last executing test programs: 7m5.646376853s ago: executing program 3 (id=1010): r0 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r0, &(0x7f0000000140)={'full'}, 0xfffffdef) setsockopt$sock_timeval(r0, 0x1, 0x3d, &(0x7f0000000080)={0x0, 0xea60}, 0x8) mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 7m5.185671465s ago: executing program 3 (id=1015): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@NDA_LLADDR={0xa, 0x2, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0) 7m4.919800561s ago: executing program 3 (id=1020): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x94}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xb}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x2}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4044050}, 0x40) 7m4.641918796s ago: executing program 3 (id=1024): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="05000000060100004000000040"], 0x50) 7m4.267782895s ago: executing program 3 (id=1032): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) fchown(r1, 0x0, 0x0) 7m4.031813827s ago: executing program 3 (id=1036): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x11) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 7m3.488425135s ago: executing program 0 (id=1039): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000480)='pids.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000080)=0x30000000, 0x12) 7m3.38039726s ago: executing program 0 (id=1042): syz_open_dev$ttys(0xc, 0x2, 0x0) r0 = syz_open_dev$ptys(0xc, 0x3, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) close(0x3) 7m2.987624211s ago: executing program 0 (id=1046): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x4c, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x10000, 0x77}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_COOK_FRAMES={0x4}]}]]}, 0x4c}, 0x1, 0x0, 0x0, 0x240000c5}, 0x240048c0) 7m2.663913283s ago: executing program 0 (id=1050): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x48) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000580)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb5008, 0x0) umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x4) 7m2.486705499s ago: executing program 0 (id=1053): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) sendfile(r0, r1, 0x0, 0x20000023896) 7m1.831855141s ago: executing program 0 (id=1061): connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000008000800000000000800090000000000180001801400020076657468305f746f5f626f6e640000000800070000000000080006"], 0x4c}}, 0x0) 7m1.249155185s ago: executing program 32 (id=1061): connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001200000008000800000000000800090000000000180001801400020076657468305f746f5f626f6e640000000800070000000000080006"], 0x4c}}, 0x0) 6m48.809215415s ago: executing program 33 (id=1036): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x11) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 3m16.567467416s ago: executing program 4 (id=3151): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) 3m15.260649843s ago: executing program 4 (id=3164): r0 = epoll_create1(0x80000) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x10) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a}) ppoll(&(0x7f0000000080)=[{r0, 0x600}], 0x1, &(0x7f0000000240), 0x0, 0x0) 3m14.998860092s ago: executing program 4 (id=3169): r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x442, 0x3}, 0x10) sendmsg$tipc(r1, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0) 3m14.756634839s ago: executing program 4 (id=3173): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r1, 0x1, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000041}, 0x4008040) 3m14.551851778s ago: executing program 4 (id=3175): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 3m14.419584805s ago: executing program 4 (id=3177): r0 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x15a}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) io_uring_enter(r0, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) 2m59.299726822s ago: executing program 34 (id=3177): r0 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x15a}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) io_uring_enter(r0, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) 47.120851913s ago: executing program 1 (id=4780): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010300000100fddbdf2526"], 0x14}}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40c4}, 0x20040840) 46.859734703s ago: executing program 1 (id=4782): connect$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x6, @rose}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x10) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000b40)={r1, @in={{0x2, 0x4e21, @empty}}, 0x0, 0xb92}, 0x90) 46.676049662s ago: executing program 1 (id=4786): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000200)={'virt_wifi0\x00', @multicast}) 45.835893458s ago: executing program 1 (id=4793): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) 45.721577257s ago: executing program 1 (id=4795): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000140)={@multicast1, @loopback}, 0xc) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f00000005c0)={0xb, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x4e23, @private=0xa010100}}}, 0x108) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@multicast1, @loopback, 0x0, 0x1, [@empty]}, 0x14) 44.285215349s ago: executing program 1 (id=4798): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='nr_inodes=2']) chdir(&(0x7f0000000140)='./file0\x00') symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') 33.471541788s ago: executing program 5 (id=4861): r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/rt_acct\x00') r1 = socket(0x18, 0x800, 0x0) connect$pppoe(r1, &(0x7f0000000100)={0x18, 0x0, {0x4, @multicast, 'macvlan1\x00'}}, 0x1e) sendfile(r1, r0, 0x0, 0x8) 33.285319118s ago: executing program 5 (id=4862): r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000480)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', r2, 0x29, 0x9, 0xbc, 0x0, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, @local, 0x10, 0x0, 0xe7, 0x2}}) 26.482855705s ago: executing program 5 (id=4874): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="80000000", @ANYRES16=r1, @ANYBLOB="050200001a0816fcf2fa7f3a000008000300", @ANYRES32=r2], 0x80}}, 0x24000080) 21.238013468s ago: executing program 6 (id=4882): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}, {@userxattr}, {@redirect_dir_nofollow}]}) 21.196606914s ago: executing program 7 (id=4883): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000600)='./cgroup\x00', 0x40000040) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff58056ac", 0xffd7, 0x1) setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) 21.158271122s ago: executing program 5 (id=4884): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) inotify_add_watch(0xffffffffffffffff, 0x0, 0x800) 20.52128083s ago: executing program 2 (id=4885): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x2, 0x0, 0x1, 0xffffffffffffffff, 0x11}) 20.513612696s ago: executing program 6 (id=4886): r0 = semget$private(0x0, 0x6, 0x0) semtimedop(r0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) semop(r0, &(0x7f00000000c0)=[{0x4, 0x0, 0x800}, {0x2}], 0x2) semop(r0, &(0x7f00000001c0)=[{}, {0x4, 0xfff, 0x2000}], 0x2) 20.440611951s ago: executing program 7 (id=4887): sendmmsg$sock(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}}], 0x1, 0x200400aa) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8000000000000001}, 0x0) r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000800)={r0, r0, r0}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha384\x00'}}) 19.67552451s ago: executing program 6 (id=4888): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xfc0, &(0x7f00000006c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xfb2, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xf9e, 0x0, @opaque="9d706df2ef856da7b93b471f2a23f828b7fc601fd39d982c19e24d9c764fe4d120feb0eeaec2fd5aa2403dd197239c71f8dd342a33433c3b121067b297246322a662ef48d2c89144a99db4299147cd5251fbdad296504af16d72ea89698d1d82365d28936875f19965ce956a710c677e3e0e52a6b85beb7a7aadfa6f0dcadb15150102aeff3e4e337868a92252492b1959b15bfb88c933a216de186b242b55e4932fc613c41a7c257f967b9025d86345742a64a47bd68a437a557d9413caee8425a5a0b83270dba4d1f32fba36ac306b0f4988d2aadab2b8e73da23b218a2abb424ecc2608214f914ef36d25b03f70277cfba2e4cb7ffdb8df1059b2c6f8ba4410cfcb0ebfaa1fb601801d455c865d0b4910eea9bd11ea2b178387f73d6507275f5d18964ce4d91024146f532b7c78dd7632fb08ded03893af15aff30c78a974a1abc9afcf7b3ede1e4f61387ea0ae557bc50bd7bcc4936dc739e9b33f24f256c2cbb72a426e42d2eca9273a872711f8aa72db79d214547e7ce40da1c48a96444f48c2c879645eddd00ee148e20543bce594508491159f3ba53780ce6311d15c58a7632989805354e12b14175b50be85ebac090fe87ca640ecc3ace4122e8bf78aadd098d43713cda9eb9eda975709ff480310430bde92ded8a11bd5154adb4bfdd2c33174d87581c1fecafb764556e0a2f6e4c76f4817d912d007ebaffbc4c89f77920e0a582bdac8fec7214cdd8571ca67374d87f2ba244a0bf1f28853538e55e6027fc7ac95871d5faca09c10fff74f4cb6b478c10f8d79a2d413aa01250c1b018d57e471cb89fcb0ce273fe1c7d6222476b991996f52d4741420ddb3ac4cc5e8b8fb5c2a6b4da80e5914d6384daa5223eb8ac7db9b5bb43a469d896bf831f75a608a3cd06ef7bebab5a4c561fb8e218373f60bb6a070ee38c1796d4628e91fd4dd224c225949d85a611116316322573279f97ad472c1c7ccb57ea578d3f5e314407185d9150b0f812e1ef179acca05dc5388f4bfb18e7ba35baba5736c1e004ab1108159120a4782c46d1e416335fd59cd4bfaa77a8c60da69ee27cc29e90f690aa9e1ec6d976f8e612cc3124139f3041c0ee4959ca5304693dbeb3b62ab166a2069be63978c1879c6279eb8bf63d7deb8ad597a647dc5bf9ace2bc7cc41451b73bed5c8535e80e7c884521a29a208bee558d7e129aa995663941ff926d8a6ed323664b15071d3f2ba70a63abef65db492750c465683d03006967ade5fac086bb9386ea0ebc070238e711902496f64f2633e5a75631d0c6eaec21c6ed59c39ea3242714994bebf4f703f191c9ba3af2aac9ae7e0902083c20ea036088726ee0e5dbc68bca65f6bee063da5b6717d67be8e1386da5791ef1c23f2a887bdfb12c8a5cded529d829d5dec3eb1e82f52b351ce42252095b842c751277ff09dbcdc608356cb4efb5cb874f1c53fe65215961979f225882d595b1c72735a4e0acbe6c39cf045f8634591ce212a32f53babae27ad2b4850416f2e334edc717a04bc359a0f2c86cffb267b8fbb111381a76e372ae3e207eda1662e87d2778017e3c91a9bccefb102bcf2a96178af72a56af13fdd3bba291fd59a7dc5e542c3f9c813dd60345921a1ce73e27cd1a2a779d5aef8be2032f97e2d6562443738733f0f6570f14a47af26fe60cedb95eda4e445f7c1b0a4c4dce19c6933d4704ef2c668618b672609c4532d392fdcd7e5d983b3da49d998249703185b9ab18b8fa99ee768d8c848cae3f4d1164ca5c1e853a416df7f85beb0838dc38bba5ed65984d9d24f2790731b657f6a6e13a3d96758e212f4ef555afd2b3e0fc3286df2963e13db3529d68bfecb3a933ddb893a64ec07180fa8394c91b0f686dee9ed79c69d9f133cf560382e855b5b89f2f3a06d1dd5af011602e509d4005b5c00e57ee3dd3d6bb6d741d3c5cf748510f490b3958ac150d6cd36a9b1854ea8ed393c3d64ebd550815b5f47f91ec0acee1443ed83fb835da0f1950d8ed3861e94337d4afc6973bb1ac96c7df6fa4cdcae4c2bc989539ce21823554a2129d9d198b7316fb5e6cbbdebe5f4e708752c52705bee441689b1bcc5151ddd32501ad6fd6a357351c3382fbb46031106c483c3887f2823a592f20d4c5b3c07a3404712de85fa67de57284150cab1c82ffa174c83db2b9ef0751f7c817ad32a5bfbf6a0ed3021440f70e00801024c12c2bad19e7ab12eaa984caf9143f4b7ea11d923cc835afe7be3ebaa032bd74d0639e44d78243bd52b2baecdf1c78dc4a35d4f1a149d50431b1f5dba918b629959b158d05d14d0f1aabec9305201cf5134f84dfccee02d66030ee4948d369a6a27eea9e8933abb5a666f592680fea9098b8f4a5f30db2163205efdff3f923a01c2935dcfac9a23ef8e5e7d10e1f344ad4f84e49cb20a351ea349a13665fcb3f045fc24e6cc7af930e0e25a51bcfdc820af10284bc7cf354031081052c499264977fed41e8db87a3bd71acb99e6287a66360b84f2e826cdb66196e5a2577d3da584b6c93ea8e0b91ae70bc39c2002006e76a411978080574b7991b6de8007e9a0dceeae2830cfca08061d9323ba52db9a70a9c5d22d382c3dbe533634186a0b3d82ce05ab3a18281be7cf87018982b196fe89c7a7d83382122faf04801c195701df09ddba8927412aab740270af81e1bc9685f067938681c388e9d1a4657cd85b50ff32e039a96a67caf016fca43670e6fbd7e530c67d273520040f6d62765fe13811eba5e923cec2d13d34ad0155951f0b9794b92bad80a2d26c9be8c7b93517721ef969ada69ae9b42e0bf10c33335ca1ca4accd305b73695cbb8aad3185c0f1acdd1d439db1322c42c8b6df2b62f33d84b85f2b3c135c537418d86b3b094f75d315861a034519640b432c7ba7bd288c7ae909ad6601129cfced7808806f6e777ebd06307dc6e9b62024273a49625c6d22c0984259a043e59ca55c3df0156eda1352c895bad614fe35146438074a612e0c3161889bf1290fa3ef8c851543479c6f9a1142ab35e2102a5cf810297ec825cdaff7da8b94985391b540b72b1cdf37f51578ee244b42c5bd49862e85934c26c2923fe6494a8e64ab69a19287b837720df255d5402535360cfd10134ef3b023f882cff433966e9e22ff8c63963efefd16367f2cdfc9e2a609b9ceeea970a6910bf1bc74ada0d9ef798c39928a79d5a4a4bb2de068e5f1ea6eff238a97c22e89f642d01af5b3f3381c22ccb002cb8f2c7351a328dd6b0c423b4526f79f85de37c41cd0b6cd653f5e0e1ea98c46e6b1785eb945c15d090f20b2a1f937d5127a5f8a03798333c1da0a47354070ccae09dc5a64b973da0d5dc5924633ceb59688cf8262814af2863c2e6c8f49ec0be1a2bc9a901bef842d9f99bbedb19cb52c2aa1ed790229481ffd8b3b8845089ec37c9710a03304d72c150a2cd3f0f5d4d4c3d9d442484c70f8273809209b1ccf496b79072d45d168caf8fb5d1b7249cd9128201e886fd91d7148203654fed1a8cf01b0b1d42b5278463125de4a0a7471a208674c1cbfb784fc026133140026bc2f25a6942a05470b541d88e0d9467cf998e9932307b795b2ec48022b65c54af085e5afa8b0a16247e1d1071b66f2e21954cc3895cef46df0d798230bf9d1a28af10cf0275ab7ab107bf0723ecd3f7ccf7ca0ce2cfb86761cc0726bec4d5f2abda614173c9747173465fe2cc30e047be3cfeb8e84a99fe5872650d1ee7aa17ec8051c5be5187c84901bea4771990af199347e1d95a44d71f096ba9c7733e6420c13a3a96ef3a97fe031d61dbf62b28e7aeb20af57a8f28ca52b11b1af8901e11b43aee73c9ce7f31295f65c5c7d589257306777aa68a5e1c281caaceae9a0978d052d87ba2fcb1b1eff81628d3e65285070e4cf50a9bea6f700a9d2eb2ef1259150e9fd7cb4fae3f2d7c1bfbac94285c9f855f848c4004e8199b8c8f2927bde35310ae78578ed07cae81244ff3b79143ea0b9ee3268b4e508b67ff406a7ca99110851d27f14ebd427e38d91dcdae87b13318208f1d3cf655bfa5b7a0e685fb9e6952155895aebff6c1ebae15b0fc7f6fcdc301a6a0cb24ccb379e0a4f9fbe173762ec5ee037c27d5083789c2705624104a64cd068b5cf49f9cf69f8562b1541d84aacccd6db659a8affb77d3e606bcb5476732dacd876dd41ca3c2d430fd38f3c84c78b14112ccc8a02e0a3f7e347c78794133149bde7da795ec452db96595483f9ed0217b6582a1f622b868a9c7655b3b7a71af0cc49032b1c8accfac236f3ebdd07f57f83be85d31c0ac6b6dc24d60a552abe4fb5017bdc2a0fcae045e601cf35715d159ea579198a8515e464ec396f5d61196ff551fa7903185899fe1d21d330516bb26dcb2d3b39dc5e4e012c4c3b196f9def2ecc60c03a54c0a5dcf194aa48e82632f72adab969834c5354e54952c038545d30f09edba420e647104ac87ce28bd8cb0b6f0a3eac3eb9614281d77c03ab721de4a5b344e8b67495f8a7fd4211a6643b2060efb5ea4198b59597e4ce7918d9c85d41826afd6b93ca8d9b2961689dafc4f3ffbb433fe70f2b577bc74f18034c34b406a3f2ead4df1ea9621fcc93eff849c64287e663a635ebd687e299021772b6553848c0da0e92ba70de72795761160e9a3c3945012a3a2fad50b1df1c7c6fae621053a0f4cdba4fb8cd3029a93c575b27b82401c2766c3838e83d3236ad1bc5cb7077fad4377fff850c794e9cd51b493b1070fa0a75a586ff167d92c80fb2056114b23dd51cb78d4f26bd9d2516ec52ea02cf3881ea0f99e862cb9cf03120fa3345bc74623275decf232a8a5db7cdcd3a38bb86fdf92021c034896926c0be417fe067b0be9035513bdba2dfcdd61a9709b8dda6d27a935f7e73cb3ec41a98380a85bcda01644001055f8e79ffde9224a45cbda125eeb6a3828498059172f7bc7740cae2d13a36aee96eb32a3b76f383f72157376b76fbd480fa76b6097458be19003c47505c0c510128503d35ceee4e1bffc34878574d03263c32f8fc850dee85777e03712e7d39f33c8d36a6979070cb2eaa669198c59d977044c43cea861543022172c61551f2919d7c371f48b4d22df59fea266ac20c75eab030e5a7d5d7924e4b8d74c76077cdf3024a9abd7f45c3f6e7ce489bc393a2252112c7e356915455eee9485cca557ffa21f10e5d56bf9fbc5f47097816eacb088277eb7727b32f24b1beaf46931e4ef207b9ca92831c0cad1ba19d0cee468d7816bc4f5bc549536a8907fb93207051132e0416fa4d9f52e54f266d4db794e65ea25ea2443bd315432851c20c25d6ee5af17a917a4df31b717f67219a9b7920b0dab6d5ad94e829ba764ffde00cf48c7e3c886c6dbf891ef8c62698e90191f8e5e6d9461f874b9fae5ac0a41c11daae5fad9b86ac49f1ee30baadea7049c4b5ba7ba549e2cc44777f21854b60b77f0fa74ce8b425345c57cae88528fc01387a74267e4e91ff1a1a76b669e8b92542eae8641791fbb67013db834ca7bee71dc87fd21ec6fa5bd1561797ec8bf2eb8c50e24eda5f2f3e8e497857b16fa495034dad3c589e2a23123017b7337e79679be734471f5d06b052d3902ebc2454cd9234bc84dfc97ca7f430bed"}}}}}, 0x0) recvmmsg(r0, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x0, 0x0) 19.015147044s ago: executing program 2 (id=4889): pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x2) 19.013922774s ago: executing program 7 (id=4890): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}, 0x4}, 0x1c) 18.5376244s ago: executing program 5 (id=4891): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fanotify_init(0x200, 0x0) 18.526004648s ago: executing program 2 (id=4892): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x1, 0x1}}}, 0x10) recvmmsg(r0, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)=""/144, 0x90}], 0x1, &(0x7f0000000400)=""/17, 0x11}, 0x8000}], 0x1, 0x2102, 0x0) write$binfmt_misc(r0, &(0x7f0000000340), 0x2000011a) 18.525354929s ago: executing program 6 (id=4893): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='hugetlb.1GB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000100)=0x5, 0x12) 18.473166705s ago: executing program 6 (id=4894): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x20083, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000000)={{0x1000, 0x2000, 0xf, 0xfa, 0x2, 0xa, 0x8, 0x5, 0x2, 0x9, 0x8, 0xbb}, {0x8000000, 0x4000, 0x3, 0xb5, 0x1, 0xf2, 0x7, 0xb, 0x9, 0x5, 0x5}, {0xeeee8000, 0xffff1000, 0xc, 0xc, 0x9, 0xe, 0x10, 0x9, 0x40, 0xa, 0xc, 0xe7}, {0xbb3aa000, 0x8080002, 0x0, 0xa, 0x4, 0x0, 0x3a, 0xf6, 0xba, 0x2, 0x0, 0x6}, {0xeeee8000, 0x3000, 0xd, 0xf, 0x9, 0x2, 0x0, 0x2, 0x2, 0x0, 0x7}, {0x1, 0xf000, 0xb, 0x81, 0x8, 0x2, 0x0, 0x6, 0x4, 0x6, 0x3, 0x1}, {0xf000, 0x4, 0x4, 0x80, 0x9, 0x20, 0x12, 0x1, 0x6, 0x55, 0x19, 0x2}, {0xffff1000, 0x0, 0x0, 0x8e, 0x7, 0x5, 0x9, 0x6, 0xbc, 0xaf, 0xf7, 0x2}, {0x80a0000, 0xfff7}, {0x3000, 0x7}, 0x80000001, 0x0, 0xffff1000, 0x20202, 0xd, 0x100, 0x10000, 0x0, [0x101, 0x0, 0x4, 0x4]}) 18.419727233s ago: executing program 6 (id=4895): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x14, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x10, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x4, 0x4}]}]}]}]}, 0x30}}, 0x0) 17.886304248s ago: executing program 7 (id=4896): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001) setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000000), 0x4) setsockopt$sock_attach_bpf(r0, 0x1, 0x24, &(0x7f0000000000), 0x4) 17.375979955s ago: executing program 2 (id=4897): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) 17.004486756s ago: executing program 2 (id=4898): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000}) 16.729829357s ago: executing program 2 (id=4899): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x2a020480) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 16.705504036s ago: executing program 7 (id=4900): r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_OPENAT2={0x1c, 0x12, 0x0, 0xffffffffffffffff, &(0x7f0000000140)={0x400000, 0x40, 0x29}, &(0x7f0000000100)='./file0\x00', 0x30, 0x0, 0x12345}) io_uring_enter(r0, 0x47ba, 0xda2a, 0x62, 0x0, 0x0) 15.836281389s ago: executing program 7 (id=4901): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x4, 0x6, 0x0, @remote, @local}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0) 13.068412579s ago: executing program 5 (id=4902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 3.012445806s ago: executing program 35 (id=4895): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x14, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x10, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x5, 