last executing test programs: 4m49.231510098s ago: executing program 1 (id=205): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000040)={0x2}) close(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]}) close_range(r1, 0xffffffffffffffff, 0x200000000000000) 4m48.658069903s ago: executing program 1 (id=206): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000040c0), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f00000000c0)={0x40000000000000c1}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)=ANY=[]) 4m48.224774716s ago: executing program 1 (id=207): openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000000)=0x9, 0x4) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000000)) 4m47.441232496s ago: executing program 1 (id=213): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x100) 4m47.026831632s ago: executing program 1 (id=217): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = syz_io_uring_setup(0x3b, &(0x7f0000000040)={0x0, 0x2, 0x10100, 0x40000000, 0x2b5}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r2, r3, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r4, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1, 0x0, 0x26}, 0x0, 0x80002101}) io_uring_enter(r1, 0xd81, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4m46.136623358s ago: executing program 1 (id=223): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 4m45.336318453s ago: executing program 32 (id=223): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x54, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 52.688814538s ago: executing program 3 (id=1868): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) 52.555752631s ago: executing program 5 (id=1869): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000002400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010028bd7000ffdbdf2514000000080001"], 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 52.265093715s ago: executing program 3 (id=1871): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 52.154838665s ago: executing program 4 (id=1872): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth1_to_bond\x00', 0x0}) r3 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r0, r2, 0x25, 0x4}, 0x14) bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r3, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r3, 0x0, 0x0}, 0x10) 52.080260735s ago: executing program 0 (id=1873): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x1, 0x0, 0x0, 0x0, 0x32, 0x2, 0x9, 0x2}) 51.899008533s ago: executing program 5 (id=1874): ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000000)={{0x2, 0x4e23, @local}, {0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x78, {0x2, 0x4e22, @empty}, 'vlan0\x00'}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xf639, 0xc000, 0x2, 0x1b5}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16000000"], 0x50) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 51.877401034s ago: executing program 0 (id=1875): sendmsg$NL80211_CMD_SET_QOS_MAP(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000280)=ANY=[@ANYBLOB="01"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"]) 51.832680464s ago: executing program 3 (id=1876): socket(0xa, 0x3, 0x3a) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000f00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0xfffffffc, @loopback, 0xfffffffa}, 0x1c) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) 51.503939461s ago: executing program 4 (id=1877): r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000080)={0x5, "244689261a3365eb47c14247a53bf3b29282987c7cc12acb8ae6651cb5f9a3eada1a7777d2fbd3428a0df873e1d58af8bf70c00a9dc43edcdaa8e7db0700", {0x2, 0x1ff}}) ioctl$SNDRV_PCM_IOCTL_RESET(r2, 0x4141, 0x0) 51.405212345s ago: executing program 3 (id=1878): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x442, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x5, 0x0, 0xd000, 0x1000, &(0x7f0000feb000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x3, 0x1, 0xdddd1000, 0x1000, &(0x7f0000fe9000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 51.358095711s ago: executing program 5 (id=1879): r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35cf6c3", @ANYRESOCT]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'rose0\x00', 0x112}) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 51.254713701s ago: executing program 4 (id=1880): r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) r1 = socket(0x15, 0x5, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt(r1, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000000)=0x18ff9) 51.190901076s ago: executing program 0 (id=1882): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r4, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x66, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x3a, 0x0, @mcast2, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "90641a", 0x0, 0x3a, 0xfe, @remote, @remote}}}}}}}, 0x0) 51.016037093s ago: executing program 5 (id=1883): r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup3(r0, r3, 0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000000)={r4}) 51.005187466s ago: executing program 4 (id=1884): openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 50.883855618s ago: executing program 4 (id=1885): sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="120002"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x8001) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 50.867825814s ago: executing program 0 (id=1886): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18) unshare(0x2040400) r1 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r1, 0x0, 0x0) 50.780206322s ago: executing program 4 (id=1887): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) dup(r0) r1 = syz_io_uring_setup(0x44a2, &(0x7f0000001400)={0x0, 0xec25, 0x100, 0x1, 0xd4}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xa) 50.689206302s ago: executing program 0 (id=1888): r0 = socket$rxrpc(0x21, 0x2, 0xa) r1 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000080)=0x2, 0x4) connect$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) connect$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) 50.662310462s ago: executing program 5 (id=1889): r0 = socket$packet(0x11, 0x2, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0x1, 0x7, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2688634c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 50.592752831s ago: executing program 0 (id=1890): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) listen(0xffffffffffffffff, 0x8) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) 50.168144582s ago: executing program 3 (id=1892): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f00000021c0)=ANY=[@ANYBLOB="b70200001000b15cbfa300000000000007030000f8ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b2314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8dd63d4b77b206000000000000e254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3813e2c25a61ec45c3af9948f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c958559b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469600241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c12e28ef97d9ebd9c77f1774cf4683c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f011000000f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497a6103876843ee04ed9ff002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd1304202274f20675eb781925440578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b96508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e25c89b552d7fcd116bce9c764c714c9402c21d1aac59efb28d4f91652f6000000000000000320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a575939206d0c0f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000ff0ffd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8000000edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db76cf059f40fa2640b6bfb74dd35391b8fa18479da9f4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847db97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b252a37ff7e0d45728fc1a6ec566981bc8ccfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642c248aa813edaa626f0000000000000000000000000000000003ba34b611569a451564d3a5400f9097ffe7a37e765be352be71ee24250d6828562c7e24cb763062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89a0000bde05c114e7a020fc1a5fd3eeeb822008b2d7d1cc062b51b0aca4956b557e51a1385cc572b0074b0950fb1437de2590bf99ec7ceb69e1fe2465fce099c992d57b804a22e148ae3411523814aee03ee2df877edfabf4aa94f07c6fdd127e57a8bf7975f2e606c25a299980a6e52fcf7849d45bb38573fbba8afef1aa7a24c805f7aee3e39a3000000000000000000000000000000000000878f88c4742ac490951c36c610a0d266588ec6a0bd300cf160b5a5d9e9fafa49ecc8430832d795e727b7fc2b76e7fc4141fdbb82f45d3cdd3fb8d4b443ab4954fdf5c1b9a6ab3e457f098329307ccb0a1989b6c37509692e952e7244f48bc12569ff8eb30d0f887b85b5ef44fb9a7571319190be0c226ed72f346cc4aa071ae0c72fa8bd00d5590c4f4ba65d0c8e1f4870fe3c414681e41b40163eb1aa2a7429a2208cd6e69c7d959e87da3fd0101159a03ab7fe78881ee7a1ee7a2edff75fb18a181e0c54352be2b7a5b5273198291c28d9141deeb3cdba5d414ae4b0000000000000000000000000009eacd83458d8a606be71970497a4fd4ca3b48ca482ab3804e2fac216b3ba613608b1a465456a33fd08491d337d7344c01cfc9e73bf1bca1cbec7614c8c3c76411e61fef6a93da8914490b50bd837d068e9bf8f3348794a44115d163b5ff85629b0a3ad4023448140770de2e5f262b9a50afcc210b8d8ea24b6dd7d068b356f53afaf89acae30935ec92657e37bf0821cbe612ac2aa7baf4d21ab373ea4fea57d0d9ac418862e791df3d1d85bb780fbfa401e09e3745d70174dd9ab52cdcadfd3454916408810090a19fa1cf0df6aa714fbcffbb7d6c7f45237df3296867725fd2bdbcd2f7ab10fea0fe85ce1137e775e4c01a136aed7f1d0d192a95be64bab53144ff3efd87fcb6421483e6a1690408712913dfb10a88201340c96dfd745a84dc177dd7a598ec015daa56eb0924e01df353a9ad69d0a59e40203018c82e74f39f8c4cb8823f0bfdfe170549e305628625f50"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x0, 0xe, 0x0, &(0x7f0000000300)="14fd54ab72df97e6256c00000000", 0x0, 0xfeff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 42.380512188s ago: executing program 5 (id=1894): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000fc0)=""/4096, 0x1000}], 0x1}, 0x5}], 0x1, 0x123, 0x0) recvmmsg(r1, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x37}}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f00000004c0)=""/212, 0xdd}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}, {&(0x7f00000005c0)=""/24, 0xfffffe4b}, {&(0x7f0000000200)=""/21, 0x10}], 0x5}, 0x4}], 0x2, 0x0, 0x0) 42.080121561s ago: executing program 3 (id=1895): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x40000000}, 0x48) 29.866299742s ago: executing program 2 (id=1896): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r2, r3, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r0, 0x3b8b, &(0x7f0000000080)={0x10, 0x1, r4}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r0, 0x3b8b, &(0x7f0000000040)={0x10, 0x0, r4}) 24.236701053s ago: executing program 33 (id=1890): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) listen(0xffffffffffffffff, 0x8) r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) 23.108361084s ago: executing program 34 (id=1894): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r1, &(0x7f0000007cc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000fc0)=""/4096, 0x1000}], 0x1}, 0x5}], 0x1, 0x123, 0x0) recvmmsg(r1, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x37}}, {{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f00000004c0)=""/212, 0xdd}, {&(0x7f0000000840)=""/127, 0x7f}, {&(0x7f0000000600)=""/134, 0x86}, {&(0x7f00000005c0)=""/24, 0xfffffe4b}, {&(0x7f0000000200)=""/21, 0x10}], 0x5}, 0x4}], 0x2, 0x0, 0x0) 22.881080112s ago: executing program 35 (id=1895): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x40000000}, 0x48) 22.350637157s ago: executing program 36 (id=1887): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) dup(r0) r1 = syz_io_uring_setup(0x44a2, &(0x7f0000001400)={0x0, 0xec25, 0x100, 0x1, 0xd4}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0xa) 22.172796722s ago: executing program 2 (id=1901): r0 = fanotify_init(0x200, 0x0) r1 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1) r2 = dup(r1) fanotify_mark(r0, 0x1, 0x8001055, r2, 0x0) r3 = dup(r1) write$binfmt_elf64(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4606ff78a33e0200000000000002003e00cd000000c8030000000000004000000000000000f605430000000000000001000500380046"], 0x78) execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 21.558794173s ago: executing program 2 (id=1902): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000001e7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000) 20.978777906s ago: executing program 2 (id=1903): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x5239, 0x10100, 0xfffffffe, 0x2b0}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, &(0x7f000000b000)={0x77359400}, 0x0, 0x0) 19.05869323s ago: executing program 2 (id=1904): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r0, 0x0) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) r1 = getpid() r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40e00, 0x5a, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x1], 0x0, 0x0, 0x20000000000000b2, 0x1, r1}}, 0x40) 15.544187646s ago: executing program 2 (id=1905): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) 0s ago: executing program 37 (id=1905): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x0, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) kernel console output (not intermixed with test programs): kernel write not supported for file /cpu/0/msr (pid: 5893 comm: kworker/0:3) [ 126.742372][ T991] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 127.155028][ T991] usb 2-1: USB disconnect, device number 3 [ 127.879317][ T6182] netlink: 24 bytes leftover after parsing attributes in process `syz.1.74'. [ 128.048606][ T5897] udevd[5897]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 128.223617][ T5930] usbhid 4-1:0.0: can't add hid device: -71 [ 128.223764][ T5930] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 128.267944][ T5930] usb 4-1: USB disconnect, device number 3 [ 128.297030][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 128.968712][ T6182] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.970627][ T6182] bridge0: port 1(bridge_slave_0) entered disabled state [ 130.206783][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 130.236803][ T6213] netlink: 4 bytes leftover after parsing attributes in process `syz.4.86'. [ 130.290392][ T6182] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.106743][ T1160] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.106965][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.89'. [ 132.111728][ T1160] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.160772][ T6230] netlink: 4 bytes leftover after parsing attributes in process `syz.1.93'. [ 132.204898][ T1160] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.218787][ T6220] netlink: 4 bytes leftover after parsing attributes in process `syz.0.89'. [ 132.275265][ T6230] vxlan0: entered promiscuous mode [ 132.297313][ T1160] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.297345][ T1160] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.297652][ T6220] Zero length message leads to an empty skb [ 132.305475][ T1160] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305527][ T1160] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305565][ T1160] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305601][ T1160] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305639][ T1160] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305675][ T1160] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 132.305712][ T1160] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 133.166913][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.067721][ T5930] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 134.256333][ T5930] usb 3-1: Using ep0 maxpacket: 32 [ 134.284733][ T5930] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 134.284766][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.284785][ T5930] usb 3-1: Product: syz [ 134.284800][ T5930] usb 3-1: Manufacturer: syz [ 134.284814][ T5930] usb 3-1: SerialNumber: syz [ 134.338788][ T5930] usb 3-1: config 0 descriptor?? [ 134.671926][ T6281] netlink: 146780 bytes leftover after parsing attributes in process `syz.4.113'. [ 134.815796][ T5930] airspy 3-1:0.0: Board ID: 00 [ 134.815822][ T5930] airspy 3-1:0.0: Firmware version: [ 135.402502][ T6291] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.118'. [ 135.639710][ T5930] airspy 3-1:0.0: usb_control_msg() failed -71 request 0f [ 135.678039][ T5930] airspy 3-1:0.0: Registered as swradio24 [ 135.678063][ T5930] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 135.718716][ T5930] usb 3-1: USB disconnect, device number 2 [ 135.758842][ T5893] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 135.932133][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.932169][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.932193][ T5893] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 135.932246][ T5893] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 135.932269][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.975268][ T5893] usb 2-1: config 0 descriptor?? [ 136.547097][ T5893] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 136.965581][ T6316] input: syz1 as /devices/virtual/input/input7 [ 137.438512][ T6320] binder: 6319:6320 ioctl c0306201 200000000080 returned -14 [ 137.933294][ C1] plantronics 0003:047F:FFFF.0002: usb_submit_urb(ctrl) failed: -1 [ 138.096668][ T6330] input: syz1 as /devices/virtual/input/input8 [ 138.800168][ T5893] usb 2-1: USB disconnect, device number 4 [ 140.540136][ T6380] netlink: 'syz.2.152': attribute type 2 has an invalid length. [ 140.540161][ T6380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 140.546795][ T6380] netlink: 'syz.2.152': attribute type 2 has an invalid length. [ 140.546814][ T6380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.152'. [ 140.937504][ T6388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.156'. [ 141.818133][ T5910] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 141.976372][ T5910] usb 2-1: Using ep0 maxpacket: 32 [ 141.981736][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 141.981878][ T5910] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 141.982019][ T5910] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 141.982046][ T5910] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.994447][ T5910] usb 2-1: config 0 descriptor?? [ 142.007929][ T5932] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 142.013558][ T5910] hub 2-1:0.0: USB hub found [ 142.187976][ T5932] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 142.188006][ T5932] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.191761][ T5932] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 142.191792][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 142.191812][ T5932] usb 3-1: SerialNumber: syz [ 142.268163][ T5910] hub 2-1:0.0: 1 port detected [ 142.395544][ T5932] usb 3-1: 0:2 : does not exist [ 142.703066][ T5932] usb 3-1: USB disconnect, device number 3 [ 142.873447][ T10] hub 2-1:0.0: activate --> -90 [ 142.913678][ T5897] udevd[5897]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.279732][ T5917] usb 2-1: USB disconnect, device number 5 [ 143.506394][ T10] usb 2-1-port1: config error [ 143.849639][ T6421] netlink: 'syz.0.170': attribute type 1 has an invalid length. [ 143.925545][ T6422] loop3: detected capacity change from 0 to 1 [ 144.026336][ T5847] Dev loop3: unable to read RDB block 1 [ 144.026380][ T5847] loop3: unable to read partition table [ 144.026630][ T5847] loop3: partition table beyond EOD, truncated [ 144.068783][ T6421] 8021q: adding VLAN 0 to HW filter on device bond1 [ 144.095332][ T6422] Dev loop3: unable to read RDB block 1 [ 144.095389][ T6422] loop3: unable to read partition table [ 144.095669][ T6422] loop3: partition table beyond EOD, truncated [ 144.095703][ T6422] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 144.188356][ T6424] bond1: (slave ip6erspan0): making interface the new active one [ 144.191781][ T6424] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 144.509821][ T6434] ======================================================= [ 144.509821][ T6434] WARNING: The mand mount option has been deprecated and [ 144.509821][ T6434] and is ignored by this kernel. Remove the mand [ 144.509821][ T6434] option from the mount to silence this warning. [ 144.509821][ T6434] ======================================================= [ 144.657181][ T6437] warning: `syz.3.177' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 145.657988][ T6454] netlink: 4 bytes leftover after parsing attributes in process `syz.1.184'. [ 147.080581][ T5932] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 147.236963][ T5932] usb 5-1: Using ep0 maxpacket: 32 [ 147.239478][ T5932] usb 5-1: config 0 has an invalid interface number: 38 but max is 0 [ 147.239506][ T5932] usb 5-1: config 0 has no interface number 0 [ 147.239564][ T5932] usb 5-1: config 0 interface 38 has no altsetting 0 [ 147.243625][ T5932] usb 5-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=7f.b3 [ 147.243658][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.243676][ T5932] usb 5-1: Product: syz [ 147.243690][ T5932] usb 5-1: Manufacturer: syz [ 147.243703][ T5932] usb 5-1: SerialNumber: syz [ 147.311087][ T5932] usb 5-1: config 0 descriptor?? [ 147.362110][ T5932] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 148.184088][ T5932] input: gspca_pac7302 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input9 [ 148.417472][ T5917] usb 5-1: USB disconnect, device number 2 [ 149.076840][ T5930] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 149.236487][ T5930] usb 3-1: Using ep0 maxpacket: 16 [ 149.239837][ T5930] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 149.239864][ T5930] usb 3-1: config 0 has no interface number 0 [ 149.249942][ T5930] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 149.249970][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.249987][ T5930] usb 3-1: Product: syz [ 149.249999][ T5930] usb 3-1: Manufacturer: syz [ 149.250011][ T5930] usb 3-1: SerialNumber: syz [ 149.256399][ T5959] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 149.263149][ T5930] usb 3-1: config 0 descriptor?? [ 149.274415][ T5930] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 149.422653][ T5959] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 149.422684][ T5959] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 149.422703][ T5959] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 149.422786][ T5959] usb 4-1: config 220 has no interface number 2 [ 149.422876][ T5959] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 149.423002][ T5959] usb 4-1: config 220 interface 0 has no altsetting 0 [ 149.423021][ T5959] usb 4-1: config 220 interface 76 has no altsetting 0 [ 149.423039][ T5959] usb 4-1: config 220 interface 1 has no altsetting 0 [ 149.443879][ T5959] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 149.444217][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.444457][ T5959] usb 4-1: Product: syz [ 149.444471][ T5959] usb 4-1: Manufacturer: syz [ 149.444483][ T5959] usb 4-1: SerialNumber: syz [ 149.830913][ T5959] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 149.831024][ T5959] usb 4-1: No valid video chain found. [ 149.831108][ T5959] usb 4-1: selecting invalid altsetting 0 [ 149.965054][ T5959] usb 4-1: selecting invalid altsetting 0 [ 149.965083][ T5959] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 149.992541][ T5959] usb 4-1: USB disconnect, device number 4 [ 150.422658][ T6514] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.209'. [ 150.617218][ T5930] gspca_spca1528: reg_w err -71 [ 150.617336][ T5930] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 150.650763][ T5930] usb 3-1: USB disconnect, device number 4 [ 150.678129][ T37] audit: type=1326 audit(1758799811.922:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.678188][ T37] audit: type=1326 audit(1758799811.922:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.700508][ T37] audit: type=1326 audit(1758799811.942:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.700560][ T37] audit: type=1326 audit(1758799811.942:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.700601][ T37] audit: type=1326 audit(1758799811.942:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.700640][ T37] audit: type=1326 audit(1758799811.942:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.708749][ T37] audit: type=1326 audit(1758799811.962:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 150.708799][ T37] audit: type=1326 audit(1758799811.962:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6516 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x7ffc0000 [ 151.727788][ T6533] netlink: 48 bytes leftover after parsing attributes in process `syz.2.218'. [ 152.590972][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 152.975153][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 153.403593][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.346612][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 154.979140][ T5160] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 154.995689][ T5160] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 154.999190][ T5160] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 155.000823][ T5160] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 155.002770][ T5160] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 155.043880][ T6568] : entered promiscuous mode [ 156.878007][ T12] bridge_slave_1: left allmulticast mode [ 156.878208][ T12] bridge_slave_1: left promiscuous mode [ 156.882613][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.997838][ T12] bridge_slave_0: left allmulticast mode [ 156.997877][ T12] bridge_slave_0: left promiscuous mode [ 156.998298][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.156436][ T5160] Bluetooth: hci3: command tx timeout [ 157.958403][ T6612] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.249'. [ 158.056390][ T5910] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 158.216268][ T5910] usb 3-1: Using ep0 maxpacket: 32 [ 158.218766][ T5910] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 158.218795][ T5910] usb 3-1: config 0 has no interface number 0 [ 158.225392][ T5910] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 158.225423][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.225442][ T5910] usb 3-1: Product: syz [ 158.225456][ T5910] usb 3-1: Manufacturer: syz [ 158.225469][ T5910] usb 3-1: SerialNumber: syz [ 158.264013][ T5910] usb 3-1: config 0 descriptor?? [ 158.287233][ T5910] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 158.358065][ T6618] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 158.557882][ T5910] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 158.681509][ T5910] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 158.820176][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6 [ 159.033533][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 159.034864][ T44] usb 3-1: USB disconnect, device number 5 [ 159.090548][ T6623] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.131443][ T44] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 159.168510][ T44] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 159.172481][ T44] quatech2 3-1:0.51: device disconnected [ 159.236505][ T5160] Bluetooth: hci3: command tx timeout [ 159.737349][ T6639] Bluetooth: MGMT ver 1.23 [ 159.737389][ T6639] Bluetooth: hci0: invalid length 1, exp 2 for type 2 [ 160.228211][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.4.265'. [ 161.319903][ T5160] Bluetooth: hci3: command tx timeout [ 161.341749][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 161.448695][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 161.528094][ T12] bond0 (unregistering): Released all slaves [ 163.243793][ T6696] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 163.396313][ T5160] Bluetooth: hci3: command tx timeout [ 163.821532][ T6573] chnl_net:caif_netlink_parms(): no params data found [ 164.622982][ T12] hsr_slave_0: left promiscuous mode [ 164.715908][ T12] hsr_slave_1: left promiscuous mode [ 164.718575][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.798477][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 165.059489][ T37] audit: type=1326 audit(1758799826.312:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6734 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7fc00000 [ 165.333900][ T6742] netlink: 4 bytes leftover after parsing attributes in process `syz.2.295'. [ 165.775901][ T37] audit: type=1326 audit(1758799827.022:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6734 comm="syz.3.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1838f6eec9 code=0x7fc00000 [ 168.310603][ T6764] netlink: 12 bytes leftover after parsing attributes in process `syz.3.303'. [ 168.439846][ T12] team0 (unregistering): Port device team_slave_1 removed [ 168.761622][ T12] team0 (unregistering): Port device team_slave_0 removed [ 169.041181][ T6772] serio: Serial port pty26 [ 169.319969][ T37] audit: type=1326 audit(1758799830.562:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.366280][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 169.391216][ T37] audit: type=1326 audit(1758799830.572:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.391416][ T37] audit: type=1326 audit(1758799830.572:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.391600][ T37] audit: type=1326 audit(1758799830.572:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.391646][ T37] audit: type=1326 audit(1758799830.572:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.393874][ T37] audit: type=1326 audit(1758799830.572:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.394013][ T37] audit: type=1326 audit(1758799830.572:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.394059][ T37] audit: type=1326 audit(1758799830.572:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 169.546168][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 169.546349][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 169.546470][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 170.067673][ T37] kauditd_printk_skb: 370 callbacks suppressed [ 170.067693][ T37] audit: type=1326 audit(1758799831.322:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 170.068361][ T37] audit: type=1326 audit(1758799831.322:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 170.069116][ T37] audit: type=1326 audit(1758799831.322:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 170.070108][ T37] audit: type=1326 audit(1758799831.322:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 170.070827][ T37] audit: type=1326 audit(1758799831.322:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1838f0af79 code=0x7ffc0000 [ 170.197472][ T37] audit: type=1326 audit(1758799831.322:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 170.202094][ T37] audit: type=1326 audit(1758799831.452:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 170.202755][ T37] audit: type=1326 audit(1758799831.452:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 170.203285][ T37] audit: type=1326 audit(1758799831.452:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 170.203785][ T37] audit: type=1326 audit(1758799831.452:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6773 comm="syz.3.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 172.466369][ T5910] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 172.494268][ T6757] vlan2: entered promiscuous mode [ 172.494576][ T6757] vlan2: entered allmulticast mode [ 172.494590][ T6757] hsr_slave_1: entered allmulticast mode [ 172.619635][ T5910] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.625633][ T5910] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 172.625664][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.625683][ T5910] usb 4-1: Product: syz [ 172.625696][ T5910] usb 4-1: Manufacturer: syz [ 172.625710][ T5910] usb 4-1: SerialNumber: syz [ 172.906308][ T44] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 173.077068][ T44] usb 5-1: Using ep0 maxpacket: 32 [ 173.082306][ T44] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 173.082336][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.100724][ T44] usb 5-1: config 0 descriptor?? [ 173.131191][ T44] gspca_main: sunplus-2.14.0 probing 041e:400b [ 173.552535][ T6573] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.552892][ T6573] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.561154][ T6573] bridge_slave_0: entered allmulticast mode [ 173.590148][ T6573] bridge_slave_0: entered promiscuous mode [ 173.663842][ T6573] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.664140][ T6573] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.664480][ T6573] bridge_slave_1: entered allmulticast mode [ 173.695436][ T6573] bridge_slave_1: entered promiscuous mode [ 173.816775][ T5910] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 173.816800][ T5910] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 173.816818][ T5910] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 174.025977][ T5910] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 174.152286][ T44] gspca_sunplus: reg_w_riv err -71 [ 174.152385][ T44] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 174.163571][ T44] usb 5-1: USB disconnect, device number 3 [ 174.334403][ T5910] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 174.441032][ T5910] usb 4-1: USB disconnect, device number 5 [ 174.463554][ T5910] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 174.853093][ T6573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 175.011267][ T6573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 175.286380][ T5930] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 175.446268][ T5930] usb 5-1: Using ep0 maxpacket: 16 [ 175.456694][ T5930] usb 5-1: config 0 has no interfaces? [ 175.490063][ T5930] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 175.490096][ T5930] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.490117][ T5930] usb 5-1: Product: syz [ 175.490131][ T5930] usb 5-1: Manufacturer: syz [ 175.490146][ T5930] usb 5-1: SerialNumber: syz [ 175.555163][ T5930] usb 5-1: config 0 descriptor?? [ 175.680532][ T6840] netlink: 'syz.0.334': attribute type 9 has an invalid length. [ 