last executing test programs: 2m12.090365426s ago: executing program 4 (id=1353): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r1 = socket(0x1e, 0x0, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000000)=@req={0x5, 0x8, 0x4, 0x5}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x80104592, 0x0) r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ppoll(&(0x7f00000013c0)=[{r6}], 0x1, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x800000000000008b}, 0x0) sched_setscheduler(r3, 0x5, &(0x7f0000000080)=0x7) 2m7.297797791s ago: executing program 4 (id=1361): syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x1010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000040)) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b52, &(0x7f0000000040)={0x0, 0x0}) 2m5.7297991s ago: executing program 4 (id=1366): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r0, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0383e04, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000100), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0xf, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x41000, 0x11}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='netlink_extack\x00'}, 0x10) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffecc, &(0x7f0000000200)=0x101) r4 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x5, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 2m1.940511584s ago: executing program 4 (id=1371): socket$inet6_sctp(0xa, 0x5, 0x84) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x3fd701) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000380)={0xffffffffffffffff, 0x9, 0x7f, r1}) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) sendfile(r2, 0xffffffffffffffff, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f00000003c0), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="04f50ffd97aeb1"], 0x3) r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f0000000040)={0x26, 0x1, 0x0, "27425b895f17386bcec1d8665c0084feea0be6b8a80052d063e6179d13f019e3"}) syz_open_dev$video4linux(&(0x7f0000000140), 0xffffffffffffffff, 0x4000) socket$inet_sctp(0x2, 0x0, 0x84) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$qrtr(0x2a, 0x2, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0) r4 = inotify_init() inotify_add_watch(r4, &(0x7f00000000c0)='./file0\x00', 0x20000002) open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 1m57.322699161s ago: executing program 4 (id=1377): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) 1m57.063638993s ago: executing program 4 (id=1378): close(0xffffffffffffffff) process_vm_readv(0x0, &(0x7f0000008400), 0x0, &(0x7f0000000400)=[{0x0}, {0x0}], 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x18, r6, 0x351d4d5b9375e359, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x4}]}, 0x18}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r7) r8 = inotify_init1(0x0) fcntl$setown(r8, 0x8, 0xffffffffffffffff) fcntl$getownex(r8, 0x10, &(0x7f0000000140)={0x0, 0x0}) r10 = syz_open_procfs(r9, &(0x7f0000000600)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r10, 0x6611, 0x0) 1m41.335704187s ago: executing program 1 (id=1399): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r0, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0383e04, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000100), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0xf, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x41000, 0x11}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='netlink_extack\x00'}, 0x10) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffecc, &(0x7f0000000200)=0x101) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x5, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 1m39.05818251s ago: executing program 1 (id=1403): r0 = socket$inet6(0xa, 0x806, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e23}, 0x1c) listen(r0, 0x3) connect$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$radio(&(0x7f0000000100), 0x2, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[]) 1m35.715561588s ago: executing program 1 (id=1406): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x0, 0x0}) 1m35.318686214s ago: executing program 1 (id=1407): mkdir(0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r0, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0383e04, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000100), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0xf, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x41000, 0x11}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='netlink_extack\x00'}, 0x10) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffecc, &(0x7f0000000200)=0x101) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x5, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 1m32.997027995s ago: executing program 1 (id=1410): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x2, @mcast2, 0x2}, 0x1c) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0xb) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xb) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x1c8, 0x12) 1m30.084648729s ago: executing program 1 (id=1413): openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)={@map=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f00007c9000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x18, 0x9, 0x40, 0x3, 0x2839, r1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000193c0)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="000000001400010020010000000000000000000000000000080002000000000000625fd05a159094b2a4fcfe2b6ce2c62b61fdb71ecedd730b4a57d5abb8575f0f40fef46cdf48191fee4f8b90f312e3ec36c31c0cb25be796691e0b654210053bbe5aa65f4bb7b45143f4feecf0203fe63d77e3ad95f3f1aaf5784471633c23c27bf5281272e36ec72f8d4c7df02871d137963419aecb342446"], 0x38}}, 0x0) read$msr(r2, &(0x7f00000003c0)=""/102376, 0x18fe8) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, 0x0) io_uring_setup(0x3c92, &(0x7f0000000200)={0x0, 0xb, 0x20, 0x0, 0x600000, 0x0, r1}) syz_usb_disconnect(0xffffffffffffffff) 17.127435825s ago: executing program 2 (id=1505): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380)={0x0, 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) socket$inet(0xa, 0x801, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket(0x840000000002, 0x3, 0x100) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000000c00050000000000000000000c0002000000000000000000040007800c000800000000000000000008000100000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r6, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100"], 0x90}}, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) setpgid(0x0, r1) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$media(&(0x7f00000006c0), 0x4005, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r7, 0x80047c05, &(0x7f0000000100)) 15.187976093s ago: executing program 0 (id=1509): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000700)="ad56b6cc0400aeb995298992cafffeffffa5018cc1ab5252b39a6a87f4b258fe9e3b19a60000304015b642a1725fdb58bae6d73c142a3998a3cc5ab1eaa2c2eecd31260279a64307b47d0b865df902cf35a4dde8d4f86f1b73df3170a8764231909ea2de2f58ab887a35e75a3c42019438aa8d89b1015d", 0x77) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x2, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) fsopen(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x4c, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0xba01}, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@ipv6_newrule={0x16, 0x20, 0x1}, 0x1c}}, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x50, &(0x7f0000002140)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\"\x00', 0x1a, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @ipv4={'\x00', '\xff\xff', @broadcast}, [{}]}}}}}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, 0x0, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r5, 0x400455c8, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, r3, 0x147, 0x0, 0x0, {{}, {}, {0x3}}}, 0x30}}, 0x0) 13.950951772s ago: executing program 2 (id=1510): syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r1 = getpgid(0xffffffffffffffff) prlimit64(r1, 0x4, &(0x7f0000000140)={0xfffffffffffffffe}, 0x0) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000180)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = io_uring_setup(0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x0, 0xd4a4}) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f00006ea000/0x2000)=nil, 0x2000, 0xb635773f07ebbeea, 0x10, 0xffffffffffffffff, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f0000000340)={'tunl0\x00', 0x0, 0x7800, 0x80, 0x8, 0xfffffff5, {{0x1b, 0x4, 0x1, 0x3, 0x6c, 0x66, 0x0, 0x7, 0x4, 0x0, @remote, @private=0xa010100, {[@timestamp={0x44, 0xc, 0xd4, 0x0, 0x7, [0x2, 0x7]}, @ssrr={0x89, 0x17, 0xbf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback]}, @timestamp_prespec={0x44, 0x34, 0x1b, 0x3, 0x9, [{@private=0xa010101, 0x23}, {@loopback, 0x7}, {@broadcast, 0x1747}, {@loopback, 0x9482}, {@private=0xa010100, 0x3}, {@remote, 0x8}]}]}}}}}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000280)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r10}) close_range(r4, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r0, 0x201, 0x0, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) socket$tipc(0x1e, 0x4, 0x0) 12.726695942s ago: executing program 2 (id=1512): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) getcwd(0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x40, 0x0, 0x4, 0x0, r0}, 0x48) r4 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0) write$selinux_access(r4, 0x0, 0x0) 11.786549841s ago: executing program 3 (id=1513): syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) remap_file_pages(&(0x7f0000491000/0x1000)=nil, 0x1000, 0x11, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) unshare(0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x0, 0x800}, 0x20) mount$bind(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000100)='./file0/file0\x00', 0x0, 0x100000, 0x0) mount$bind(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x91905a, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)={0x18, r4, 0x15, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}}, 0x0) read$FUSE(r2, &(0x7f0000000600)={0x2020}, 0xffffffb5) syz_io_uring_submit(0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_SHUTDOWN={0x22, 0x8, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x1}) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0xffffffeffffffffc, 0x0) set_mempolicy(0x3, &(0x7f0000000000)=0x5, 0x8) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x20003000, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48) 11.376723334s ago: executing program 0 (id=1514): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x2, @mcast2, 0x2}, 0x1c) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0xb) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xb) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r6}, 0x10) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r7, &(0x7f0000000040)=0x1c8, 0x12) 9.797027995s ago: executing program 0 (id=1515): mount$9p_fd(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYRESOCT]) 9.659408179s ago: executing program 0 (id=1516): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380)={0x0, 0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) socket$inet(0xa, 0x801, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket(0x840000000002, 0x3, 0x100) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000000c00050000000000000000000c0002000000000000000000040007800c000800000000000000000008000100000000004400078008000100", @ANYRES32, @ANYBLOB="38000100", @ANYRES32=r6, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100"], 0x90}}, 0x0) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r2, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14) setpgid(0x0, r1) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_open_dev$media(&(0x7f00000006c0), 0x4005, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r7, 0x80047c05, &(0x7f0000000100)) 8.532988923s ago: executing program 2 (id=1517): syz_open_dev$vim2m(&(0x7f00000004c0), 0x100005, 0x2) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x6, 0x6, 0x80, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x48) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="05000000000000e000000600000008000300", @ANYRES32=r4, @ANYBLOB="080005000200"], 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000001c0)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x24060951}, 0x0) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) socketpair(0x29, 0x2, 0x0, &(0x7f0000000a40)={0xffffffffffffffff}) r7 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x200c8004, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @mcast2}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0xc001, 