513.057982][ T1180] IPVS: stopping backup sync thread 7291 ... [ 513.063431][T14297] netlink: 71 bytes leftover after parsing attributes in process `syz.1.3522'. [ 513.593275][T14314] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 515.090713][ T5839] Bluetooth: hci2: command 0x0405 tx timeout [ 517.704002][T14174] bridge0: port 1(bridge_slave_0) entered blocking state [ 517.705150][T14174] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.705447][T14174] bridge_slave_0: entered allmulticast mode [ 517.713672][T14174] bridge_slave_0: entered promiscuous mode [ 517.902967][T14330] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3535'. [ 517.903493][T14330] netem: unknown loss type 12 [ 517.903522][T14330] netem: change failed [ 518.371297][T14174] bridge0: port 2(bridge_slave_1) entered blocking state [ 518.371473][T14174] bridge0: port 2(bridge_slave_1) entered disabled state [ 518.371757][T14174] bridge_slave_1: entered allmulticast mode [ 518.395522][T14174] bridge_slave_1: entered promiscuous mode [ 518.702362][T11813] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 518.986790][T11813] usb 1-1: Using ep0 maxpacket: 8 [ 519.133740][T11813] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 519.133773][T11813] usb 1-1: config 0 has no interface number 0 [ 519.137062][T11813] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice= 4.16 [ 519.137092][T11813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.137112][T11813] usb 1-1: Product: syz [ 519.137126][T11813] usb 1-1: Manufacturer: syz [ 519.137140][T11813] usb 1-1: SerialNumber: syz [ 519.294022][T11813] usb 1-1: config 0 descriptor?? [ 519.534147][T11813] uvcvideo 1-1:0.31: probe with driver uvcvideo failed with error -22 [ 519.544098][T11813] usb 1-1: USB disconnect, device number 35 [ 519.701413][ T1457] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 520.693097][T14174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 520.714165][T14174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 520.912415][ T1180] dummy0: left promiscuous mode [ 523.502538][T11809] usb 5-1: new low-speed USB device number 21 using dummy_hcd [ 523.773705][T11809] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 523.773736][T11809] usb 5-1: config 0 has no interface number 0 [ 523.773793][T11809] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 523.773818][T11809] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 523.773845][T11809] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 523.773870][T11809] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 523.773897][T11809] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 523.773924][T11809] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 523.773971][T11809] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 523.773994][T11809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.787834][T11809] usb 5-1: config 0 descriptor?? [ 523.792233][T14372] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 523.792575][T14372] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 523.839325][T11809] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 524.121082][ T5928] usb 5-1: USB disconnect, device number 21 [ 524.263683][ T1180] hsr_slave_0: left promiscuous mode [ 524.297072][ T5928] ldusb 5-1:0.55: LD USB Device #0 now disconnected [ 524.711960][ T1180] hsr_slave_1: left promiscuous mode [ 524.886053][ T1180] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 525.263131][ T1180] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 525.595580][T14381] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 526.726397][T14392] program syz.0.3559 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 527.937970][T11790] kernel write not supported for file /dsp (pid: 11790 comm: kworker/1:9) [ 529.579307][ T6024] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 529.862367][ T6024] usb 5-1: Using ep0 maxpacket: 16 [ 529.865670][ T6024] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 529.871917][ T6024] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 529.871949][ T6024] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.871970][ T6024] usb 5-1: Product: syz [ 529.871985][ T6024] usb 5-1: Manufacturer: syz [ 529.871999][ T6024] usb 5-1: SerialNumber: syz [ 530.030456][ T6024] usb 5-1: config 0 descriptor?? [ 530.047850][ T6024] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 530.047888][ T6024] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 530.709638][ T6024] em28xx 5-1:0.0: chip ID is em2765 [ 531.192841][ T6024] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 531.192877][ T6024] em28xx 5-1:0.0: board has no eeprom [ 531.354221][ T6024] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 531.354253][ T6024] em28xx 5-1:0.0: dvb set to bulk mode. [ 531.360784][T11810] em28xx 5-1:0.0: Binding DVB extension [ 531.413886][ T6024] usb 5-1: USB disconnect, device number 22 [ 531.416703][ T6024] em28xx 5-1:0.0: Disconnecting em28xx [ 532.227569][T14414] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3569'. [ 532.227603][T14414] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3569'. [ 532.418513][T11810] em28xx 5-1:0.0: Registering input extension [ 532.418919][ T6024] em28xx 5-1:0.0: Closing input extension [ 532.455037][ T6024] em28xx 5-1:0.0: Freeing device [ 542.668884][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 542.681418][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 542.694844][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 542.696351][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 542.697300][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 544.374729][ T5839] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 544.410926][ T5839] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 544.421717][ T5839] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 544.426223][ T5839] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 544.427186][ T5839] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 544.802637][ T5158] Bluetooth: hci5: command tx timeout [ 546.483685][ T5158] Bluetooth: hci6: command tx timeout [ 546.882513][ T5158] Bluetooth: hci5: command tx timeout [ 548.564804][ T5158] Bluetooth: hci6: command tx timeout [ 548.908230][ T5839] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 548.938240][ T5839] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 548.954202][ T5839] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 548.955702][ T5839] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 548.966843][ T5839] Bluetooth: hci5: command tx timeout [ 548.986552][T13335] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 