175.680554][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.334'. [ 175.708542][ T6573] team0: Port device team_slave_0 added [ 175.711626][ T6840] netlink: 'syz.0.334': attribute type 9 has an invalid length. [ 175.711647][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.334'. [ 175.757624][ T6573] team0: Port device team_slave_1 added [ 175.853556][ T5930] usb 5-1: USB disconnect, device number 4 [ 176.027680][ T6850] 9pnet_fd: Insufficient options for proto=fd [ 176.310767][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.310784][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.310808][ T6573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.325374][ T6573] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.330092][ T6573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.330121][ T6573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 177.072207][ T6573] hsr_slave_0: entered promiscuous mode [ 177.081270][ T6573] hsr_slave_1: entered promiscuous mode [ 177.084731][ T6573] debugfs: 'hsr0' already exists in 'hsr' [ 177.084757][ T6573] Cannot create hsr debugfs directory [ 178.646868][ T6894] netlink: 8 bytes leftover after parsing attributes in process `syz.0.352'. [ 178.880067][ T5959] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 179.091717][ T5959] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.091746][ T5959] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 179.094068][ T5959] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 179.094098][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 179.094117][ T5959] usb 3-1: SerialNumber: syz [ 179.227701][ T6573] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 179.382608][ T5959] usb 3-1: 0:2 : does not exist [ 179.419057][ T5959] usb 3-1: USB disconnect, device number 6 [ 179.435254][ T6573] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 179.539444][ T6573] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 179.675176][ T6573] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 179.680471][ T5897] udevd[5897]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 180.512235][ T6573] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.750042][ T6573] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.808675][ T1135] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.808857][ T1135] bridge0: port 1(bridge_slave_0) entered forwarding state [ 180.865320][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.865570][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 180.966439][ T5959] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 181.124341][ T5959] usb 3-1: Using ep0 maxpacket: 32 [ 181.125285][ T6936] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 181.127396][ T5959] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 181.127421][ T5959] usb 3-1: config 0 has no interface number 0 [ 181.130674][ T5959] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 181.130700][ T5959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.130717][ T5959] usb 3-1: Product: syz [ 181.130730][ T5959] usb 3-1: Manufacturer: syz [ 181.130742][ T5959] usb 3-1: SerialNumber: syz [ 181.150400][ T5959] usb 3-1: config 0 descriptor?? [ 181.167226][ T5959] smsc95xx v2.0.0 [ 182.142410][ T6951] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 182.456327][ T5959] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 182.456361][ T5959] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 182.457015][ T5959] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 182.458841][ T5959] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 182.533521][ T5959] usb 3-1: USB disconnect, device number 7 [ 182.596442][ T6573] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 182.835698][ T6964] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 183.774304][ T37] kauditd_printk_skb: 132 callbacks suppressed [ 183.774324][ T37] audit: type=1326 audit(1758799845.012:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.774376][ T37] audit: type=1326 audit(1758799845.022:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.785801][ T37] audit: type=1326 audit(1758799845.022:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.785860][ T37] audit: type=1326 audit(1758799845.032:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.786969][ T37] audit: type=1326 audit(1758799845.032:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.787020][ T37] audit: type=1326 audit(1758799845.042:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.787066][ T37] audit: type=1326 audit(1758799845.042:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.798751][ T37] audit: type=1326 audit(1758799845.042:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.798800][ T37] audit: type=1326 audit(1758799845.042:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 183.798840][ T37] audit: type=1326 audit(1758799845.042:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6990 comm="syz.2.379" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x7ffc0000 [ 184.289384][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.2.381'. [ 184.295234][ T7001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 184.295268][ T7001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 184.382246][ T7001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 184.382281][ T7001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.802281][ T6573] veth0_vlan: entered promiscuous mode [ 184.971280][ T6573] veth1_vlan: entered promiscuous mode [ 185.168347][ T7013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.384'. [ 185.168371][ T7013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.384'. [ 185.357249][ T6573] veth0_macvtap: entered promiscuous mode [ 185.402701][ T6573] veth1_macvtap: entered promiscuous mode [ 185.587581][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.665064][ T6573] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.796685][ T2881] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.820286][ T2881] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.826848][ T2881] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.831674][ T2881] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 186.517313][ T2881] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.517337][ T2881] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.650325][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.650351][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.688829][ T7037] sctp: [Deprecated]: syz.3.393 (pid 7037) Use of int in maxseg socket option. [ 186.688829][ T7037] Use struct sctp_assoc_value instead [ 187.285279][ T5893] kernel read not supported for file /input/event2 (pid: 5893 comm: kworker/0:3) [ 187.913169][ T7068] syz.2.404 uses obsolete (PF_INET,SOCK_PACKET) [ 189.392286][ T7096] IPv4: Oversized IP packet from 127.202.26.0 [ 190.552398][ T7124] netlink: 'syz.3.427': attribute type 4 has an invalid length. [ 190.706419][ T7123] netlink: 'syz.3.427': attribute type 4 has an invalid length. [ 192.134926][ T7151] input: syz1 as /devices/virtual/input/input10 [ 193.094823][ T7170] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.607813][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.624633][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.452079][ C0] vkms_vblank_simulate: vblank timer overrun [ 198.866422][ T5917] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 198.998711][ T5932] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 199.024632][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.024687][ T5917] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 199.024711][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.102289][ T5917] usb 6-1: config 0 descriptor?? [ 199.180117][ T5932] usb 5-1: Using ep0 maxpacket: 8 [ 199.183367][ T5932] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 199.183398][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.256410][ T5932] usb 5-1: config 0 descriptor?? [ 199.581815][ T5932] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 199.928682][ T5917] usbhid 6-1:0.0: can't add hid device: -71 [ 199.929759][ T5917] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 199.977637][ T5917] usb 6-1: USB disconnect, device number 2 [ 200.599277][ T5932] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 200.599310][ T5932] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 200.599633][ T5932] asix 5-1:0.0: probe with driver asix failed with error -71 [ 200.672817][ T5932] usb 5-1: USB disconnect, device number 5 [ 201.146048][ T5160] Bluetooth: hci3: link tx timeout [ 201.148738][ T5160] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.150938][ T5843] Bluetooth: hci3: link tx timeout [ 201.150957][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.161919][ T5843] Bluetooth: hci3: link tx timeout [ 201.161941][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.173750][ T5843] Bluetooth: hci3: link tx timeout [ 201.173769][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.173908][ T5843] Bluetooth: hci3: link tx timeout [ 201.173918][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174037][ T5843] Bluetooth: hci3: link tx timeout [ 201.174047][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174165][ T5843] Bluetooth: hci3: link tx timeout [ 201.174174][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174293][ T5843] Bluetooth: hci3: link tx timeout [ 201.174303][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174421][ T5843] Bluetooth: hci3: link tx timeout [ 201.174431][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174548][ T5843] Bluetooth: hci3: link tx timeout [ 201.174558][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174686][ T5843] Bluetooth: hci3: link tx timeout [ 201.174696][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174815][ T5843] Bluetooth: hci3: link tx timeout [ 201.174825][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.174945][ T5843] Bluetooth: hci3: link tx timeout [ 201.174955][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175071][ T5843] Bluetooth: hci3: link tx timeout [ 201.175081][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175198][ T5843] Bluetooth: hci3: link tx timeout [ 201.175208][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175325][ T5843] Bluetooth: hci3: link tx timeout [ 201.175335][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175452][ T5843] Bluetooth: hci3: link tx timeout [ 201.175462][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175579][ T5843] Bluetooth: hci3: link tx timeout [ 201.175588][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.175716][ T5843] Bluetooth: hci3: link tx timeout [ 201.175726][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191198][ T5843] Bluetooth: hci3: link tx timeout [ 201.191218][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191350][ T5843] Bluetooth: hci3: link tx timeout [ 201.191361][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191481][ T5843] Bluetooth: hci3: link tx timeout [ 201.191491][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191609][ T5843] Bluetooth: hci3: link tx timeout [ 201.191619][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191755][ T5843] Bluetooth: hci3: link tx timeout [ 201.191765][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.191884][ T5843] Bluetooth: hci3: link tx timeout [ 201.191894][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.192012][ T5843] Bluetooth: hci3: link tx timeout [ 201.194306][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.194480][ T5843] Bluetooth: hci3: link tx timeout [ 201.194491][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.194614][ T5843] Bluetooth: hci3: link tx timeout [ 201.194632][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.194755][ T5843] Bluetooth: hci3: link tx timeout [ 201.194765][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.194882][ T5843] Bluetooth: hci3: link tx timeout [ 201.194892][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.195079][ T5843] Bluetooth: hci3: link tx timeout [ 201.195089][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.195217][ T5843] Bluetooth: hci3: link tx timeout [ 201.195227][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 201.195352][ T5843] Bluetooth: hci3: link tx timeout [ 201.195362][ T5843] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 203.156455][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 204.943212][ T7399] input: syz0 as /devices/virtual/input/input11 [ 205.084438][ T7403] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 205.429083][ T7406] input: syz1 as /devices/virtual/input/input12 [ 206.181260][ T5932] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 206.358790][ T5932] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 206.358913][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.358940][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.358962][ T5932] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 206.362701][ T5932] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 206.362733][ T5932] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 206.362754][ T5932] usb 5-1: Manufacturer: syz [ 206.387174][ T5932] usb 5-1: config 0 descriptor?? [ 206.835529][ T5932] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 206.958883][ T5932] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 207.028889][ T7445] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 207.569678][ T7459] capability: warning: `syz.3.536' uses 32-bit capabilities (legacy support in use) [ 208.032651][ T37] audit: type=1326 audit(1758799869.282:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7463 comm="syz.2.539" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc382bdeec9 code=0x0 [ 208.917214][ T7479] Driver unsupported XDP return value 0 on prog (id 72) dev N/A, expect packet loss! [ 208.984128][ T5932] usb 5-1: USB disconnect, device number 6 [ 209.142531][ T7484] bridge_slave_0: left allmulticast mode [ 209.142567][ T7484] bridge_slave_0: left promiscuous mode [ 209.142875][ T7484] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.343537][ T7484] bridge_slave_1: left allmulticast mode [ 209.343576][ T7484] bridge_slave_1: left promiscuous mode [ 209.343901][ T7484] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.370610][ T7490] netlink: 12 bytes leftover after parsing attributes in process `syz.2.547'. [ 209.512412][ T7484] bond0: (slave bond_slave_0): Releasing backup interface [ 209.690953][ T7484] bond0: (slave bond_slave_1): Releasing backup interface [ 209.959645][ T7484] team0: Port device team_slave_0 removed [ 210.067746][ T7484] team0: Port device team_slave_1 removed [ 210.068927][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.068957][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.140310][ T7484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.140345][ T7484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.864669][ T7522] netlink: 52 bytes leftover after parsing attributes in process `syz.3.559'. [ 210.946705][ T7523] netlink: 4 bytes leftover after parsing attributes in process `syz.3.559'. [ 211.251518][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.561'. [ 212.472834][ T7528] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 212.472859][ T7528] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (1) [ 212.795785][ T7562] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 212.811767][ T7558] netlink: 96 bytes leftover after parsing attributes in process `syz.3.577'. [ 213.515527][ T7580] loop8: detected capacity change from 0 to 7 [ 213.559570][ T7580] Dev loop8: unable to read RDB block 7 [ 213.559621][ T7580] loop8: unable to read partition table [ 213.559884][ T7580] loop8: partition table beyond EOD, truncated [ 213.559904][ T7580] loop_reread_partitions: partition scan of loop8 (被x ) failed (rc=-5) [ 213.696424][ T6113] Dev loop8: unable to read RDB block 7 [ 213.696471][ T6113] loop8: unable to read partition table [ 213.696775][ T6113] loop8: partition table beyond EOD, truncated [ 213.711244][ T7580] Dev loop8: unable to read RDB block 7 [ 213.711295][ T7580] loop8: unable to read partition table [ 213.711534][ T7580] loop8: partition table beyond EOD, truncated [ 213.711571][ T7580] loop_reread_partitions: partition scan of loop8 (被x ) failed (rc=-5) [ 214.666508][ T7603] netlink: 'syz.4.596': attribute type 1 has an invalid length. [ 214.892502][ T7603] 8021q: adding VLAN 0 to HW filter on device bond1 [ 215.024102][ T7606] bond1: (slave geneve2): making interface the new active one [ 215.048175][ T7606] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 216.613673][ T7635] use of bytesused == 0 is deprecated and will be removed in the future, [ 216.613689][ T7635] use the actual size instead. [ 217.163164][ T5851] Bluetooth: hci0: command 0x0406 tx timeout [ 217.165376][ T5851] Bluetooth: hci1: command 0x0406 tx timeout [ 217.165432][ T5851] Bluetooth: hci2: command 0x0406 tx timeout [ 217.411177][ T37] audit: type=1326 audit(1758799878.662:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.411234][ T37] audit: type=1326 audit(1758799878.662:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.470119][ T37] audit: type=1326 