0x0, 0x0) sendmsg$inet6(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000ac0)="2f6c62fdf406a1a017d356c35c10e4d1be87033978d275293527325d1cd47e250c86", 0x22}], 0x1}, 0x0) setsockopt$inet6_int(r7, 0x29, 0x19, 0x0, 0x0) r8 = socket$unix(0x1, 0x2, 0x0) syz_80211_inject_frame(&(0x7f0000000280), &(0x7f0000000580)=ANY=[@ANYRES8=r7, @ANYRESDEC=r7, @ANYRES32=r8, @ANYRES64=r5, @ANYRESDEC, @ANYRES64=r0, @ANYRESHEX=r3], 0x28) sendto$inet(0xffffffffffffffff, &(0x7f0000000300)="e229fc04553d512e813124f99b80d5326782df004e2e54705982f0cb77cbbd52fceda2a7fedf3595e4ab7737f1e7fde3c3892bf4f107e2131e94fd9810ed68f7c9c22efc8c8cfa17fe00336361fee07d9d50c4c13b5e5bfba541a8d0ce278affdcd0625e649d17829a2d5a63131de996e92909871f6b01ec1b1a04375b96e2ce5b9100f6ff0000000000000000000000000087941817a3496c400d95b24a55f53551c1699ec7868f36f10fa2c68a03592e3c4a48f8a21715120bf6f4126e3747d1359e39cf6e095718ef36e2f61dbad20f8b3d4ee9cf4b55a1487835021d520ab85ef59b60580b4ed75e727bd76f47ab6bb2e631e1a1a45ab2d0db275cc3633f12aa7ce126c318616bb54f9bae2e2311daad7b254448e552bda71cdc3aa6fe18537822d6fc30114d83bfd5d6aa027f0a146206ceead6d5b347619419d5881ee325672b7476afcdfade51b9ae568b40c2fc91a52d29c7e5e596610cb36edc8116000dd8a93a9551f7d7d2d62a56939938a171c1ed960f59a6e013e557fad71b3b8986d14dbaf649f5340f75ffa296eec9d8b788623901aca301c07124efee955f1a7cde6c8931b13b3eb3ec", 0xffffff6d, 0x4048041, 0x0, 0x0) socket(0x21, 0x2, 0x2) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) sendmsg$NL80211_CMD_GET_MPP(r6, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x40, r3, 0x10, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}]}, 0x40}, 0x1, 0x0, 0x0, 0x4084}, 0x8000) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 8.191431558s ago: executing program 3 (id=1518): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r1 = socket(0x1e, 0x0, 0x0) r2 = socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000000)=@req={0x5, 0x8, 0x4, 0x5}, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x80104592, 0x0) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ppoll(&(0x7f00000013c0)=[{r7}], 0x1, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000140)={0x8, 0x800000000000008b}, 0x0) sched_setscheduler(r4, 0x5, &(0x7f0000000080)=0x7) 6.519115913s ago: executing program 3 (id=1519): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffca1}, 0x90) keyctl$set_reqkey_keyring(0xe, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000000340)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xe8}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'}) setsockopt$packet_int(r2, 0x107, 0xf, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0) read$nci(r3, &(0x7f0000000200)=""/100, 0x64) r7 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r7, 0x114, 0xa, &(0x7f0000000000)={0x2, '\x00\x00'}, 0x3) r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x2d0822dc2e5b5753, 0x0, 0x1, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r9, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r9, 0x0) 6.103970015s ago: executing program 0 (id=1520): r0 = syz_open_dev$sg(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat$loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) init_module(&(0x7f0000000300)='(\x00\xdd\xdax\xa0`y\"\x94\x81\x03q\x91\xdb^4\xd6\x8aA\x96\xdf\"\xfb\x92\rWu\xc0OW@\x91\xb8\xb6-D\x8b\xe7\x01\xff\x1a+\x89\xeeI;R\xd3\x90\x8c\xaaf\xe2\x80Vd!{\x0f\xa3\xd3\x84\xa2\x8f\xa3\xd8\x01\xa2r\x8b9\x18\xf6^c\x19\xe3\x18_g\xfc\xa5\n\xb2\xb7 \xe9DP\xdf6\x87D\xef\xc6G\xb9\xef3\x8f\xdc\xc3\x03\x88\x83\x17\xe5\x8f\xd0\x8c}D\xd1\xc7\x8fD\xa6P\x89\xe1t\t\xcf\x16]\xaaIi\x88\xd1\xf5X\x96C\xee\x17\x02\x85W\xf5_)j#\xcf\x17\x8b\xbaB|\xb0=\x02AC\xf7\xe7T\xda\x00\xe1\xf2\xfcl\x00'/175, 0xaf, 0x0) pipe2$9p(0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000040)=0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r0, @ANYRESHEX=r3, @ANYRES64=0xffffffffffffffff], 0x548}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x1000000000000f, &(0x7f0000000180)=0x57bb, 0x3c) memfd_create(0x0, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f00000005c0)="d64018d045425ac05ef8825ab12f4cdfaf249ed25b2237ec697b1a2672f0eebf752b42a90d7ce1bb6cecde79137894996f34a9ddd06068a9360753eac71eb73e721b50443ae5e8577a1d34201aee2aa328c12d859757fb0edfbdea0f3628fe3f4a7644a465df876afdcdcd2e30859763deda795aefd8d36d1fba16e6c96c78a38742063c8de5acbfc6308a7fd282d958725da202db52c2d49bed515de5035d8fb6b24ae8d37accc6181d74535e8f01aaabd131cd5f44030f5d26eda9c4f7f0168557ca9e3a9f0ee80604d95d25400c563cd8d3a2b460b84084a199fa2d9e763a88c512e89cd09eb409bae58a7a1302266f1d9e3e962ee030fe5e7e3cdd85572b67c0d9c5f1bd6d142c05cdcc5816bb5687318ac45114b77239a8dfb6f6862216502896e3ca6b87ebdee36031f6f34413c052e5fb430876a20ea628c7c6e14649675b20a8e5e03e099fe834495e2fee5ae79d422507726386b7e4da6709b720583963977f1cf38e3a89de375671662a1ec139362dbf2bf042cc4c6dbeb88235d874dc5697a5e28a233abb103b30a934395daa6b7f43812951396dff8028335ee78701cf895ceaa5706a648f5f32563b638cc85062d83d54c9ebb1f6fb42e9e258880ef4e078287426973901005214737b49246ee9e2e588f2843e791fb6e822ed24e56210e91ea3c76ff6c7a150f175e749049a01000000000000809136d560ab62444b0fae23eb", 0x207) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180400000100f1ff0000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r7}, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="000000000a82f530896beb35ca2e6b543152e522d14f2f61de1578c4d261dc0feed5d8d7c06763e8e4d85e5360e9ce31f695bc86ebdfc333e1324f186a5a42b7c677af070827cc94f3953fe585365f8db88c7866622bea629f44e6da2bcc4fded5a09b6591ae712a4604a63f30f5590d9ffc4f24277aedf2260ab95dbd4a5216dd32bb0843a7e1c80cdd101b3892e2bfed878b6a7332dd8a4f79be8bbb8deda65e2ec1191a7f158fe5f107d0e6a9d8f46a8ab29ec577a28e7ea125a4691a9db68befeecb02d69995a97581cdfefcef8c56", @ANYRES64, @ANYRES32=r4], 0x2c}}, 0x1) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)) ioctl$TIOCL_SETSEL(r8, 0x541c, &(0x7f00000001c0)={0x2, {0x2, 0x3000, 0x0, 0x1fc}}) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x1b, 0x0, "05be04f85f24b3154478c908c2f6ecd93900e179a582b52ce9cfeb10f466693ce04d4c38eef0cdc8075077a1f8d2e67f41bbcb62a57680a053b58536349d9c41", "e3c055e4c17b5fec8c1737c24bc5bbb0751fe63b9e0c55b1e82eac590b9d7f057b8d7c7af91d8d9d0b4f7525250c81dd277b5b6cbc5b00", "7a91b590b9c06821ef5c606d5f4ba751aae2edcc2717a215ed6e2285e774391e", [0x7, 0x2]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1c, &(0x7f0000000200)={0x3, &(0x7f0000000000)=[{0x15}, {0x7}, {0x6, 0x8d, 0x0, 0x1}]}) socket$inet_sctp(0x2, 0x1, 0x84) 4.611300613s ago: executing program 2 (id=1521): syz_open_dev$sg(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mknodat$loop(0xffffffffffffff9c, 0x0, 0x0, 0x0) init_module(&(0x7f0000000300)='(\x00\xdd\xdax\xa0`y\"\x94\x81\x03q\x91\xdb^4\xd6\x8aA\x96\xdf\"\xfb\x92\rWu\xc0OW@\x91\xb8\xb6-D\x8b\xe7\x01\xff\x1a+\x89\xeeI;R\xd3\x90\x8c\xaaf\xe2\x80Vd!{\x0f\xa3\xd3\x84\xa2\x8f\xa3\xd8\x01\xa2r\x8b9\x18\xf6^c\x19\xe3\x18_g\xfc\xa5\n\xb2\xb7 \xe9DP\xdf6\x87D\xef\xc6G\xb9\xef3\x8f\xdc\xc3\x03\x88\x83\x17\xe5\x8f\xd0\x8c}D\xd1\xc7\x8fD\xa6P\x89\xe1t\t\xcf\x16]\xaaIi\x88\xd1\xf5X\x96C\xee\x17\x02\x85W\xf5_)j#\xcf\x17\x8b\xbaB|\xb0=\x02AC\xf7\xe7T\xda\x00\xe1\xf2\xfcl\x00'/175, 0xaf, 0x0) pipe2$9p(0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000040)=0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x548}, 0x1, 0x0, 0x0, 0xc000}, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000180)=0x57bb, 0x3c) memfd_create(0x0, 0x0) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f00000005c0)="d64018d045425ac05ef8825ab12f4cdfaf249ed25b2237ec697b1a2672f0eebf752b42a90d7ce1bb6cecde79137894996f34a9ddd06068a9360753eac71eb73e721b50443ae5e8577a1d34201aee2aa328c12d859757fb0edfbdea0f3628fe3f4a7644a465df876afdcdcd2e30859763deda795aefd8d36d1fba16e6c96c78a38742063c8de5acbfc6308a7fd282d958725da202db52c2d49bed515de5035d8fb6b24ae8d37accc6181d74535e8f01aaabd131cd5f44030f5d26eda9c4f7f0168557ca9e3a9f0ee80604d95d25400c563cd8d3a2b460b84084a199fa2d9e763a88c512e89cd09eb409bae58a7a1302266f1d9e3e962ee030fe5e7e3cdd85572b67c0d9c5f1bd6d142c05cdcc5816bb5687318ac45114b77239a8dfb6f6862216502896e3ca6b87ebdee36031f6f34413c052e5fb430876a20ea628c7c6e14649675b20a8e5e03e099fe834495e2fee5ae79d422507726386b7e4da6709b720583963977f1cf38e3a89de375671662a1ec139362dbf2bf042cc4c6dbeb88235d874dc5697a5e28a233abb103b30a934395daa6b7f43812951396dff8028335ee78701cf895ceaa5706a648f5f32563b638cc85062d83d54c9ebb1f6fb42e9e258880ef4e078287426973901005214737b49246ee9e2e588f2843e791fb6e822ed24e56210e91ea3c76ff6c7a150f175e749049a01000000000000809136d560ab62444b0fae23eb", 0x207) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), 0xffffffffffffffff) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180400000100f1ff0000000000030000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="000000000a82f530896beb35ca2e6b543152e522d14f2f61de1578c4d261dc0feed5d8d7c06763e8e4d85e5360e9ce31f695bc86ebdfc333e1324f186a5a42b7c677af070827cc94f3953fe585365f8db88c7866622bea629f44e6da2bcc4fded5a09b6591ae712a4604a63f30f5590d9ffc4f24277aedf2260ab95dbd4a5216dd32bb0843a7e1c80cdd101b3892e2bfed878b6a7332dd8a4f79be8bbb8deda65e2ec1191a7f158fe5f107d0e6a9d8f46a8ab29ec577a28e7ea125a4691a9db68befeecb02d69995a97581cdfefcef8c56", @ANYRES64, @ANYRES32], 0x2c}}, 0x1) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)) ioctl$TIOCL_SETSEL(r6, 0x541c, &(0x7f00000001c0)={0x2, {0x2, 0x3000, 0x0, 0x1fc}}) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x9, 0x1b, 0x0, "05be04f85f24b3154478c908c2f6ecd93900e179a582b52ce9cfeb10f466693ce04d4c38eef0cdc8075077a1f8d2e67f41bbcb62a57680a053b58536349d9c41", "e3c055e4c17b5fec8c1737c24bc5bbb0751fe63b9e0c55b1e82eac590b9d7f057b8d7c7af91d8d9d0b4f7525250c81dd277b5b6cbc5b00", "7a91b590b9c06821ef5c606d5f4ba751aae2edcc2717a215ed6e2285e774391e", [0x7, 0x2]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1c, &(0x7f0000000200)={0x3, &(0x7f0000000000)=[{0x15}, {0x7}, {0x6, 0x8d, 0x0, 0x1}]}) socket$inet_sctp(0x2, 0x1, 0x84) 2.624001055s ago: executing program 0 (id=1522): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffca1}, 0x90) keyctl$set_reqkey_keyring(0xe, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000000340)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0xe8}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r3, 0x0, &(0x7f00000000c0)=0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r6, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x0) read$nci(r3, &(0x7f0000000200)=""/100, 0x64) r7 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r7, 0x114, 0xa, &(0x7f0000000000)={0x2, '\x00\x00'}, 0x3) r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x2d0822dc2e5b5753, 0x0, 0x1, 0x2000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, r8, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r9, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r9, 0x0) 2.575546782s ago: executing program 2 (id=1523): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r0, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0383e04, 0x0) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, &(0x7f0000000100), 0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0xf, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x41000, 0x11}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000540)='netlink_extack\x00'}, 0x10) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500), 0xc) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r3, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffecc, &(0x7f0000000200)=0x101) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) set_mempolicy_home_node(&(0x7f0000349000/0xa000)=nil, 0xa000, 0x5, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) 2.541395429s ago: executing program 3 (id=1524): mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYRESOCT]) 2.0492431s ago: executing program 3 (id=1525): openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)={@map=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20) epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mremap(&(0x7f00007c9000/0x1000)=nil, 0x1000, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x18, 0x9, 0x40, 0x3, 0x2839, r1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x2, 0x2}, 0x48) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000193c0)=ANY=[@ANYBLOB="380000001a00010000000000000000000a008000", @ANYBLOB="000000001400010020010000000000000000000000000000080002000000000000625fd05a159094b2a4fcfe2b6ce2c62b61fdb71ecedd730b4a57d5abb8575f0f40fef46cdf48191fee4f8b90f312e3ec36c31c0cb25be796691e0b654210053bbe5aa65f4bb7b45143f4feecf0203fe63d77e3ad95f3f1aaf5784471633c23c27bf5281272e36ec72f8d4c7df02871d137963419aecb3424461055b507d25d97d596383aea6a94e07c9024f2d211"], 0x38}}, 0x0) read$msr(r2, &(0x7f00000003c0)=""/102376, 