550.642402][ T5158] Bluetooth: hci6: command tx timeout [ 551.043222][ T5158] Bluetooth: hci7: command tx timeout [ 551.044031][ T5158] Bluetooth: hci5: command tx timeout [ 551.361506][ T5158] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 551.388254][ T5158] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 551.389989][ T5158] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 551.391339][ T5158] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 551.418615][ T5158] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 552.323813][ T57] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 552.722433][ T5158] Bluetooth: hci6: command tx timeout [ 553.132231][ T5158] Bluetooth: hci7: command tx timeout [ 553.522337][ T5158] Bluetooth: hci8: command tx timeout [ 555.202452][ T5158] Bluetooth: hci7: command tx timeout [ 555.282524][ C0] sched: DL replenish lagged too much [ 555.602416][ T5158] Bluetooth: hci8: command tx timeout [ 557.282779][ T5158] Bluetooth: hci7: command tx timeout [ 557.692312][ T5158] Bluetooth: hci8: command tx timeout [ 559.764423][ T5158] Bluetooth: hci8: command tx timeout [ 562.838892][ T5839] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 562.868943][ T5839] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 562.870965][ T5839] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 562.890322][ T5839] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 562.913328][ T5839] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 563.764694][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.764805][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 565.059996][ T5839] Bluetooth: hci9: command tx timeout [ 567.137396][ T5839] Bluetooth: hci9: command tx timeout [ 569.205703][ T5839] Bluetooth: hci9: command tx timeout [ 571.282587][T13335] Bluetooth: hci9: command tx timeout [ 586.254516][ T43] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 603.644357][ T5839] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 603.670323][ T5839] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 603.680374][ T5839] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 603.681897][ T5839] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 603.701722][ T5839] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 604.065406][T13335] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 604.091814][T13335] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 604.101175][T13335] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 604.115579][T13335] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 604.116502][T13335] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 605.762676][T13335] Bluetooth: hci10: command tx timeout [ 606.242313][T13335] Bluetooth: hci11: command tx timeout [ 607.862082][T13335] Bluetooth: hci10: command tx timeout [ 608.322447][T13335] Bluetooth: hci11: command tx timeout [ 609.283909][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 609.338327][ T5839] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 609.352741][ T5839] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 609.377148][ T5839] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 609.389852][ T5839] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 609.391015][ T5839] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 609.922372][T13335] Bluetooth: hci10: command tx timeout [ 610.412423][ T5839] Bluetooth: hci11: command tx timeout [ 611.522647][ T5839] Bluetooth: hci12: command tx timeout [ 611.774754][T13335] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 611.822698][T13335] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 611.828136][T13335] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 611.830516][T13335] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 611.831590][T13335] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 612.003471][T13335] Bluetooth: hci10: command tx timeout [ 612.492412][T13335] Bluetooth: hci11: command tx timeout [ 613.602613][T13335] Bluetooth: hci12: command tx timeout [ 613.992157][T13335] Bluetooth: hci13: command tx timeout [ 615.700590][T13335] Bluetooth: hci12: command tx timeout [ 616.012333][T13335] Bluetooth: hci13: command tx timeout [ 617.764334][T13335] Bluetooth: hci12: command tx timeout [ 618.104467][T13335] Bluetooth: hci13: command tx timeout [ 619.533740][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 620.162452][T13335] Bluetooth: hci13: command tx timeout [ 623.661376][ T5839] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 623.691648][ T5839] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 623.705745][ T5839] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 623.707176][ T5839] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 623.708117][ T5839] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 624.654535][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.654611][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.762567][ T5839] Bluetooth: hci14: command tx timeout [ 626.731636][ T5839] Bluetooth: hci2: command 0x0405 tx timeout [ 627.852548][ T5839] Bluetooth: hci14: command tx timeout [ 629.932482][ T5839] Bluetooth: hci14: command tx timeout [ 632.002277][ T5839] Bluetooth: hci14: command tx timeout [ 650.244236][ T43] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 666.546498][T14457] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 666.562581][T14457] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 666.564310][T14457] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 666.565765][T14457] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 666.566739][T14457] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 666.716267][ T5158] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 666.747107][ T5158] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 666.760991][ T5158] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 666.769927][ T5158] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 666.770965][ T5158] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 667.687075][ T5158] Bluetooth: hci5: command 0x0406 tx timeout [ 667.721014][ T5158] Bluetooth: hci6: command 0x0406 tx timeout [ 668.644396][T14457] Bluetooth: hci15: command tx timeout [ 668.889303][T14457] Bluetooth: hci16: command tx timeout [ 669.908054][ T5158] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 669.928214][ T5158] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 669.950888][ T5158] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 669.961680][ T5158] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 669.976140][ T5158] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 670.729721][ T5158] Bluetooth: hci15: command tx timeout [ 670.962428][T14465] Bluetooth: hci16: command tx timeout [ 672.394350][T11841] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 672.426213][T11841] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 672.429194][T11841] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 672.431470][T11841] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 672.452604][T11841] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 672.832063][T11841] Bluetooth: hci7: command 0x0406 tx timeout [ 672.832408][T11841] Bluetooth: hci15: command tx timeout [ 673.046693][T14468] Bluetooth: hci16: command tx timeout [ 674.882395][T14468] Bluetooth: hci15: command tx timeout [ 675.132402][T14468] Bluetooth: hci16: command tx timeout [ 678.184485][ T5839] Bluetooth: hci8: command 0x0406 tx timeout [ 681.082255][ T38] INFO: task kworker/u8:10:3100 blocked for more than 144 seconds. [ 681.082284][ T38] Not tainted syzkaller #0 [ 681.082295][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.082305][ T38] task:kworker/u8:10 state:D stack:18480 pid:3100 tgid:3100 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 681.082364][ T38] Workqueue: events_unbound linkwatch_event [ 681.082392][ T38] Call Trace: [ 681.082400][ T38] [ 681.082414][ T38] __schedule+0x16f3/0x4c20 [ 681.082460][ T38] ? finish_task_switch+0x18b/0x950 [ 681.082506][ T38] ? __pfx___schedule+0x10/0x10 [ 681.082567][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.082603][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.082624][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.082651][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.082698][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.082727][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.082755][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.082794][ T38] ? linkwatch_event+0xe/0x60 [ 681.082824][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 681.082856][ T38] ? linkwatch_event+0xe/0x60 [ 681.082875][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.082901][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 681.082930][ T38] linkwatch_event+0xe/0x60 [ 681.082950][ T38] process_scheduled_works+0xade/0x17b0 [ 681.083012][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 681.083060][ T38] worker_thread+0x8a0/0xda0 [ 681.083092][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 681.083133][ T38] ? __kthread_parkme+0x7b/0x200 [ 681.083174][ T38] kthread+0x70e/0x8a0 [ 681.083209][ T38] ? __pfx_worker_thread+0x10/0x10 [ 681.083235][ T38] ? __pfx_kthread+0x10/0x10 [ 681.083272][ T38] ? __pfx_kthread+0x10/0x10 [ 681.083303][ T38] ret_from_fork+0x436/0x7d0 [ 681.083334][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 681.083370][ T38] ? __switch_to_asm+0x39/0x70 [ 681.083390][ T38] ? __switch_to_asm+0x33/0x70 [ 681.083408][ T38] ? __pfx_kthread+0x10/0x10 [ 681.083440][ T38] ret_from_fork_asm+0x1a/0x30 [ 681.083480][ T38] [ 681.083541][ T38] INFO: task syz-executor:14174 blocked for more than 144 seconds. [ 681.083556][ T38] Not tainted syzkaller #0 [ 681.083567][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.083576][ T38] task:syz-executor state:D stack:19944 pid:14174 tgid:14174 ppid:1 task_flags:0x400140 flags:0x00004004 [ 681.083631][ T38] Call Trace: [ 681.083638][ T38] [ 681.083651][ T38] __schedule+0x16f3/0x4c20 [ 681.083690][ T38] ? sched_clock+0x3f/0x60 [ 681.083715][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 681.083752][ T38] ? __pfx___schedule+0x10/0x10 [ 681.083812][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.083832][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.083873][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 681.083905][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.083933][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.083960][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.083983][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084024][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 681.084054][ T38] ? safesetid_security_capable+0xa9/0x1a0 [ 681.084083][ T38] ? bpf_lsm_capable+0x9/0x20 [ 681.084109][ T38] ? security_capable+0x7e/0x2e0 [ 681.084144][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 681.084169][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.084201][ T38] rtnl_newlink+0x8db/0x1c70 [ 681.084239][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084267][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 681.084301][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084409][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084466][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 681.084495][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 681.084522][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084558][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 681.084586][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.084635][ T38] netlink_rcv_skb+0x205/0x470 [ 681.084662][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.084689][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.084720][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.084763][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 681.084802][ T38] netlink_unicast+0x843/0xa10 [ 681.084839][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 681.084868][ T38] ? netlink_sendmsg+0x642/0xb30 [ 681.084895][ T38] ? skb_put+0x11b/0x210 [ 681.084930][ T38] netlink_sendmsg+0x805/0xb30 [ 681.084972][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.085011][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 681.085032][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.085062][ T38] __sock_sendmsg+0x21c/0x270 [ 681.085093][ T38] __sys_sendto+0x3c7/0x520 [ 681.085127][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 681.085174][ T38] ? fput_c[ 681.085174][ T38] ? fput_close_sync+0x119/0x200 [ 681.085213][ T38] ? __pfx_fput_close_sync+0x10/0x10 [ 681.085236][ T38] ? rt_spin_unlock+0x65/0x80 [ 681.085268][ T38] __x64_sys_sendto+0xde/0x100 [ 681.085403][ T38] do_syscall_64+0xfa/0x3b0 [ 681.085428][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.085458][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.085479][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.085505][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.085524][ T38] RIP: 0033:0x7fb193200d5c [ 681.085555][ T38] RSP: 002b:00007ffc29cfa750 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 681.085579][ T38] RAX: ffffffffffffffda RBX: 