audit(1758799878.722:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.470178][ T37] audit: type=1326 audit(1758799878.722:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.470224][ T37] audit: type=1326 audit(1758799878.722:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.479260][ T37] audit: type=1326 audit(1758799878.732:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.482557][ T37] audit: type=1326 audit(1758799878.732:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.482606][ T37] audit: type=1326 audit(1758799878.732:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.482646][ T37] audit: type=1326 audit(1758799878.732:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 217.482685][ T37] audit: type=1326 audit(1758799878.732:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7651 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 219.871020][ T7698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.628'. [ 221.577113][ T7720] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 223.359089][ T7746] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 223.447057][ T7744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.647'. [ 223.485621][ T7743] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 225.348909][ T7770] 8021q: adding VLAN 0 to HW filter on device bond2 [ 225.618016][ T7774] 8021q: adding VLAN 0 to HW filter on device bond2 [ 225.624656][ T7774] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address [ 225.672997][ T7774] bond2: (slave vxcan3): Error -95 calling set_mac_address [ 228.106377][ T5959] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 228.256327][ T5959] usb 3-1: Using ep0 maxpacket: 8 [ 228.264300][ T5959] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.264373][ T5959] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 228.264396][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.318693][ T5959] usb 3-1: config 0 descriptor?? [ 228.386909][ T5959] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 229.208284][ T5959] gspca_vc032x: reg_w err -71 [ 229.208380][ T5959] vc032x 3-1:0.0: probe with driver vc032x failed with error -71 [ 229.236819][ T5959] usb 3-1: USB disconnect, device number 8 [ 232.446255][ T10] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 232.618885][ T10] usb 4-1: unable to get BOS descriptor or descriptor too short [ 232.619920][ T10] usb 4-1: not running at top speed; connect to a high speed hub [ 232.630612][ T10] usb 4-1: config 1 has an invalid interface descriptor of length 5, skipping [ 232.630639][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 232.630657][ T10] usb 4-1: config 1 has 3 interfaces, different from the descriptor's value: 19 [ 232.630750][ T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 59, changing to 4 [ 232.630794][ T10] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 232.677633][ T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 232.677668][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.677689][ T10] usb 4-1: Product: syz [ 232.677703][ T10] usb 4-1: Manufacturer: syz [ 232.677717][ T10] usb 4-1: SerialNumber: syz [ 233.016436][ T10] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 233.157031][ T5917] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 233.203572][ T10] usb 4-1: USB disconnect, device number 6 [ 233.349296][ T5917] usb 6-1: config 0 has no interfaces? [ 233.349340][ T5917] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 233.349363][ T5917] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.392458][ T5917] usb 6-1: config 0 descriptor?? [ 233.457392][ T5897] udevd[5897]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 234.046473][ T5910] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 234.196618][ T5910] usb 4-1: Using ep0 maxpacket: 16 [ 234.199531][ T5910] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 234.199556][ T5910] usb 4-1: config 0 has no interface number 0 [ 234.199612][ T5910] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 234.199638][ T5910] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 234.199677][ T5910] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 234.199701][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.270053][ T5910] usb 4-1: config 0 descriptor?? [ 234.332781][ T7875] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 234.497056][ T5932] usb 6-1: USB disconnect, device number 3 [ 234.887005][ T5910] uclogic 0003:28BD:0071.0004: pen parameters not found [ 234.887037][ T5910] uclogic 0003:28BD:0071.0004: interface is invalid, ignoring [ 234.946650][ T37] kauditd_printk_skb: 252 callbacks suppressed [ 234.946671][ T37] audit: type=1326 audit(1758799896.192:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7879 comm="syz.4.700" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f57a7b4eec9 code=0x0 [ 235.129852][ T5848] usb 4-1: USB disconnect, device number 7 [ 235.576146][ T5910] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 235.732107][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.732142][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.732165][ T5910] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 235.732211][ T5910] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 235.732234][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.792952][ T5910] usb 6-1: config 0 descriptor?? [ 236.004481][ T7894] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'. [ 236.125195][ T7894] bridge_slave_1: left allmulticast mode [ 236.125232][ T7894] bridge_slave_1: left promiscuous mode [ 236.125783][ T7894] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.274268][ T7894] bridge_slave_0: left allmulticast mode [ 236.274312][ T7894] bridge_slave_0: left promiscuous mode [ 236.312123][ T7894] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.398331][ T5910] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 236.921798][ T5910] usb 6-1: USB disconnect, device number 4 [ 237.176195][ T7913] 9pnet: p9_errstr2errno: server reported unknown error @pA;KZ44/@qkp [ 237.176195][ T7913] [ 238.431224][ T7923] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 238.431254][ T7923] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 238.713054][ T7923] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 238.713081][ T7923] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 238.968649][ T7923] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 238.968679][ T7923] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 239.129000][ T7923] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 239.129028][ T7923] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 242.856750][ T7923] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 242.856777][ T7923] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 245.476568][ T59] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 247.119452][ T8110] TCP: TCP_TX_DELAY enabled [ 249.989278][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.644931][ T8238] input: syz1 as /devices/virtual/input/input14 [ 256.057455][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.328721][ T8287] netlink: 12 bytes leftover after parsing attributes in process `syz.5.830'. [ 259.101199][ T8319] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 259.101245][ T8319] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 259.105586][ T8319] overlayfs: overlapping lowerdir path [ 259.606539][ T8327] netlink: 96 bytes leftover after parsing attributes in process `syz.4.848'. [ 259.984556][ T8334] pim6reg: entered allmulticast mode [ 260.004678][ T8333] veth0: entered promiscuous mode [ 260.030724][ T8334] pim6reg: left allmulticast mode [ 260.448720][ T8332] veth0: left promiscuous mode [ 260.796467][ T8350] netlink: 'syz.4.857': attribute type 1 has an invalid length. [ 260.796494][ T8350] netlink: 128 bytes leftover after parsing attributes in process `syz.4.857'. [ 260.796511][ T8350] netlink: 'syz.4.857': attribute type 2 has an invalid length. [ 260.796524][ T8350] netlink: 'syz.4.857': attribute type 1 has an invalid length. [ 263.258445][ T5910] IPVS: starting estimator thread 0... [ 263.278817][ T8399] netlink: 64 bytes leftover after parsing attributes in process `syz.5.876'. [ 263.347177][ T8398] IPVS: using max 6 ests per chain, 14400 per kthread [ 265.179328][ T37] audit: type=1804 audit(1758799926.402:806): pid=8436 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.2.895" name="bus" dev="ramfs" ino=20780 res=1 errno=0 [ 265.887786][ T8450] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 265.969725][ T8451] netlink: 16 bytes leftover after parsing attributes in process `syz.2.898'. [ 265.969748][ T8451] netlink: 64 bytes leftover after parsing attributes in process `syz.2.898'. [ 265.970301][ T8451] netlink: 16 bytes leftover after parsing attributes in process `syz.2.898'. [ 267.026313][ T5959] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 267.179456][ T5959] usb 3-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00 [ 267.179488][ T5959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.210168][ T5959] usb 3-1: config 0 descriptor?? [ 267.897097][ T44] usb 3-1: USB disconnect, device number 9 [ 269.006277][ T5893] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 269.168843][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.168897][ T5893] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 269.168921][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.178847][ T5893] usb 5-1: config 0 descriptor?? [ 269.589689][ T5893] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 269.589851][ T5893] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0 [ 269.609184][ T5893] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0007/input/input15 [ 269.663104][ T5893] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0 [ 269.792465][ T44] usb 5-1: USB disconnect, device number 7 [ 269.936333][ T5848] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 270.091562][ T5848] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 270.091632][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 270.091658][ T5848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 270.091685][ T5848] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 270.091743][ T5848] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 270.091766][ T5848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.167406][ T5848] usb 4-1: config 0 descriptor?? [ 270.171029][ T8529] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 270.614058][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614097][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614122][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614146][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614170][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614193][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614217][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.614240][ T5848] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 270.628700][ T8544] netlink: 104 bytes leftover after parsing attributes in process `syz.4.939'. [ 270.724058][ T5848] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 270.959066][ T10] usb 4-1: USB disconnect, device number 8 [ 271.831839][ T8578] syzkaller1: entered promiscuous mode [ 271.831870][ T8578] syzkaller1: entered allmulticast mode [ 272.026337][ T44] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 272.179395][ T44] usb 4-1: config 0 has no interfaces? [ 272.179439][ T44] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 272.179462][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.218506][ T44] usb 4-1: config 0 descriptor?? [ 272.511923][ T5893] usb 4-1: USB disconnect, device number 9 [ 273.185755][ T8598] trusted_key: syz.4.963 sent an empty control message without MSG_MORE. [ 274.206609][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 274.359630][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.359666][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.359689][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 274.359730][ T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 274.359752][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.375720][ T10] usb 6-1: config 0 descriptor?? [ 274.815473][ T10] hid_parser_main: 7 callbacks suppressed [ 274.815497][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815526][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815551][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815576][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815600][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815625][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815649][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815673][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815697][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.815721][ T10] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 274.848670][ T10] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 275.101089][ T5848] usb 6-1: USB disconnect, device number 5 [ 276.120203][ T8667] syz.5.992 (8667) used greatest stack depth: 16776 bytes left [ 276.493401][ T8677] block nbd3: NBD_DISCONNECT [ 276.520846][ T8677] block nbd3: Send disconnect failed -107 [ 276.522401][ T8674] block nbd3: Disconnected due to user request. [ 276.522422][ T8674] block nbd3: shutting down sockets [ 277.411947][ T8695] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1002'. [ 277.749541][ T8700] pim6reg1: entered promiscuous mode [ 277.749578][ T8700] pim6reg1: entered allmulticast mode [ 278.796395][ T44] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 278.948481][ T44] usb 6-1: Using ep0 maxpacket: 16 [ 278.954637][ T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 278.954672][ T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 278.954694][ T44] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 278.954738][ T44] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 278.954772][ T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.070984][ T44] usb 6-1: config 0 descriptor?? [ 279.645143][ T8709] syz.2.1007 (8709) used greatest stack depth: 16760 bytes left [ 279.752759][ T44] HID 045e:07da: Invalid code 65791 type 1 [ 279.767513][ T44] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.000A/input/input16 [ 279.802478][ T44] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 279.960903][ T5910] usb 6-1: USB disconnect, device number 6 [ 280.543296][ T8742] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1024'. [ 280.574642][ T8742] xfrm1: entered promiscuous mode [ 280.574674][ T8742] xfrm1: entered allmulticast mode [ 280.575311][ T8742] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1024'. [ 281.604058][ T8769] ip6gretap0: entered promiscuous mode [ 281.604405][ T8769] macsec1: entered allmulticast mode [ 281.604418][ T8769] ip6gretap0: entered allmulticast mode [ 281.677175][ T8769] ip6gretap0: left allmulticast mode [ 281.677403][ T8769] ip6gretap0: left promiscuous mode [ 282.033487][ T8782] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 283.375963][ T8811] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1054'. [ 283.664902][ T8825] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 283.697283][ T8830] sit0: entered allmulticast mode [ 284.462994][ T8849] overlayfs: failed to clone upperpath [ 284.476312][ T5959] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 284.630378][ T5959] usb 6-1: Using ep0 maxpacket: 32 [ 284.646273][ T5959] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 284.646304][ T5959] usb 6-1: config 0 has no interface number 0 [ 284.646359][ T5959] usb 6-1: config 0 interface 12 has no altsetting 0 [ 284.691077][ T5959] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 284.691109][ T5959] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.691130][ T5959] usb 6-1: Product: syz [ 284.691143][ T5959] usb 6-1: Manufacturer: syz [ 284.691157][ T5959] usb 6-1: SerialNumber: syz [ 284.748352][ T5959] usb 6-1: config 0 descriptor?? [ 286.016357][ T5959] f81534 6-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 286.016420][ T5959] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71 [ 286.016436][ T5959] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 286.016547][ T5959] f81534 6-1:0.12: probe with driver f81534 failed with error -71 [ 286.064483][ T5959] usb 6-1: USB disconnect, device number 7 [ 288.746345][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 288.901202][ T10] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.901240][ T10] usb 4-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.901263][ T10] usb 4-1: config 0 interface 0 has no altsetting 0 [ 288.901302][ T10] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 288.901326][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.927568][ T10] usb 4-1: config 0 descriptor?? [ 289.467551][ T5959] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 289.564632][ T10] usb 4-1: string descriptor 0 read error: -22 [ 289.627853][ T5959] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 289.627889][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 289.627913][ T5959] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 289.627935][ T5959] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 289.627982][ T5959] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 289.628005][ T5959] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.708295][ T5959] usb 6-1: config 0 descriptor?? [ 289.847725][ T10] input: HID 256c:006d as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.000B/input/input17 [ 289.983700][ T10] uclogic 0003:256C:006D.000B: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 290.032056][ T10] usb 4-1: USB disconnect, device number 10 [ 290.187933][ T5959] plantronics 0003:047F:FFFF.000C: ignoring exceeding usage max [ 290.222604][ T8956] IPVS: Scheduler module ip_vs_ not found [ 290.355629][ T5959] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 290.495128][ T8967] Bluetooth: hci0: invalid length 4, exp 2 for type 8 [ 290.867681][ T8975] netlink: 'syz.3.1124': attribute type 4 has an invalid length. [ 291.629942][ T5959] Process accounting resumed [ 291.921525][ T37] audit: type=1326 audit(1758799953.162:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9001 comm="syz.3.1138" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x0 [ 292.172793][ T5848] usb 6-1: USB disconnect, device number 8 [ 292.606309][ T37] audit: type=1326 audit(1758799953.852:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9021 comm="syz.2.1146" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc382bdeec9 code=0x0 [ 293.248199][ T9044] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1154'. [ 295.156413][ T44] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 295.686296][ T44] usb 3-1: Using ep0 maxpacket: 32 [ 295.698863][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.698900][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.698943][ T44] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 295.698966][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.778696][ T44] usb 3-1: config 0 descriptor?? [ 295.806847][ T44] hub 3-1:0.0: USB hub found [ 296.148200][ T44] hub 3-1:0.0: 1 port detected [ 296.763792][ T44] hub 3-1:0.0: activate --> -90 [ 297.176509][ T44] usb 3-1-port1: cannot reset (err = -71) [ 297.177260][ T44] usb 3-1-port1: cannot reset (err = -71) [ 297.177279][ T44] usb 3-1-port1: Cannot enable. Maybe the USB cable is bad? [ 297.177984][ T44] usb 3-1-port1: cannot disable (err = -71) [ 297.179990][ T44] usb 3-1-port1: cannot reset (err = -71) [ 297.180233][ T5959] usb 3-1: USB disconnect, device number 10 [ 297.180423][ T44] usb 3-1-port1: cannot reset (err = -71) [ 297.180439][ T44] usb 3-1-port1: Cannot enable. Maybe the USB cable is bad? [ 297.180579][ T44] usb 3-1-port1: attempt power cycle [ 297.655310][ T9088] kexec: Could not allocate control_code_buffer [ 298.701250][ T9121] netlink: 'syz.4.1186': attribute type 29 has an invalid length. [ 298.702961][ T9121] netlink: 'syz.4.1186': attribute type 29 has an invalid length. [ 298.704252][ T9121] netlink: 500 bytes leftover after parsing attributes in process `syz.4.1186'. [ 299.473426][ T9146] ip6gretap0: entered promiscuous mode [ 299.473542][ T9146] macsec0: entered allmulticast mode [ 299.473554][ T9146] ip6gretap0: entered allmulticast mode [ 299.507368][ T9146] ip6gretap0: left allmulticast mode [ 299.507444][ T9146] ip6gretap0: left promiscuous mode [ 300.051841][ T9161] tipc: Started in network mode [ 300.051875][ T9161] tipc: Node identity ac141441, cluster identity 4711 [ 300.053739][ T9161] tipc: Enabling of bearer rejected, failed to enable media [ 301.076278][ T5893] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 301.239616][ T5893] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.239652][ T5893] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 301.239748][ T5893] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 301.239803][ T5893] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 301.239827][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.245425][ T9195] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 301.309577][ T5893] usb 6-1: config 0 descriptor?? [ 301.799007][ T5893] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 302.009562][ T9212] netlink: 'syz.0.1225': attribute type 21 has an invalid length. [ 302.009586][ T9212] netlink: 'syz.0.1225': attribute type 22 has an invalid length. [ 302.009600][ T9212] netlink: 'syz.0.1225': attribute type 23 has an invalid length. [ 302.009613][ T9212] netlink: 'syz.0.1225': attribute type 25 has an invalid length. [ 302.009624][ T9212] netlink: 'syz.0.1225': attribute type 26 has an invalid length. [ 302.009636][ T9212] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1225'. [ 302.755672][ T9230] netlink: 830 bytes leftover after parsing attributes in process `syz.3.1232'. [ 302.876476][ T5848] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 303.034189][ T5848] usb 3-1: Using ep0 maxpacket: 16 [ 303.038565][ T5848] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 303.038592][ T5848] usb 3-1: config 1 has an invalid descriptor of length 32, skipping remainder of the config [ 303.038611][ T5848] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 303.038628][ T5848] usb 3-1: config 1 has no interface number 1 [ 303.038673][ T5848] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 303.038717][ T5848] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 640, setting to 64 [ 303.042349][ T5848] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 303.042377][ T5848] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.042394][ T5848] usb 3-1: Product: syz [ 303.042406][ T5848] usb 3-1: Manufacturer: syz [ 303.042418][ T5848] usb 3-1: SerialNumber: syz [ 303.384950][ T5848] usb 3-1: USB disconnect, device number 15 [ 303.875205][ T5959] usb 6-1: USB disconnect, device number 9 [ 305.690809][ T37] audit: type=1326 audit(1758799966.932:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.690870][ T37] audit: type=1326 audit(1758799966.932:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0f135af79 code=0x7ffc0000 [ 305.690917][ T37] audit: type=1326 audit(1758799966.932:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.690965][ T37] audit: type=1326 audit(1758799966.932:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.691013][ T37] audit: type=1326 audit(1758799966.932:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.723370][ T37] audit: type=1326 audit(1758799966.972:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0f135af79 code=0x7ffc0000 [ 305.723948][ T37] audit: type=1326 audit(1758799966.972:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.724254][ T37] audit: type=1326 audit(1758799966.972:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 305.733251][ T37] audit: type=1326 audit(1758799966.982:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa0f135af79 code=0x7ffc0000 [ 305.733828][ T37] audit: type=1326 audit(1758799966.982:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9281 comm="syz.5.1256" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0f13beec9 code=0x7ffc0000 [ 306.393085][ T9291] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 306.506686][ T9291] infiniband sL2: RDMA CMA: cma_listen_on_dev, error -98 [ 306.746304][ T5959] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 306.896499][ T5959] usb 6-1: Using ep0 maxpacket: 32 [ 306.997234][ T5959] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 306.997267][ T5959] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.997286][ T5959] usb 6-1: Product: syz [ 306.997300][ T5959] usb 6-1: Manufacturer: syz [ 306.997313][ T5959] usb 6-1: SerialNumber: syz [ 307.012789][ T5959] usb 6-1: config 0 descriptor?? [ 307.038978][ T5959] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 307.306624][ T5893] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 307.479124][ T5893] usb 3-1: Using ep0 maxpacket: 32 [ 307.492613][ T5893] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 307.492643][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.539114][ T5893] usb 3-1: config 0 descriptor?? [ 307.545709][ T5893] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 308.069114][ T5893] gspca_vc032x: reg_r err -110 [ 308.069138][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069148][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069157][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069166][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069174][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069183][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069191][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069200][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069209][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069217][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069225][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069233][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069241][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069250][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069258][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069266][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069275][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069283][ T5893] gspca_vc032x: I2c Bus Busy Wait 00 [ 308.069292][ T5893] gspca_vc032x: Unknown sensor... [ 308.069385][ T5893] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 308.693399][ T5959] gspca_stk1135: reg_w 0xd err -71 [ 308.694457][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694472][ T5959] gspca_stk1135: Sensor write failed [ 308.694504][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694513][ T5959] gspca_stk1135: Sensor write failed [ 308.694543][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694553][ T5959] gspca_stk1135: Sensor read failed [ 308.694585][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694594][ T5959] gspca_stk1135: Sensor read failed [ 308.694601][ T5959] gspca_stk1135: Detected sensor type unknown (0x0) [ 308.694638][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694648][ T5959] gspca_stk1135: Sensor read failed [ 308.694676][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694685][ T5959] gspca_stk1135: Sensor read failed [ 308.694715][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694725][ T5959] gspca_stk1135: Sensor write failed [ 308.694755][ T5959] gspca_stk1135: serial bus timeout: status=0x00 [ 308.694764][ T5959] gspca_stk1135: Sensor write failed [ 308.694862][ T5959] stk1135 6-1:0.0: probe with driver stk1135 failed with error -71 [ 308.704739][ T5959] usb 6-1: USB disconnect, device number 10 [ 309.564539][ T9335] overlayfs: failed to clone lowerpath [ 309.648609][ T5893] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 309.796399][ T5893] usb 6-1: Using ep0 maxpacket: 16 [ 309.798477][ T5893] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 309.798494][ T5893] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 309.798504][ T5893] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 309.860222][ T5893] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 309.860254][ T5893] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.860274][ T5893] usb 6-1: Product: syz [ 309.860289][ T5893] usb 6-1: Manufacturer: syz [ 309.860303][ T5893] usb 6-1: SerialNumber: syz [ 310.147347][ T5959] usb 3-1: USB disconnect, device number 16 [ 310.406409][ T5893] usb 6-1: 0:2 : does not exist [ 310.414101][ T9346] Invalid ELF header len 8 [ 310.450023][ T5893] usb 6-1: 1:0: cannot get min/max values for control 2 (id 1) [ 310.516732][ T5893] usb 6-1: USB disconnect, device number 11 [ 310.722156][ T9349] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 311.238160][ T5959] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 311.396314][ T5959] usb 4-1: Using ep0 maxpacket: 16 [ 311.398983][ T5959] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 311.399010][ T5959] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 311.399029][ T5959] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 311.402266][ T5959] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 311.402293][ T5959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.402312][ T5959] usb 4-1: Product: syz [ 311.402326][ T5959] usb 4-1: Manufacturer: syz [ 311.402340][ T5959] usb 4-1: SerialNumber: syz [ 311.917749][ T5959] usb 4-1: 0:2 : does not exist [ 312.735109][ T5893] usb 4-1: USB disconnect, device number 11 [ 312.886998][ T9397] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1305'. [ 312.887026][ T9397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1305'. [ 312.887052][ T9397] netlink: 'syz.4.1305': attribute type 20 has an invalid length. [ 312.888431][ T9397] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1305'. [ 312.888449][ T9397] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1305'. [ 312.888469][ T9397] netlink: 'syz.4.1305': attribute type 20 has an invalid length. [ 313.501839][ T9407] netlink: 'syz.4.1308': attribute type 21 has an invalid length. [ 313.501865][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1308'. [ 313.514997][ T9407] netlink: 'syz.4.1308': attribute type 21 has an invalid length. [ 313.515018][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1308'. [ 313.598158][ T9409] vivid-001: disconnect [ 313.599261][ T9409] vivid-001: reconnect [ 314.169080][ T37] kauditd_printk_skb: 134 callbacks suppressed [ 314.169100][ T37] audit: type=1326 audit(1758799975.422:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.172343][ T37] audit: type=1326 audit(1758799975.422:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.172641][ T37] audit: type=1326 audit(1758799975.422:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.173212][ T37] audit: type=1326 audit(1758799975.422:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.173525][ T37] audit: type=1326 audit(1758799975.422:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.174391][ T37] audit: type=1326 audit(1758799975.422:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.245377][ T37] audit: type=1326 audit(1758799975.462:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.245439][ T37] audit: type=1326 audit(1758799975.462:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.245479][ T37] audit: type=1326 audit(1758799975.462:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.245518][ T37] audit: type=1326 audit(1758799975.462:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9422 comm="syz.3.1317" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1838f6eec9 code=0x7ffc0000 [ 314.447476][ T9430] Invalid source name [ 314.447496][ T9430] UBIFS error (pid: 9430): cannot open "./file0", error -22 [ 314.635274][ T9435] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1324'. [ 314.676264][ T5843] Bluetooth: hci5: command 0x1003 tx timeout [ 314.676289][ T59] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 315.089567][ T9432] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.093538][ T9432] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.030283][ T9432] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 316.083466][ T9432] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 316.326398][ T9459] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 316.478699][ T9459] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 316.478761][ T9459] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 316.478786][ T9459] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 316.478811][ T9459] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 316.478837][ T9459] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 316.478879][ T9459] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 316.478901][ T9459] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.560236][ T9459] usb 3-1: config 0 descriptor?? [ 316.562197][ T9474] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 317.011548][ T9459] hid_parser_main: 5 callbacks suppressed [ 317.011565][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.011584][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.011604][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.011619][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.011633][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.011647][ T9459] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0 [ 317.024912][ T9459] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 317.265857][ T9436] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 317.284110][ T9479] usb 3-1: USB disconnect, device number 17 [ 317.376271][ T3598] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.486356][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.575799][ T3598] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.575856][ T3598] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.575894][ T3598] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.767302][ T5843] Bluetooth: hci5: command 0x1003 tx timeout [ 318.767662][ T59] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 319.931930][ T9535] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 320.423089][ T9543] block device autoloading is deprecated and will be removed. [ 321.054485][ T9570] Bluetooth: hci0: unsupported parameter 32780 [ 321.054510][ T9570] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 321.138122][ T9479] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 321.184528][ T9577] netlink: 