0x18fe8) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') ioctl$F2FS_IOC_SET_PIN_FILE(r4, 0x4004f50d, 0x0) io_uring_setup(0x3c92, &(0x7f0000000200)={0x0, 0xb, 0x20, 0x0, 0x600000, 0x0, r1}) syz_usb_disconnect(0xffffffffffffffff) 0s ago: executing program 3 (id=1526): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000380)={0x0, 0x0}) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'bridge0\x00', 0x0}) socket$inet(0xa, 0x801, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_route(0x10, 0x3, 0x0) socket(0x840000000002, 0x3, 0x100) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r6, @ANYBLOB="01000000000000000000010000000c00050000000000000000000c0002000000000000000000040007800c000800000000000000000008000100000000004400078008000100", @ANYBLOB="38000100", @ANYRES32=r7, @ANYBLOB="64800400", @ANYRES32, @ANYBLOB="08000100"], 0x90}}, 0x0) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62) sendto$packet(r3, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) setpgid(0x0, r1) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) setxattr$trusted_overlay_redirect(0x0, 0x0, 0x0, 0x0, 0x0) r8 = syz_open_dev$media(&(0x7f00000006c0), 0x4005, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r8, 0x80047c05, &(0x7f0000000100)) kernel console output (not intermixed with test programs): .340099][ T5299] usb 1-1: Using ep0 maxpacket: 16 [ 623.361222][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 623.404176][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.490694][ T5299] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 623.536469][ T5299] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 623.584704][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.643125][ T5299] usb 1-1: config 0 descriptor?? [ 623.811724][ T9512] netlink: 8 bytes leftover after parsing attributes in process `syz.2.886'. [ 624.809397][ T5299] microsoft 0003:045E:07DA.0007: No inputs registered, leaving [ 625.028721][ T5299] microsoft 0003:045E:07DA.0007: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 625.173293][ T5299] microsoft 0003:045E:07DA.0007: no inputs found [ 625.221978][ T5299] microsoft 0003:045E:07DA.0007: could not initialize ff, continuing anyway [ 626.481167][ T25] usb 1-1: USB disconnect, device number 24 [ 626.996602][ T9535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.890'. [ 627.667423][ T9539] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 628.896097][ T1173] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 629.094626][ T1173] usb 5-1: device descriptor read/64, error -71 [ 629.442367][ T1173] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 629.675006][ T1173] usb 5-1: device descriptor read/64, error -71 [ 630.324932][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.331388][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.347077][ T1173] usb usb5-port1: attempt power cycle [ 630.671103][ T9553] netlink: 8 bytes leftover after parsing attributes in process `syz.0.894'. [ 630.855902][ T9553] netlink: 4 bytes leftover after parsing attributes in process `syz.0.894'. [ 630.901462][ T9553] netlink: 36 bytes leftover after parsing attributes in process `syz.0.894'. [ 632.451903][ T9589] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket pid=9589 comm=syz.0.905 [ 632.612334][ T25] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 632.820690][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 632.881587][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.908697][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.926213][ T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 632.941537][ T25] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 632.956395][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.989814][ T25] usb 5-1: config 0 descriptor?? [ 635.469303][ T25] usbhid 5-1:0.0: can't add hid device: -71 [ 635.588389][ T29] audit: type=1400 audit(1724035045.248:337): avc: denied { write } for pid=4652 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 635.613461][ T25] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 635.631886][ T29] audit: type=1400 audit(1724035045.248:338): avc: denied { remove_name } for pid=4652 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 635.643078][ T9618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 635.703653][ T25] usb 5-1: USB disconnect, device number 40 [ 635.745884][ T29] audit: type=1400 audit(1724035045.248:339): avc: denied { add_name } for pid=4652 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 636.227641][ T5269] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 636.452474][ T5269] usb 3-1: device descriptor read/64, error -71 [ 636.742342][ T5269] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 636.992299][ T5269] usb 3-1: device descriptor read/64, error -71 [ 637.951280][ T5269] usb usb3-port1: attempt power cycle [ 638.392330][ T5269] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 638.559633][ T9628] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 638.590267][ T5269] usb 3-1: device descriptor read/8, error -71 [ 639.381109][ T1173] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 643.222500][ T5299] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 643.459847][ T5299] usb 1-1: Using ep0 maxpacket: 16 [ 643.472380][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 643.500901][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 643.540543][ T5299] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 643.584525][ T5299] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 643.613689][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.656846][ T5299] usb 1-1: config 0 descriptor?? [ 646.337853][ T9685] netlink: 8 bytes leftover after parsing attributes in process `syz.4.927'. [ 646.460393][ T5299] usbhid 1-1:0.0: can't add hid device: -71 [ 646.492759][ T5299] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 646.664290][ T5299] usb 1-1: USB disconnect, device number 25 [ 652.146502][ T9755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.943'. [ 654.710449][ T9771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.947'. [ 654.743424][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz.4.947'. [ 654.834268][ T9771] netlink: 36 bytes leftover after parsing attributes in process `syz.4.947'. [ 655.558119][ T9801] netlink: 8 bytes leftover after parsing attributes in process `syz.1.950'. [ 655.587234][ T9801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.950'. [ 655.670243][ T9801] netlink: 52 bytes leftover after parsing attributes in process `syz.1.950'. [ 657.742794][ T9814] netlink: 8 bytes leftover after parsing attributes in process `syz.0.956'. [ 665.035778][ T9880] 9pnet_fd: Insufficient options for proto=fd [ 670.964401][ T5299] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 671.025405][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.982'. [ 671.195139][ T5299] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 671.225043][ T5299] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 671.255310][ T5299] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 671.300532][ T5299] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 671.352581][ T5299] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 671.363223][ T5299] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 671.382257][ T9] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 671.403201][ T5299] usb 4-1: Product: syz [ 671.411066][ T5299] usb 4-1: Manufacturer: syz [ 671.437592][ T5299] cdc_wdm 4-1:1.0: skipping garbage [ 671.452527][ T5299] cdc_wdm 4-1:1.0: skipping garbage [ 671.494683][ T5299] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 671.595011][ T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 671.631858][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 671.706538][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 671.776476][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 671.834653][ T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 671.851837][ T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 671.880738][ T9] usb 2-1: Product: syz [ 671.933861][ T9] usb 2-1: Manufacturer: syz [ 671.949828][ T9472] usb 4-1: USB disconnect, device number 35 [ 672.009301][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 672.062231][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 672.114810][ T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 672.152298][ T9] cdc_wdm 2-1:1.0: Unknown control protocol [ 673.371574][ T9957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.987'. [ 673.431732][ T9957] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'. [ 673.470621][ T9957] netlink: 36 bytes leftover after parsing attributes in process `syz.0.987'. [ 677.347392][ T9472] usb 2-1: USB disconnect, device number 48 [ 679.004640][T10006] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket pid=10006 comm=syz.1.997 [ 683.147843][T10042] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1006'. [ 683.183994][T10042] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1006'. [ 683.218315][T10042] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1006'. [ 688.671795][T10086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1016'. [ 690.887636][T10112] Invalid ELF header magic: != ELF [ 691.025079][T10100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 691.160762][T10116] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1025'. [ 691.180684][ T29] audit: type=1326 audit(1724035100.838:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10107 comm="syz.3.1023" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda64579e79 code=0x0 [ 691.272780][ C1] vkms_vblank_simulate: vblank timer overrun [ 691.570615][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.578560][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.592336][ T5299] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 691.802539][ T5299] usb 1-1: device descriptor read/64, error -71 [ 692.114294][ T5299] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 692.433410][ T5299] usb 1-1: device descriptor read/64, error -71 [ 692.566878][ T5299] usb usb1-port1: attempt power cycle [ 692.591620][T10130] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1030'. [ 693.562409][ T5299] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 693.705893][ T5299] usb 1-1: device descriptor read/8, error -71 [ 694.072545][ T9472] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 694.533797][ T9472] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 694.646184][ T9472] usb 2-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 695.047657][ T9472] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.056823][ T9472] usb 2-1: Product: syz [ 695.061160][ T9472] usb 2-1: Manufacturer: syz [ 695.067697][ T9472] usb 2-1: SerialNumber: syz [ 695.100798][ T9472] usb 2-1: config 0 descriptor?? [ 695.127348][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 695.172316][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 695.179251][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 695.322356][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 695.434440][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 695.532654][ T9472] usb 2-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 696.417355][ T9472] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 696.442688][ T9472] usb 2-1: USB disconnect, device number 49 [ 700.742817][ T8] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 700.952213][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 701.005087][T10170] Invalid ELF header magic: != ELF [ 701.013245][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 701.090587][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 701.188003][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 701.245216][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 701.361270][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 701.390514][ T29] audit: type=1326 audit(1724035111.048:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10167 comm="syz.0.1040" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a3f379e79 code=0x0 [ 701.416131][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 701.435922][T10166] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 701.600713][T10176] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1043'. [ 701.773069][ T8] usb 5-1: GET_CAPABILITIES returned 0 [ 701.778854][ T8] usbtmc 5-1:16.0: can't read capabilities [ 701.806349][ T1173] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 701.866073][ T5271] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 701.972479][ T1173] usb 3-1: device descriptor read/64, error -71 [ 702.125562][ T5271] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 702.414191][ T5271] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 