0x2, [{0x4, 0x4}]}]}]}]}, 0x30}}, 0x0) 1.481950912s ago: executing program 36 (id=4899): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) unshare(0x2a020480) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0xb}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_SOCKET_LEVEL={0x8, 0x3, 0x89}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}}, 0x0) 440.730973ms ago: executing program 37 (id=4901): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000300)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x4, 0x6, 0x0, @remote, @local}, {0x1, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0xfe}}}}}}}, 0x0) 0s ago: executing program 38 (id=4902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) kernel console output (not intermixed with test programs): Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 355.136185][T12469] bond0: entered promiscuous mode [ 355.136208][T12469] bond_slave_0: entered promiscuous mode [ 355.136451][T12469] bond_slave_1: entered promiscuous mode [ 355.160780][T12469] dummy0: entered promiscuous mode [ 355.171565][T12469] hsr2: entered promiscuous mode [ 355.171645][T12469] hsr2: entered allmulticast mode [ 355.171658][T12469] bond0: entered allmulticast mode [ 355.171670][T12469] bond_slave_0: entered allmulticast mode [ 355.171691][T12469] bond_slave_1: entered allmulticast mode [ 355.171741][T12469] dummy0: entered allmulticast mode [ 355.183077][T12471] netem: incorrect ge model size [ 355.183109][T12471] netem: change failed [ 355.487890][T12480] netem: incorrect gi model size [ 355.487905][T12480] netem: change failed [ 355.909717][T12494] Dead loop on virtual device ip6_vti0, fix it urgently! [ 356.284616][T12508] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2730'. [ 356.931024][ T5942] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 357.091954][ T5942] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 357.091984][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.099539][ T5942] usb 5-1: config 0 descriptor?? [ 357.154317][ T5942] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 357.522832][ T5843] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 357.672913][ T5843] usb 6-1: Using ep0 maxpacket: 32 [ 357.680007][ T5843] usb 6-1: config index 0 descriptor too short (expected 35577, got 27) [ 357.680034][ T5843] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 357.680055][ T5843] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 357.680075][ T5843] usb 6-1: config 1 has no interface number 0 [ 357.680197][ T5843] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 357.680225][ T5843] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 357.680327][ T5843] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 357.680351][ T5843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.724997][ T5942] gspca_stv06xx: vv6410 sensor detected [ 357.787623][ T5843] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found [ 357.950759][ T5843] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now attached [ 358.012356][ T5942] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71 [ 358.066340][ T5942] usb 5-1: USB disconnect, device number 20 [ 358.385911][ T49] usb 6-1: USB disconnect, device number 12 [ 358.388968][ T49] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected [ 359.841675][ T5857] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 360.733745][T12606] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2772'. [ 361.702107][T12627] syz.2.2782 (12627) used greatest stack depth: 17944 bytes left [ 363.838989][T12692] 9pnet_fd: Insufficient options for proto=fd [ 363.922835][ T5857] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 363.926896][ T5857] Bluetooth: hci3: Injecting HCI hardware error event [ 363.929533][ T5848] Bluetooth: hci3: hardware error 0x00 [ 364.302132][T12706] netlink: 'syz.6.2819': attribute type 1 has an invalid length. [ 364.935715][T12722] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2825'. [ 365.109071][ T37] audit: type=1326 audit(1759136558.034:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12724 comm="syz.5.2828" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f403e87eec9 code=0x0 [ 366.175567][ T5848] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 366.773128][T12768] ALSA: mixer_oss: invalid OSS volume 'YW;' [ 366.773151][T12768] ALSA: mixer_oss: invalid OSS volume '' [ 367.021157][T12774] netlink: 27 bytes leftover after parsing attributes in process `syz.5.2848'. [ 367.092205][T12776] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0 [ 367.113136][T12772] IPVS: stopping backup sync thread 12776 ... [ 367.543040][T12788] misc userio: Invalid payload size [ 367.759322][T12790] program syz.1.2856 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 369.508433][ T83] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 369.915900][ T83] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.110271][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 370.120471][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 370.126352][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 370.150581][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 370.165492][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 370.241101][T12845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2882'. [ 370.241125][T12845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2882'. [ 370.397804][ T83] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 370.622118][ T83] tipc: Resetting bearer [ 370.877846][ T83] tipc: Disabling bearer [ 370.999547][ T83] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.810684][T12889] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2902'. [ 372.077607][ T83] bridge_slave_1: left allmulticast mode [ 372.077639][ T83] bridge_slave_1: left promiscuous mode [ 372.077906][ T83] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.224433][ T83] bridge_slave_0: left allmulticast mode [ 372.226803][ T83] bridge_slave_0: left promiscuous mode [ 372.227091][ T83] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.251862][ T5848] Bluetooth: hci1: command tx timeout [ 372.401614][ T5844] kernel write not supported for file /media3 (pid: 5844 comm: kworker/0:5) [ 372.908859][ T5942] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 373.113442][ T5942] usb 5-1: Using ep0 maxpacket: 8 [ 373.118383][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.118414][ T5942] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 373.118469][ T5942] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 373.118492][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.184944][ T5942] usb 5-1: config 0 descriptor?? [ 373.684754][ T5942] hid-rmi 0003:06CB:81A7.0016: unknown main item tag 0x6 [ 373.684795][ T5942] hid-rmi 0003:06CB:81A7.0016: unknown main item tag 0x0 [ 373.684824][ T5942] hid-rmi 0003:06CB:81A7.0016: unknown main item tag 0x0 [ 373.684852][ T5942] hid-rmi 0003:06CB:81A7.0016: unknown main item tag 0x0 [ 373.684879][ T5942] hid-rmi 0003:06CB:81A7.0016: unknown main item tag 0x0 [ 373.684907][ T5942] hid-rmi 0003:06CB:81A7.0016: unbalanced collection at end of report description [ 373.685759][ T5942] hid-rmi 0003:06CB:81A7.0016: parse failed [ 373.685856][ T5942] hid-rmi 0003:06CB:81A7.0016: probe with driver hid-rmi failed with error -22 [ 373.909256][ T5942] usb 5-1: USB disconnect, device number 21 [ 374.313222][ T5848] Bluetooth: hci1: command tx timeout [ 374.432881][ T5942] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 374.595008][ T5942] usb 6-1: Using ep0 maxpacket: 32 [ 374.597691][ T5942] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.597721][ T5942] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.602491][ T5942] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 374.602518][ T5942] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 374.602539][ T5942] usb 6-1: Product: syz [ 374.602552][ T5942] usb 6-1: Manufacturer: syz [ 374.695511][ T5942] hub 6-1:4.0: USB hub found [ 374.700302][T12951] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2922'. [ 374.700322][T12951] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2922'. [ 374.907109][ T5942] hub 6-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 375.214455][ T5942] usb 6-1: USB disconnect, device number 13 [ 376.392818][ T5848] Bluetooth: hci1: command tx timeout [ 376.527717][ T83] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 376.646090][ T83] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 376.676719][ T83] bond0 (unregistering): Released all slaves [ 376.730596][T12951] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2922'. [ 376.761393][T12838] chnl_net:caif_netlink_parms(): no params data found [ 377.085726][ T83] tipc: Left network mode [ 377.217522][ T83] IPVS: stopping backup sync thread 11311 ... [ 377.484434][T12992] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2936'. [ 377.934995][T12838] bridge0: port 1(bridge_slave_0) entered blocking state [ 377.935198][T12838] bridge0: port 1(bridge_slave_0) entered disabled state [ 377.935434][T12838] bridge_slave_0: entered allmulticast mode [ 377.938070][T12838] bridge_slave_0: entered promiscuous mode [ 377.959314][T12838] bridge0: port 2(bridge_slave_1) entered blocking state [ 377.959475][T12838] bridge0: port 2(bridge_slave_1) entered disabled state [ 377.959657][T12838] bridge_slave_1: entered allmulticast mode [ 377.964467][T12838] bridge_slave_1: entered promiscuous mode [ 378.118014][T13001] 9p: Unknown uid 00000000004294967295 [ 378.472876][ T5848] Bluetooth: hci1: command tx timeout [ 378.565768][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.950537][T12838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 379.058472][T13024] mkiss: ax0: crc mode is auto. [ 379.076324][T12838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 379.868646][ T83] hsr_slave_0: left promiscuous mode [ 379.927016][ T83] hsr_slave_1: left promiscuous mode [ 379.927903][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 379.927931][ T83] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 379.932852][ T5932] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 379.998551][ T83] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 379.998582][ T83] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 380.081834][ T83] batman_adv: batadv0: Interface deactivated: macsec1 [ 380.081864][ T83] batman_adv: batadv0: Removing interface: macsec1 [ 380.096047][ T5932] usb 2-1: Using ep0 maxpacket: 32 [ 380.099012][ T5932] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 380.099039][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.127825][ T5932] usb 2-1: config 0 descriptor?? [ 380.150179][ T5932] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 380.234586][ T5942] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 380.353188][ T83] batadv_slave_1: left promiscuous mode [ 380.353355][ T83] veth1_macvtap: left promiscuous mode [ 380.353476][ T83] veth0_macvtap: left promiscuous mode [ 380.353764][ T83] veth1_vlan: left promiscuous mode [ 380.353974][ T83] veth0_vlan: left promiscuous mode [ 380.383146][ T5942] usb 5-1: Using ep0 maxpacket: 32 [ 380.385743][ T5942] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 380.385766][ T5942] usb 5-1: config 0 has no interface number 0 [ 380.385810][ T5942] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 380.385834][ T5942] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 380.385871][ T5942] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 380.385893][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.414647][ T5942] usb 5-1: config 0 descriptor?? [ 380.963506][ T5932] gspca_vc032x: reg_w err -71 [ 380.963538][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963549][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963557][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963565][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963574][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963583][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963590][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963599][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963607][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963617][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963624][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963633][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963641][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963649][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963658][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963666][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963674][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963683][ T5932] gspca_vc032x: I2c Bus Busy Wait 00 [ 380.963691][ T5932] gspca_vc032x: Unknown sensor... [ 380.963773][ T5932] vc032x 2-1:0.0: probe with driver vc032x failed with error -22 [ 380.985209][ T5932] usb 2-1: USB disconnect, device number 24 [ 381.106359][ T5942] uclogic 0003:28BD:0094.0017: pen parameters not found [ 381.106385][ T5942] uclogic 0003:28BD:0094.0017: interface is invalid, ignoring [ 381.298660][ T5932] usb 5-1: USB disconnect, device number 22 [ 381.714669][ C0] vkms_vblank_simulate: vblank timer overrun [ 382.085472][T13085] input: syz1 as /devices/virtual/input/input25 [ 382.817251][T13103] netlink: del zone limit has 4 unknown bytes [ 382.899973][T13102] netlink: set zone limit has 4 unknown bytes [ 383.472960][ T992] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 383.627953][ T992] usb 6-1: Using ep0 maxpacket: 16 [ 383.635390][ T992] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 383.635414][ T992] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 383.635432][ T992] usb 6-1: config 0 has no interface number 0 [ 383.639350][ T992] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 383.639375][ T992] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.639393][ T992] usb 6-1: Product: syz [ 383.639406][ T992] usb 6-1: Manufacturer: syz [ 383.639420][ T992] usb 6-1: SerialNumber: syz [ 383.681387][ T992] usb 6-1: config 0 descriptor?? [ 383.706229][ T992] usb 6-1: Found UVC 0.00 device syz (046d:08f3) [ 383.706269][ T992] usb 6-1: No valid video chain found. [ 383.919602][ T1218] usb 6-1: USB disconnect, device number 14 [ 384.304458][ T83] team0 (unregistering): Port device team_slave_1 removed [ 384.513511][ T83] team0 (unregistering): Port device team_slave_0 removed [ 387.100138][T13089] tipc: Started in network mode [ 387.100156][T13089] tipc: Node identity , cluster identity 4711 [ 387.100172][T13089] tipc: Failed to set node id, please configure manually [ 387.100215][T13089] tipc: Enabling of bearer rejected, failed to enable media [ 387.114036][T13121] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2989'. [ 387.192833][T13124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2990'. [ 388.094160][T12838] team0: Port device team_slave_0 added [ 388.196261][T12838] team0: Port device team_slave_1 added [ 388.582315][T13150] netlink: 'syz.4.3000': attribute type 1 has an invalid length. [ 388.582336][T13150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3000'. [ 388.586241][T13150] sch_fq: defrate 0 ignored. [ 388.666511][T12838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 388.666528][T12838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.666555][T12838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 388.690266][T12838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.690280][T12838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.690304][T12838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.291657][T12838] hsr_slave_0: entered promiscuous mode [ 389.323289][T12838] hsr_slave_1: entered promiscuous mode [ 389.324195][T12838] debugfs: 'hsr0' already exists in 'hsr' [ 389.324218][T12838] Cannot create hsr debugfs directory [ 390.136192][ T83] IPVS: stop unused estimator thread 0... [ 390.715032][ T37] audit: type=1400 audit(1759136583.634:385): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=13191 comm="syz.5.3013" dest=20002 [ 392.866675][T13254] syz.5.3032 (13254) used greatest stack depth: 17800 bytes left [ 393.057732][T13266] 9pnet_fd: Insufficient options for proto=fd [ 393.061617][T12838] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 393.125024][T12838] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 393.200118][T12838] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 393.378013][T12838] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 393.736947][T13297] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3047'. [ 394.018237][T12838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.088977][T13307] netlink: 'syz.5.3051': attribute type 25 has an invalid length. [ 394.088999][T13307] netlink: 'syz.5.3051': attribute type 1 has an invalid length. [ 394.111531][T12838] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.168277][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.168757][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.240262][ T83] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.240712][ T83] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.584545][T13326] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3057'. [ 394.649479][T13327] loop7: detected capacity change from 0 to 7 [ 394.665780][T13327] Dev loop7: unable to read RDB block 7 [ 394.665810][T13327] loop7: AHDI p1 p2 [ 394.665836][T13327] loop7: partition table partially beyond EOD, truncated [ 394.666090][T13327] loop7: p1 start 1702000233 is beyond EOD, truncated [ 395.094820][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3061'. [ 395.417402][T12838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 395.512862][ T992] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 395.558437][T12838] veth0_vlan: entered promiscuous mode [ 395.578000][T12838] veth1_vlan: entered promiscuous mode [ 395.673559][ T992] usb 5-1: Using ep0 maxpacket: 32 [ 395.675845][ T992] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 395.675869][ T992] usb 5-1: config 0 has no interface number 0 [ 395.702051][ T992] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 395.702076][ T992] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.702095][ T992] usb 5-1: Product: syz [ 395.702107][ T992] usb 5-1: Manufacturer: syz [ 395.702119][ T992] usb 5-1: SerialNumber: syz [ 395.739266][ T992] usb 5-1: config 0 descriptor?? [ 395.748895][T12838] veth0_macvtap: entered promiscuous mode [ 395.773755][ T992] quatech2 5-1:0.1: Quatech 2nd gen USB to Serial Driver converter detected [ 395.787218][T12838] veth1_macvtap: entered promiscuous mode [ 395.920492][T12838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.014911][ T992] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 396.019412][T12838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.057920][ T992] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 396.098917][ T3626] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.100302][ T3626] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.100345][ T3626] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.100381][ T3626] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.468562][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 396.469659][ T1218] usb 5-1: USB disconnect, device number 23 [ 396.549565][ T1218] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 396.584665][ T1218] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 396.585584][ T1218] quatech2 5-1:0.1: device disconnected [ 396.927734][ T93] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.927754][ T93] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.200920][ T3626] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.200940][ T3626] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.366601][T13457] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 399.811145][ T1218] kernel write not supported for file /dsp (pid: 1218 comm: kworker/0:2) [ 400.031070][T13485] netlink: 'syz.1.3111': attribute type 3 has an invalid length. [ 401.992156][T13535] loop9: detected capacity change from 0 to 7 [ 402.020313][T13535] Dev loop9: unable to read RDB block 7 [ 402.020358][T13535] loop9: unable to read partition table [ 402.020596][T13535] loop9: partition table beyond EOD, truncated [ 402.020626][T13535] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 402.129262][T13218] Dev loop9: unable to read RDB block 7 [ 402.129308][T13218] loop9: unable to read partition table [ 402.129571][T13218] loop9: partition table beyond EOD, truncated [ 402.154637][T13540] Dev loop9: unable to read RDB block 7 [ 402.154690][T13540] loop9: unable to read partition table [ 402.155002][T13540] loop9: partition table beyond EOD, truncated [ 402.155019][T13540] loop_reread_partitions: partition scan of loop9 (3 xC) failed (rc=-5) [ 403.097169][T13570] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3148'. [ 404.873859][T13612] loop9: detected capacity change from 0 to 524288000 [ 406.478407][T13653] netlink: 'syz.1.3186': attribute type 6 has an invalid length. [ 406.606913][T13655] sctp: [Deprecated]: syz.6.3187 (pid 13655) Use of struct sctp_assoc_value in delayed_ack socket option. [ 406.606913][T13655] Use struct sctp_sack_info instead [ 406.752852][T13659] netlink: 'syz.1.3188': attribute type 14 has an invalid length. [ 406.827013][T13661] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3190'. [ 406.827039][T13661] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3190'. [ 407.226643][T13673] program syz.1.3196 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 409.262258][ T5848] Bluetooth: hci2: Malformed LE Event: 0x1d [ 409.681987][ T5848] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 410.368451][T13753] netlink: 'syz.5.3233': attribute type 12 has an invalid length. [ 412.003034][T13789] program syz.2.3251 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 412.257258][T13796] netlink: 'syz.2.3253': attribute type 1 has an invalid length. [ 412.257281][T13796] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3253'. [ 413.140547][T13812] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3260'. [ 413.615428][T13824] netlink: 'syz.2.3267': attribute type 2 has an invalid length. [ 413.615449][T13824] netlink: 'syz.2.3267': attribute type 1 has an invalid length. [ 413.615462][T13824] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.3267'. [ 413.615479][T13824] nbd: illegal input index 35451 [ 415.917778][T13870] Invalid logical block size (7) [ 416.298317][ T49] Process accounting resumed [ 417.212861][T13914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3308'. [ 418.002750][ T5932] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 418.155457][ T5932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.155489][ T5932] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.155527][ T5932] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 418.155549][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.210770][ T5932] usb 3-1: config 0 descriptor?? [ 418.403253][ T5857] Bluetooth: hci5: command 0xfc11 tx timeout [ 418.406324][ T5848] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 418.680823][ T5932] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 418.680861][ T5932] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 418.680890][ T5932] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 418.680916][ T5932] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 418.680944][ T5932] playstation 0003:054C:0DF2.0018: unknown main item tag 0x0 [ 418.735898][ T5932] playstation 0003:054C:0DF2.0018: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 418.864975][ T5932] playstation 0003:054C:0DF2.0018: Invalid byte count transferred, expected 20 got 0 [ 418.865012][ T5932] playstation 0003:054C:0DF2.0018: Failed to retrieve DualSense pairing info: -22 [ 418.865064][ T5932] playstation 0003:054C:0DF2.0018: Failed to get MAC address from DualSense [ 418.865083][ T5932] playstation 0003:054C:0DF2.0018: Failed to create dualsense. [ 418.867909][ T5932] playstation 0003:054C:0DF2.0018: probe with driver playstation failed with error -22 [ 418.989079][T13941] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3321'. [ 419.070516][ T5942] usb 3-1: USB disconnect, device number 20 [ 421.358738][T13996] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3347'. [ 421.358920][T13996] openvswitch: netlink: nsh attribute has 65520 unknown bytes. [ 421.358950][T13996] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 421.734756][T14001] netlink: 'syz.1.3350': attribute type 25 has an invalid length. [ 421.768352][T14001] netlink: 'syz.1.3350': attribute type 25 has an invalid length. [ 421.951974][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 421.977547][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 421.991946][ T5857] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 421.994645][ T5857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 421.995431][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 422.341099][T14020] loop7: detected capacity change from 0 to 7 [ 422.353944][ C1] blk_print_req_error: 138 callbacks suppressed [ 422.353962][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.353991][ C1] buffer_io_error: 138 callbacks suppressed [ 422.354010][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.354859][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.354888][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.355108][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.355131][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.355315][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.355340][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.355537][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.355562][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.355762][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.355786][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.355999][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.356021][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.356107][T14020] ldm_validate_partition_table(): Disk read failed. [ 422.356266][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.356293][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.450052][ T93] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 422.473055][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.473088][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.479016][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 422.479047][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 422.506441][T14020] Dev loop7: unable to read RDB block 0 [ 422.527342][T14020] loop7: unable to read partition table [ 422.527567][T14020] loop7: partition table beyond EOD, truncated [ 422.527597][T14020] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 422.877996][T14032] vxcan1: tx address claim with dest, not broadcast [ 422.937390][ T93] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.245905][ T93] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.516647][ T93] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 423.611106][T14055] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3371'. [ 423.984451][T14067] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3373'. [ 424.078027][ T5848] Bluetooth: hci4: command tx timeout [ 424.526424][T14004] chnl_net:caif_netlink_parms(): no params data found [ 424.700565][ T93] team0: left allmulticast mode [ 424.700585][ T93] team_slave_0: left allmulticast mode [ 424.700607][ T93] team_slave_1: left allmulticast mode [ 424.724382][ T93] bridge0: port 3(team0) entered disabled state [ 424.812170][ T93] bridge_slave_1: left allmulticast mode [ 424.812202][ T93] bridge_slave_1: left promiscuous mode [ 424.812462][ T93] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.916727][ T93] bridge_slave_0: left allmulticast mode [ 424.916758][ T93] bridge_slave_0: left promiscuous mode [ 424.917022][ T93] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.659394][T14115] input: syz1 as /devices/virtual/input/input26 [ 425.864732][T14117] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 426.150946][ T5848] Bluetooth: hci4: command tx timeout [ 426.169655][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 427.252737][T14138] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 427.720230][ T93] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 427.780084][ T93] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 427.824055][ T93] bond0 (unregistering): Released all slaves [ 428.006576][T14106] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3393'. [ 428.095279][ T93] tipc: Disabling bearer [ 428.095755][ T93] tipc: Left network mode [ 428.241528][ T5848] Bluetooth: hci4: command tx timeout [ 428.461119][ T37] audit: type=1326 audit(1759136877.370:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14153 comm="syz.6.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 428.461171][ T37] audit: type=1326 audit(1759136877.390:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14153 comm="syz.6.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 428.466001][ T37] audit: type=1326 audit(1759136877.390:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14153 comm="syz.6.3415" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 428.466052][ T37] audit: type=1326 audit(1759136877.390:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14153 comm="syz.6.3415" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x0 [ 429.486202][T14004] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.486355][T14004] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.486605][T14004] bridge_slave_0: entered allmulticast mode [ 429.513320][T14004] bridge_slave_0: entered promiscuous mode [ 429.529169][T14004] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.529299][T14004] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.529481][T14004] bridge_slave_1: entered allmulticast mode [ 429.559302][T14004] bridge_slave_1: entered promiscuous mode [ 430.208277][ T5942] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 430.308463][ T5848] Bluetooth: hci4: command tx timeout [ 430.372389][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 430.372419][ T5942] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 430.372441][ T5942] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 430.372463][ T5942] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 430.372501][ T5942] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 430.372524][ T5942] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.392196][ T5942] usb 2-1: config 0 descriptor?? [ 430.605801][ T5942] hdpvr 2-1:0.0: firmware version 0x0 dated [ 430.605821][ T5942] hdpvr 2-1:0.0: untested firmware, the driver might not work. [ 430.697505][T14004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.721263][T14004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 430.904499][ T93] hsr_slave_0: left promiscuous mode [ 430.939492][ T93] hsr_slave_1: left promiscuous mode [ 430.940333][ T93] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 430.940353][ T93] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 430.999571][ T93] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 430.999608][ T93] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 431.140982][ T93] veth1_macvtap: left promiscuous mode [ 431.141101][ T93] veth0_macvtap: left promiscuous mode [ 431.141424][ T93] veth1_vlan: left promiscuous mode [ 431.141628][ T93] veth0_vlan: left promiscuous mode [ 431.143561][ T5942] hdpvr 2-1:0.0: Could not setup controls [ 431.144314][ T5942] hdpvr 2-1:0.0: registering videodev failed [ 431.181944][ T5942] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -71 [ 431.205746][ T5942] usb 2-1: USB disconnect, device number 25 [ 431.414427][ T37] audit: type=1326 audit(1759136880.342:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 431.414477][ T37] audit: type=1326 audit(1759136880.342:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 431.414516][ T37] audit: type=1326 audit(1759136880.342:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 431.414558][ T37] audit: type=1326 audit(1759136880.342:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 431.415175][ T37] audit: type=1326 audit(1759136880.342:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 431.415459][ T37] audit: type=1326 audit(1759136880.342:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14226 comm="syz.6.3441" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc3a656eec9 code=0x7ffc0000 [ 433.847503][ T93] team_slave_1 (unregistering): left promiscuous mode [ 433.886827][ T93] team0 (unregistering): Port device team_slave_1 removed [ 434.097053][ T93] team_slave_0 (unregistering): left promiscuous mode [ 434.137260][ T93] team0 (unregistering): Port device team_slave_0 removed [ 436.832495][T14004] team0: Port device team_slave_0 added [ 436.856317][T14004] team0: Port device team_slave_1 added [ 437.256082][T14253] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 437.256902][T14253] batadv_slave_0: entered promiscuous mode [ 437.285526][T14004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 437.285540][T14004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.285565][T14004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 437.345150][T14004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 437.345167][T14004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 437.345193][T14004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 437.420270][T14255] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3454'. [ 437.940666][T14004] hsr_slave_0: entered promiscuous mode [ 437.941986][T14004] hsr_slave_1: entered promiscuous mode [ 438.789483][ T93] IPVS: stop unused estimator thread 0... [ 439.002690][T14336] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3468'. [ 440.004585][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.027531][T14004] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 440.085837][T14004] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 440.193876][T14004] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 440.228005][T14004] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 440.712049][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712086][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712113][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712139][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712165][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712190][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712216][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712241][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712267][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.712292][ T5932] hid-generic 00A0:0008:0003.0019: unknown main item tag 0x0 [ 440.773081][ T992] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 440.827629][ T5932] hid-generic 00A0:0008:0003.0019: hidraw0: HID v0.05 Device [syz1] on syz0 [ 440.829444][T14004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.933157][ T992] usb 3-1: Using ep0 maxpacket: 32 [ 440.936636][T14004] 8021q: adding VLAN 0 to HW filter on device team0 [ 440.940214][ T992] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 440.940240][ T992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.983541][ T992] usb 3-1: config 0 descriptor?? [ 440.984963][T14306] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.985111][T14306] bridge0: port 1(bridge_slave_0) entered forwarding state [ 441.024793][T14306] bridge0: port 2(bridge_slave_1) entered blocking state [ 441.027345][T14306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 441.208245][ T992] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 441.234217][ T992] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 441.236680][ T992] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 441.236734][ T992] usb 3-1: media controller created [ 441.287927][ T992] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 441.431003][ T992] az6027: usb out operation failed. (-71) [ 441.439088][ T992] az6027: usb out operation failed. (-71) [ 441.439103][ T992] stb0899_attach: Driver disabled by Kconfig [ 441.439112][ T992] az6027: no front-end attached [ 441.439112][ T992] [ 441.440376][ T992] az6027: usb out operation failed. (-71) [ 441.440391][ T992] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 441.478878][ T992] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input27 [ 441.502997][ T992] dvb-usb: schedule remote query interval to 400 msecs. [ 441.503018][ T992] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 441.506035][ T992] usb 3-1: USB disconnect, device number 21 [ 441.683245][ T992] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 442.178454][T14004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 443.433810][T14434] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3499'. [ 443.433842][T14434] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3499'. [ 443.493121][T14288] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.500745][T14288] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.503137][T14288] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.503376][T14288] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 443.516891][T14004] veth0_vlan: entered promiscuous mode [ 443.532890][ T5942] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 443.557441][T14004] veth1_vlan: entered promiscuous mode [ 443.607050][T14004] veth0_macvtap: entered promiscuous mode [ 443.618748][T14004] veth1_macvtap: entered promiscuous mode [ 443.646577][T14004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 443.663729][T14004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 443.689197][ T5942] usb 3-1: config 0 has an invalid interface number: 246 but max is 0 [ 443.689224][ T5942] usb 3-1: config 0 has no interface number 0 [ 443.689255][ T5942] usb 3-1: config 0 interface 246 has no altsetting 0 [ 443.689288][ T5942] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=f9.e3 [ 443.689310][ T5942] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.711507][ T1152] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.711763][ T1152] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.711975][ T1152] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.712177][ T1152] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 443.721861][ T5942] usb 3-1: config 0 descriptor?? [ 443.959860][ T5942] usb 3-1: string descriptor 0 read error: -71 [ 444.177840][T14447] pimreg: tun_chr_ioctl cmd 