'syz.4.1371': attribute type 2 has an invalid length. [ 321.184555][ T9577] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1371'. [ 321.289188][ T9479] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 321.289219][ T9479] usb 3-1: config 0 has no interface number 0 [ 321.289255][ T9479] usb 3-1: config 0 interface 255 has no altsetting 0 [ 321.289292][ T9479] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 321.289315][ T9479] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.361534][ T9479] usb 3-1: config 0 descriptor?? [ 321.365920][ T9479] cp210x 3-1:0.255: cp210x converter detected [ 321.794046][ T9479] cp210x 3-1:0.255: failed to get vendor val 0x000e size 3: -32 [ 321.995854][ T9479] cp210x 3-1:0.255: GPIO initialisation failed: -19 [ 322.014371][ T9479] usb 3-1: cp210x converter now attached to ttyUSB0 [ 322.207138][ T9459] usb 3-1: USB disconnect, device number 18 [ 322.228559][ T9459] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 322.229163][ T9459] cp210x 3-1:0.255: device disconnected [ 322.365599][ T9603] team_slave_0: left promiscuous mode [ 322.373631][ T9603] team_slave_1: left promiscuous mode [ 322.569927][ T9459] libceph: connect (1)[c::]:6789 error -101 [ 322.581204][ T9479] libceph: connect (1)[c::]:6789 error -101 [ 322.581902][ T9479] libceph: mon0 (1)[c::]:6789 connect error [ 322.591439][ T9479] libceph: connect (1)[c::]:6789 error -101 [ 322.591666][ T9479] libceph: mon0 (1)[c::]:6789 connect error [ 322.614051][ T9459] libceph: mon0 (1)[c::]:6789 connect error [ 322.629227][ T9459] libceph: connect (1)[c::]:6789 error -101 [ 322.629479][ T9459] libceph: mon0 (1)[c::]:6789 connect error [ 322.850375][ T9479] libceph: connect (1)[c::]:6789 error -101 [ 322.850615][ T9479] libceph: mon0 (1)[c::]:6789 connect error [ 322.889612][ T9459] libceph: connect (1)[c::]:6789 error -101 [ 322.889885][ T9459] libceph: mon0 (1)[c::]:6789 connect error [ 323.316006][ T9605] ceph: No mds server is up or the cluster is laggy [ 323.318773][ T9610] ceph: No mds server is up or the cluster is laggy [ 323.361686][ T5931] libceph: connect (1)[c::]:6789 error -101 [ 323.361932][ T5931] libceph: mon0 (1)[c::]:6789 connect error [ 323.396798][ T9459] libceph: connect (1)[c::]:6789 error -101 [ 323.397052][ T9459] libceph: mon0 (1)[c::]:6789 connect error [ 324.655541][ T9645] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1401'. [ 327.859382][ T9705] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 327.884363][ T9679] uprobe: syz.2.1416:9679 failed to unregister, leaking uprobe [ 328.362334][ T9716] netlink: 5 bytes leftover after parsing attributes in process `syz.5.1432'. [ 328.363281][ T9716] 0{X: renamed from gretap0 [ 328.462194][ T9716] 0{X: entered allmulticast mode [ 328.466647][ T9716] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 328.871471][ T9724] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 332.309810][ T9479] kernel write not supported for file bpf-prog (pid: 9479 comm: kworker/0:12) [ 332.576430][ T9801] netlink: 'syz.0.1465': attribute type 1 has an invalid length. [ 332.765604][ T9801] 8021q: adding VLAN 0 to HW filter on device bond3 [ 332.941093][ T9805] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 332.986468][ T9805] bond3: (slave batadv1): making interface the new active one [ 333.012702][ T9805] bond3: (slave batadv1): Enslaving as an active interface with an up link [ 335.606238][ T5931] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 335.760562][ T5931] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 335.760776][ T5931] usb 4-1: config 0 interface 0 has no altsetting 0 [ 335.785591][ T5931] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 335.785611][ T5931] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.785622][ T5931] usb 4-1: Product: syz [ 335.785630][ T5931] usb 4-1: Manufacturer: syz [ 335.785638][ T5931] usb 4-1: SerialNumber: syz [ 335.853442][ T5931] usb 4-1: config 0 descriptor?? [ 335.862154][ T5931] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 335.930269][ T5931] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 335.939221][ T5931] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 335.939283][ T5931] usb 4-1: media controller created [ 336.175668][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 336.538915][ T5931] DVB: Unable to find symbol tda10046_attach() [ 336.538934][ T5931] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 336.538949][ T5931] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 337.377412][ T5931] dvb_usb_m920x 4-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 337.407018][ T5931] usb 4-1: USB disconnect, device number 12 [ 337.467881][ T9881] overlayfs: failed to clone lowerpath [ 337.521903][ T9882] overlayfs: failed to clone lowerpath [ 337.934256][ T9888] netlink: 'syz.4.1500': attribute type 9 has an invalid length. [ 338.166442][ T5931] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 338.328757][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.328813][ T5931] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 338.328838][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.338603][ T5931] usb 3-1: config 0 descriptor?? [ 338.472276][ T9892] ptrace attach of "./syz-executor exec"[9900] was attempted by "./syz-executor exec"[9892] [ 338.560840][ T9905] input: syz0 as /devices/virtual/input/input18 [ 338.792505][ T5931] keytouch 0003:0926:3333.000F: fixing up Keytouch IEC report descriptor [ 338.831234][ T5931] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.000F/input/input19 [ 339.141668][ T5931] keytouch 0003:0926:3333.000F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 339.295659][ T5959] usb 3-1: USB disconnect, device number 19 [ 339.558620][ T9438] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 339.709352][ T9438] usb 4-1: config index 0 descriptor too short (expected 30768, got 18) [ 339.709500][ T9438] usb 4-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 339.709522][ T9438] usb 4-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config [ 339.709541][ T9438] usb 4-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 339.709582][ T9438] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 339.709606][ T9438] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.975903][ T9438] usb 4-1: string descriptor 0 read error: -22 [ 340.161663][ T5931] usb 4-1: USB disconnect, device number 13 [ 341.178929][ T9958] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1525'. [ 342.271645][ T9963] netlink: 'syz.5.1529': attribute type 5 has an invalid length. [ 342.271672][ T9963] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.1529'. [ 342.935601][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.082821][ C1] vkms_vblank_simulate: vblank timer overrun [ 343.256623][ T9989] netlink: 146780 bytes leftover after parsing attributes in process `syz.2.1539'. [ 345.015355][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 345.015375][ T37] audit: type=1326 audit(1758800006.262:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10011 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ed204eec9 code=0x7fc00000 [ 345.531933][ T37] audit: type=1326 audit(1758800006.782:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10011 comm="syz.0.1549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ed204eec9 code=0x7fc00000 [ 348.321971][T10087] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1574'. [ 348.322504][T10087] unsupported nlmsg_type 40 [ 349.007959][T10103] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 349.058857][T10104] netlink: 'syz.3.1580': attribute type 39 has an invalid length. [ 349.149575][ T9438] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 349.296319][ T9438] usb 3-1: Using ep0 maxpacket: 16 [ 349.299054][ T9438] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.299156][ T9438] usb 3-1: config 0 interface 0 has no altsetting 0 [ 349.299194][ T9438] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 349.299218][ T9438] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.312247][ T9438] usb 3-1: config 0 descriptor?? [ 349.798928][ T9438] nzxt-smart2 0003:1E71:2009.0010: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 350.150070][ T9454] usb 3-1: USB disconnect, device number 20 [ 351.905406][T10149] netlink: 384 bytes leftover after parsing attributes in process `syz.4.1598'. [ 352.455326][T10161] netlink: 51 bytes leftover after parsing attributes in process `syz.5.1602'. [ 352.665906][T10170] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1606'. [ 352.749598][T10170] 8021q: adding VLAN 0 to HW filter on device bond1 [ 353.903909][T10205] macvtap1: entered promiscuous mode [ 353.903939][T10205] vlan0: entered promiscuous mode [ 353.904649][T10205] macvtap1: entered allmulticast mode [ 353.904666][T10205] vlan0: entered allmulticast mode [ 353.904679][T10205] veth0_vlan: entered allmulticast mode [ 354.076376][T10205] macvtap2: entered promiscuous mode [ 354.076712][T10205] macvtap2: entered allmulticast mode [ 355.766507][T10253] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1642'. [ 356.458397][ T9438] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 356.485569][T10269] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 356.485788][T10269] FAT-fs (loop9): unable to read boot sector [ 356.609865][ T9438] usb 3-1: Using ep0 maxpacket: 32 [ 356.622035][ T9438] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.622069][ T9438] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.622112][ T9438] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 356.622136][ T9438] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.641463][ T9438] usb 3-1: config 0 descriptor?? [ 356.681875][T10273] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1651'. [ 357.115400][ T9438] savu 0003:1E7D:2D5A.0011: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 357.459319][ T9438] usb 3-1: USB disconnect, device number 21 [ 358.139102][T10277] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 358.165306][T10277] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 358.293957][T10286] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1658'. [ 358.580835][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1660'. [ 358.580862][T10297] netlink: 'syz.2.1660': attribute type 18 has an invalid length. [ 358.801978][T10303] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 4294967272. macoff=96 [ 359.219735][T10297] vxlan0: entered promiscuous mode [ 359.250236][ T67] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.307382][ T67] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.311892][ T67] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.311946][ T67] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 359.311990][ T67] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 359.312021][ T67] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 359.312050][ T67] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 359.312079][ T67] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 359.388537][T10312] 9pnet: p9_errstr2errno: server reported unknown error pA [ 360.084296][ T37] audit: type=1400 audit(1758800021.332:969): lsm=SMACK fn=smack_inode_permission action=denied subject="@.-&#^" object="_" requested=rw pid=10324 comm="syz.5.1672" name="video36" dev="devtmpfs" ino=1044 [ 360.535267][T10333] netlink: 'syz.4.1674': attribute type 1 has an invalid length. [ 360.746285][ T9452] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 360.831082][T10335] bond2: (slave bridge2): making interface the new active one [ 360.831972][T10335] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 360.916350][ T9452] usb 6-1: Using ep0 maxpacket: 8 [ 360.922363][ T9452] usb 6-1: config 0 interface 0 has no altsetting 0 [ 360.922393][ T9452] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 360.922406][ T9452] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.938095][ T9452] usb 6-1: config 0 descriptor?? [ 361.210889][ T9452] usbhid 6-1:0.0: can't add hid device: -71 [ 361.211001][ T9452] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 361.256547][ T9452] usb 6-1: USB disconnect, device number 12 [ 361.274612][T10343] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1677'. [ 361.625863][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1681'. [ 363.082217][T10383] tipc: Started in network mode [ 363.082250][T10383] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 363.120519][T10383] tipc: Enabled bearer , priority 10 [ 363.303560][T10389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1699'. [ 363.303598][T10389] netlink: 'syz.0.1699': attribute type 15 has an invalid length. [ 363.304071][T10389] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1699'. [ 363.304092][T10389] netlink: 'syz.0.1699': attribute type 15 has an invalid length. [ 364.210409][ T9459] tipc: Node number set to 4269801488 [ 364.814685][ T9459] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 364.917350][ T9459] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz1] on syz0 [ 365.144397][T10425] tipc: Failed to remove unknown binding: 66,3,3/4269801488:3841350066/3841350067 [ 365.533063][ C1] vkms_vblank_simulate: vblank timer overrun [ 366.076373][T10443] bridge0: port 1(syz_tun) entered blocking state [ 366.076630][T10443] bridge0: port 1(syz_tun) entered disabled state [ 366.111369][T10443] syz_tun: entered allmulticast mode [ 366.139330][T10443] syz_tun: entered promiscuous mode [ 366.154432][T10445] netlink: 'syz.4.1720': attribute type 10 has an invalid length. [ 366.201744][T10443] bridge0: port 1(syz_tun) entered blocking state [ 366.201933][T10443] bridge0: port 1(syz_tun) entered forwarding state [ 366.283797][T10445] bridge0: port 1(syz_tun) entered disabled state [ 366.325279][T10445] bridge0: port 1(syz_tun) entered blocking state [ 366.329852][T10445] bridge0: port 1(syz_tun) entered forwarding state [ 366.384490][T10445] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 367.967106][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.688307][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.843604][T10500] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 369.111235][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.910245][T10556] loop6: detected capacity change from 0 to 7 [ 370.917586][T10556] Dev loop6: unable to read RDB block 7 [ 370.917634][T10556] loop6: unable to read partition table [ 370.917873][T10556] loop6: partition table beyond EOD, truncated [ 370.917891][T10556] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 372.831776][ T9452] IPVS: starting estimator thread 0... [ 372.918600][T10629] 0{X: left allmulticast mode [ 372.950269][T10629] 8021q: adding VLAN 0 to HW filter on device bond0 [ 372.952482][T10629] 8021q: adding VLAN 0 to HW filter on device team0 [ 372.964999][T10627] IPVS: using max 6 ests per chain, 14400 per kthread [ 373.026306][ T9479] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 373.083251][T10629] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 373.142124][T10630] syzkaller0: entered promiscuous mode [ 373.142159][T10630] syzkaller0: entered allmulticast mode [ 373.209068][ T9479] usb 3-1: config 1 interface 0 has no altsetting 0 [ 373.212944][ T9479] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 373.212977][ T9479] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.212998][ T9479] usb 3-1: Product: syz [ 373.213012][ T9479] usb 3-1: Manufacturer: syz [ 373.213026][ T9479] usb 3-1: SerialNumber: syz [ 373.737637][ T9479] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 22 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 374.531902][T10652] netdevsim netdevsim3: Direct firmware load for .. failed with error -2 [ 374.531931][T10652] netdevsim netdevsim3: Falling back to sysfs fallback for: .. [ 375.677016][ T9454] usb 3-1: USB disconnect, device number 22 [ 375.705365][ T9454] usblp0: removed [ 375.816457][T10680] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1796'. [ 378.048244][T10736] netlink: 'syz.4.1817': attribute type 10 has an invalid length. [ 378.144783][T10736] 8021q: adding VLAN 0 to HW filter on device team0 [ 378.159729][T10736] bond0: (slave team0): Enslaving as an active interface with an up link [ 378.546171][T10744] overlayfs: failed to clone upperpath [ 378.937922][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.071292][T10759] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 379.727582][T10771] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1832'. [ 379.952427][T10783] loop6: detected capacity change from 0 to 7 [ 379.969894][T10783] Dev loop6: unable to read RDB block 7 [ 379.969934][T10783] loop6: AHDI p1 p2 [ 379.969969][T10783] loop6: partition table partially beyond EOD, truncated [ 379.970120][T10783] loop6: p1 start 926365495 is beyond EOD, truncated [ 380.476878][T10792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1837'. [ 380.832352][T10796] loop6: detected capacity change from 0 to 7 [ 380.855007][T10796] Dev loop6: unable to read RDB block 7 [ 380.855041][T10796] loop6: AHDI p3 p4 [ 380.855064][T10796] loop6: partition table partially beyond EOD, truncated [ 380.855136][T10796] loop6: p3 start 7893504 is beyond EOD, truncated [ 381.306802][ T9459] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 