702.634279][ T1173] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 702.651527][ T5271] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 702.656362][ T9507] udevd[9507]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 702.715188][ T5271] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 702.742644][ T5271] usb 4-1: Manufacturer: syz [ 702.750490][ C0] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 702.796342][T10163] usbtmc 5-1:16.0: Unable to send data, error -71 [ 702.812592][ T5271] usb 4-1: config 0 descriptor?? [ 702.819932][ T1173] usb 3-1: device descriptor read/64, error -71 [ 702.864666][ T5271] igorplugusb 4-1:0.0: incorrect number of endpoints [ 702.864687][ T5292] usb 5-1: USB disconnect, device number 41 [ 702.978752][ T1173] usb usb3-port1: attempt power cycle [ 703.546923][ T8] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 703.690787][ T1173] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 704.361685][ T1173] usb 3-1: device descriptor read/8, error -71 [ 704.406089][ T8] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 704.454390][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 704.476089][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 704.487771][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 704.506080][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 704.519641][ T8] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 704.534535][ T8] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 704.543645][ T8] usb 1-1: Product: syz [ 704.549120][ T8] usb 1-1: Manufacturer: syz [ 704.580941][ T8] cdc_wdm 1-1:1.0: skipping garbage [ 704.591488][ T8] cdc_wdm 1-1:1.0: skipping garbage [ 704.619329][ T8] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 704.634152][ T8] cdc_wdm 1-1:1.0: Unknown control protocol [ 704.989231][T10188] cdc_wdm 1-1:1.0: Error submitting int urb - -90 [ 705.005407][T10188] cdc_wdm 1-1:1.0: Error submitting int urb - -90 [ 705.016297][ T8] usb 1-1: USB disconnect, device number 30 [ 705.024242][T10204] Invalid ELF header magic: != ELF [ 705.551911][ T5269] usb 4-1: USB disconnect, device number 36 [ 705.730290][T10210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1050'. [ 705.744111][ T29] audit: type=1326 audit(1724035115.388:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10201 comm="syz.4.1048" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde2d779e79 code=0x0 [ 705.789126][T10210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1050'. [ 705.826659][T10210] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1050'. [ 707.262210][ T8] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 707.339728][T10225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1055'. [ 707.542598][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 707.569659][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 707.587889][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 707.616263][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 707.635953][ T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 707.646491][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 707.666014][ T8] usb 5-1: config 0 descriptor?? [ 710.567432][ T8] usbhid 5-1:0.0: can't add hid device: -71 [ 710.688023][ T8] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 710.798131][ T8] usb 5-1: USB disconnect, device number 42 [ 710.815011][T10231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1056'. [ 710.900070][T10231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1056'. [ 710.935714][T10231] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1056'. [ 711.882359][ T8] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 712.092332][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 712.124401][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 712.159353][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 712.210277][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 712.246372][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.298792][ T8] usb 3-1: config 0 descriptor?? [ 712.351625][ T8] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 712.672282][ T5299] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 714.284232][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1067'. [ 714.369871][ T5299] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 714.379615][ T5299] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 714.391877][ T5299] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 714.401486][ T5299] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 714.415748][ T5299] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 714.426366][ T5299] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 714.440085][ T5299] usb 1-1: Product: syz [ 714.445513][ T5299] usb 1-1: Manufacturer: syz [ 714.479722][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 714.500965][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 714.528885][ T5299] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 714.538287][ T5299] cdc_wdm 1-1:1.0: Unknown control protocol [ 714.906862][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 714.907639][ T5269] usb 1-1: USB disconnect, device number 31 [ 714.913511][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 714.913538][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 715.301689][T10290] ALSA: mixer_oss: invalid OSS volume '' [ 715.385252][T10290] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 715.407510][ T5271] usb 3-1: USB disconnect, device number 28 [ 715.870181][T10297] 9pnet_fd: Insufficient options for proto=fd [ 718.347593][T10331] Invalid ELF header magic: != ELF [ 718.353635][ T5299] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 718.424899][T10330] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1080'. [ 718.602624][ T5299] usb 5-1: Using ep0 maxpacket: 16 [ 718.605007][ T5299] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 718.605037][ T5299] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 718.605085][ T5299] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 718.605116][ T5299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 718.608000][ T5299] usb 5-1: config 0 descriptor?? [ 718.763739][ T29] audit: type=1326 audit(1724035128.428:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10327 comm="syz.3.1079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda64579e79 code=0x0 [ 718.786740][ C1] vkms_vblank_simulate: vblank timer overrun [ 718.863459][ T5271] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 719.215790][ T5271] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 720.229566][ T5271] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 720.263585][ T5271] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 720.326820][ T5271] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 720.416473][ T5271] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 720.463699][ T5271] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 720.515070][ T5271] usb 1-1: Product: syz [ 720.545088][ T5271] usb 1-1: Manufacturer: syz [ 720.719288][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 720.750870][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 720.852696][ T5271] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 720.878085][ T5271] cdc_wdm 1-1:1.0: Unknown control protocol [ 721.419019][ T5271] usb 5-1: USB disconnect, device number 43 [ 721.419614][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.431630][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.437994][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.444599][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.450927][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.457530][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.463892][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.470544][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.476932][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.483583][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.490092][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.496720][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.503019][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.509632][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.515943][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.522549][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.528848][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.535465][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.541769][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 721.548376][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 721.560335][ T5299] usb 1-1: USB disconnect, device number 32 [ 721.566293][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 721.950649][T10353] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 723.584205][ T25] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 723.914668][ T25] usb 2-1: device descriptor read/64, error -71 [ 724.243945][ T25] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 726.343765][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 726.577075][T10387] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1090'. [ 726.586653][T10387] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1090'. [ 726.595763][T10387] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1090'. [ 731.012676][ T5363] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 731.206218][ T5363] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 731.247267][ T5363] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 731.315221][ T5363] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 731.347490][ T5363] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 731.426391][ T5363] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 731.448272][ T5363] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 731.477271][ T5363] usb 3-1: Product: syz [ 731.493471][ T5363] usb 3-1: Manufacturer: syz [ 731.549465][ T5363] cdc_wdm 3-1:1.0: skipping garbage [ 731.578246][ T5363] cdc_wdm 3-1:1.0: skipping garbage [ 731.614039][ T5363] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 731.646110][ T5363] cdc_wdm 3-1:1.0: Unknown control protocol [ 731.751941][T10441] 9pnet_fd: Insufficient options for proto=fd [ 734.137661][ T8] usb 3-1: USB disconnect, device number 29 [ 736.757242][T10510] 9pnet_fd: Insufficient options for proto=fd [ 737.471026][T10511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 738.372881][ T8] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 739.327546][ T5292] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 739.362202][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 739.370150][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 739.389199][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 739.443509][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 739.452982][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 739.464956][ T8] usb 3-1: config 0 descriptor?? [ 739.475256][ T8] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 739.712245][ T5292] usb 1-1: device descriptor read/64, error -71 [ 741.847610][ T5292] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 743.751415][ T5299] usb 3-1: USB disconnect, device number 30 [ 744.886177][T10574] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1127'. [ 744.917704][T10574] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1127'. [ 744.939675][T10574] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1127'. [ 745.295548][ T8] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 745.624351][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 745.657184][ T8] usb 4-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 745.680576][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 745.713266][ T8] usb 4-1: Product: syz [ 745.788342][ T8] usb 4-1: Manufacturer: syz [ 745.797055][ T8] usb 4-1: SerialNumber: syz [ 745.821218][ T8] usb 4-1: config 0 descriptor?? [ 745.849388][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 745.942748][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 745.980649][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 746.103235][T10580] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 746.133081][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 746.162557][ T8] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 746.255867][T10580] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 746.272447][ T8] usb 4-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 746.353824][ T8] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 746.930269][ T8] usb 4-1: USB disconnect, device number 37 [ 747.492916][T10607] Invalid ELF header magic: != ELF [ 749.732975][ T29] audit: type=1326 