00007fb193f84620 RCX: 00007fb193200d5c [ 681.085594][ T38] RDX: 0000000000000068 RSI: 00007fb193f84670 RDI: 0000000000000003 [ 681.085607][ T38] RBP: 0000000000000000 R08: 00007ffc29cfa7a4 R09: 000000000000000c [ 681.085620][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 681.085633][ T38] R13: 0000000000000000 R14: 00007fb193f84670 R15: 0000000000000000 [ 681.085668][ T38] [ 681.085681][ T38] INFO: task syz.1.3558:14389 blocked for more than 144 seconds. [ 681.085697][ T38] Not tainted syzkaller #0 [ 681.085707][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.085716][ T38] task:syz.1.3558 state:D stack:28264 pid:14389 tgid:14388 ppid:5843 task_flags:0x400040 flags:0x00004004 [ 681.085782][ T38] Call Trace: [ 681.085789][ T38] [ 681.085803][ T38] __schedule+0x16f3/0x4c20 [ 681.085844][ T38] ? stack_depot_save_flags+0x40/0x860 [ 681.085886][ T38] ? kasan_save_track+0x3e/0x80 [ 681.085915][ T38] ? __pfx___schedule+0x10/0x10 [ 681.085968][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.086002][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.086024][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.086050][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.086098][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.086127][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.086154][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.086176][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.086217][ T38] ? __tun_chr_ioctl+0x37d/0x1df0 [ 681.086255][ T38] ? __tun_chr_ioctl+0x37d/0x1df0 [ 681.086273][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.086303][ T38] __tun_chr_ioctl+0x37d/0x1df0 [ 681.086332][ T38] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 681.086360][ T38] ? __fget_files+0x2a/0x420 [ 681.086389][ T38] ? __fget_files+0x3a6/0x420 [ 681.086416][ T38] ? __fget_files+0x2a/0x420 [ 681.086450][ T38] ? bpf_lsm_file_ioctl+0x9/0x20 [ 681.086475][ T38] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 681.086505][ T38] __se_sys_ioctl+0xff/0x170 [ 681.086533][ T38] do_syscall_64+0xfa/0x3b0 [ 681.086561][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.086591][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.086611][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.086638][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.086658][ T38] RIP: 0033:0x7f16ef59eec9 [ 681.086675][ T38] RSP: 002b:00007f16ed806038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.086697][ T38] RAX: ffffffffffffffda RBX: 00007f16ef7f5fa0 RCX: 00007f16ef59eec9 [ 681.086713][ T38] RDX: 00002000000000c0 RSI: 00000000400454ca RDI: 0000000000000003 [ 681.086727][ T38] RBP: 00007f16ef621f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.086740][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.086751][ T38] R13: 00007f16ef7f6038 R14: 00007f16ef7f5fa0 R15: 00007ffdc44b00f8 [ 681.086786][ T38] [ 681.086796][ T38] INFO: task syz.1.3558:14390 blocked for more than 144 seconds. [ 681.086810][ T38] Not tainted syzkaller #0 [ 681.086820][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.086829][ T38] task:syz.1.3558 state:D stack:25992 pid:14390 tgid:14388 ppid:5843 task_flags:0x400040 flags:0x00004004 [ 681.086888][ T38] Call Trace: [ 681.086895][ T38] [ 681.086908][ T38] __schedule+0x16f3/0x4c20 [ 681.086949][ T38] ? stack_depot_save_flags+0x40/0x860 [ 681.086990][ T38] ? kasan_save_track+0x3e/0x80 [ 681.087019][ T38] ? __pfx___schedule+0x10/0x10 [ 681.087070][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.087105][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.087125][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.087149][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.087196][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.087225][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.087252][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.087276][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.087315][ T38] ? __tun_chr_ioctl+0x37d/0x1df0 [ 681.087351][ T38] ? __tun_chr_ioctl+0x37d/0x1df0 [ 681.087369][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.087402][ T38] __tun_chr_ioctl+0x37d/0x1df0 [ 681.087430][ T38] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 681.087457][ T38] ? __fget_files+0x2a/0x420 [ 681.087484][ T38] ? __fget_files+0x3a6/0x420 [ 681.087511][ T38] ? __fget_files+0x2a/0x420 [ 681.087555][ T38] ? bpf_lsm_file_ioctl+0x9/0x20 [ 681.087579][ T38] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 681.087610][ T38] __se_sys_ioctl+0xff/0x170 [ 681.087637][ T38] do_syscall_64+0xfa/0x3b0 [ 681.087656][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.087685][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.087706][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.087731][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.087751][ T38] RIP: 0033:0x7f16ef59eec9 [ 681.087768][ T38] RSP: 002b:00007f16ed7e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 681.087789][ T38] RAX: ffffffffffffffda RBX: 00007f16ef7f6090 RCX: 00007f16ef59eec9 [ 681.087804][ T38] RDX: 0000200000000440 RSI: 00000000400454dc RDI: 0000000000000003 [ 681.087818][ T38] RBP: 00007f16ef621f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.087831][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.087844][ T38] R13: 00007f16ef7f6128 R14: 00007f16ef7f6090 R15: 00007ffdc44b00f8 [ 681.087880][ T38] [ 681.087890][ T38] INFO: task syz.0.3563:14400 blocked for more than 144 seconds. [ 681.087904][ T38] Not tainted syzkaller #0 [ 681.087914][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.087923][ T38] task:syz.0.3563 state:D stack:25912 pid:14400 tgid:14399 ppid:5837 task_flags:0x400140 flags:0x00004004 [ 681.087983][ T38] Call Trace: [ 681.087990][ T38] [ 681.088004][ T38] __schedule+0x16f3/0x4c20 [ 681.088056][ T38] ? __kernel_text_address+0xd/0x40 [ 681.088085][ T38] ? __pfx___schedule+0x10/0x10 [ 681.088137][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.088172][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.088192][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.088217][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.088264][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.088292][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.088318][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.088341][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.088382][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 681.088413][ T38] ? safesetid_security_capable+0xa9/0x1a0 [ 681.088441][ T38] ? bpf_lsm_capable+0x9/0x20 [ 681.088466][ T38] ? security_capable+0x7e/0x2e0 [ 681.088500][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 681.088526][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.088567][ T38] rtnl_newlink+0x8db/0x1c70 [ 681.088611][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 681.088636][ T38] ? migrate_enable+0x29c/0x3c0 [ 681.088662][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 681.088693][ T38] ? __pfx_migrate_enable+0x10/0x10 [ 681.088718][ T38] ? __pfx_migrate_enable+0x10/0x10 [ 681.088761][ T38] ? __local_bh_enable+0x23f/0x3d0 [ 681.088786][ T38] ? reacquire_held_locks+0x127/0x1d0 [ 681.088818][ T38] ? __pfx___local_bh_enable+0x10/0x10 [ 681.088855][ T38] ? __local_bh_enable_ip+0x1b2/0x270 [ 681.088880][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.088914][ T38] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 681.088937][ T38] ? dev_hard_start_xmit+0x7f5/0x870 [ 681.088959][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 681.088992][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 681.089014][ T38] ? __dev_queue_xmit+0x26f/0x3b70 [ 681.089040][ T38] ? __dev_queue_xmit+0x1d3d/0x3b70 [ 681.089069][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.089129][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 681.089156][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 681.089189][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 681.089216][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.089242][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 681.089273][ T38] ? __asan_memcpy+0x40/0x70 [ 681.089294][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 681.089322][ T38] ? __skb_clone+0x63/0x7a0 [ 681.089355][ T38] netlink_rcv_skb+0x205/0x470 [ 681.089386][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.089416][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.089459][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 681.089498][ T38] netlink_unicast+0x843/0xa10 [ 681.089535][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 681.089573][ T38] ? netlink_sendmsg+0x642/0xb30 [ 681.089599][ T38] ? skb_put+0x11b/0x210 [ 681.089635][ T38] netlink_sendmsg+0x805/0xb30 [ 681.089675][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.089715][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 681.089736][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.089766][ T38] __sock_sendmsg+0x21c/0x270 [ 681.089799][ T38] ____sys_sendmsg+0x508/0x820 [ 681.089828][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.089861][ T38] ? import_iovec+0x74/0xa0 [ 681.089891][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 681.089915][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.089981][ T38] ? __fget_files+0x2a/0x420 [ 681.090009][ T38] ? __fget_files+0x3a6/0x420 [ 681.090051][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 681.090077][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 681.090111][ T38] ? rcu_is_watching+0x15/0xb0 [ 681.090149][ T38] ? do_syscall_64+0xbe/0x3b0 [ 681.090174][ T38] do_syscall_64+0xfa/0x3b0 [ 681.090192][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.090221][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.090242][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.090268][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.090288][ T38] RIP: 0033:0x7f4715a4eec9 [ 681.090304][ T38] RSP: 002b:00007f4713cb6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 681.090325][ T38] RAX: ffffffffffffffda RBX: 00007f4715ca5fa0 RCX: 00007f4715a4eec9 [ 681.090340][ T38] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 681.090352][ T38] RBP: 00007f4715ad1f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.090366][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.090378][ T38] R13: 00007f4715ca6038 R14: 00007f4715ca5fa0 R15: 00007fff1c30ac18 [ 681.090414][ T38] [ 681.090425][ T38] INFO: task syz.4.3570:14416 blocked for more than 144 seconds. [ 681.090439][ T38] Not tainted syzkaller #0 [ 681.090449][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.090460][ T38] task:syz.4.3570 state:D stack:27160 pid:14416 tgid:14415 ppid:5842 task_flags:0x400140 flags:0x00004004 [ 681.090521][ T38] Call Trace: [ 681.090528][ T38] [ 681.090548][ T38] __schedule+0x16f3/0x4c20 [ 681.090590][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.090634][ T38] ? __pfx___schedule+0x10/0x10 [ 681.090685][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.090720][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.090741][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.090766][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.090815][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.090844][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.090870][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.090893][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.090934][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.090978][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.091003][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.091036][ T38] rtnetlink_rcv_msg+0x71c/0xb70 [ 681.091069][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 681.091096][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.091121][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 681.091152][ T38] ? __asan_memcpy+0x40/0x70 [ 681.091174][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 681.091202][ T38] ? __skb_clone+0x63/0x7a0 [ 681.091234][ T38] netlink_rcv_skb+0x205/0x470 [ 681.091264][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.091293][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.091336][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 681.091375][ T38] netlink_unicast+0x843/0xa10 [ 681.091412][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 681.091441][ T38] ? netlink_sendmsg+0x642/0xb30 [ 681.091468][ T38] ? skb_put+0x11b/0x210 [ 681.091502][ T38] netlink_sendmsg+0x805/0xb30 [ 681.091551][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.091591][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 681.091612][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.091642][ T38] __sock_sendmsg+0x21c/0x270 [ 681.091672][ T38] ____sys_sendmsg+0x508/0x820 [ 681.091701][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.091735][ T38] ? import_iovec+0x74/0xa0 [ 681.091764][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 681.091790][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.812092][ T38] ? __fget_files+0x2a/0x420 [ 681.812136][ T38] ? __fget_files+0x3a6/0x420 [ 681.812180][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 681.812208][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 