1074025677 [ 444.177993][T14447] pimreg: linktype set to 6 [ 444.242965][ T5942] usb 3-1: USB disconnect, device number 22 [ 444.410973][T14286] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.410991][T14286] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.514646][T14270] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.514666][T14270] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 445.327690][T14472] 9pnet_fd: Insufficient options for proto=fd [ 445.471173][T14475] netem: incorrect gi model size [ 445.471210][T14475] netem: change failed [ 447.148790][T14521] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 447.414899][T14526] netlink: 'syz.1.3536': attribute type 11 has an invalid length. [ 447.854418][T14543] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3543'. [ 448.183388][T14551] input: syz0 as /devices/virtual/input/input28 [ 448.666455][ T37] kauditd_printk_skb: 7 callbacks suppressed [ 448.666471][ T37] audit: type=1326 audit(1759136897.600:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.666516][ T37] audit: type=1326 audit(1759136897.600:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.666556][ T37] audit: type=1326 audit(1759136897.600:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.666596][ T37] audit: type=1326 audit(1759136897.600:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.666635][ T37] audit: type=1326 audit(1759136897.600:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.666968][ T37] audit: type=1326 audit(1759136897.600:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.667307][ T37] audit: type=1326 audit(1759136897.600:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.708385][ T37] audit: type=1326 audit(1759136897.641:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.718129][ T37] audit: type=1326 audit(1759136897.641:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 448.718184][ T37] audit: type=1326 audit(1759136897.651:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14559 comm="syz.6.3551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc3a650af79 code=0x7ffc0000 [ 449.521193][T14581] netlink: 44 bytes leftover after parsing attributes in process `syz.2.3561'. [ 450.488406][ T5932] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 450.638172][ T5932] usb 6-1: Using ep0 maxpacket: 16 [ 450.643746][ T5932] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 450.643769][ T5932] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 450.650845][ T5932] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 450.650873][ T5932] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.650903][ T5932] usb 6-1: Product: syz [ 450.650916][ T5932] usb 6-1: Manufacturer: syz [ 450.650930][ T5932] usb 6-1: SerialNumber: syz [ 451.138007][ T5932] usb 6-1: 0:2 : does not exist [ 451.487920][T14619] erspan0: entered promiscuous mode [ 451.599002][ T5932] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 451.698509][ T5932] usb 6-1: USB disconnect, device number 15 [ 451.938734][T14337] udevd[14337]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 452.062184][T14635] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 452.268684][T14645] IPv6: NLM_F_CREATE should be specified when creating new route [ 452.927341][T14640] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 452.929715][T14640] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 453.211018][T14640] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 453.211118][T14640] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 453.446375][T14640] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 453.446622][T14640] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 453.702749][T14640] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 453.869889][T14640] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 453.869982][T14640] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 454.057945][T14640] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 454.715902][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 455.197224][T14701] netlink: 60 bytes leftover after parsing attributes in process `syz.7.3617'. [ 455.265801][ T5848] Bluetooth: hci0: command 0x0405 tx timeout [ 455.498024][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 455.895765][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 456.775250][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 456.817830][T14746] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3638'. [ 456.845286][ T31] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 457.007945][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 457.007980][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 457.008022][ T31] usb 3-1: New USB device found, idVendor=22d4, idProduct=1503, bcdDevice= 0.00 [ 457.008045][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.033785][ T31] usb 3-1: config 0 descriptor?? [ 457.044259][T14742] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 457.055909][T14752] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 457.055961][T14752] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 457.056047][T14752] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 457.335012][ T5848] Bluetooth: hci0: command 0x0405 tx timeout [ 457.517417][ T31] glorious 0003:22D4:1503.001A: hidraw0: USB HID v0.00 Device [Glorious Model I] on usb-dummy_hcd.2-1/input0 [ 457.574581][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 457.715166][ T5922] usb 3-1: USB disconnect, device number 23 [ 457.787478][T14766] fido_id[14766]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 457.974767][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 458.144412][ T31] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 458.294240][ T31] usb 2-1: Using ep0 maxpacket: 32 [ 458.296909][ T31] usb 2-1: config 0 has an invalid interface number: 58 but max is 27 [ 458.296936][ T31] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 458.296955][ T31] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 28 [ 458.296975][ T31] usb 2-1: config 0 has no interface number 0 [ 458.297022][ T31] usb 2-1: config 0 interface 58 altsetting 0 endpoint 0x6 has invalid maxpacket 56166, setting to 64 [ 458.297050][ T31] usb 2-1: config 0 interface 58 altsetting 0 endpoint 0x7 has invalid maxpacket 64800, setting to 64 [ 458.297075][ T31] usb 2-1: config 0 interface 58 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 458.297097][ T31] usb 2-1: config 0 interface 58 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7 [ 458.297121][ T31] usb 2-1: config 0 interface 58 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 458.297141][ T31] usb 2-1: config 0 interface 58 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 458.301077][ T31] usb 2-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice=5c.24 [ 458.301103][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.301123][ T31] usb 2-1: Product: syz [ 458.301136][ T31] usb 2-1: Manufacturer: syz [ 458.301150][ T31] usb 2-1: SerialNumber: syz [ 458.343523][ T31] usb 2-1: config 0 descriptor?? [ 458.701780][ T31] appletouch 2-1:0.58: Could not find int-in endpoint [ 458.701817][ T31] appletouch 2-1:0.58: probe with driver appletouch failed with error -5 [ 458.703302][ T31] usbhid 2-1:0.58: couldn't find an input interrupt endpoint [ 458.752766][ T31] usb 2-1: USB disconnect, device number 26 [ 459.653578][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 460.053514][ T5848] Bluetooth: hci4: command 0x0c1a tx timeout [ 460.756055][T14845] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3684'. [ 461.244309][ T1218] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 461.393941][ T1218] usb 2-1: Using ep0 maxpacket: 32 [ 461.396487][ T1218] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 461.396518][ T1218] usb 2-1: config 0 has no interface number 0 [ 461.396565][ T1218] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.396591][ T1218] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.396628][ T1218] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 461.396650][ T1218] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.467720][ T1218] usb 2-1: config 0 descriptor?? [ 461.650746][T14878] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3701'. [ 462.105481][ T1218] uclogic 0003:28BD:0094.001B: failed retrieving string descriptor #100: -71 [ 462.105544][ T1218] uclogic 0003:28BD:0094.001B: failed retrieving pen parameters: -71 [ 462.105561][ T1218] uclogic 0003:28BD:0094.001B: pen probing failed: -71 [ 462.105577][ T1218] uclogic 0003:28BD:0094.001B: failed probing parameters: -71 [ 462.105683][ T1218] uclogic 0003:28BD:0094.001B: probe with driver uclogic failed with error -71 [ 462.121083][ T5932] kernel write not supported for file /input/mouse0 (pid: 5932 comm: kworker/1:6) [ 462.172516][ T1218] usb 2-1: USB disconnect, device number 27 [ 462.602846][T14901] mkiss: ax0: crc mode is auto. [ 462.757491][T14909] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3714'. [ 462.757512][T14909] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3714'. [ 462.757536][T14909] netlink: 'syz.1.3714': attribute type 14 has an invalid length. [ 462.757550][T14909] netlink: 'syz.1.3714': attribute type 11 has an invalid length. [ 463.275364][T14931] netlink: 'syz.1.3725': attribute type 1 has an invalid length. [ 463.275385][T14931] netlink: 72 bytes leftover after parsing attributes in process `syz.1.3725'. [ 463.275400][T14931] netlink: 97 bytes leftover after parsing attributes in process `syz.1.3725'. [ 463.449309][T14936] openvswitch: netlink: IP tunnel dst address not specified [ 463.656850][T14944] netlink: 'syz.1.3732': attribute type 3 has an invalid length. [ 464.571282][ T31] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 464.723608][ T31] usb 2-1: config 1 has an invalid interface number: 105 but max is 0 [ 464.723634][ T31] usb 2-1: config 1 has an invalid interface number: 4 but max is 0 [ 464.723653][ T31] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 464.723673][ T31] usb 2-1: config 1 has no interface number 0 [ 464.723688][ T31] usb 2-1: config 1 has no interface number 1 [ 464.723746][ T31] usb 2-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 464.723786][ T31] usb 2-1: config 1 interface 4 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 464.723823][ T31] usb 2-1: config 1 interface 4 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 16 [ 464.723847][ T31] usb 2-1: config 1 interface 105 has no altsetting 0 [ 464.723865][ T31] usb 2-1: config 1 interface 4 has no altsetting 0 [ 464.752537][ T31] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 464.752566][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.752592][ T31] usb 2-1: Product: syz [ 464.752605][ T31] usb 2-1: Manufacturer: syz [ 464.752619][ T31] usb 2-1: SerialNumber: syz [ 465.014097][ T31] aqc111 2-1:1.105: probe with driver aqc111 failed with error -22 [ 465.237467][ T31] usb 2-1: USB disconnect, device number 28 [ 466.650334][ T1218] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 466.802053][ T1218] usb 6-1: Using ep0 maxpacket: 8 [ 466.809029][ T1218] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 466.809057][ T1218] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.809075][ T1218] usb 6-1: Product: syz [ 466.809088][ T1218] usb 6-1: Manufacturer: syz [ 466.809102][ T1218] usb 6-1: SerialNumber: syz [ 466.859146][ T1218] usb 6-1: config 0 descriptor?? [ 467.106407][ T1218] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 467.527963][ T1218] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 467.559308][ T1218] usb 6-1: USB disconnect, device number 16 [ 468.944164][T15105] kernel read not supported for file /!selinuxwk1m9ɞ*T#jYmVvm(p-QZ#{ (pid: 15105 comm: syz.7.3809) [ 468.957826][ T37] kauditd_printk_skb: 310 callbacks suppressed [ 468.957843][ T37] audit: type=1800 audit(1759136917.891:723): pid=15105 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.7.3809" name=2173656C696E7578776B311FD06DC37F39C99E2A0D5493FDE291EFAA16236A978FBCDE590FCCC56D56CB15766D2870C92D515A23D27B84BF06 dev="mqueue" ino=46033 res=0 errno=0 [ 469.054900][T15107] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 469.253443][T15115] team0: No ports can be present during mode change [ 470.045005][ T31] hid_parser_main: 5 callbacks suppressed [ 470.045028][ T31] hid-generic 0000:0000:0000.001C: unknown main item tag 0x0 [ 470.061483][ T31] hid-generic 0000:0000:0000.001C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 470.148246][ T5932] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 470.303135][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.303167][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.303206][ T5932] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 470.303228][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.323295][ T5932] usb 2-1: config 0 descriptor?? [ 470.803237][ T5932] hid-thrustmaster 0003:044F:B65D.001D: unknown main item tag 0x0 [ 470.818707][ T5932] hid-thrustmaster 0003:044F:B65D.001D: hidraw1: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0 [ 470.819117][ T5932] hid-thrustmaster 0003:044F:B65D.001D: Wrong number of endpoints? [ 471.016902][ C1] hid-thrustmaster 0003:044F:B65D.001D: Unknown packet type 0x0, unable to proceed further with wheel init [ 471.219590][ T31] usb 2-1: USB disconnect, device number 29 [ 471.317008][T15176] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 471.325205][T15169] fido_id[15169]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 471.932080][T15195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3849'. [ 472.451944][ T5932] kernel write not supported for file /snd/seq (pid: 5932 comm: kworker/1:6) [ 472.986864][ T5222] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 473.136838][ T5222] usb 2-1: Using ep0 maxpacket: 16 [ 473.155647][ T5222] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 473.155676][ T5222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=222 [ 473.155695][ T5222] usb 2-1: SerialNumber: syz [ 473.190133][ T5222] usb 2-1: config 0 descriptor?? [ 473.209387][ T5222] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 473.211323][ T5222] usb 2-1: Detected FT232A [ 473.231637][ T5222] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 473.417557][ T5932] usb 2-1: USB disconnect, device number 30 [ 473.462895][ T5932] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 473.466081][ T5932] ftdi_sio 2-1:0.0: device disconnected [ 474.049877][T15253] team0: Device macvlan2 is already an upper device of the team interface [ 474.329238][T15256] netlink: 'syz.7.3879': attribute type 1 has an invalid length. [ 474.329260][T15256] netlink: 'syz.7.3879': attribute type 1 has an invalid length. [ 474.329273][T15256] netlink: 216 bytes leftover after parsing attributes in process `syz.7.3879'. [ 475.108118][T15275] hsr0: entered promiscuous mode [ 475.508124][T15287] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 475.510136][T15291] sock: sock_set_timeout: `syz.1.3892' (pid 15291) tries to set negative timeout [ 476.295168][ T49] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 476.450750][ T49] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 476.450778][ T49] usb 2-1: config 0 has no interface number 0 [ 476.473694][ T49] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 476.473723][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.473741][ T49] usb 2-1: Product: syz [ 476.473754][ T49] usb 2-1: Manufacturer: syz [ 476.473768][ T49] usb 2-1: SerialNumber: syz [ 476.519979][ T49] usb 2-1: config 0 descriptor?? [ 477.005355][ T49] usb 2-1: Firmware: major: 0, minor: 11, hardware type: UNKNOWN (170) [ 477.208798][ T49] usb 2-1: failed to fetch extended address, random address set [ 477.208827][ T49] usb 2-1: atusb_probe: initialization failed, error = -524 [ 477.209068][ T49] atusb 2-1:0.128: probe with driver atusb failed with error -524 [ 477.251338][ T49] usb 2-1: USB disconnect, device number 31 [ 477.402741][T15334] syzkaller1: tun_chr_ioctl cmd 1074025680 [ 479.253798][ T5222] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 479.353724][ T1218] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 479.403750][ T5222] usb 6-1: Using ep0 maxpacket: 8 [ 479.406266][ T5222] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 479.406296][ T5222] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 479.406321][ T5222] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 479.406342][ T5222] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 479.406381][ T5222] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 479.406403][ T5222] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.503572][ T1218] usb 3-1: Using ep0 maxpacket: 16 [ 479.510176][ T1218] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.510204][ T1218] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.510273][ T1218] usb 3-1: config 0 interface 0 has no altsetting 0 [ 479.510304][ T1218] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 479.510326][ T1218] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.537006][ T1218] usb 3-1: config 0 descriptor?? [ 479.633147][ T5222] usb 6-1: GET_CAPABILITIES returned 0 [ 479.633251][ T5222] usbtmc 6-1:16.0: can't read capabilities [ 479.841297][ T5222] usb 6-1: USB disconnect, device number 17 [ 479.853450][ T31] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 479.981947][ T1218] cougar 0003:060B:500A.001E: unexpected long global item [ 479.982411][ T1218] cougar 0003:060B:500A.001E: parse failed [ 479.982471][ T1218] cougar 0003:060B:500A.001E: probe with driver cougar failed with error -22 [ 480.011888][ T31] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 480.011917][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.044933][ T31] usb 2-1: config 0 descriptor?? [ 480.160852][ T5932] usb 3-1: USB disconnect, device number 24 [ 480.282664][ T31] udl 2-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 480.495130][ T31] [drm:udl_init] *ERROR* Selecting channel failed [ 480.587390][ T31] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 480.587415][ T31] [drm] Initialized udl on minor 2 [ 480.612371][ T31] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 480.634295][ T31] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 480.666682][ T31] usb 2-1: USB disconnect, device number 32 [ 480.669593][ T5932] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 480.670788][ T5932] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 480.869955][T15417] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3954'. [ 481.092800][ T5222] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 481.355115][ T5222] usb 3-1: Using ep0 maxpacket: 16 [ 481.364258][ T5222] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.364370][ T5222] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 481.364397][ T5222] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 481.364418][ T5222] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 481.364439][ T5222] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 481.376994][ T5222] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 481.377020][ T5222] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 481.377039][ T5222] usb 3-1: Manufacturer: syz [ 481.405540][ T5222] usb 3-1: config 0 descriptor?? [ 481.912460][ T5222] rc_core: IR keymap