381.460746][ T9459] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.498535][ T9459] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 381.498559][ T9459] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.498570][ T9459] usb 4-1: Product: syz [ 381.498578][ T9459] usb 4-1: Manufacturer: syz [ 381.498586][ T9459] usb 4-1: SerialNumber: syz [ 382.671665][ T9459] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 382.671693][ T9459] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 382.671711][ T9459] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 383.074818][ T9459] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 383.183242][ T9459] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 383.349761][ T9459] usb 4-1: USB disconnect, device number 14 [ 383.365289][ T9459] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 384.054227][T10838] input: syz0 as /devices/virtual/input/input20 [ 384.778635][T10851] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 384.986262][ T9454] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 385.144944][ T9454] usb 3-1: Using ep0 maxpacket: 32 [ 385.157648][ T9454] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 385.157680][ T9454] usb 3-1: config 0 has no interface number 0 [ 385.171353][ T9454] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 385.171386][ T9454] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.171405][ T9454] usb 3-1: Product: syz [ 385.171421][ T9454] usb 3-1: Manufacturer: syz [ 385.171435][ T9454] usb 3-1: SerialNumber: syz [ 385.220889][ T9454] usb 3-1: config 0 descriptor?? [ 385.225033][ T9454] smsc95xx v2.0.0 [ 385.439363][T10863] overlayfs: missing 'lowerdir' [ 385.658721][ T9454] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 385.658754][ T9454] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 386.285223][T10880] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1869'. [ 386.469866][ T9454] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 386.470243][ T9454] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 386.500234][ T9454] usb 3-1: USB disconnect, device number 23 [ 387.189492][T10898] loop6: detected capacity change from 0 to 7 [ 387.192576][T10898] Dev loop6: unable to read RDB block 7 [ 387.192607][T10898] loop6: AHDI p1 p2 p3 [ 387.192639][T10898] loop6: partition table partially beyond EOD, truncated [ 387.192757][T10898] loop6: p1 start 926365495 is beyond EOD, truncated [ 387.192775][T10898] loop6: p2 size 114 extends beyond EOD, truncated [ 388.188585][T10928] loop3: detected capacity change from 0 to 1 [ 388.203913][T10928] Dev loop3: unable to read RDB block 1 [ 388.203962][T10928] loop3: unable to read partition table [ 388.229025][T10928] loop3: partition table beyond EOD, truncated [ 388.229056][T10928] loop_reread_partitions: partition scan of loop3 (被x ) failed (rc=-5) [ 388.521238][T10928] Dev loop3: unable to read RDB block 1 [ 388.521271][T10928] loop3: unable to read partition table [ 388.521438][T10928] loop3: partition table beyond EOD, truncated [ 415.049191][T10938] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 418.235903][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 418.266062][ T5843] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 418.269780][ T5843] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 418.354951][ T5843] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 418.396808][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 418.838763][ T5843] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 418.839996][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 418.926303][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 418.939825][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 418.941423][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 418.942377][ T5160] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 418.947680][ T5160] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 418.968389][ T5160] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 418.973112][ T5160] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 418.974044][ T5843] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 419.590488][ T5843] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 419.722937][ T5843] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 419.766572][ T5843] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 419.770551][ T5843] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 419.771677][ T5843] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 420.388225][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 420.430265][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 420.433868][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 420.491085][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 420.512100][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 421.006234][ T5843] Bluetooth: hci6: command tx timeout [ 421.167664][ T5843] Bluetooth: hci5: command tx timeout [ 421.960097][ T5843] Bluetooth: hci7: command tx timeout [ 422.596640][ T5843] Bluetooth: hci8: command tx timeout [ 423.086756][ T5843] Bluetooth: hci6: command tx timeout [ 423.238324][ T5843] Bluetooth: hci5: command tx timeout [ 424.036225][ T5843] Bluetooth: hci7: command tx timeout [ 424.676321][ T5843] Bluetooth: hci8: command tx timeout [ 425.156268][ T5843] Bluetooth: hci6: command tx timeout [ 425.316398][ T5843] Bluetooth: hci5: command tx timeout [ 426.116290][ T5843] Bluetooth: hci7: command tx timeout [ 426.756335][ T5843] Bluetooth: hci8: command tx timeout [ 427.239694][ T5843] Bluetooth: hci6: command tx timeout [ 427.396475][ T5843] Bluetooth: hci5: command tx timeout [ 428.198426][ T5843] Bluetooth: hci7: command tx timeout [ 428.836531][ T5843] Bluetooth: hci8: command tx timeout [ 439.231495][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 439.258784][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 439.260505][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 439.264167][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 439.265113][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 440.363189][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.396338][ T59] Bluetooth: hci0: command tx timeout [ 443.476572][ T59] Bluetooth: hci0: command tx timeout [ 443.577412][ C0] sched: DL replenish lagged too much [ 445.556335][ T59] Bluetooth: hci0: command tx timeout [ 445.667816][T10917] bridge0: port 1(syz_tun) entered disabled state [ 447.636493][ T59] Bluetooth: hci0: command tx timeout [ 451.673527][T10917] syz_tun (unregistering): left allmulticast mode [ 451.673563][T10917] syz_tun (unregistering): left promiscuous mode [ 451.673693][T10917] bridge0: port 1(syz_tun) entered disabled state [ 478.448495][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 478.472411][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 478.474054][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 478.486394][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 478.502596][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 478.569246][ T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 478.605472][ T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 478.610057][ T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 478.656326][ T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 478.657575][ T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 478.761066][ T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 478.789093][ T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 478.813036][ T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 478.814466][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 478.815402][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 478.961080][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 478.992773][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 478.994558][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 479.012356][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 479.013292][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 480.596344][ T59] Bluetooth: hci1: command tx timeout [ 480.756537][ T59] Bluetooth: hci2: command tx timeout [ 480.926434][ T59] Bluetooth: hci3: command tx timeout [ 481.076536][ T59] Bluetooth: hci4: command tx timeout [ 482.676330][ T59] Bluetooth: hci1: command tx timeout [ 482.836203][ T59] Bluetooth: hci2: command tx timeout [ 482.996242][ T59] Bluetooth: hci3: command tx timeout [ 483.156342][ T59] Bluetooth: hci4: command tx timeout [ 484.756267][ T59] Bluetooth: hci1: command tx timeout [ 484.922748][ T59] Bluetooth: hci2: command tx timeout [ 485.076328][ T59] Bluetooth: hci3: command tx timeout [ 485.236594][ T59] Bluetooth: hci4: command tx timeout [ 486.836265][ T59] Bluetooth: hci1: command tx timeout [ 486.997316][ T59] Bluetooth: hci2: command tx timeout [ 487.156299][ T59] Bluetooth: hci3: command tx timeout [ 487.316440][ T59] Bluetooth: hci4: command tx timeout [ 500.652374][ T5843] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 500.670192][ T5843] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 500.687251][ T5843] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 500.712963][ T5843] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 500.713916][ T5843] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 501.809142][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.836356][ T5843] Bluetooth: hci9: command tx timeout [ 504.916410][ T5843] Bluetooth: hci9: command tx timeout [ 506.996411][ T5843] Bluetooth: hci9: command tx timeout [ 509.077061][ T5843] Bluetooth: hci9: command tx timeout [ 539.585738][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 539.621644][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 539.623496][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 539.646436][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 539.647374][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 539.751373][ T5843] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 539.780193][ T5843] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 539.781966][ T5843] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 539.783949][ T5843] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 539.785313][ T5843] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 540.060040][ T5843] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 540.091112][ T5843] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 540.092912][ T5843] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 540.094892][ T5843] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 540.095823][ T5843] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 540.275385][ T5843] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 540.306595][ T5843] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 540.336234][ T5843] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 540.339248][ T5843] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 540.340901][ T5843] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 541.716164][ T5843] Bluetooth: hci0: command tx timeout [ 541.956201][ T5843] Bluetooth: hci10: command tx timeout [ 542.196226][ T5843] Bluetooth: hci11: command tx timeout [ 542.441531][ T5843] Bluetooth: hci12: command tx timeout [ 543.796511][T11007] Bluetooth: hci0: command tx timeout [ 544.038091][T11007] Bluetooth: hci10: command tx timeout [ 544.276206][T11007] Bluetooth: hci11: command tx timeout [ 544.516189][T11007] Bluetooth: hci12: command tx timeout [ 544.857373][T11007] Bluetooth: hci8: command 0x0406 tx timeout [ 544.916233][T11007] Bluetooth: hci7: command 0x0406 tx timeout [ 544.916277][T11007] Bluetooth: hci6: command 0x0406 tx timeout [ 544.916303][T11007] Bluetooth: hci5: command 0x0406 tx timeout [ 545.876227][T11006] Bluetooth: hci0: command tx timeout [ 546.116516][T11006] Bluetooth: hci10: command tx timeout [ 546.356374][T11006] Bluetooth: hci11: command tx timeout [ 546.596408][T11006] Bluetooth: hci12: command tx timeout [ 547.956183][T11007] Bluetooth: hci0: command tx timeout [ 548.199880][T11007] Bluetooth: hci10: command tx timeout [ 548.436360][T11007] Bluetooth: hci11: command tx timeout [ 548.676294][T11007] Bluetooth: hci12: command tx timeout [ 561.702480][T11007] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 561.727072][T11007] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 561.730071][T11007] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 561.731400][T11007] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 561.732961][T11007] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 563.243262][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 584.516724][T11005] Bluetooth: hci13: command tx timeout [ 586.596159][T11005] Bluetooth: hci13: command tx timeout [ 588.676290][T11005] Bluetooth: hci13: command tx timeout [ 590.756277][T11005] Bluetooth: hci13: command tx timeout [ 600.583359][T11007] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 600.606199][T11007] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 600.607895][T11007] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 600.611154][T11007] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 600.612120][T11007] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 600.768671][T11007] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 600.775166][T11007] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 600.798008][T11007] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 600.806784][T11007] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 600.807748][T11007] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 600.883487][T11006] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 600.922740][T11006] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 600.924741][T11006] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 600.970207][T11027] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 600.985425][T11027] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 600.987483][T11027] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 600.995359][T11027] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 601.009300][T11027] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 601.156243][T11006] Bluetooth: hci1: command 0x0406 tx timeout [ 601.156600][T11006] Bluetooth: hci2: command 0x0406 tx timeout [ 601.156718][T11006] Bluetooth: hci3: command 0x0406 tx timeout [ 601.156832][T11006] Bluetooth: hci4: command 0x0406 tx timeout [ 601.771410][T11027] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 601.772519][T11027] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 602.676175][T11027] Bluetooth: hci14: command tx timeout [ 602.916418][T11007] Bluetooth: hci15: command tx timeout [ 603.076373][T11007] Bluetooth: hci17: command tx timeout [ 604.756818][T11007] Bluetooth: hci14: command tx timeout [ 604.996392][T11007] Bluetooth: hci15: command tx timeout [ 605.156127][T11007] Bluetooth: hci17: command tx timeout [ 606.836241][T11007] Bluetooth: hci14: command tx timeout [ 607.076871][T11007] Bluetooth: hci15: command tx timeout [ 607.236291][T11007] Bluetooth: hci17: command tx timeout [ 608.916602][T11007] Bluetooth: hci14: command tx timeout [ 609.157392][T11007] Bluetooth: hci15: command tx timeout [ 609.317544][T11007] Bluetooth: hci17: command tx timeout [ 619.559246][ T38] INFO: task syz-executor:10950 blocked for more than 143 seconds. [ 619.559274][ T38] Not tainted syzkaller #0 [ 619.559285][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 619.559295][ T38] task:syz-executor state:D stack:23912 pid:10950 tgid:10950 ppid:1 task_flags:0x400140 flags:0x00004006 [ 619.559360][ T38] Call Trace: [ 619.559368][ T38] [ 619.559384][ T38] __schedule+0x16f3/0x4c20 [ 619.559453][ T38] ? __pfx___schedule+0x10/0x10 [ 619.559506][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.559541][ T38] rt_mutex_schedule+0x77/0xf0 [ 619.559563][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 619.559589][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 619.559637][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 619.559666][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 619.559694][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 619.559717][ T38] ? __lock_acquire+0xab9/0xd20 [ 619.559758][ T38] ? wg_netns_pre_exit+0x1c/0x1d0 [ 619.559789][ T38] ? net_generic+0x1e/0x240 [ 619.559822][ T38] ? wg_netns_pre_exit+0x1c/0x1d0 [ 619.559843][ T38] mutex_lock_nested+0x16a/0x1d0 [ 619.559876][ T38] wg_netns_pre_exit+0x1c/0x1d0 [ 619.559906][ T38] ops_undo_list+0x187/0x990 [ 619.559944][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 619.559971][ T38] ? ops_init+0x469/0x5c0 [ 619.560021][ T38] setup_net+0x2d3/0x320 [ 619.560053][ T38] ? __pfx_setup_net+0x10/0x10 [ 619.560085][ T38] ? __mutex_rt_init+0x3b/0x50 [ 619.560114][ T38] copy_net_ns+0x31b/0x4d0 [ 619.560149][ T38] create_new_namespaces+0x3f3/0x720 [ 619.560181][ T38] ? security_capable+0x7e/0x2e0 [ 619.560221][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 619.560252][ T38] ksys_unshare+0x4c8/0x8c0 [ 619.560293][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 619.560324][ T38] ? rt_spin_unlock+0x65/0x80 [ 619.560363][ T38] __x64_sys_unshare+0x38/0x50 [ 619.560393][ T38] do_syscall_64+0xfa/0x3b0 [ 619.560413][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 619.560445][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.560466][ T38] ? clear_bhb_loop+0x60/0xb0 [ 619.560492][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.560514][ T38] RIP: 0033:0x7fb561a706c7 [ 619.560532][ T38] RSP: 002b:00007ffe24984958 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 619.560553][ T38] RAX: ffffffffffffffda RBX: 00007fb561cc5f40 RCX: 00007fb561a706c7 [ 619.560553][ T38] RAX: ffffffffffffffda RBX: 00007fb561cc5f40 RCX: 00007fb561a706c7 [ 619.560569][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 619.560582][ T38] RBP: 00007fb561cc67b8 R08: 0000000000000000 R09: 0000000000000000 [ 619.560596][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 619.560609][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 619.560643][ T38] [ 619.560652][ T38] INFO: task syz-executor:10953 blocked for more than 143 seconds. [ 619.560666][ T38] Not tainted syzkaller #0 [ 619.560676][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 619.560686][ T38] task:syz-executor state:D stack:23912 pid:10953 tgid:10953 ppid:1 task_flags:0x400140 flags:0x00004006 [ 619.560745][ T38] Call Trace: [ 619.560751][ T38] [ 619.560764][ T38] __schedule+0x16f3/0x4c20 [ 619.560825][ T38] ? __pfx___schedule+0x10/0x10 [ 619.560878][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.560913][ T38] rt_mutex_schedule+0x77/0xf0 [ 619.560933][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 619.560959][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 619.561014][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 619.561043][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 619.561070][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 619.561093][ T38] ? __lock_acquire+0xab9/0xd20 [ 619.561134][ T38] ? wg_netns_pre_exit+0x1c/0x1d0 [ 619.561163][ T38] ? net_generic+0x1e/0x240 [ 619.561210][ T38] ? wg_netns_pre_exit+0x1c/0x1d0 [ 619.561231][ T38] mutex_lock_nested+0x16a/0x1d0 [ 619.561264][ T38] wg_netns_pre_exit+0x1c/0x1d0 [ 619.561293][ T38] ops_undo_list+0x187/0x990 [ 619.561330][ T38] ? __pfx_ops_undo_list+0x10/0x10 [ 619.561357][ T38] ? ops_init+0x469/0x5c0 [ 619.561399][ T38] setup_net+0x2d3/0x320 [ 619.561429][ T38] ? __pfx_setup_net+0x10/0x10 [ 619.561462][ T38] ? __mutex_rt_init+0x3b/0x50 [ 619.561492][ T38] copy_net_ns+0x31b/0x4d0 [ 619.561525][ T38] create_new_namespaces+0x3f3/0x720 [ 619.561557][ T38] ? security_capable+0x7e/0x2e0 [ 619.561596][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 619.561627][ T38] ksys_unshare+0x4c8/0x8c0 [ 619.561665][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 619.561696][ T38] ? rt_spin_unlock+0x65/0x80 [ 619.561736][ T38] __x64_sys_unshare+0x38/0x50 [ 619.561764][ T38] do_syscall_64+0xfa/0x3b0 [ 619.561782][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 619.561813][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.561833][ T38] ? clear_bhb_loop+0x60/0xb0 [ 619.561859][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 619.561879][ T38] RIP: 0033:0x7fb7559d06c7 [ 619.561896][ T38] RSP: 002b:00007ffc20a67908 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 619.561916][ T38] RAX: ffffffffffffffda RBX: 00007fb755c25f40 RCX: 00007fb7559d06c7 [ 619.561931][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 619.561944][ T38] RBP: 00007fb755c267b8 R08: 0000000000000000 R09: 0000000000000000 [ 619.561958][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 619.561970][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 619.562011][ T38] [ 619.562031][ T38] [ 619.562031][ T38] Showing all locks held in the system: [ 619.562042][ T38] 12 locks held by ktimers/1/29: [ 619.562054][ T38] 2 locks held by ksoftirqd/1/30: [ 619.562067][ T38] 1 lock held by khungtaskd/38: [ 619.562077][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 619.562143][ T38] 6 locks held by kworker/u8:4/67: [ 619.562155][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.562207][ T38] #1: ffffc9000152fbc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.562259][ T38] #2: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 619.562313][ T38] #3: ffff88803d11b0d8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x10a/0x3d0 [ 619.562362][ T38] #4: ffff88803d11c300 (&devlink->lock_key#5){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x11c/0x3d0 [ 619.562415][ T38] #5: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x257/0x2f0 [ 619.562478][ T38] 3 locks held by kworker/u8:6/1130: [ 619.562490][ T38] #0: ffff88802f72a138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.562542][ T38] #1: ffffc90004a67bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.562595][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 619.562662][ T38] 3 locks held by kworker/u8:17/3656: [ 619.562674][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.562726][ T38] #1: ffffc9000d58fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.562776][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 619.562823][ T38] 4 locks held by kworker/u9:1/5160: [ 619.562834][ T38] #0: ffff88805a81a938 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.562885][ T38] #1: ffffc9000f417bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.562938][ T38] #2: ffff888031ab0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 619.562990][ T38] #3: ffff888031ab00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 619.563055][ T38] 2 locks held by getty/5600: [ 619.563065][ T38] #0: ffff88823bf620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 619.563124][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 619.563180][ T38] 3 locks held by kworker/0:5/5931: [ 619.563191][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.563243][ T38] #1: ffffc90005ab7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.563294][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 619.563346][ T38] 1 lock held by syz.0.1890/10924: [ 619.563358][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 619.563414][ T38] 2 locks held by syz-executor/10950: [ 619.563425][ T38] #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 619.563478][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 619.563527][ T38] 2 locks held by syz-executor/10953: [ 619.563538][ T38] #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 619.563590][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 619.563639][ T38] 2 locks held by syz-executor/10955: [ 619.563650][ T38] #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 619.563701][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 619.563753][ T38] 2 locks held by syz-executor/10959: [ 619.563763][ T38] #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 619.563816][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 619.563871][ T38] 1 lock held by syz-executor/10978: [ 619.563882][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.563931][ T38] 1 lock held by syz-executor/10979: [ 619.563942][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.563989][ T38] 1 lock held by syz-executor/10982: [ 619.564001][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564056][ T38] 1 lock held by syz-executor/10984: [ 619.564068][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564115][ T38] 1 lock held by syz-executor/10987: [ 619.564127][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564175][ T38] 1 lock held by syz-executor/10997: [ 619.564186][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564234][ T38] 1 lock held by syz-executor/10999: [ 619.564245][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564293][ T38] 1 lock held by syz-executor/11001: [ 619.564304][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564352][ T38] 1 lock held by syz-executor/11003: [ 619.564363][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564410][ T38] 6 locks held by kworker/u9:3/11005: [ 619.564422][ T38] #0: ffff88801a6f3138 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.564478][ T38] #1: ffffc90004b17bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.564530][ T38] #2: ffff88804d700e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 619.564579][ T38] #3: ffff88804d7000a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 619.564634][ T38] #4: ffffffff8ee3b398 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 619.564689][ T38] #5: ffff88802728db58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 619.564741][ T38] 1 lock held by syz-executor/11009: [ 619.564752][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564799][ T38] 1 lock held by syz-executor/11019: [ 619.564810][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564859][ T38] 1 lock held by syz-executor/11022: [ 619.564870][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564918][ T38] 1 lock held by syz-executor/11023: [ 619.564929][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.564976][ T38] 1 lock held by syz-executor/11026: [ 619.564988][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 619.565052][ T38] 4 locks held by kworker/u9:7/11027: [ 619.565063][ T38] #0: ffff88803d079938 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 619.565119][ T38] #1: ffffc90004697bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 619.565171][ T38] #2: ffff88808b9ec0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 619.565222][ T38] #3: ffffffff8ee3b398 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 619.565274][ T38] [ 619.565279][ T38] ============================================= [ 619.565279][ T38] [ 619.565289][ T38] NMI backtrace for cpu 0 [ 619.565303][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 619.565325][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 619.565337][ T38] Call Trace: [ 619.565344][ T38] [ 619.565352][ T38] dump_stack_lvl+0x189/0x250 [ 619.565386][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 619.565416][ T38] ? __pfx__printk+0x10/0x10 [ 619.565453][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 619.565483][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 619.565513][ T38] ? __pfx__printk+0x10/0x10 [ 619.565540][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 619.565569][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 619.565599][ T38] watchdog+0xf93/0xfe0 [ 619.565632][ T38] ? watchdog+0x1de/0xfe0 [ 619.565664][ T38] kthread+0x70e/0x8a0 [ 619.565699][ T38] ? __pfx_watchdog+0x10/0x10 [ 619.565724][ T38] ? __pfx_kthread+0x10/0x10 [ 619.565759][ T38] ? __pfx_kthread+0x10/0x10 [ 619.565785][ T38] ret_from_fork+0x436/0x7d0 [ 619.565810][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 619.565836][ T38] ? __switch_to_asm+0x39/0x70 [ 619.565854][ T38] ? __switch_to_asm+0x33/0x70 [ 619.565868][ T38] ? __pfx_kthread+0x10/0x10 [ 619.565900][ T38] ret_from_fork_asm+0x1a/0x30 [ 619.565939][ T38] [ 619.565990][ T38] Sending NMI from CPU 0 to CPUs 1: [ 619.566029][ C1] NMI backtrace for cpu 1 [ 619.566046][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 619.566065][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 619.566074][ C1] RIP: 0010:__lock_acquire+0x50c/0xd20 [ 619.566098][ C1] Code: 49 83 c7 28 41 89 c4 48 39 cb 0f 8d d6 00 00 00 48 83 fb 31 0f 83 92 00 00 00 41 8b 07 25 ff 1f 00 00 48 0f a3 05 e4 e7 61 11 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 f0 f2 9e 92 eb 40 83 3d 8b 77 [ 619.566112][ C1] RSP: 0018:ffffc90000a3ee10 EFLAGS: 00000003 [ 619.566128][ C1] RAX: 000000000000000b RBX: 0000000000000003 RCX: 000000000000000b [ 619.566138][ C1] RDX: 0000000000000003 RSI: 0000000000000003 RDI: ffff88801ca99dc0 [ 619.566148][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff82136c7f [ 619.566158][ C1] R10: 0000000000000100 R11: 000000000000000e R12: 0000000000000003 [ 619.566168][ C1] R13: 0000000000000003 R14: ffff88801ca9aa98 R15: ffff88801ca9a978 [ 619.566180][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 619.566193][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 619.566204][ C1] CR2: 00007fe123955000 CR3: 000000008b576000 CR4: 00000000003526f0 [ 619.566221][ C1] Call Trace: [ 619.566227][ C1] [ 619.566237][ C1] ? ___slab_alloc+0x25f/0xdc0 [ 619.566252][ C1] lock_acquire+0x120/0x360 [ 619.566271][ C1] ? ___slab_alloc+0x25f/0xdc0 [ 619.566290][ C1] rt_spin_lock+0x88/0x2c0 [ 619.566308][ C1] ? ___slab_alloc+0x25f/0xdc0 [ 619.566323][ C1] ? __pfx_rt_spin_lock+0x10/0x10 [ 619.566342][ C1] ? __lock_acquire+0xab9/0xd20 [ 619.566364][ C1] ___slab_alloc+0x25f/0xdc0 [ 619.566379][ C1] ? skb_clone+0x212/0x3a0 [ 619.566397][ C1] ? skb_clone+0x212/0x3a0 [ 619.566411][ C1] kmem_cache_alloc_noprof+0xe6/0x310 [ 619.566434][ C1] skb_clone+0x212/0x3a0 [ 619.566448][ C1] ? vxcan_xmit+0x1eb/0x780 [ 619.566469][ C1] vxcan_xmit+0x1f8/0x780 [ 619.566488][ C1] ? vxcan_xmit+0x49/0x780 [ 619.566508][ C1] dev_hard_start_xmit+0x2f0/0x870 [ 619.566531][ C1] __dev_queue_xmit+0x1b50/0x3b70 [ 619.566551][ C1] ? __dev_queue_xmit+0x26f/0x3b70 [ 619.566569][ C1] ? stack_depot_save_flags+0x40/0x860 [ 619.566594][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 619.566610][ C1] ? skb_clone+0x212/0x3a0 [ 619.566624][ C1] ? can_can_gw_rcv+0x455/0xf20 [ 619.566641][ C1] ? can_rcv_filter+0x123/0x7d0 [ 619.566662][ C1] ? can_receive+0x312/0x450 [ 619.566682][ C1] ? canfd_rcv+0x145/0x270 [ 619.566702][ C1] ? __netif_receive_skb+0x164/0x380 [ 619.566720][ C1] ? process_backlog+0x31e/0x900 [ 619.566738][ C1] ? __napi_poll+0xb3/0x540 [ 619.566763][ C1] ? net_rx_action+0x707/0xe00 [ 619.566782][ C1] ? handle_softirqs+0x22f/0x710 [ 619.566799][ C1] ? run_ktimerd+0xcf/0x190 [ 619.566818][ C1] ? smpboot_thread_fn+0x53f/0xa60 [ 619.566836][ C1] ? kthread+0x70e/0x8a0 [ 619.566855][ C1] ? ret_from_fork+0x436/0x7d0 [ 619.566873][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 619.566899][ C1] ? __copy_skb_header+0xa7/0x550 [ 619.566916][ C1] can_send+0x905/0xd00 [ 619.566940][ C1] ? __pfx_can_send+0x10/0x10 [ 619.566962][ C1] ? skb_clone+0x246/0x3a0 [ 619.566976][ C1] ? can_can_gw_rcv+0x448/0xf20 [ 619.566995][ C1] can_can_gw_rcv+0xc45/0xf20 [ 619.567017][ C1] ? __pfx_can_can_gw_rcv+0x10/0x10 [ 619.567035][ C1] can_rcv_filter+0x123/0x7d0 [ 619.567056][ C1] ? can_receive+0x1a9/0x450 [ 619.567077][ C1] can_receive+0x312/0x450 [ 619.567100][ C1] canfd_rcv+0x145/0x270 [ 619.567121][ C1] ? __pfx_canfd_rcv+0x10/0x10 [ 619.567142][ C1] __netif_receive_skb+0x164/0x380 [ 619.567160][ C1] ? rt_spin_unlock+0x65/0x80 [ 619.567180][ C1] ? process_backlog+0x27b/0x900 [ 619.567198][ C1] process_backlog+0x31e/0x900 [ 619.567222][ C1] __napi_poll+0xb3/0x540 [ 619.567242][ C1] net_rx_action+0x707/0xe00 [ 619.567261][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 619.567289][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 619.567323][ C1] handle_softirqs+0x22f/0x710 [ 619.567345][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 619.567368][ C1] run_ktimerd+0xcf/0x190 [ 619.567388][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 619.567409][ C1] ? preempt_schedule_thunk+0x16/0x30 [ 619.567427][ C1] ? smpboot_thread_fn+0x5f4/0xa60 [ 619.567445][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 619.567463][ C1] smpboot_thread_fn+0x53f/0xa60 [ 619.567482][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 619.567503][ C1] kthread+0x70e/0x8a0 [ 619.567526][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 619.567544][ C1] ? __pfx_kthread+0x10/0x10 [ 619.567567][ C1] ? __pfx_kthread+0x10/0x10 [ 619.567589][ C1] ret_from_fork+0x436/0x7d0 [ 619.567609][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 619.567630][ C1] ? __switch_to_asm+0x39/0x70 [ 619.567644][ C1] ? __switch_to_asm+0x33/0x70 [ 619.567658][ C1] ? __pfx_kthread+0x10/0x10 [ 619.567680][ C1] ret_from_fork_asm+0x1a/0x30 [ 619.567701][ C1] [ 619.821913][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 619.821935][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 619.821956][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 619.821968][ T38] Call Trace: [ 619.821975][ T38] [ 619.821985][ T38] dump_stack_lvl+0x99/0x250 [ 619.822016][ T38] ? __asan_memcpy+0x40/0x70 [ 619.822037][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 619.822062][ T38] ? __pfx__printk+0x10/0x10 [ 619.822094][ T38] vpanic+0x281/0x750 [ 619.822122][ T38] ? __pfx_vpanic+0x10/0x10 [ 619.822144][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 619.822162][ T38] ? preempt_schedule+0xae/0xc0 [ 619.822189][ T38] ? preempt_schedule_common+0x83/0xd0 [ 619.822221][ T38] panic+0xb9/0xc0 [ 619.822245][ T38] ? __pfx_panic+0x10/0x10 [ 619.822270][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 619.822297][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 619.822323][ T38] watchdog+0xfd2/0xfe0 [ 619.822351][ T38] ? watchdog+0x1de/0xfe0 [ 619.822379][ T38] kthread+0x70e/0x8a0 [ 619.822408][ T38] ? __pfx_watchdog+0x10/0x10 [ 619.822429][ T38] ? __pfx_kthread+0x10/0x10 [ 619.822459][ T38] ? __pfx_kthread+0x10/0x10 [ 619.822485][ T38] ret_from_fork+0x436/0x7d0 [ 619.822511][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 619.822539][ T38] ? __switch_to_asm+0x39/0x70 [ 619.822554][ T38] ? __switch_to_asm+0x33/0x70 [ 619.822570][ T38] ? __pfx_kthread+0x10/0x10 [ 619.822596][ T38] ret_from_fork_asm+0x1a/0x30 [ 619.822629][ T38] [ 619.822781][ T38] Kernel Offset: disabled