681.812243][ T38] ? rcu_is_watching+0x15/0xb0 [ 681.812282][ T38] ? do_syscall_64+0xbe/0x3b0 [ 681.812308][ T38] do_syscall_64+0xfa/0x3b0 [ 681.812327][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.812357][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.812378][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.812405][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.812425][ T38] RIP: 0033:0x7fc0d371eec9 [ 681.812445][ T38] RSP: 002b:00007fc0d1986038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 681.812469][ T38] RAX: ffffffffffffffda RBX: 00007fc0d3975fa0 RCX: 00007fc0d371eec9 [ 681.812494][ T38] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 681.812509][ T38] RBP: 00007fc0d37a1f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.812522][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.812535][ T38] R13: 00007fc0d3976038 R14: 00007fc0d3975fa0 R15: 00007fff3c5fed78 [ 681.812571][ T38] [ 681.812585][ T38] INFO: task syz.4.3570:14417 blocked for more than 145 seconds. [ 681.812601][ T38] Not tainted syzkaller #0 [ 681.812612][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.812623][ T38] task:syz.4.3570 state:D stack:26904 pid:14417 tgid:14415 ppid:5842 task_flags:0x400140 flags:0x00004004 [ 681.812688][ T38] Call Trace: [ 681.812696][ T38] [ 681.812709][ T38] __schedule+0x16f3/0x4c20 [ 681.812752][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.812796][ T38] ? __pfx___schedule+0x10/0x10 [ 681.812849][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.812883][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.812905][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.812931][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.812978][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.813008][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.813034][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.813058][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.813099][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.813144][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.813170][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.813202][ T38] rtnetlink_rcv_msg+0x71c/0xb70 [ 681.813235][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 681.813261][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.813287][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 681.813319][ T38] ? __asan_memcpy+0x40/0x70 [ 681.813341][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 681.813369][ T38] ? __skb_clone+0x63/0x7a0 [ 681.813403][ T38] netlink_rcv_skb+0x205/0x470 [ 681.813434][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.813464][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.813515][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 681.813555][ T38] netlink_unicast+0x843/0xa10 [ 681.813593][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 681.813621][ T38] ? netlink_sendmsg+0x642/0xb30 [ 681.813648][ T38] ? skb_put+0x11b/0x210 [ 681.813683][ T38] netlink_sendmsg+0x805/0xb30 [ 681.813724][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.813764][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 681.813785][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.813816][ T38] __sock_sendmsg+0x21c/0x270 [ 681.813847][ T38] ____sys_sendmsg+0x534/0x820 [ 681.813876][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.813909][ T38] ? import_iovec+0x74/0xa0 [ 681.813941][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 681.813967][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.813985][ T38] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 681.814060][ T38] ? __fget_files+0x2a/0x420 [ 681.814088][ T38] ? __fget_files+0x3a6/0x420 [ 681.814131][ T38] __sys_sendmmsg+0x22d/0x430 [ 681.814160][ T38] ? __pfx___sys_sendmmsg+0x10/0x10 [ 681.814214][ T38] ? exc_page_fault+0x76/0xf0 [ 681.814259][ T38] __x64_sys_sendmmsg+0xa0/0xc0 [ 681.814283][ T38] do_syscall_64+0xfa/0x3b0 [ 681.814302][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.814331][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.814352][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.814378][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.814397][ T38] RIP: 0033:0x7fc0d371eec9 [ 681.814415][ T38] RSP: 002b:00007fc0d1965038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 681.814436][ T38] RAX: ffffffffffffffda RBX: 00007fc0d3976090 RCX: 00007fc0d371eec9 [ 681.814451][ T38] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003 [ 681.814465][ T38] RBP: 00007fc0d37a1f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.814479][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.814499][ T38] R13: 00007fc0d3976128 R14: 00007fc0d3976090 R15: 00007fff3c5fed78 [ 681.814535][ T38] [ 681.814545][ T38] INFO: task syz.2.3573:14424 blocked for more than 145 seconds. [ 681.814559][ T38] Not tainted syzkaller #0 [ 681.814569][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 681.814578][ T38] task:syz.2.3573 state:D stack:27160 pid:14424 tgid:14423 ppid:8747 task_flags:0x400040 flags:0x00004004 [ 681.814641][ T38] Call Trace: [ 681.814647][ T38] [ 681.814661][ T38] __schedule+0x16f3/0x4c20 [ 681.814702][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.814746][ T38] ? __pfx___schedule+0x10/0x10 [ 681.814797][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.814832][ T38] rt_mutex_schedule+0x77/0xf0 [ 681.814852][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 681.814878][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 681.814925][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 681.814953][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 681.814981][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 681.815004][ T38] ? __lock_acquire+0xab9/0xd20 [ 681.815044][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.815088][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 681.815114][ T38] mutex_lock_nested+0x16a/0x1d0 [ 681.815147][ T38] rtnetlink_rcv_msg+0x71c/0xb70 [ 681.815180][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 681.815207][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.815232][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 681.815262][ T38] ? __asan_memcpy+0x40/0x70 [ 681.815284][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 681.815311][ T38] ? __skb_clone+0x63/0x7a0 [ 681.815344][ T38] netlink_rcv_skb+0x205/0x470 [ 681.815375][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 681.815405][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.815449][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 