rc-hauppauge not found [ 481.912479][ T5222] Registered IR keymap rc-empty [ 481.912627][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 481.958054][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 481.978991][ T5222] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 481.996862][ T5222] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input31 [ 482.022449][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.043052][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.062410][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.082411][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.102469][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.122555][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.142370][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.162929][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.182336][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.202567][ T5222] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 482.244940][ T5222] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 482.244966][ T5222] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 482.288507][ T5222] usb 3-1: USB disconnect, device number 25 [ 482.462157][ T5932] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 482.615538][ T5932] usb 6-1: config 0 has an invalid interface number: 168 but max is 0 [ 482.615566][ T5932] usb 6-1: config 0 has no interface number 0 [ 482.615613][ T5932] usb 6-1: New USB device found, idVendor=05ab, idProduct=0060, bcdDevice=11.06 [ 482.615635][ T5932] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.681529][ T5932] usb 6-1: config 0 descriptor?? [ 482.885133][ T5848] Bluetooth: hci2: adv larger than maximum supported [ 482.885151][ T5848] Bluetooth: hci2: Malformed LE Event: 0x0d [ 482.889575][ T5932] usb 6-1: string descriptor 0 read error: -71 [ 482.899409][ T5932] usb-storage 6-1:0.168: USB Mass Storage device detected [ 482.958064][ T5932] usb-storage 6-1:0.168: Quirks match for vid 05ab pid 0060: 2 [ 483.089410][ T5932] usb 6-1: USB disconnect, device number 18 [ 483.492190][T15470] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3976'. [ 483.521688][ T992] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 483.712266][ T992] usb 3-1: Using ep0 maxpacket: 8 [ 483.725772][ T992] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 483.730524][ T992] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 483.730550][ T992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.730569][ T992] usb 3-1: Product: syz [ 483.730583][ T992] usb 3-1: Manufacturer: syz [ 483.730595][ T992] usb 3-1: SerialNumber: syz [ 483.749031][ T992] usb 3-1: config 0 descriptor?? [ 483.802331][ T992] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 483.802417][ T992] usb 3-1: setting power ON [ 483.802438][ T992] dvb-usb: bulk message failed: -22 (2/0) [ 483.827136][ T992] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 483.846197][ T992] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 483.846256][ T992] usb 3-1: media controller created [ 483.935734][ T992] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 483.992867][T15464] dvb-usb: bulk message failed: -22 (3/0) [ 483.992893][T15464] dvb-usb: bulk message failed: -22 (4/0) [ 483.992907][T15464] cxusb: i2c read failed [ 483.993270][T15464] dvb-usb: bulk message failed: -22 (3/0) [ 483.999702][ T992] usb 3-1: selecting invalid altsetting 6 [ 483.999724][ T992] usb 3-1: digital interface selection failed (-22) [ 483.999738][ T992] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 484.000826][ T992] usb 3-1: setting power OFF [ 484.000845][ T992] dvb-usb: bulk message failed: -22 (2/0) [ 484.000861][ T992] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 484.000874][ T992] (NULL device *): no alternate interface [ 484.193256][ T992] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 484.276622][ T992] usb 3-1: USB disconnect, device number 26 [ 484.416146][T15482] bridge0: Device is already in use. [ 484.761746][ T992] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 484.933279][ T992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.933313][ T992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.933358][ T992] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 484.933492][ T992] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.943391][ T992] usb 6-1: config 0 descriptor?? [ 485.392030][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392068][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392095][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392122][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392149][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392174][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.392200][ T992] pyra 0003:1E7D:2CF6.001F: unknown main item tag 0x0 [ 485.454669][ T992] pyra 0003:1E7D:2CF6.001F: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.5-1/input0 [ 485.784604][ T992] pyra 0003:1E7D:2CF6.001F: couldn't init struct pyra_device [ 485.784658][ T992] pyra 0003:1E7D:2CF6.001F: couldn't install mouse [ 485.812259][ T992] pyra 0003:1E7D:2CF6.001F: probe with driver pyra failed with error -71 [ 485.851961][ T992] usb 6-1: USB disconnect, device number 19 [ 486.483465][T15522] netlink: 'syz.5.3998': attribute type 5 has an invalid length. [ 486.773884][T15534] overlay: filesystem on ./bus not supported [ 486.970675][ T49] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 487.119744][ T49] usb 3-1: Using ep0 maxpacket: 16 [ 487.122632][ T49] usb 3-1: unable to get BOS descriptor or descriptor too short [ 487.124179][ T49] usb 3-1: config 9 has an invalid interface number: 48 but max is 0 [ 487.124202][ T49] usb 3-1: config 9 has no interface number 0 [ 487.124233][ T49] usb 3-1: config 9 interface 48 has no altsetting 0 [ 487.128123][ T49] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=f3.7b [ 487.128148][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.128175][ T49] usb 3-1: Product: syz [ 487.128188][ T49] usb 3-1: Manufacturer: syz [ 487.128202][ T49] usb 3-1: SerialNumber: syz [ 487.417030][ T49] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 487.876749][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4013'. [ 488.028924][ T49] gspca_vc032x: reg_r err -71 [ 488.028941][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028951][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028960][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028968][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028976][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028984][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028991][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.028999][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029007][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029014][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029022][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029029][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029037][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029045][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029054][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029061][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029070][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029078][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029086][ T49] gspca_vc032x: I2c Bus Busy Wait 00 [ 488.029094][ T49] gspca_vc032x: Unknown sensor... [ 488.029529][ T49] vc032x 3-1:9.48: probe with driver vc032x failed with error -22 [ 488.072556][ T49] usb 3-1: USB disconnect, device number 27 [ 488.269262][ T37] audit: type=1400 audit(1759136937.220:724): lsm=SMACK fn=smack_inode_setattr action=denied subject="y" object="_" requested=w pid=15558 comm="syz.5.4015" name="608" dev="tmpfs" ino=3096 [ 488.878924][ T49] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 489.029166][ T49] usb 6-1: Using ep0 maxpacket: 16 [ 489.031766][ T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 489.031812][ T49] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 489.031833][ T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.044483][ T49] usb 6-1: config 0 descriptor?? [ 489.553687][ T49] mcp2221 0003:04D8:00DD.0020: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 489.802762][T15583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4027'. [ 490.000956][ T49] usb 6-1: USB disconnect, device number 20 [ 492.258129][T15638] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4051'. [ 492.557131][ T49] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 492.728293][ T49] usb 2-1: Using ep0 maxpacket: 32 [ 492.731344][ T49] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 492.731368][ T49] usb 2-1: config 0 has no interface number 0 [ 492.759508][ T49] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 492.759536][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.759556][ T49] usb 2-1: Product: syz [ 492.759570][ T49] usb 2-1: Manufacturer: syz [ 492.759584][ T49] usb 2-1: SerialNumber: syz [ 492.801515][ T49] usb 2-1: config 0 descriptor?? [ 492.855538][T15650] netlink: 'syz.2.4055': attribute type 13 has an invalid length. [ 492.855589][T15650] macvtap0: entered promiscuous mode [ 492.863874][ T49] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 492.908175][T15650] macvtap0: refused to change device tx_queue_len [ 493.061790][ T49] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 493.208647][ T49] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 493.452758][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 493.454673][ T1218] usb 2-1: USB disconnect, device number 33 [ 493.482937][ T1218] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 493.509555][ T1218] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 493.510512][ T1218] quatech2 2-1:0.51: device disconnected [ 493.536622][ T992] IPVS: starting estimator thread 0... [ 493.626596][T15662] IPVS: using max 8 ests per chain, 19200 per kthread [ 494.165779][T15682] sctp: [Deprecated]: syz.6.4070 (pid 15682) Use of struct sctp_assoc_value in delayed_ack socket option. [ 494.165779][T15682] Use struct sctp_sack_info instead [ 496.030448][T15734] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4091'. [ 496.277063][ T37] audit: type=1326 audit(1759136945.244:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15739 comm="syz.2.4094" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3a4995eec9 code=0x0 [ 496.667999][T15762] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4104'. [ 497.375261][T15790] netlink: 'syz.5.4118': attribute type 3 has an invalid length. [ 497.734714][ T31] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 497.902032][ T31] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 497.902058][ T31] usb 3-1: config 0 has no interfaces? [ 497.902088][ T31] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 497.902111][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.916634][ T31] usb 3-1: config 0 descriptor?? [ 498.132267][ T31] usb 3-1: USB disconnect, device number 28 [ 499.996744][T15873] sctp: [Deprecated]: syz.2.4155 (pid 15873) Use of int in maxseg socket option. [ 499.996744][T15873] Use struct sctp_assoc_value instead [ 500.540937][ T37] audit: type=1326 audit(1759136949.496:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15890 comm="syz.1.4163" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f72d80feec9 code=0x0 [ 501.104275][T15906] netlink: 780 bytes leftover after parsing attributes in process `syz.2.4169'. [ 501.403585][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.442721][ T5222] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 501.594927][ T5222] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30 [ 501.594990][ T5222] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 501.595013][ T5222] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196 [ 501.595054][ T5222] usb 6-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 501.595076][ T5222] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.655625][ T5222] usb 6-1: config 0 descriptor?? [ 502.089358][ T5222] holtek_kbd 0003:04D9:A055.0021: bogus close delimiter [ 502.089379][ T5222] holtek_kbd 0003:04D9:A055.0021: item 0 4 2 10 parsing failed [ 502.090233][ T5222] holtek_kbd 0003:04D9:A055.0021: probe with driver holtek_kbd failed with error -22 [ 502.273716][ T5222] usb 6-1: USB disconnect, device number 21 [ 502.794505][T15949] macvlan0: entered promiscuous mode [ 502.805205][T15949] netlink: 'syz.2.4188': attribute type 2 has an invalid length. [ 502.952570][T15950] block nbd2: shutting down sockets [ 503.784244][ T5222] kernel write not supported for file /binder/transactions (pid: 5222 comm: kworker/0:3) [ 504.483638][T16004] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 505.119799][T16027] 9pnet_fd: Insufficient options for proto=fd [ 506.132339][T16066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4244'. [ 506.357101][T16071] program syz.2.4245 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 506.794049][ T5206] udevd[5206]: worker [14337] terminated by signal 33 (Unknown signal 33) [ 506.794101][ T5206] udevd[5206]: worker [14337] failed while handling '/devices/virtual/block/loop2' [ 509.101652][T16146] netlink: 136 bytes leftover after parsing attributes in process `syz.5.4280'. [ 509.101678][T16146] A link change request failed with some changes committed already. Interface wlan1 may have been left with an inconsistent configuration, please check. [ 509.789103][T16177] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4294'. [ 510.679430][T16209] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4308'. [ 511.269073][T16232] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4320'. [ 511.349157][T16235] sctp: [Deprecated]: syz.1.4322 (pid 16235) Use of struct sctp_assoc_value in delayed_ack socket option. [ 511.349157][T16235] Use struct sctp_sack_info instead [ 511.508015][T16239] block nbd7: not configured, cannot reconfigure [ 511.678088][T16247] netlink: 344 bytes leftover after parsing attributes in process `syz.1.4328'. [ 511.709134][ T5222] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 511.857391][ T5222] usb 3-1: Using ep0 maxpacket: 8 [ 511.859686][ T5222] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 511.863171][ T5222] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 511.863199][ T5222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.863218][ T5222] usb 3-1: Product: syz [ 511.863232][ T5222] usb 3-1: Manufacturer: syz [ 511.863247][ T5222] usb 3-1: SerialNumber: syz [ 511.920995][ T5222] usb 3-1: config 0 descriptor?? [ 511.946670][ T5222] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 511.946739][ T5222] usb 3-1: setting power ON [ 511.946758][ T5222] dvb-usb: bulk message failed: -22 (2/0) [ 511.988861][ T5222] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 511.989744][ T5222] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 511.989800][ T5222] usb 3-1: media controller created [ 512.053880][ T5222] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 512.099498][ T5222] usb 3-1: selecting invalid altsetting 6 [ 512.099521][ T5222] usb 3-1: digital interface selection failed (-22) [ 512.099536][ T5222] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 512.100362][ T5222] usb 3-1: setting power OFF [ 512.100382][ T5222] dvb-usb: bulk message failed: -22 (2/0) [ 512.100397][ T5222] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 512.100409][ T5222] (NULL device *): no alternate interface [ 512.244043][ T5222] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 512.271348][ T5222] usb 3-1: USB disconnect, device number 29 [ 512.806236][T16273] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 513.134124][T16285] bridge0: entered promiscuous mode [ 513.426935][T16299] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.4350'. [ 517.237383][T16381] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 517.253631][T16381] netdevsim netdevsim1 netdevsim0: left promiscuous mode [ 517.648571][T16388] input: syz1 as /devices/virtual/input/input33 [ 518.024374][ T5222] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 518.179634][ T5222] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 518.179664][ T5222] usb 3-1: config 0 has no interface number 0 [ 518.183451][ T5222] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 518.183480][ T5222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.183500][ T5222] usb 3-1: Product: syz [ 518.183519][ T5222] usb 3-1: Manufacturer: syz [ 518.183533][ T5222] usb 3-1: SerialNumber: syz [ 518.216313][ T5222] usb 3-1: config 0 descriptor?? [ 518.653212][ T5222] usb 3-1: Firmware: major: 225, minor: 107, hardware type: RZUSB (3) [ 518.868588][ T5222] usb 3-1: failed to fetch extended address, random address set [ 518.991176][ T5222] usb 3-1: USB disconnect, device number 30 [ 519.815378][ T5844] usb 6-1: new full-speed USB device number 22 using dummy_hcd [ 519.986140][ T5844] usb 6-1: config 5 has an invalid interface number: 3 but max is 0 [ 519.986167][ T5844] usb 6-1: config 5 has no interface number 0 [ 519.989276][ T5844] usb 6-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 519.989303][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.989322][ T5844] usb 6-1: Product: syz [ 519.989336][ T5844] usb 6-1: Manufacturer: syz [ 519.989350][ T5844] usb 6-1: SerialNumber: syz [ 520.029584][ T5844] ftdi_sio 6-1:5.3: FTDI USB Serial Device converter detected [ 520.036231][ T5844] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 520.400465][ T5932] usb 6-1: USB disconnect, device number 22 [ 520.402830][ T5932] ftdi_sio 6-1:5.3: device disconnected [ 520.769778][T16452] netem: invalid attributes len -3 [ 521.091133][T16468] program syz.2.4424 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 522.216091][T16484] block device autoloading is deprecated and will be removed. [ 523.100013][T16509] loop8: detected capacity change from 0 to 1 [ 523.111154][T16509] Dev loop8: unable to read RDB block 1 [ 523.111184][T16509] loop8: unable to read partition table [ 523.111325][T16509] loop8: partition table beyond EOD, truncated [ 523.111353][T16509] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 523.481632][ T5222] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 523.634352][ T5222] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 523.634379][ T5222] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 523.664494][ T5222] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 523.664523][ T5222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.664543][ T5222] usb 3-1: Product: syz [ 523.664556][ T5222] usb 3-1: Manufacturer: syz [ 523.664570][ T5222] usb 3-1: SerialNumber: syz [ 523.874494][ T5222] usb 3-1: 0:2 : does not exist [ 523.892830][ T5222] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 523.920412][ T5222] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 523.960771][ T5222] usb 3-1: USB disconnect, device number 31 [ 524.017058][T14386] udevd[14386]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 524.171897][T16528] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4452'. [ 524.251557][T16528] ip6gretap2: default qdisc (pfifo_fast) fail, fallback to noqueue [ 524.568635][ T37] audit: type=1326 audit(1759136973.538:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.570440][ T37] audit: type=1326 audit(1759136973.538:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.618368][ T37] audit: type=1326 audit(1759136973.588:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.618641][ T37] audit: type=1326 audit(1759136973.588:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.620499][ T37] audit: type=1326 audit(1759136973.588:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.620544][ T37] audit: type=1326 audit(1759136973.588:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=449 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 524.693961][ T37] audit: type=1326 audit(1759136973.658:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16539 comm="syz.2.4468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 525.736822][T16557] overlayfs: failed to clone upperpath [ 526.669675][T16588] input: syz0 as /devices/virtual/input/input34 [ 527.169878][ T5222] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 527.325157][T16582] syz.2.4477 (16582) used greatest stack depth: 16760 bytes left [ 527.344765][ T5222] usb 2-1: Using ep0 maxpacket: 16 [ 527.358314][ T5222] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.358361][ T5222] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 527.358384][ T5222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.411184][ T5222] usb 2-1: config 0 descriptor?? [ 527.876106][ T5222] mcp2221 0003:04D8:00DD.0022: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 528.309369][ T5932] usb 2-1: USB disconnect, device number 34 [ 529.393314][T16654] netlink: 'syz.5.4508': attribute type 14 has an invalid length. [ 529.650675][T16655] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 529.654121][T16655] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 530.962303][ T5848] Bluetooth: hci0: unexpected Set CIG Parameters response data [ 530.964882][ T5848] Bluetooth: hci0: unexpected event for opcode 0x2062 [ 531.726029][T16701] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4530'. [ 532.878533][T16730] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4542'. [ 534.139391][T16782] netlink: 'syz.5.4564': attribute type 1 has an invalid length. [ 534.139412][T16782] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4564'. [ 534.577154][ T992] kernel read not supported for file /dsp1 (pid: 992 comm: kworker/1:2) [ 534.596099][ T5942] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 534.766433][ T5942] usb 6-1: Using ep0 maxpacket: 16 [ 534.770963][ T5942] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.771021][ T5942] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 534.771048][ T5942] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 534.771070][ T5942] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 534.771092][ T5942] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 534.772747][ T5942] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 534.772773][ T5942] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 534.772793][ T5942] usb 6-1: Manufacturer: syz [ 534.868759][ T5942] usb 6-1: config 0 descriptor?? [ 534.975975][ T5848] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 534.976261][ T5848] Bluetooth: hci0: Injecting HCI hardware error event [ 534.980888][ T5848] Bluetooth: hci0: hardware error 0x00 [ 534.995878][ T5222] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 535.147366][ T5942] rc_core: IR keymap rc-hauppauge not found [ 535.147387][ T5942] Registered IR keymap rc-empty [ 535.147544][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.165756][ T5222] usb 2-1: Using ep0 maxpacket: 8 [ 535.171200][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.177507][T16812] netlink: 'syz.2.4577': attribute type 1 has an invalid length. [ 535.177536][T16812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4577'. [ 535.177653][T16812] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.211425][ T5942] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 535.211941][ T5222] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 535.211995][ T5222] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 535.212016][ T5222] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 535.212038][ T5222] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 535.212060][ T5222] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 535.212103][ T5222] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 535.212126][ T5222] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.302900][ T5942] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input35 [ 535.342155][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.365910][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.385062][T16815] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4578'. [ 535.386071][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.387171][T16815] netlink: 'syz.7.4578': attribute type 30 has an invalid length. [ 535.387190][T16815] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4578'. [ 535.407176][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.425784][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.455769][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.475664][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.495819][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.515634][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.535930][ T5942] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 535.553242][ T5222] usb 2-1: GET_CAPABILITIES returned 0 [ 535.553669][ T5222] usbtmc 2-1:16.0: can't read capabilities [ 535.580186][ T5942] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 535.580267][ T5942] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 535.613378][ T5942] usb 6-1: USB disconnect, device number 23 [ 535.642712][T16819] netlink: 'syz.7.4580': attribute type 11 has an invalid length. [ 535.808711][ T5222] usb 2-1: USB disconnect, device number 35 [ 536.323917][T16830] overlayfs: failed to clone upperpath [ 537.057198][ T5848] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 537.558335][ C0] vkms_vblank_simulate: vblank timer overrun [ 537.831402][T16869] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 538.333275][T16883] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4608'. [ 538.660718][T14286] af_packet: tpacket_rcv: packet too big, clamped from 66 to 4294967286. macoff=82 [ 538.674204][ T992] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 538.858508][ T992] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 538.858534][ T992] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 538.860728][ T992] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 538.860756][ T992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 538.860775][ T992] usb 3-1: SerialNumber: syz [ 539.100011][ T992] usb 3-1: 0:2 : does not exist [ 539.208834][ T992] usb 3-1: USB disconnect, device number 32 [ 539.406336][T14386] udevd[14386]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 539.468792][T16911] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4621'. [ 540.415731][T16917] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 540.594180][T16952] batman_adv: batadv0: Adding interface: gretap1 [ 540.594198][T16952] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 540.594231][T16952] batman_adv: batadv0: Interface activated: gretap1 [ 540.661091][T16954] netlink: 'syz.7.4642': attribute type 1 has an invalid length. [ 540.661115][T16954] netlink: 'syz.7.4642': attribute type 1 has an invalid length. [ 540.661127][T16954] netlink: 160 bytes leftover after parsing attributes in process `syz.7.4642'. [ 540.661143][T16954] netlink: 'syz.7.4642': attribute type 1 has an invalid length. [ 540.661155][T16954] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4642'. [ 540.772943][ T5222] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 540.937961][ T5222] usb 6-1: Using ep0 maxpacket: 16 [ 540.944280][ T5222] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 540.944307][ T5222] usb 6-1: config 0 has no interface number 0 [ 540.944357][ T5222] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 540.944609][ T5222] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 540.953803][ T5222] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 540.953830][ T5222] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 540.953849][ T5222] usb 6-1: Product: syz [ 540.953867][ T5222] usb 6-1: SerialNumber: syz [ 541.033432][ T5222] usb 6-1: config 0 descriptor?? [ 541.045286][ T5222] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 541.048581][ T5222] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input37 [ 541.259193][ C0] cm109 6-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 541.425719][ T37] audit: type=1326 audit(1759136996.406:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425772][ T37] audit: type=1326 audit(1759136996.406:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425813][ T37] audit: type=1326 audit(1759136996.406:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425852][ T37] audit: type=1326 audit(1759136996.406:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425892][ T37] audit: type=1326 audit(1759136996.406:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425931][ T37] audit: type=1326 audit(1759136996.406:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.425973][ T37] audit: type=1326 audit(1759136996.406:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.426013][ T37] audit: type=1326 audit(1759136996.406:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.426053][ T37] audit: type=1326 audit(1759136996.406:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.426100][ T37] audit: type=1326 audit(1759136996.406:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16965 comm="syz.7.4648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd12ea4af79 code=0x7ffc0000 [ 541.652157][ T31] usb 6-1: USB disconnect, device number 24 [ 541.845489][ T31] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 545.383927][T17040] libceph: resolve '0..' (ret=-3): failed [ 545.530764][ T5844] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 545.691062][ T5844] usb 2-1: Using ep0 maxpacket: 32 [ 545.715474][ T5844] usb 2-1: unable to get BOS descriptor or descriptor too short [ 545.719801][ T5844] usb 2-1: config 7 has an invalid interface number: 187 but max is 0 [ 545.719825][ T5844] usb 2-1: config 7 has no interface number 0 [ 545.719873][ T5844] usb 2-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0 [ 545.719894][ T5844] usb 2-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 0 [ 545.719917][ T5844] usb 2-1: config 7 interface 187 has no altsetting 0 [ 545.747218][ T5844] usb 2-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 545.747247][ T5844] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.747267][ T5844] usb 2-1: Product: syz [ 545.747280][ T5844] usb 2-1: Manufacturer: syz [ 545.747294][ T5844] usb 2-1: SerialNumber: syz [ 546.033958][ T5844] usb 2-1: Unknown endpoint type found, address 0x07 [ 546.033990][ T5844] usb 2-1: Not enough endpoints found in device, aborting! [ 546.119277][T17067] netlink: 'syz.6.4692': attribute type 2 has an invalid length. [ 546.119298][T17067] netlink: 51 bytes leftover after parsing attributes in process `syz.6.4692'. [ 546.136688][T17067] netlink: 'syz.6.4692': attribute type 2 has an invalid length. [ 546.136707][T17067] netlink: 51 bytes leftover after parsing attributes in process `syz.6.4692'. [ 546.187440][T17066] netlink: 3 bytes leftover after parsing attributes in process `syz.7.4693'. [ 546.320996][ T992] usb 2-1: USB disconnect, device number 36 [ 547.153362][ T37] kauditd_printk_skb: 231 callbacks suppressed [ 547.153380][ T37] audit: type=1326 audit(1759137002.128:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.153725][ T37] audit: type=1326 audit(1759137002.138:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.154069][ T37] audit: type=1326 audit(1759137002.138:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.156401][ T37] audit: type=1326 audit(1759137002.138:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.156674][ T37] audit: type=1326 audit(1759137002.138:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.158451][ T37] audit: type=1326 audit(1759137002.138:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.158790][ T37] audit: type=1326 audit(1759137002.138:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.260028][ T37] audit: type=1326 audit(1759137002.249:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 547.261658][ T37] audit: type=1326 audit(1759137002.249:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17098 comm="syz.7.4708" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12eaaeec9 code=0x7ffc0000 [ 548.638962][ T5844] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 548.831293][ T5844] usb 6-1: Using ep0 maxpacket: 8 [ 548.837087][ T5844] usb 6-1: unable to get BOS descriptor or descriptor too short [ 548.838629][ T5844] usb 6-1: config 7 has an invalid interface number: 192 but max is 0 [ 548.838654][ T5844] usb 6-1: config 7 has no interface number 0 [ 548.838686][ T5844] usb 6-1: config 7 interface 192 altsetting 4 has an invalid endpoint descriptor of length 2, skipping [ 548.838708][ T5844] usb 6-1: config 7 interface 192 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 548.839713][ T5844] usb 6-1: config 7 interface 192 has no altsetting 0 [ 548.889300][ T5844] usb 6-1: language id specifier not provided by device, defaulting to English [ 548.917921][ T5844] usb 6-1: New USB device found, idVendor=12d1, idProduct=bb98, bcdDevice=6f.57 [ 548.917949][ T5844] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.917970][ T5844] usb 6-1: Product: syz [ 548.917982][ T5844] usb 6-1: Manufacturer: ✱樱삉륌볏䖔ℕ攒 [ 548.917998][ T5844] usb 6-1: SerialNumber: syz [ 549.206201][ C0] raw-gadget.0 gadget.5: ignoring, device is not running [ 549.241399][ T5844] option 6-1:7.192: GSM modem (1-port) converter detected [ 549.269307][ T5844] usb 6-1: USB disconnect, device number 25 [ 549.271923][ T5844] option 6-1:7.192: device disconnected [ 549.898752][T17157] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4731'. [ 550.538378][T17184] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4746'. [ 550.851591][T17195] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4752'. [ 551.453024][T17219] netlink: 56 bytes leftover after parsing attributes in process `syz.7.4759'. [ 555.796419][T17302] netlink: 48 bytes leftover after parsing attributes in process `syz.6.4800'. [ 556.388479][T17309] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4803'. [ 557.011268][ T1152] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 557.012678][ T1152] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 557.416561][T17330] netlink: 'syz.5.4812': attribute type 7 has an invalid length. [ 557.416582][T17330] netlink: 'syz.5.4812': attribute type 8 has an invalid length. [ 557.416595][T17330] netlink: 'syz.5.4812': attribute type 4 has an invalid length. [ 557.416607][T17330] netlink: 212 bytes leftover after parsing attributes in process `syz.5.4812'. [ 557.626554][ T5857] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 557.653466][ T5857] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 557.662647][ T5857] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 557.692971][ T5857] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 557.697272][ T5857] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 557.737425][ T1152] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 557.737458][ T1152] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.227620][ T1152] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 558.227654][ T1152] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.698899][ T1152] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 558.698934][ T1152] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.060953][T17352] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4820'. [ 559.060976][T17352] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 559.237014][ T37] audit: type=1326 audit(1759137014.225:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.237065][ T37] audit: type=1326 audit(1759137014.225:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304601][ T37] audit: type=1326 audit(1759137014.285:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3a498faf79 code=0x7ffc0000 [ 559.304656][ T37] audit: type=1326 audit(1759137014.285:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3a498faf79 code=0x7ffc0000 [ 559.304698][ T37] audit: type=1326 audit(1759137014.285:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304739][ T37] audit: type=1326 audit(1759137014.285:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304779][ T37] audit: type=1326 audit(1759137014.285:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304818][ T37] audit: type=1326 audit(1759137014.285:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304860][ T37] audit: type=1326 audit(1759137014.285:992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.304901][ T37] audit: type=1326 audit(1759137014.295:993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17353 comm="syz.2.4821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a4995eec9 code=0x7ffc0000 [ 559.843927][ T5848] Bluetooth: hci3: command tx timeout [ 560.627175][ T1152] bridge_slave_1: left allmulticast mode [ 560.627209][ T1152] bridge_slave_1: left promiscuous mode [ 560.627631][ T1152] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.094661][ T1152] bridge_slave_0: left allmulticast mode [ 561.094694][ T1152] bridge_slave_0: left promiscuous mode [ 561.094968][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.922522][ T5848] Bluetooth: hci3: command tx timeout [ 562.811251][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.341062][T17414] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4846'. [ 563.453122][T17260] Set syz1 is full, maxelem 65536 reached [ 564.001294][ T5848] Bluetooth: hci3: command tx timeout [ 565.202100][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 565.261470][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 565.305243][ T1152] bond0 (unregistering): Released all slaves [ 566.080424][ T5848] Bluetooth: hci3: command tx timeout [ 566.293476][ T5932] kernel read not supported for file /dsp1 (pid: 5932 comm: kworker/1:6) [ 566.359175][T17435] [U]  [ 566.372388][T17333] chnl_net:caif_netlink_parms(): no params data found [ 568.127673][T17455] syz.7.4864 (17455) used greatest stack depth: 16696 bytes left [ 568.248168][T17460] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 568.809516][T17469] ./file0: Can't open blockdev [ 573.204347][T17483] netlink: 100 bytes leftover after parsing attributes in process `syz.5.4874'. [ 577.654919][ T5843] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 577.814491][ T5843] usb 3-1: Using ep0 maxpacket: 32 [ 577.818384][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.818414][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.818451][ T5843] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 577.818474][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.823877][ T5843] usb 3-1: config 0 descriptor?? [ 577.898643][ T5843] hub 3-1:0.0: USB hub found [ 578.049928][ T5843] hub 3-1:0.0: 1 port detected [ 