audit(1724035159.378:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10605 comm="syz.2.1134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e60779e79 code=0x0 [ 749.971264][T10604] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1133'. [ 749.987564][T10604] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1133'. [ 750.108359][T10604] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1133'. [ 751.216495][ T5363] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 751.412273][ T5363] usb 2-1: Using ep0 maxpacket: 16 [ 751.426889][ T5363] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.492658][ T5363] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 751.519818][ T5363] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 751.550745][ T5363] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 751.608504][ T5363] usb 2-1: config 0 descriptor?? [ 753.023639][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 753.030387][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.677850][ T5363] usb 2-1: USB disconnect, device number 52 [ 756.126780][T10677] ieee802154 phy0 wpan0: encryption failed: -22 [ 758.517444][ T12] Bluetooth: hci2: Frame reassembly failed (-84) [ 758.738732][T10718] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1157'. [ 760.522990][ T8272] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 760.529995][ T5227] Bluetooth: hci2: command 0x1003 tx timeout [ 761.098862][T10763] xt_hashlimit: overflow, rate too high: 0 [ 762.314909][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1166'. [ 766.395377][ T25] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 766.654919][ T25] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 766.682287][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 766.752202][ T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 766.818760][ T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 766.853830][ T25] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 766.876105][ T25] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 766.904735][ T25] usb 2-1: Product: syz [ 766.919724][ T25] usb 2-1: Manufacturer: syz [ 766.946545][ T25] cdc_wdm 2-1:1.0: skipping garbage [ 766.970206][ T25] cdc_wdm 2-1:1.0: skipping garbage [ 767.006743][ T25] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 767.067451][ T25] cdc_wdm 2-1:1.0: Unknown control protocol [ 767.252751][T10819] 9pnet_fd: Insufficient options for proto=fd [ 767.353046][T10821] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket pid=10821 comm=syz.2.1180 [ 767.431846][ C1] wdm_int_callback: 30 callbacks suppressed [ 767.431875][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.444427][ C1] wdm_int_callback: 30 callbacks suppressed [ 767.444445][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.456679][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.463320][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.469685][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.476333][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.482819][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.489519][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.495929][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.502549][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.508877][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.515515][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.521889][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.528507][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.534828][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.541444][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.547760][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.554373][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.560917][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 767.567523][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 767.576335][ T25] usb 2-1: USB disconnect, device number 53 [ 767.576435][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 770.754241][ T5292] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 770.994762][ T5292] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 771.012310][ T5292] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 771.047126][ T5292] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 771.075934][ T5292] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 771.111084][ T5292] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 771.112323][ T9472] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 771.143393][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 771.151482][ T5292] usb 3-1: Product: syz [ 771.189828][ T5292] usb 3-1: Manufacturer: syz [ 771.211055][ T5292] cdc_wdm 3-1:1.0: skipping garbage [ 771.232211][ T5292] cdc_wdm 3-1:1.0: skipping garbage [ 771.264675][ T5292] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 771.281281][ T5292] cdc_wdm 3-1:1.0: Unknown control protocol [ 771.344865][ T9472] usb 5-1: Using ep0 maxpacket: 8 [ 771.360336][ T9472] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 771.406306][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 771.427427][ T9472] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 771.462020][ T9472] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 771.506343][ T9472] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 771.553341][ T9472] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 771.594963][ T9472] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 771.754225][ T1173] usb 3-1: USB disconnect, device number 31 [ 771.754307][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 771.918370][ T25] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 771.962851][ T9472] usb 5-1: GET_CAPABILITIES returned 0 [ 771.992288][ T9472] usbtmc 5-1:16.0: can't read capabilities [ 772.092718][ T25] usb 1-1: device descriptor read/64, error -71 [ 772.368179][ T25] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 772.402754][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 772.414583][T10860] usbtmc 5-1:16.0: Unable to send data, error -71 [ 772.441919][ T5363] usb 5-1: USB disconnect, device number 44 [ 772.542327][ T25] usb 1-1: device descriptor read/64, error -71 [ 772.672535][ T25] usb usb1-port1: attempt power cycle [ 773.112283][ T25] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 774.365536][ T25] usb 1-1: device descriptor read/8, error -71 [ 774.590803][T10890] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 775.636212][ T1173] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 775.644588][T10899] Invalid ELF header magic: != ELF [ 776.042854][ T1173] usb 2-1: Using ep0 maxpacket: 16 [ 776.045604][ T1173] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 776.045680][ T1173] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 776.045747][ T1173] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 776.045798][ T1173] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 776.049479][ T1173] usb 2-1: config 0 descriptor?? [ 776.064535][ T1173] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 777.375663][ T29] audit: type=1326 audit(1724035187.028:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10892 comm="syz.3.1197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda64579e79 code=0x0 [ 778.055666][T10919] 9pnet_fd: Insufficient options for proto=fd [ 781.357091][ T9472] usb 2-1: USB disconnect, device number 54 [ 781.732604][ T25] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 781.952341][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 782.004213][ T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 782.092519][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 782.158972][ T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 782.205886][ T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 782.228309][ T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 782.241060][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.408643][ T25] usb 1-1: GET_CAPABILITIES returned 0 [ 783.470788][ T25] usbtmc 1-1:16.0: can't read capabilities [ 784.901353][T10965] 9pnet_fd: Insufficient options for proto=fd [ 784.912447][T10969] Invalid ELF header magic: != ELF [ 784.918428][ T25] usb 1-1: USB disconnect, device number 39 [ 785.225896][ T29] audit: type=1326 audit(1724035194.888:346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10962 comm="syz.4.1214" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fde2d779e79 code=0x0 [ 787.321935][T10990] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 787.708716][T10993] ALSA: mixer_oss: invalid OSS volume '' [ 787.762628][T10993] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 787.821424][T10995] ALSA: mixer_oss: invalid OSS volume '' [ 787.846280][T10995] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 789.363632][ T52] Bluetooth: hci2: Frame reassembly failed (-84) [ 790.865675][T11017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1226'. [ 790.867973][ T52] Bluetooth: hci6: Frame reassembly failed (-84) [ 790.892215][ T52] Bluetooth: hci6: Frame reassembly failed (-84) [ 790.909874][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1226'. [ 790.923851][T11017] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1226'. [ 791.322394][ T55] Bluetooth: hci2: command 0x1003 tx timeout [ 791.330280][ T5227] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 793.043267][ T8272] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 794.379616][ T5292] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 794.566847][T11062] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1237'. [ 794.580988][T11062] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1237'. [ 794.652217][ T5292] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 794.662009][ T5292] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 794.686889][ T5292] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 794.707368][ T5292] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 794.747184][ T5292] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 794.782495][ T5292] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 794.840942][ T5292] usb 5-1: Product: syz [ 794.862935][ T5292] usb 5-1: Manufacturer: syz [ 794.895325][ T5292] cdc_wdm 5-1:1.0: skipping garbage [ 794.900621][ T5292] cdc_wdm 5-1:1.0: skipping garbage [ 794.998524][ T5292] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 795.052216][ T5292] cdc_wdm 5-1:1.0: Unknown control protocol [ 795.502218][ T5292] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 796.103497][ T5292] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 796.149417][ T5292] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 796.494781][ T5292] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 796.512244][ T5292] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 796.536444][ T5292] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 796.546128][ T5292] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 796.559231][ T5292] usb 1-1: Product: syz [ 796.566165][ T5292] usb 1-1: Manufacturer: syz [ 796.659505][T11080] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1242'. [ 796.668994][ T5292] cdc_wdm 1-1:1.0: skipping garbage [ 796.674710][ T5292] cdc_wdm 1-1:1.0: skipping garbage [ 796.684934][ T5292] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 796.690913][ T5292] cdc_wdm 1-1:1.0: Unknown control protocol [ 797.206238][ C0] wdm_int_callback: 31 callbacks suppressed [ 797.206259][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.218783][ C0] wdm_int_callback: 31 callbacks suppressed [ 797.218806][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.231167][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.237905][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.244379][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.251018][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.257361][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.263976][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.270347][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.276978][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.283310][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.289948][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.296282][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.302901][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.309209][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.315815][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.322154][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.328782][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.335141][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 797.341769][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 797.348416][ T1173] usb 5-1: USB disconnect, device number 45 [ 797.354356][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 797.455655][ T5363] usb 1-1: USB disconnect, device number 40 [ 799.125794][T11103] ALSA: mixer_oss: invalid OSS volume '' [ 799.182603][T11103] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 799.539932][T11105] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1246'. [ 799.562508][T11105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1246'. [ 799.582438][T11105] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1246'. [ 799.648586][T11106] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 800.352201][ T1173] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 801.043918][ T9507] udevd[9507]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 801.083178][ T25] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 801.262209][ T1173] usb 3-1: device descriptor read/64, error -71 [ 801.355698][T11117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 801.497085][ T25] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 801.518249][ T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 801.567137][ T1173] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 801.573276][ T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 801.649481][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 801.709588][ T25] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 801.732230][ T5269] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 801.741348][ T25] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 801.775043][ T25] usb 5-1: Product: syz [ 801.779294][ T25] usb 5-1: Manufacturer: syz [ 801.783974][ T1173] usb 3-1: device descriptor read/64, error -71 [ 801.856618][ T25] cdc_wdm 5-1:1.0: skipping garbage [ 801.870431][ T25] cdc_wdm 5-1:1.0: skipping garbage [ 801.898075][ T25] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 801.914369][ T1173] usb usb3-port1: attempt power cycle [ 801.920153][ T5269] usb 4-1: device descriptor read/64, error -71 [ 801.939946][ T25] cdc_wdm 5-1:1.0: Unknown control protocol [ 802.212323][ T5269] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 802.372195][ T1173] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 802.422252][ T5269] usb 4-1: device descriptor read/64, error -71 [ 802.565989][ T5269] usb usb4-port1: attempt power cycle [ 803.170693][ T1173] usb 3-1: device descriptor read/8, error -71 [ 804.460248][ T5292] usb 5-1: USB disconnect, device number 46 [ 805.453504][ T8272] Bluetooth: hci2: sending frame failed (-49) [ 805.462133][ T5227] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 808.312815][ T9472] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 808.544168][ T9472] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 808.602168][ T9472] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 808.673066][ T9472] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 808.737083][ T9472] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 808.796669][ T9472] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 808.812207][ T9472] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 808.852547][ T9472] usb 3-1: Product: syz [ 808.856883][ T9472] usb 3-1: Manufacturer: syz [ 808.910915][ T9472] cdc_wdm 3-1:1.0: skipping garbage [ 808.927037][ T9472] cdc_wdm 3-1:1.0: skipping garbage [ 808.936088][ T9472] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 808.942294][ T9472] cdc_wdm 3-1:1.0: Unknown control protocol [ 809.442717][ T5299] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 810.172188][ T5299] usb 5-1: Using ep0 maxpacket: 16 [ 810.197607][ T5299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 810.214511][ T5299] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 810.249223][ T5299] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 810.278910][ T5299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 810.301849][ T5299] usb 5-1: config 0 descriptor?? [ 810.334004][ T5299] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 810.365347][ T5269] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 810.566247][ T5269] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 810.594195][ T5269] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 810.660254][ T5269] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 810.702394][ T5269] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 810.773062][ T5269] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 811.022315][ T5269] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 811.030497][ T5269] usb 2-1: Product: syz [ 811.039559][ T5269] usb 2-1: Manufacturer: syz [ 811.059144][ T5269] cdc_wdm 2-1:1.0: skipping garbage [ 811.066030][ T5269] cdc_wdm 2-1:1.0: skipping garbage [ 811.382241][ T5269] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device [ 811.939556][ T5269] cdc_wdm 2-1:1.0: Unknown control protocol [ 812.257967][ T5299] usb 2-1: USB disconnect, device number 55 [ 812.496367][ T5292] usb 3-1: USB disconnect, device number 36 [ 812.985806][T11217] binder: 11212:11217 ioctl c0306201 0 returned -14 [ 813.892713][ T5271] usb 5-1: USB disconnect, device number 47 [ 814.446751][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.453742][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 815.102203][ T5271] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 815.392833][ T5271] usb 5-1: Using ep0 maxpacket: 8 [ 815.410018][ T5271] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 815.457169][ T5271] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 815.488783][ T5271] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 815.518122][ T5271] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 815.521027][T11230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1279'. [ 815.540868][T11230] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1279'. [ 815.550005][T11230] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1279'. [ 815.625697][ T5271] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 815.644742][ T5271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 815.951612][ T5271] usb 5-1: GET_CAPABILITIES returned 0 [ 815.968562][ T5271] usbtmc 5-1:16.0: can't read capabilities [ 816.074846][ T52] Bluetooth: hci2: Frame reassembly failed (-84) [ 816.600634][ C1] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 816.611618][T11223] usbtmc 5-1:16.0: Unable to send data, error -71 [ 816.620156][ T5271] usb 5-1: USB disconnect, device number 48 [ 818.133778][ T8272] Bluetooth: hci2: command 0x1003 tx timeout [ 818.141298][ T5227] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 820.442372][ T5269] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 821.385249][ T5269] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 821.421400][ T5269] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 821.441926][ T5269] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 821.492194][ T5269] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 821.590897][ T5269] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 821.609263][ T5269] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 821.648543][ T5269] usb 1-1: Product: syz [ 821.685410][ T5269] usb 1-1: Manufacturer: syz [ 821.727876][ T5269] cdc_wdm 1-1:1.0: skipping garbage [ 821.749844][ T5269] cdc_wdm 1-1:1.0: skipping garbage [ 821.772638][ T5269] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 821.797252][ T5269] cdc_wdm 1-1:1.0: Unknown control protocol [ 822.822544][ T25] usb 1-1: USB disconnect, device number 41 [ 823.302156][ T5299] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 825.036528][ T5299] usb 5-1: Using ep0 maxpacket: 16 [ 825.081067][ T5299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 825.144125][ T5299] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 825.181085][ T5299] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 825.261945][ T5299] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 825.313099][ T5299] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 825.378939][ T5299] usb 5-1: config 0 descriptor?? [ 825.913342][ T5292] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 826.012255][ T5271] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 826.233222][ T5271] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 826.252612][ T5271] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 826.287126][ T5271] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 826.320231][ T5271] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 826.361089][ T5271] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 826.370770][ T5271] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 826.383818][ T5271] usb 1-1: Product: syz [ 826.388057][ T5271] usb 1-1: Manufacturer: syz [ 826.431100][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 826.448627][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 826.465397][ T5271] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 826.471679][ T5271] cdc_wdm 1-1:1.0: Unknown control protocol [ 826.592541][ T25] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 826.744419][ T5299] microsoft 0003:045E:07DA.0008: No inputs registered, leaving [ 826.772296][ T1173] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 826.964406][ T5292] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 827.023256][ T5292] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.186489][ T5299] microsoft 0003:045E:07DA.0008: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 827.205017][ T5292] usb 2-1: config 0 descriptor?? [ 827.215840][ T5299] microsoft 0003:045E:07DA.0008: no inputs found [ 827.232252][ T5299] microsoft 0003:045E:07DA.0008: could not initialize ff, continuing anyway [ 827.355843][ T25] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 827.364814][ T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 827.375211][ T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 827.384451][ T25] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 827.399881][ T25] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 827.415138][ T1173] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 827.423460][ T25] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 827.434905][ T25] usb 3-1: Product: syz [ 827.439146][ T25] usb 3-1: Manufacturer: syz [ 827.444811][ T1173] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 827.455091][ C0] wdm_int_callback: 3 callbacks suppressed [ 827.455121][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 827.455149][ C0] wdm_int_callback: 3 callbacks suppressed [ 827.455168][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 827.455444][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 827.455472][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 827.460690][ T5269] usb 1-1: USB disconnect, device number 42 [ 827.461489][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 827.496905][ T25] cdc_wdm 3-1:1.0: skipping garbage [ 827.498493][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 827.516450][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 827.538586][ T25] cdc_wdm 3-1:1.0: skipping garbage [ 827.554854][ T25] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 827.566575][ T25] cdc_wdm 3-1:1.0: Unknown control protocol [ 827.949152][ T1173] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 827.979289][ T1173] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 828.042898][ T5269] usb 5-1: USB disconnect, device number 49 [ 828.082704][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.089362][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.095644][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.102246][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.108539][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.115246][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.121533][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.128298][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.134664][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.141388][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.147751][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.154392][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.160792][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 828.167439][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 828.211025][ T1173] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 828.225040][ T25] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 828.240140][ T1173] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 828.273504][ T1173] usb 4-1: Product: syz [ 828.282971][ T1173] usb 4-1: Manufacturer: syz [ 828.392690][ T1173] cdc_wdm 4-1:1.0: skipping garbage [ 828.414749][ T1173] cdc_wdm 4-1:1.0: skipping garbage [ 828.447231][ T25] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 