681.815495][ T38] netlink_unicast+0x843/0xa10 [ 681.815532][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 681.815561][ T38] ? netlink_sendmsg+0x642/0xb30 [ 681.815588][ T38] ? skb_put+0x11b/0x210 [ 681.815623][ T38] netlink_sendmsg+0x805/0xb30 [ 681.815664][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.815704][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 681.815724][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.815755][ T38] __sock_sendmsg+0x21c/0x270 [ 681.815785][ T38] ____sys_sendmsg+0x508/0x820 [ 681.815815][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.815848][ T38] ? import_iovec+0x74/0xa0 [ 681.815878][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 681.815903][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.815971][ T38] ? __fget_files+0x2a/0x420 [ 681.815998][ T38] ? __fget_files+0x3a6/0x420 [ 681.816041][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 681.816066][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 681.816101][ T38] ? rcu_is_watching+0x15/0xb0 [ 681.816139][ T38] ? do_syscall_64+0xbe/0x3b0 [ 681.816164][ T38] do_syscall_64+0xfa/0x3b0 [ 681.816183][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.816213][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.816233][ T38] ? clear_bhb_loop+0x60/0xb0 [ 681.816361][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.816383][ T38] RIP: 0033:0x7fe332f7eec9 [ 681.816401][ T38] RSP: 002b:00007fe3311e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 681.816425][ T38] RAX: ffffffffffffffda RBX: 00007fe3331d5fa0 RCX: 00007fe332f7eec9 [ 681.816441][ T38] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 681.816454][ T38] RBP: 00007fe333001f91 R08: 0000000000000000 R09: 0000000000000000 [ 681.816466][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.816478][ T38] R13: 00007fe3331d6038 R14: 00007fe3331d5fa0 R15: 00007ffcdf623018 [ 681.816514][ T38] [ 681.816536][ T38] [ 681.816536][ T38] Showing all locks held in the system: [ 681.816546][ T38] 4 locks held by pr/legacy/17: [ 681.816570][ T38] 10 locks held by ktimers/1/29: [ 681.816581][ T38] 1 lock held by khungtaskd/38: [ 681.816593][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 681.816647][ T38] 3 locks held by kworker/u8:3/57: [ 681.816658][ T38] #0: ffff88814ce00138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.816713][ T38] #1: ffffc9000123fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.816766][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 681.816829][ T38] 6 locks held by kworker/u8:6/1180: [ 681.816859][ T38] 3 locks held by kworker/u8:10/3100: [ 681.816870][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.816922][ T38] #1: ffffc9000d23fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.816974][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 681.817025][ T38] 4 locks held by kworker/u8:12/3582: [ 681.817037][ T38] #0: ffff88814d4aa138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.817089][ T38] #1: ffffc9000dc6fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.817143][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 681.817194][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 681.817247][ T38] 4 locks held by kworker/u9:1/5158: [ 681.817258][ T38] #0: ffff888040a78138 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.817310][ T38] #1: ffffc9000fdbfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.817358][ T38] #2: ffff88804f9c0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 681.817408][ T38] #3: ffff88804f9c00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 681.817465][ T38] 2 locks held by getty/5596: [ 681.817477][ T38] #0: ffff88823bf608a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 681.817534][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 681.817599][ T38] 2 locks held by sshd-session/5825: [ 681.817611][ T38] 2 locks held by syz-executor/5826: [ 681.817629][ T38] 3 locks held by kworker/0:4/5909: [ 681.817640][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.817693][ T38] #1: ffffc90005057bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.817745][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 681.817795][ T38] 4 locks held by kworker/1:3/5916: [ 681.817811][ T38] 2 locks held by kworker/1:1/11787: [ 681.817824][ T38] 2 locks held by kworker/1:10/11791: [ 681.817837][ T38] 2 locks held by syz-executor/14174: [ 681.817849][ T38] #0: ffffffff8e43b9e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 681.817912][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 681.817966][ T38] 1 lock held by syz.1.3558/14389: [ 681.817978][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37d/0x1df0 [ 681.818025][ T38] 1 lock held by syz.1.3558/14390: [ 681.818037][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: __tun_chr_ioctl+0x37d/0x1df0 [ 681.818083][ T38] 2 locks held by syz.0.3563/14400: [ 681.818094][ T38] #0: ffffffff8f1ee0b8 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 681.818153][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 681.818208][ T38] 1 lock held by syz.4.3570/14416: [ 681.818219][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 681.818271][ T38] 1 lock held by syz.4.3570/14417: [ 681.818283][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 681.818335][ T38] 1 lock held by syz.2.3573/14424: [ 681.818346][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 681.818400][ T38] 1 lock held by syz-executor/14426: [ 681.818411][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818460][ T38] 1 lock held by syz-executor/14429: [ 681.818472][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818520][ T38] 1 lock held by syz-executor/14432: [ 681.818531][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818588][ T38] 1 lock held by syz-executor/14435: [ 681.818599][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818648][ T38] 1 lock held by syz-executor/14438: [ 681.818661][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818708][ T38] 1 lock held by syz-executor/14442: [ 681.818719][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818766][ T38] 1 lock held by syz-executor/14444: [ 681.818777][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818825][ T38] 1 lock held by syz-executor/14447: [ 681.818837][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818886][ T38] 1 lock held by syz-executor/14450: [ 681.818897][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.818946][ T38] 1 lock held by syz-executor/14453: [ 681.818957][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.819005][ T38] 1 lock held by syz-executor/14458: [ 