578.507148][ T5843] usb 3-1: USB disconnect, device number 33 [ 578.887038][T17504] overlayfs: failed to clone upperpath [ 580.297392][ T37] kauditd_printk_skb: 27 callbacks suppressed [ 580.297409][ T37] audit: type=1326 audit(1759137035.305:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.300623][ T37] audit: type=1326 audit(1759137035.305:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.313313][ T37] audit: type=1326 audit(1759137035.315:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.425054][ T37] audit: type=1326 audit(1759137035.325:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.426499][ T37] audit: type=1326 audit(1759137035.435:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.451800][ T37] audit: type=1326 audit(1759137035.455:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.521467][ T37] audit: type=1326 audit(1759137035.525:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.551931][ T37] audit: type=1326 audit(1759137035.555:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.588015][ T37] audit: type=1326 audit(1759137035.595:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 580.590273][ T37] audit: type=1326 audit(1759137035.595:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17506 comm="syz.5.4884" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f403e81af79 code=0x7ffc0000 [ 597.736623][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 597.757979][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 597.759648][ T5857] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 597.780188][ T5857] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 597.783276][ T5857] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 599.514926][ T5848] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 599.538241][ T5848] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 599.540685][ T5848] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 599.541930][ T5848] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 599.542835][ T5848] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 599.904598][ T5857] Bluetooth: hci5: command tx timeout [ 601.271787][ T5848] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 601.308188][ T5848] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 601.309753][ T5848] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 601.310930][ T5848] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 601.311705][ T5848] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 601.744254][ T5848] Bluetooth: hci6: command tx timeout [ 601.984128][ T5848] Bluetooth: hci5: command tx timeout [ 602.068932][ T5857] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 602.096935][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 602.098434][ T5857] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 602.101701][ T5857] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 602.120766][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 603.421690][ T5848] Bluetooth: hci7: command tx timeout [ 603.821845][ T5848] Bluetooth: hci6: command tx timeout [ 604.061676][ T5848] Bluetooth: hci5: command tx timeout [ 604.301871][ T5848] Bluetooth: hci1: command tx timeout [ 605.501741][ T5848] Bluetooth: hci7: command tx timeout [ 605.900809][ T5848] Bluetooth: hci6: command tx timeout [ 606.140593][ T5848] Bluetooth: hci5: command tx timeout [ 606.380996][ T5848] Bluetooth: hci1: command tx timeout [ 607.580951][ T5848] Bluetooth: hci7: command tx timeout [ 607.979594][ T5848] Bluetooth: hci6: command tx timeout [ 608.459361][ T5848] Bluetooth: hci1: command tx timeout [ 609.658544][ T5848] Bluetooth: hci7: command tx timeout [ 610.538421][ T5848] Bluetooth: hci1: command tx timeout [ 617.597608][ T5857] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 617.610396][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 617.611930][ T5857] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 617.613235][ T5857] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 617.614100][ T5857] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 619.655765][ T5857] Bluetooth: hci4: command tx timeout [ 621.732958][ T5857] Bluetooth: hci4: command tx timeout [ 623.075055][ T1152] hsr_slave_0: left promiscuous mode [ 623.811817][ T5857] Bluetooth: hci4: command tx timeout [ 624.227205][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.890495][ T5857] Bluetooth: hci4: command tx timeout [ 626.642303][ T1152] hsr_slave_1: left promiscuous mode [ 626.710764][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 627.959408][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 627.959442][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 643.171315][ T1152] veth1_macvtap: left promiscuous mode [ 643.171438][ T1152] veth0_macvtap: left promiscuous mode [ 643.204054][ T1152] veth1_vlan: left promiscuous mode [ 643.204278][ T1152] veth0_vlan: left promiscuous mode [ 658.238718][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 658.242575][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 658.258775][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 658.271516][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 658.273638][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 658.663433][ T1152] pimreg (unregistering): left allmulticast mode [ 659.684756][ T5848] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 659.720967][ T5848] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 659.722542][ T5848] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 659.738476][ T5848] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 659.753220][ T5848] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 660.353225][ T5848] Bluetooth: hci2: command tx timeout [ 660.490445][ T5857] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 660.517184][ T5857] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 660.519263][ T5857] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 660.521569][ T5857] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 660.559281][ T5857] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 661.020948][ T5857] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 661.051973][ T5857] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 661.061188][ T5857] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 661.071580][ T5857] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 661.085954][ T5857] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 661.873175][ T5848] Bluetooth: hci8: command tx timeout [ 662.442372][ T5848] Bluetooth: hci2: command tx timeout [ 662.672126][ T5848] Bluetooth: hci9: command tx timeout [ 663.152133][ T5848] Bluetooth: hci10: command tx timeout [ 663.951858][ T5848] Bluetooth: hci8: command tx timeout [ 664.511538][ T5848] Bluetooth: hci2: command tx timeout [ 664.751359][ T5848] Bluetooth: hci9: command tx timeout [ 665.231113][ T5848] Bluetooth: hci10: command tx timeout [ 666.030657][ T5848] Bluetooth: hci8: command tx timeout [ 666.590135][ T5848] Bluetooth: hci2: command tx timeout [ 666.830221][ T5848] Bluetooth: hci9: command tx timeout [ 667.309845][ T5848] Bluetooth: hci10: command tx timeout [ 668.111427][ T5848] Bluetooth: hci8: command tx timeout [ 668.909031][ T5848] Bluetooth: hci9: command tx timeout [ 669.389359][ T5848] Bluetooth: hci10: command tx timeout [ 677.679630][ T5857] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 677.684152][ T5857] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 677.705422][ T5857] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 677.724888][ T5857] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 677.732337][ T5857] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 679.783914][ T5857] Bluetooth: hci11: command tx timeout [ 681.862531][ T5857] Bluetooth: hci11: command tx timeout [ 682.596164][ T5857] Bluetooth: hci3: command 0x0406 tx timeout [ 683.941547][ T5857] Bluetooth: hci11: command tx timeout [ 685.639434][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.020526][ T5857] Bluetooth: hci11: command tx timeout [ 718.180986][ T5857] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 718.202018][ T5857] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 718.215205][ T5857] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 718.216501][ T5857] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 718.217317][ T5857] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 719.811233][ T5857] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 719.831846][ T5857] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 719.846825][ T5857] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 719.848089][ T5857] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 719.848910][ T5857] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 720.243497][ T5848] Bluetooth: hci12: command tx timeout [ 720.809542][ T5857] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 720.832205][ T5857] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 720.848416][ T5857] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 720.849658][ T5857] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 720.875219][ T5857] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 721.214766][ T5857] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 721.242470][ T5857] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 721.251591][ T5857] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 721.260685][ T5857] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 721.279180][ T5857] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 721.958720][T17619] Bluetooth: hci13: command tx timeout [ 722.322430][T17619] Bluetooth: hci12: command tx timeout [ 722.962442][T17619] Bluetooth: hci14: command tx timeout [ 723.605701][T17618] Bluetooth: hci5: command 0x0406 tx timeout [ 723.605739][T17618] Bluetooth: hci6: command 0x0406 tx timeout [ 723.621772][T17619] Bluetooth: hci7: command 0x0406 tx timeout [ 723.682030][T17619] Bluetooth: hci15: command tx timeout [ 724.001574][T17619] Bluetooth: hci13: command tx timeout [ 724.401443][T17619] Bluetooth: hci12: command tx timeout [ 725.047437][T17619] Bluetooth: hci14: command tx timeout [ 725.760874][T17619] Bluetooth: hci15: command tx timeout [ 726.080737][T17619] Bluetooth: hci13: command tx timeout [ 726.480799][T17619] Bluetooth: hci12: command tx timeout [ 727.119837][T17619] Bluetooth: hci14: command tx timeout [ 727.839690][T17619] Bluetooth: hci15: command tx timeout [ 728.163814][T17619] Bluetooth: hci13: command tx timeout [ 728.639505][T17619] Bluetooth: hci1: command 0x0406 tx timeout [ 729.198879][T17619] Bluetooth: hci14: command tx timeout [ 729.918642][T17619] Bluetooth: hci15: command tx timeout [ 731.680529][ T38] INFO: task kworker/u8:6:93 blocked for more than 143 seconds. [ 731.680565][ T38] Not tainted syzkaller #0 [ 731.680575][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 731.680584][ T38] task:kworker/u8:6 state:D stack:12184 pid:93 tgid:93 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 731.680624][ T38] Workqueue: events_unbound linkwatch_event [ 731.680654][ T38] Call Trace: [ 731.680660][ T38] [ 731.680674][ T38] __schedule+0x16f3/0x4c20 [ 731.680715][ T38] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 731.680751][ T38] ? __pfx___schedule+0x10/0x10 [ 731.680807][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.680833][ T38] rt_mutex_schedule+0x77/0xf0 [ 731.680851][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 731.680873][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 731.680911][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 731.680935][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 731.680957][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 731.680989][ T38] ? linkwatch_event+0xe/0x60 [ 731.681014][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 731.681039][ T38] ? linkwatch_event+0xe/0x60 [ 731.681055][ T38] mutex_lock_nested+0x16a/0x1d0 [ 731.681074][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.681097][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 731.681120][ T38] linkwatch_event+0xe/0x60 [ 731.681137][ T38] process_scheduled_works+0xae1/0x17b0 [ 731.681188][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 731.681227][ T38] worker_thread+0x8a0/0xda0 [ 731.681279][ T38] kthread+0x711/0x8a0 [ 731.681307][ T38] ? __pfx_worker_thread+0x10/0x10 [ 731.681328][ T38] ? __pfx_kthread+0x10/0x10 [ 731.681358][ T38] ? __pfx_kthread+0x10/0x10 [ 731.681383][ T38] ret_from_fork+0x436/0x7d0 [ 731.681407][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 731.681435][ T38] ? __switch_to_asm+0x39/0x70 [ 731.681453][ T38] ? __switch_to_asm+0x33/0x70 [ 731.681469][ T38] ? __pfx_kthread+0x10/0x10 [ 731.681493][ T38] ret_from_fork_asm+0x1a/0x30 [ 731.681527][ T38] [ 731.681570][ T38] INFO: task kworker/u8:9:1488 blocked for more than 143 seconds. [ 731.681583][ T38] Not tainted syzkaller #0 [ 731.681593][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 731.681601][ T38] task:kworker/u8:9 state:D stack:18488 pid:1488 tgid:1488 ppid:2 task_flags:0x4208160 flags:0x00004000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 731.681642][ T38] Workqueue: ipv6_addrconf addrconf_verify_work [ 731.681663][ T38] Call Trace: [ 731.681669][ T38] [ 731.681681][ T38] __schedule+0x16f3/0x4c20 [ 731.681714][ T38] ? do_raw_spin_unlock+0x122/0x240 [ 731.681749][ T38] ? __pfx___schedule+0x10/0x10 [ 731.681822][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.681850][ T38] rt_mutex_schedule+0x77/0xf0 [ 731.681868][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 731.681889][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 731.681928][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 731.681951][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 731.681973][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 731.682004][ T38] ? addrconf_verify_work+0x19/0x30 [ 731.682031][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 731.682056][ T38] ? addrconf_verify_work+0x19/0x30 [ 731.682074][ T38] mutex_lock_nested+0x16a/0x1d0 [ 731.682094][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.682121][ T38] addrconf_verify_work+0x19/0x30 [ 731.682141][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 731.682160][ T38] process_scheduled_works+0xae1/0x17b0 [ 731.682211][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 731.682250][ T38] worker_thread+0x8a0/0xda0 [ 731.682275][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 731.682308][ T38] ? __kthread_parkme+0x7b/0x200 [ 731.682340][ T38] kthread+0x711/0x8a0 [ 731.682366][ T38] ? __pfx_worker_thread+0x10/0x10 [ 731.682387][ T38] ? __pfx_kthread+0x10/0x10 [ 731.682416][ T38] ? __pfx_kthread+0x10/0x10 [ 731.682441][ T38] ret_from_fork+0x436/0x7d[ 731.682441][ T38] ret_from_fork+0x436/0x7d0 [ 731.682466][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 731.682501][ T38] ? __switch_to_asm+0x39/0x70 [ 731.682517][ T38] ? __switch_to_asm+0x33/0x70 [ 731.682532][ T38] ? __pfx_kthread+0x10/0x10 [ 731.682556][ T38] ret_from_fork_asm+0x1a/0x30 [ 731.682590][ T38] [ 731.682684][ T38] INFO: task syz-executor:17333 blocked for more than 143 seconds. [ 731.682698][ T38] Not tainted syzkaller #0 [ 731.682707][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 731.682716][ T38] task:syz-executor state:D stack:22632 pid:17333 tgid:17333 ppid:1 task_flags:0x400140 flags:0x00004004 [ 731.682757][ T38] Call Trace: [ 731.682763][ T38] [ 731.682781][ T38] __schedule+0x16f3/0x4c20 [ 731.682825][ T38] ? __kernel_text_address+0xd/0x40 [ 731.682847][ T38] ? __pfx___schedule+0x10/0x10 [ 731.682890][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.682916][ T38] rt_mutex_schedule+0x77/0xf0 [ 731.682934][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 731.682956][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 731.682995][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 731.683019][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 731.683041][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 731.683072][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 731.683100][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 731.683125][ T38] ? bpf_lsm_capable+0x9/0x20 [ 731.683145][ T38] ? security_capable+0x7e/0x2e0 [ 731.683173][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 731.683194][ T38] mutex_lock_nested+0x16a/0x1d0 [ 731.683214][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 731.683240][ T38] rtnl_newlink+0x8db/0x1c70 [ 731.683270][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.683294][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 731.683324][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.683414][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.683461][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 731.683483][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 731.683505][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.683527][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 731.683549][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 731.683589][ T38] netlink_rcv_skb+0x205/0x470 [ 731.683610][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.683632][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 731.683655][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 731.683690][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 731.683721][ T38] netlink_unicast+0x843/0xa10 [ 731.683753][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 731.683792][ T38] ? netlink_sendmsg+0x642/0xb30 [ 731.683812][ T38] ? skb_put+0x11b/0x210 [ 731.683840][ T38] netlink_sendmsg+0x805/0xb30 [ 731.683878][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.683910][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 731.683928][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.683953][ T38] __sock_sendmsg+0x21c/0x270 [ 731.683979][ T38] __sys_sendto+0x3c7/0x520 [ 731.684009][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 731.684048][ T38] ? blkcg_maybe_throttle_current+0x1a8/0xbc0 [ 731.684087][ T38] ? rcu_is_watching+0x15/0xb0 [ 731.684113][ T38] __x64_sys_sendto+0xde/0x100 [ 731.684139][ T38] do_syscall_64+0xfa/0x3b0 [ 731.684158][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.684175][ T38] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 731.684199][ T38] ? clear_bhb_loop+0x60/0xb0 [ 731.684220][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.684245][ T38] RIP: 0033:0x7f3a199b0d5c [ 731.684265][ T38] RSP: 002b:00007ffefeae1b00 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 731.684284][ T38] RAX: ffffffffffffffda RBX: 00007f3a1a734620 RCX: 00007f3a199b0d5c [ 731.684298][ T38] RDX: 000000000000006c RSI: 00007f3a1a734670 RDI: 0000000000000003 [ 731.684311][ T38] RBP: 0000000000000000 R08: 00007ffefeae1b54 R09: 000000000000000c [ 731.684322][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 731.684333][ T38] R13: 0000000000000000 R14: 00007f3a1a734670 R15: 0000000000000000 [ 731.684362][ T38] [ 731.684373][ T38] INFO: task syz.6.4895:17537 blocked for more than 143 seconds. [ 731.684386][ T38] Not tainted syzkaller #0 [ 731.684395][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 731.684403][ T38] task:syz.6.4895 state:D stack:27272 pid:17537 tgid:17534 ppid:8435 task_flags:0x400140 flags:0x00004004 [ 731.684448][ T38] Call Trace: [ 731.684454][ T38] [ 731.684466][ T38] __schedule+0x16f3/0x4c20 [ 731.684509][ T38] ? __kernel_text_address+0xd/0x40 [ 731.684533][ T38] ? __pfx___schedule+0x10/0x10 [ 731.684574][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 731.684601][ T38] rt_mutex_schedule+0x77/0xf0 [ 731.684620][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 731.684641][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 731.684680][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 731.684704][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 731.684726][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 731.684745][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.684785][ T38] ? nl80211_pre_doit+0x5f/0x930 [ 731.684811][ T38] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 731.684837][ T38] ? nl80211_pre_doit+0x5f/0x930 [ 731.684854][ T38] mutex_lock_nested+0x16a/0x1d0 [ 731.684874][ T38] ? __nla_parse+0x40/0x60 [ 731.684897][ T38] nl80211_pre_doit+0x5f/0x930 [ 731.684916][ T38] ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0 [ 731.684943][ T38] genl_family_rcv_msg_doit+0x1be/0x300 [ 731.684971][ T38] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 731.685004][ T38] ? bpf_lsm_capable+0x9/0x20 [ 731.685023][ T38] ? security_capable+0x7e/0x2e0 [ 731.685053][ T38] genl_rcv_msg+0x60e/0x790 [ 731.685079][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 731.685096][ T38] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 731.685459][ T38] ? __pfx_nl80211_set_tx_bitrate_mask+0x10/0x10 [ 731.685485][ T38] ? __pfx_nl80211_post_doit+0x10/0x10 [ 731.685508][ T38] ? __lock_acquire+0xab9/0xd20 [ 731.685538][ T38] netlink_rcv_skb+0x205/0x470 [ 731.685562][ T38] ? __pfx_genl_rcv_msg+0x10/0x10 [ 731.685584][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 731.685622][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 731.685644][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 731.685669][ T38] genl_rcv+0x28/0x40 [ 731.685686][ T38] netlink_unicast+0x843/0xa10 [ 731.685718][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 731.685741][ T38] ? netlink_sendmsg+0x642/0xb30 [ 731.685762][ T38] ? skb_put+0x11b/0x210 [ 731.685799][ T38] netlink_sendmsg+0x805/0xb30 [ 731.685832][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.685865][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 731.685883][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.685906][ T38] __sock_sendmsg+0x21c/0x270 [ 731.685931][ T38] ____sys_sendmsg+0x508/0x820 [ 731.685957][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 731.685986][ T38] ? import_iovec+0x74/0xa0 [ 731.686011][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 731.686037][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 731.686093][ T38] ? __fget_files+0x2a/0x420 [ 731.686115][ T38] ? __fget_files+0x3a6/0x420 [ 731.686148][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 731.686170][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 731.686201][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 731.686227][ T38] ? do_syscall_64+0xbe/0x3b0 [ 731.686249][ T38] do_syscall_64+0xfa/0x3b0 [ 731.686265][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 731.686289][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.686314][ T38] ? clear_bhb_loop+0x60/0xb0 [ 731.686336][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.686353][ T38] RIP: 0033:0x7fc3a656eec9 [ 731.686368][ T38] RSP: 002b:00007fc3a47ad038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 731.686387][ T38] RAX: ffffffffffffffda RBX: 00007fc3a67c6090 RCX: 00007fc3a656eec9 [ 731.686401][ T38] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 731.686413][ T38] RBP: 00007fc3a65f1f91 R08: 0000000000000000 R09: 0000000000000000 [ 731.686425][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 731.686436][ T38] R13: 00007fc3a67c6128 R14: 00007fc3a67c6090 R15: 00007ffc01920668 [ 731.686468][ T38] [ 731.686495][ T38] [ 731.686495][ T38] Showing all locks held in the system: [ 731.686505][ T38] 6 locks held by rcuc/1/28: [ 731.686516][ T38] 2 locks held by ktimers/1/29: [ 731.686525][ T38] #0: ffffffff8d84a9a0 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 731.686571][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 731.686616][ T38] 1 lock held by khungtaskd/38: [ 731.686626][ T38] #0: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 731.686671][ T38] 3 locks held by kworker/u8:6/93: [ 731.686682][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 731.686727][ T38] #1: ffffc900030bfbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 731.686770][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 731.686827][ T38] 4 locks held by kworker/u8:7/1152: [ 731.686837][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 731.686881][ T38] #1: ffffc90004a7fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 731.686926][ T38] #2: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 731.686972][ T38] #3: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xdc/0x890 [ 731.687020][ T38] 3 locks held by kworker/u8:9/1488: [ 731.687030][ T38] #0: ffff88814d1b1938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 731.687075][ T38] #1: ffffc900055cfbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 731.687120][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 731.687177][ T38] 3 locks held by kworker/0:3/5222: [ 731.687188][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 731.687232][ T38] #1: ffffc900045ffbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 731.687276][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 732.107567][ T38] 2 locks held by getty/5595: [ 732.107579][ T38] #0: ffff88823bf320a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 732.107621][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 732.107666][ T38] 2 locks held by syz-executor/5825: [ 732.107678][ T38] 4 locks held by kworker/u9:8/5857: [ 732.107688][ T38] #0: ffff8880232f4938 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 732.107734][ T38] #1: ffffc90004eefbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 732.107779][ T38] #2: ffff88806fc80e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 732.107820][ T38] #3: ffff88806fc800a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 732.107869][ T38] 2 locks held by kworker/1:6/5932: [ 732.107883][ T38] 1 lock held by syz-executor/12838: [ 732.107893][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 732.107942][ T38] 5 locks held by kworker/u8:17/14264: [ 732.107954][ T38] 5 locks held by kworker/u8:35/14289: [ 732.107967][ T38] 2 locks held by kworker/u8:53/14308: [ 732.107979][ T38] 2 locks held by syz-executor/17333: [ 732.107989][ T38] #0: ffffffff8e43b960 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 732.108041][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 732.108094][ T38] 2 locks held by syz.6.4895/17537: [ 732.108104][ T38] #0: ffffffff8ed398c0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 732.108146][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930 [ 732.108189][ T38] 1 lock held by syz.7.4901/17555: [ 732.108200][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 732.108246][ T38] 1 lock held by syz.5.4902/17557: [ 732.108256][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 732.108303][ T38] 1 lock held by syz-executor/17562: [ 732.108313][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108356][ T38] 1 lock held by syz-executor/17567: [ 732.108366][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108408][ T38] 1 lock held by syz-executor/17571: [ 732.108418][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108461][ T38] 1 lock held by syz-executor/17573: [ 732.108471][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108512][ T38] 1 lock held by syz-executor/17577: [ 732.108522][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108564][ T38] 6 locks held by kworker/u9:0/17579: [ 732.108574][ T38] #0: ffff88805403f138 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 732.108619][ T38] #1: ffffc9000521fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 732.108664][ T38] #2: ffff88806ffece80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 732.108707][ T38] #3: ffff88806ffec0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 732.108753][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 732.108801][ T38] #5: ffff888054039b58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 732.108846][ T38] 1 lock held by syz-executor/17583: [ 732.108856][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108896][ T38] 1 lock held by syz-executor/17588: [ 732.108905][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108943][ T38] 1 lock held by syz-executor/17592: [ 732.108953][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.108994][ T38] 1 lock held by syz-executor/17594: [ 732.109004][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109054][ T38] 1 lock held by syz-executor/17597: [ 732.109063][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109105][ T38] 1 lock held by syz-executor/17603: [ 732.109116][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109158][ T38] 1 lock held by syz-executor/17609: [ 732.109169][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109212][ T38] 1 lock held by syz-executor/17613: [ 732.109221][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109264][ T38] 1 lock held by syz-executor/17615: [ 732.109274][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 732.109316][ T38] 5 locks held by kworker/u9:1/17617: [ 732.109327][ T38] #0: ffff88803d516938 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 732.109375][ T38] #1: ffffc90004d9fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 732.109420][ T38] #2: ffff88803572ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 732.109463][ T38] #3: ffff88803572c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 732.109509][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 732.109559][ T38] [ 732.109563][ T38] ============================================= [ 732.109563][ T38] [ 732.109583][ T38] NMI backtrace for cpu 0 [ 732.109604][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 732.109624][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 732.109635][ T38] Call Trace: [ 732.109643][ T38] [ 732.109651][ T38] dump_stack_lvl+0x189/0x250 [ 732.109679][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 732.109701][ T38] ? __pfx__printk+0x10/0x10 [ 732.109732][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 732.109757][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 732.109781][ T38] ? __pfx__printk+0x10/0x10 [ 732.109803][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 732.109826][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 732.109850][ T38] watchdog+0xf93/0xfe0 [ 732.109877][ T38] ? watchdog+0x1de/0xfe0 [ 732.109903][ T38] kthread+0x711/0x8a0 [ 732.109930][ T38] ? __pfx_watchdog+0x10/0x10 [ 732.109949][ T38] ? __pfx_kthread+0x10/0x10 [ 732.109977][ T38] ? __pfx_kthread+0x10/0x10 [ 732.110000][ T38] ret_from_fork+0x436/0x7d0 [ 732.110025][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 732.110058][ T38] ? __switch_to_asm+0x39/0x70 [ 732.110074][ T38] ? __switch_to_asm+0x33/0x70 [ 732.110089][ T38] ? __pfx_kthread+0x10/0x10 [ 732.110112][ T38] ret_from_fork_asm+0x1a/0x30 [ 732.110144][ T38] [ 732.110151][ T38] Sending NMI from CPU 0 to CPUs 1: [ 732.110174][ C1] NMI backtrace for cpu 1 [ 732.110188][ C1] CPU: 1 UID: 0 PID: 28 Comm: rcuc/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 732.110205][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 732.110214][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x4/0x80 [ 732.110233][ C1] Code: 00 00 00 48 8b 3d 34 c9 66 0b 48 89 de 5b e9 53 af 54 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <48> 8b 04 24 65 48 8b 0c 25 08 40 f6 91 65 8b 35 58 d4 37 10 81 e6 [ 732.110245][ C1] RSP: 0018:ffffc90000a2e3d8 EFLAGS: 00000a02 [ 732.110259][ C1] RAX: f301f204f1f1f1f1 RBX: ffffc90000a2ea40 RCX: 1ffff92000145c98 [ 732.110271][ C1] RDX: 0000000000000000 RSI: ffff888023e5fc00 RDI: ffff888038025100 [ 732.110282][ C1] RBP: ffffc90000a2e550 R08: ffffc90000a2e5d0 R09: 0000000000000003 [ 732.110293][ C1] R10: ffffc90000a2e5d0 R11: fffff52000145cbe R12: dffffc0000000000 [ 732.110304][ C1] R13: ffffc90000a2e5d0 R14: ffff888023e5fc00 R15: ffff888038025100 [ 732.110317][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 732.110330][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 732.110340][ C1] CR2: 00007f7f7b6edcc4 CR3: 000000003c0ba000 CR4: 00000000003526f0 [ 732.110355][ C1] Call Trace: [ 732.110361][ C1] [ 732.110367][ C1] fib6_table_lookup+0x96/0xa80 [ 732.110387][ C1] ? __lock_acquire+0xab9/0xd20 [ 732.110410][ C1] ? ip6_pol_route+0x162/0x1180 [ 732.110425][ C1] ? __pfx_fib6_table_lookup+0x10/0x10 [ 732.110444][ C1] ? ip6_pol_route+0x162/0x1180 [ 732.110459][ C1] ip6_pol_route+0x222/0x1180 [ 732.110476][ C1] ? __pfx_ip6_pol_route+0x10/0x10 [ 732.110496][ C1] ? fib_rules_lookup+0x96/0xe90 [ 732.110517][ C1] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 732.110532][ C1] fib6_rule_action+0x206/0x7d0 [ 732.110548][ C1] ? __pfx_fib6_rule_action+0x10/0x10 [ 732.110565][ C1] fib_rules_lookup+0x767/0xe90 [ 732.110588][ C1] ? fib_rules_lookup+0x96/0xe90 [ 732.110607][ C1] ? __pfx_fib_rules_lookup+0x10/0x10 [ 732.110625][ C1] ? l3mdev_update_flow+0x29/0x640 [ 732.110641][ C1] ? l3mdev_update_flow+0x4d1/0x640 [ 732.110658][ C1] fib6_rule_lookup+0x18e/0x6f0 [ 732.110675][ C1] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 732.110690][ C1] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 732.110708][ C1] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 732.110732][ C1] ip6_route_output_flags+0x364/0x5d0 [ 732.110748][ C1] ? ip6_route_output_flags+0x2e/0x5d0 [ 732.110769][ C1] __nf_ip6_route+0x42/0xd0 [ 732.110785][ C1] synproxy_send_tcp_ipv6+0x24a/0x680 [ 732.110814][ C1] ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10 [ 732.110833][ C1] ? rcu_is_watching+0x15/0xb0 [ 732.110857][ C1] ? __build_skb_around+0x257/0x3e0 [ 732.110878][ C1] ? synproxy_send_client_synack_ipv6+0x34f/0xca0 [ 732.110897][ C1] ? skb_put+0x11b/0x210 [ 732.110916][ C1] synproxy_send_client_synack_ipv6+0x80e/0xca0 [ 732.110943][ C1] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 732.110963][ C1] ? nft_synproxy_do_eval+0x4c4/0x570 [ 732.110980][ C1] ? synproxy_pernet+0x45/0x270 [ 732.110997][ C1] nft_synproxy_eval_v6+0x36e/0x560 [ 732.111016][ C1] ? __pfx_nft_synproxy_eval_v6+0x10/0x10 [ 732.111033][ C1] ? nf_ip_checksum+0x13c/0x510 [ 732.111050][ C1] nft_synproxy_do_eval+0x3d7/0x570 [ 732.111068][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 732.111092][ C1] nft_do_chain+0x40c/0x1920 [ 732.111108][ C1] ? nft_do_chain+0x169f/0x1920 [ 732.111124][ C1] ? validate_chain+0x897/0x2140 [ 732.111144][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 732.111158][ C1] ? ipv6_find_hdr+0xc78/0x1050 [ 732.111186][ C1] ? do_xdp_generic+0x115/0xdb0 [ 732.111208][ C1] nft_do_chain_inet+0x25d/0x340 [ 732.111223][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 732.111238][ C1] ? __lock_acquire+0xab9/0xd20 [ 732.111259][ C1] ? NF_HOOK+0x9a/0x3a0 [ 732.111277][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 732.111293][ C1] nf_hook_slow+0xc2/0x220 [ 732.111313][ C1] NF_HOOK+0x206/0x3a0 [ 732.111331][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 732.111352][ C1] ? NF_HOOK+0x9a/0x3a0 [ 732.111368][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 732.111387][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 732.111410][ C1] ip6_input+0x16a/0x270 [ 732.111426][ C1] ? ip6_input+0x23/0x270 [ 732.111444][ C1] NF_HOOK+0x309/0x3a0 [ 732.111461][ C1] ? skb_orphan+0xaf/0xd0 [ 732.111478][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 732.111496][ C1] ? NF_HOOK+0x9a/0x3a0 [ 732.111512][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 732.111531][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 732.111555][ C1] __netif_receive_skb+0xd3/0x380 [ 732.111571][ C1] ? rt_spin_unlock+0x65/0x80 [ 732.111590][ C1] ? process_backlog+0x27b/0x900 [ 732.111607][ C1] process_backlog+0x31e/0x900 [ 732.111630][ C1] __napi_poll+0xb3/0x540 [ 732.111648][ C1] net_rx_action+0x707/0xe00 [ 732.111665][ C1] ? arch_stack_walk+0x11c/0x150 [ 732.111686][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 732.111704][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 732.111724][ C1] ? kvm_sched_clock_read+0x11/0x20 [ 732.111747][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 732.111769][ C1] handle_softirqs+0x22c/0x710 [ 732.111790][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 732.111817][ C1] __local_bh_enable_ip+0x179/0x270 [ 732.111834][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 732.111855][ C1] ? rcu_cpu_kthread+0x23e/0x1b50 [ 732.111874][ C1] ? rcu_cpu_kthread+0x23e/0x1b50 [ 732.111891][ C1] rcu_cpu_kthread+0xc3d/0x1b50 [ 732.111913][ C1] ? rcu_cpu_kthread+0x23e/0x1b50 [ 732.111937][ C1] ? __pfx_rcu_cpu_kthread+0x10/0x10 [ 732.111956][ C1] ? __lock_acquire+0xab9/0xd20 [ 732.111974][ C1] ? __pfx___schedule+0x10/0x10 [ 732.111999][ C1] ? schedule+0x91/0x360 [ 732.112020][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 732.112037][ C1] smpboot_thread_fn+0x542/0xa60 [ 732.112054][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 732.112075][ C1] kthread+0x711/0x8a0 [ 732.112095][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 732.112111][ C1] ? __pfx_kthread+0x10/0x10 [ 732.112131][ C1] ? __pfx_kthread+0x10/0x10 [ 732.112151][ C1] ret_from_fork+0x436/0x7d0 [ 732.112169][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 732.112188][ C1] ? __switch_to_asm+0x39/0x70 [ 732.112201][ C1] ? __switch_to_asm+0x33/0x70 [ 732.112214][ C1] ? __pfx_kthread+0x10/0x10 [ 732.112233][ C1] ret_from_fork_asm+0x1a/0x30 [ 732.112254][ C1] [ 732.113177][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 732.113192][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 732.113212][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 732.113222][ T38] Call Trace: [ 732.113230][ T38] [ 732.113237][ T38] dump_stack_lvl+0x99/0x250 [ 732.113261][ T38] ? __asan_memcpy+0x40/0x70 [ 732.113281][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 732.113304][ T38] ? __pfx__printk+0x10/0x10 [ 732.113334][ T38] vpanic+0x281/0x750 [ 732.113360][ T38] ? __pfx_vpanic+0x10/0x10 [ 732.113380][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 732.113398][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 732.113432][ T38] panic+0xb9/0xc0 [ 732.113454][ T38] ? __pfx_panic+0x10/0x10 [ 732.113479][ T38] ? irq_work_queue+0xc3/0x140 [ 732.113504][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 732.113528][ T38] watchdog+0xfd2/0xfe0 [ 732.113554][ T38] ? watchdog+0x1de/0xfe0 [ 732.113581][ T38] kthread+0x711/0x8a0 [ 732.113607][ T38] ? __pfx_watchdog+0x10/0x10 [ 732.113626][ T38] ? __pfx_kthread+0x10/0x10 [ 732.113654][ T38] ? __pfx_kthread+0x10/0x10 [ 732.113678][ T38] ret_from_fork+0x436/0x7d0 [ 732.113702][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 732.113728][ T38] ? __switch_to_asm+0x39/0x70 [ 732.113744][ T38] ? __switch_to_asm+0x33/0x70 [ 732.113759][ T38] ? __pfx_kthread+0x10/0x10 [ 732.113783][ T38] ret_from_fork_asm+0x1a/0x30 [ 732.113814][ T38] [ 732.114079][ T38] Kernel Offset: disabled