681.819017][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.819066][ T38] 1 lock held by syz-executor/14460: [ 681.819078][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.819141][ T38] 1 lock held by syz-executor/14463: [ 681.819153][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.819201][ T38] 1 lock held by syz-executor/14467: [ 681.819212][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 681.819261][ T38] 6 locks held by kworker/u9:6/14468: [ 681.819273][ T38] #0: ffff88805f8c3138 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 681.819322][ T38] #1: ffffc9000d16fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 681.819374][ T38] #2: ffff88806b984e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 681.819424][ T38] #3: ffff88806b9840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 681.819480][ T38] #4: ffffffff8ee3b398 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 681.819536][ T38] #5: ffff8880385c7358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 681.819599][ T38] [ 681.819604][ T38] ============================================= [ 681.819604][ T38] [ 681.819614][ T38] NMI backtrace for cpu 0 [ 681.819629][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 681.819653][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 681.819665][ T38] Call Trace: [ 681.819673][ T38] [ 681.819684][ T38] dump_stack_lvl+0x189/0x250 [ 681.819717][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 681.819747][ T38] ? __pfx__printk+0x10/0x10 [ 681.819782][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 681.819812][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 681.819841][ T38] ? __pfx__printk+0x10/0x10 [ 681.819869][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 681.819897][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 681.819927][ T38] watchdog+0xf93/0xfe0 [ 681.819959][ T38] ? watchdog+0x1de/0xfe0 [ 681.819991][ T38] kthread+0x70e/0x8a0 [ 681.820025][ T38] ? __pfx_watchdog+0x10/0x10 [ 681.820049][ T38] ? __pfx_kthread+0x10/0x10 [ 681.820085][ T38] ? __pfx_kthread+0x10/0x10 [ 681.820116][ T38] ret_from_fork+0x436/0x7d0 [ 681.820146][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 681.820179][ T38] ? __switch_to_asm+0x39/0x70 [ 681.820197][ T38] ? __switch_to_asm+0x33/0x70 [ 681.820213][ T38] ? __pfx_kthread+0x10/0x10 [ 681.820244][ T38] ret_from_fork_asm+0x1a/0x30 [ 681.820281][ T38] [ 681.820289][ T38] Sending NMI from CPU 0 to CPUs 1: [ 681.820323][ C1] NMI backtrace for cpu 1 [ 681.820339][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 681.820358][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 681.820367][ C1] RIP: 0010:lock_acquire+0x154/0x360 [ 681.820391][ C1] Code: 8d e8 80 28 5b 09 b8 ff ff ff ff 65 0f c1 05 e3 7c 5a 10 83 f8 01 0f 85 c9 00 00 00 48 c7 44 24 30 00 00 00 00 9c 8f 44 24 30 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 [ 681.820406][ C1] RSP: 0018:ffffc90000a3f6a0 EFLAGS: 00000046 [ 681.820422][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 149b5dd368f80000 [ 681.820433][ C1] RDX: 0000000000000000 RSI: ffffffff8d21af85 RDI: ffffffff8b621680 [ 681.820444][ C1] RBP: ffffffff8af95c4b R08: 0000000000000000 R09: ffffffff8af95c4b [ 681.820455][ C1] R10: dffffc0000000000 R11: fffffbfff1e3ac67 R12: 0000000000000002 [ 681.820466][ C1] R13: ffffffff8d9a8d80 R14: 0000000000000000 R15: 0000000000000246 [ 681.820477][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 681.820491][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 681.820503][ C1] CR2: 00007f1d29972d50 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 681.820519][ C1] Call Trace: [ 681.820526][ C1] [ 681.820539][ C1] rt_spin_lock+0x1d7/0x2c0 [ 681.820557][ C1] ? rt_spin_lock+0x1bb/0x2c0 [ 681.820575][ C1] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 681.820595][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 681.820615][ C1] ? rt_spin_unlock+0x65/0x80 [ 681.820636][ C1] process_backlog+0x12b/0x900 [ 681.820662][ C1] __napi_poll+0xb3/0x540 [ 681.820683][ C1] net_rx_action+0x707/0xe00 [ 681.820702][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 681.820732][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 681.820768][ C1] handle_softirqs+0x22f/0x710 [ 681.820791][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 681.820815][ C1] run_ktimerd+0xcf/0x190 [ 681.820835][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 681.820854][ C1] ? schedule+0x91/0x360 [ 681.820878][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 681.820896][ C1] smpboot_thread_fn+0x53f/0xa60 [ 681.820915][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 681.820938][ C1] kthread+0x70e/0x8a0 [ 681.820961][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 681.820979][ C1] ? __pfx_kthread+0x10/0x10 [ 681.821003][ C1] ? __pfx_kthread+0x10/0x10 [ 681.821025][ C1] ret_from_fork+0x436/0x7d0 [ 681.821045][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 681.821067][ C1] ? __switch_to_asm+0x39/0x70 [ 681.821081][ C1] ? __switch_to_asm+0x33/0x70 [ 681.821095][ C1] ? __pfx_kthread+0x10/0x10 [ 681.821117][ C1] ret_from_fork_asm+0x1a/0x30 [ 681.821139][ C1] [ 681.821314][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 681.821330][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 681.821352][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 681.821363][ T38] Call Trace: [ 681.821371][ T38] [ 681.821379][ T38] dump_stack_lvl+0x99/0x250 [ 681.821409][ T38] ? __asan_memcpy+0x40/0x70 [ 681.821432][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 681.821462][ T38] ? __pfx__printk+0x10/0x10 [ 681.821497][ T38] vpanic+0x281/0x750 [ 681.821530][ T38] ? __pfx_vpanic+0x10/0x10 [ 681.821556][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 681.821585][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 681.821626][ T38] panic+0xb9/0xc0 [ 681.821654][ T38] ? __pfx_panic+0x10/0x10 [ 681.821687][ T38] ? irq_work_queue+0xc3/0x140 [ 681.821716][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 681.821746][ T38] watchdog+0xfd2/0xfe0 [ 681.821776][ T38] ? watchdog+0x1de/0xfe0 [ 681.821809][ T38] kthread+0x70e/0x8a0 [ 681.821842][ T38] ? __pfx_watchdog+0x10/0x10 [ 681.821867][ T38] ? __pfx_kthread+0x10/0x10 [ 681.821902][ T38] ? __pfx_kthread+0x10/0x10 [ 681.821934][ T38] ret_from_fork+0x436/0x7d0 [ 681.821968][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 681.821997][ T38] ? __switch_to_asm+0x39/0x70 [ 681.822013][ T38] ? __switch_to_asm+0x33/0x70 [ 681.822029][ T38] ? __pfx_kthread+0x10/0x10 [ 681.822056][ T38] ret_from_fork_asm+0x1a/0x30 [ 681.822089][ T38] [ 681.822238][ T38] Kernel Offset: disabled