828.480616][ T5363] usb 3-1: USB disconnect, device number 37 [ 828.480828][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 828.504338][ T1173] cdc_wdm 4-1:1.0: cdc-wdm1: USB WDM device [ 828.510382][ T1173] cdc_wdm 4-1:1.0: Unknown control protocol [ 828.517628][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 828.586958][ T25] usb 1-1: Product: syz [ 828.594904][T11335] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1305'. [ 828.605484][ T25] usb 1-1: Manufacturer: syz [ 828.625780][T11335] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1305'. [ 828.635884][T11335] nbd: socks must be embedded in a SOCK_ITEM attr [ 828.650252][ T25] usb 1-1: SerialNumber: syz [ 829.006067][ T25] usb 1-1: config 0 descriptor?? [ 829.135598][ T25] usb 1-1: can't set config #0, error -71 [ 829.163161][ T25] usb 1-1: USB disconnect, device number 43 [ 829.290902][ T5292] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 829.359485][ T5292] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 829.461577][ T5292] [drm:udl_init] *ERROR* Selecting channel failed [ 829.705639][ T5292] [drm] Initialized udl 0.0.1 for 2-1:0.0 on minor 2 [ 829.744177][ T5292] [drm] Initialized udl on minor 2 [ 829.781390][ T5292] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 829.836953][ T5292] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 829.846644][ T1173] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 830.025880][ T1173] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 830.069130][ T5292] usb 2-1: USB disconnect, device number 56 [ 830.090015][ T1173] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 831.927240][T11354] 9pnet: Could not find request transport: fd0x0000000000000007 [ 832.742207][ T1173] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 832.771317][ T5269] usb 4-1: USB disconnect, device number 41 [ 832.970648][ T1173] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 833.232737][ T1173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 834.169854][ T1173] usb 5-1: config 0 descriptor?? [ 838.522902][ T1173] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 838.556249][ T1173] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 838.583144][ T1173] [drm:udl_init] *ERROR* Selecting channel failed [ 838.688248][ T1173] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 838.732113][ T1173] [drm] Initialized udl on minor 2 [ 838.772697][ T1173] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 838.802683][ T1173] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 838.810650][ T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 838.854574][ T9] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 838.868911][ T1173] usb 5-1: USB disconnect, device number 50 [ 838.882374][ T9] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 839.026083][T11403] 9pnet_fd: Insufficient options for proto=fd [ 839.113237][ T9472] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 839.374755][ T11] Bluetooth: hci2: Frame reassembly failed (-84) [ 839.411724][ T9472] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 839.450332][ T9472] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 839.471651][ T9472] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 839.508789][ T9472] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 839.521680][T11404] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1322'. [ 839.531865][T11404] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1322'. [ 839.536980][ T9472] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 839.552116][T11404] nbd: socks must be embedded in a SOCK_ITEM attr [ 839.561278][ T9472] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 839.585887][ T9472] usb 4-1: Product: syz [ 839.590489][ T9472] usb 4-1: Manufacturer: syz [ 839.612292][ T25] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 839.659721][ T9472] cdc_wdm 4-1:1.0: skipping garbage [ 839.678075][ T9472] cdc_wdm 4-1:1.0: skipping garbage [ 839.705676][ T9472] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 839.748858][ T9472] cdc_wdm 4-1:1.0: Unknown control protocol [ 839.802222][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 839.836176][ T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 839.870053][ T25] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 839.933908][ T25] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 839.982318][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.048878][ T25] usb 2-1: config 0 descriptor?? [ 840.131578][ T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 841.402540][ T5227] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 842.724008][ T5269] usb 4-1: USB disconnect, device number 42 [ 842.987838][ T9472] usb 2-1: USB disconnect, device number 57 [ 844.472247][ T1173] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 845.676209][ T1173] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 845.697401][ T1173] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 845.725951][ T1173] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 845.727172][ T9507] udevd[9507]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 845.735756][ T1173] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 845.900890][ T1173] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 845.942255][ T1173] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 846.012343][ T1173] usb 2-1: Product: syz [ 846.036923][ T1173] usb 2-1: Manufacturer: syz [ 846.127913][ T1173] cdc_wdm 2-1:1.0: skipping garbage [ 846.154324][ T1173] cdc_wdm 2-1:1.0: skipping garbage [ 846.198859][ T1173] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 846.222248][ T1173] cdc_wdm 2-1:1.0: Unknown control protocol [ 847.231860][ T8] usb 2-1: USB disconnect, device number 58 [ 847.728580][T11457] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1334'. [ 847.798755][T11457] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1334'. [ 847.815173][T11462] xt_hashlimit: overflow, rate too high: 0 [ 847.922204][T11457] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1334'. [ 848.043409][T11462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1335'. [ 850.014957][T11480] ALSA: mixer_oss: invalid OSS volume '' [ 850.047436][T11480] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 850.686535][ T5269] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 850.732462][ T5227] Bluetooth: hci2: sending frame failed (-49) [ 850.741070][ T8272] Bluetooth: hci2: Opcode 0x1003 failed: -49 [ 850.762449][ T9472] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 850.779191][T11492] Invalid ELF header magic: != ELF [ 850.902460][ T5269] usb 2-1: Using ep0 maxpacket: 16 [ 850.925511][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.954100][ T5269] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 850.964755][ T5269] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 850.999469][ T9472] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 851.014400][ T9472] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 851.031077][ T5269] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 851.058517][ T9472] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 851.072494][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 851.092765][ T9472] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 851.126250][ T5269] usb 2-1: config 0 descriptor?? [ 851.156030][ T9472] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 851.156107][ T9472] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 851.156146][ T9472] usb 3-1: Product: syz [ 851.156173][ T9472] usb 3-1: Manufacturer: syz [ 851.176634][ T9472] cdc_wdm 3-1:1.0: skipping garbage [ 851.176668][ T9472] cdc_wdm 3-1:1.0: skipping garbage [ 851.206148][ T9472] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 851.282377][ T9472] cdc_wdm 3-1:1.0: Unknown control protocol [ 851.282663][ T29] audit: type=1326 audit(1724035260.928:347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11490 comm="syz.3.1343" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda64579e79 code=0x0 [ 851.402938][T11494] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 852.569943][ T5269] microsoft 0003:045E:07DA.0009: No inputs registered, leaving [ 852.678113][ T5269] microsoft 0003:045E:07DA.0009: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 853.693390][ T8] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 854.792164][ T5269] microsoft 0003:045E:07DA.0009: no inputs found [ 854.982234][ T5269] microsoft 0003:045E:07DA.0009: could not initialize ff, continuing anyway [ 855.035500][T11508] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=11508 comm=syz.0.1347 [ 855.044020][ T9472] usb 3-1: USB disconnect, device number 38 [ 855.115291][ T5269] usb 2-1: USB disconnect, device number 59 [ 855.133381][ T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 855.143954][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 855.155039][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 855.175059][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 855.198692][ T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 855.224348][ T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 855.249060][ T8] usb 5-1: Product: syz [ 855.811952][ T8] usb 5-1: Manufacturer: syz [ 856.259249][ T8] usb 5-1: can't set config #1, error -71 [ 856.334556][ T8] usb 5-1: USB disconnect, device number 51 [ 856.992190][ T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 857.052204][ T8] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 857.196557][ T9] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 857.227367][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 857.250842][ T8] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 857.285542][ T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 857.295357][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 857.309315][ T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 857.325948][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 857.371419][ T9] usb 1-1: Manufacturer: syz [ 857.390950][ T8] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 857.403760][ T9] usb 1-1: config 0 descriptor?? [ 857.455610][ T9] igorplugusb 1-1:0.0: incorrect number of endpoints [ 857.469121][ T8] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 857.486403][ T8] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 857.518415][ T8] usb 5-1: Product: syz [ 857.541227][ T8] usb 5-1: Manufacturer: syz [ 857.594023][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 857.599271][ T8] cdc_wdm 5-1:1.0: skipping garbage [ 857.669702][ T8] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 857.708172][ T8] cdc_wdm 5-1:1.0: Unknown control protocol [ 859.187397][T11547] 9pnet_fd: Insufficient options for proto=fd [ 860.264019][ T8] usb 1-1: USB disconnect, device number 44 [ 860.824862][ T9472] usb 5-1: USB disconnect, device number 52 [ 862.428336][ T9510] udevd[9510]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 862.907460][ T5271] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 863.082326][ T9472] usb 2-1: new full-speed USB device number 60 using dummy_hcd [ 863.127171][ T5271] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 863.172725][ T5271] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 863.263667][T11569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 863.304450][ T5271] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 863.552466][ T5271] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 863.570329][ T9472] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 863.594163][ T9472] usb 2-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 863.604302][ T9472] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 863.613989][ T5271] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 864.374086][ T9472] usb 2-1: Product: syz [ 864.692138][ T9472] usb 2-1: Manufacturer: syz [ 864.696822][ T9472] usb 2-1: SerialNumber: syz [ 864.702468][ T5271] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 864.710614][ T5271] usb 1-1: Product: syz [ 864.813975][ T5271] usb 1-1: Manufacturer: syz [ 864.820273][ T9472] usb 2-1: config 0 descriptor?? [ 864.968392][ T8] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 864.978660][ T9507] udevd[9507]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 864.992377][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 864.998529][ T5271] cdc_wdm 1-1:1.0: skipping garbage [ 865.027945][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 865.097067][ T5271] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 865.106837][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 865.333163][ T8] usb 4-1: device descriptor read/64, error -71 [ 865.371309][ T5271] cdc_wdm 1-1:1.0: Unknown control protocol [ 865.381559][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 866.001379][ T5271] usb 1-1: USB disconnect, device number 45 [ 866.104635][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 866.111146][ T9472] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 866.118399][ T8] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 866.182152][ T9472] usb 2-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 866.393031][ T9472] usb 2-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 866.526222][ T9472] usb 2-1: USB disconnect, device number 60 [ 866.869920][ T5299] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 867.115375][ T5299] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 867.169023][ T5299] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 867.227230][ T5299] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 867.256904][ T5299] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 867.613214][ T5299] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 868.488896][ T5299] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 868.507511][ T5299] usb 1-1: Product: syz [ 868.512327][ T5299] usb 1-1: Manufacturer: syz [ 868.525734][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 868.531024][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 868.543042][ T5299] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 868.547853][ T9492] udevd[9492]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 868.548994][ T5299] cdc_wdm 1-1:1.0: Unknown control protocol [ 870.872996][ T5269] usb 1-1: USB disconnect, device number 46 [ 871.145702][T11619] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket pid=11619 comm=syz.0.1376 [ 871.344299][T11620] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 873.432318][ T5363] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 873.654496][ T5363] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 873.686105][ T5363] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 873.730312][ T5363] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 873.761566][ T5363] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 873.836319][ T5363] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 873.892066][ T5363] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 873.923963][ T5363] usb 4-1: Product: syz [ 873.933001][ T5363] usb 4-1: Manufacturer: syz [ 873.952859][ T5363] cdc_wdm 4-1:1.0: skipping garbage [ 873.965770][ T5363] cdc_wdm 4-1:1.0: skipping garbage [ 873.994485][ T5363] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 874.223385][ T5363] cdc_wdm 4-1:1.0: Unknown control protocol [ 876.081326][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 876.112419][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 876.409756][ T29] audit: type=1804 audit(1724035284.988:348): pid=11646 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.1383" name="/newroot/289/bus/file0" dev="overlay" ino=1631 res=1 errno=0 [ 877.326827][ T9472] usb 4-1: USB disconnect, device number 45 [ 877.533328][T11651] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 877.900976][T11656] Invalid ELF header magic: != ELF [ 880.388839][ T29] audit: type=1326 audit(1724035290.048:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11652 comm="syz.3.1385" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda64579e79 code=0x0 [ 880.411766][ C1] vkms_vblank_simulate: vblank timer overrun [ 880.822272][ T5269] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 881.032248][ T5269] usb 2-1: Using ep0 maxpacket: 16 [ 881.254042][ T5269] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 882.219950][ T5269] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 882.239120][ T5269] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 882.248795][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 882.275449][ T5269] usb 2-1: config 0 descriptor?? [ 882.299725][ T5269] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 885.540614][ T9] usb 2-1: USB disconnect, device number 61 [ 885.971758][ T5227] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 886.012719][ T5227] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 886.022378][ T5227] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 886.071984][ T5227] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 886.094403][ T5227] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 886.103893][ T5227] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 886.246327][ T8272] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 886.254061][ T8272] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 886.261552][ T8272] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 886.270598][ T8272] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 886.492411][ T8272] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 886.501777][ T8272] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 887.491645][T11696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 887.772352][ T9] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 888.032379][ T8] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 888.042951][ T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 888.099102][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 888.179241][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 888.209222][ T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 888.222348][ T8] usb 4-1: device descriptor read/64, error -71 [ 888.308690][ T2911] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 888.391830][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 888.401294][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 888.422841][ T9] usb 1-1: Product: syz [ 888.441489][ T9] usb 1-1: Manufacturer: syz [ 888.485929][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 888.522408][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 888.550766][ T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 888.574871][ T9] cdc_wdm 1-1:1.0: Unknown control protocol [ 888.655700][ T2911] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 888.672508][ T8] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 888.688450][T11723] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 888.719452][T11723] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 888.851919][ T2911] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 888.882101][ T8] usb 4-1: device descriptor read/64, error -71 [ 888.967147][T11699] chnl_net:caif_netlink_parms(): no params data found [ 889.004802][ T8] usb usb4-port1: attempt power cycle [ 889.411790][ C0] wdm_int_callback: 1237 callbacks suppressed [ 889.411818][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.424521][ C0] wdm_int_callback: 1237 callbacks suppressed [ 889.424540][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.436890][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.443494][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.449916][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.456558][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.462927][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.469539][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.475901][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.482546][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.488947][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.495604][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.501945][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.508666][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.515191][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.521840][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.528245][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.534882][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 889.541232][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 889.547844][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 890.841712][ T5271] usb 1-1: USB disconnect, device number 47 [ 890.841791][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 891.002204][ T29] audit: type=1804 audit(1724035299.238:350): pid=11735 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.3.1401" name="/newroot/267/bus/file0" dev="overlay" ino=1468 res=1 errno=0 [ 891.169672][ T2911] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 892.760779][T11751] 9pnet_fd: Insufficient options for proto=fd [ 892.772236][ T8] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 892.834813][ T8] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 892.874359][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 892.910014][ T8] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 892.935888][ T8] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 892.952131][ T8] usb 4-1: Manufacturer: syz [ 892.973265][ T8] usb 4-1: config 0 descriptor?? [ 892.990650][T11699] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.017330][ T8] igorplugusb 4-1:0.0: incorrect number of endpoints [ 893.018535][T11699] bridge0: port 1(bridge_slave_0) entered disabled state [ 893.069670][T11699] bridge_slave_0: entered allmulticast mode [ 893.086757][T11699] bridge_slave_0: entered promiscuous mode [ 893.140906][T11699] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.183670][T11699] bridge0: port 2(bridge_slave_1) entered disabled state [ 893.262545][T11699] bridge_slave_1: entered allmulticast mode [ 893.290561][T11699] bridge_slave_1: entered promiscuous mode [ 893.865604][T11699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 894.868354][T11764] 9pnet_fd: Insufficient options for proto=fd [ 895.002187][ T5299] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 895.045551][T11699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 895.242210][ T5299] usb 3-1: Using ep0 maxpacket: 16 [ 895.260087][ T5299] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 895.282287][ T5299] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 895.296046][ T5299] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 895.305375][ T5299] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 895.318066][ T5299] usb 3-1: config 0 descriptor?? [ 895.327709][ T5299] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 895.510413][T11699] team0: Port device team_slave_0 added [ 895.532189][T11699] team0: Port device team_slave_1 added [ 896.027750][ T5363] usb 4-1: USB disconnect, device number 48 [ 896.073814][ T2911] bridge_slave_1: left allmulticast mode [ 897.232792][ T2911] bridge_slave_1: left promiscuous mode [ 897.238963][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.250451][ T8] usb 3-1: USB disconnect, device number 39 [ 897.383467][ T2911] bridge_slave_0: left allmulticast mode [ 897.389279][ T2911] bridge_slave_0: left promiscuous mode [ 897.412385][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state [ 902.257700][ T29] audit: type=1326 audit(1724035311.898:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11795 comm="syz.2.1415" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e60779e79 code=0x0 [ 902.853184][T11811] overlayfs: failed to resolve './file1': -2 [ 905.712202][T11821] Invalid ELF header magic: != ELF [ 906.360037][T11826] overlayfs: failed to resolve './file1': -2 [ 907.470991][ T29] audit: type=1326 audit(1724035317.128:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11819 comm="syz.2.1420" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e60779e79 code=0x0 [ 909.323388][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 910.507037][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 910.622772][ T2911] bond0 (unregistering): Released all slaves [ 910.969896][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1427'. [ 911.010085][T11849] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1427'. [ 911.010172][T11849] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1427'. [ 911.233373][T11699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 911.256012][ T2911] IPVS: stopping backup sync thread 7840 ... [ 911.262094][T11699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 911.262142][T11699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 911.275267][T11699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 911.452635][T11699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 911.596759][T11699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 911.799132][ T8272] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 911.819779][ T8272] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 911.832117][ T8272] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 911.843449][ T8272] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 911.852799][ T8272] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 911.861306][ T8272] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 911.963602][ T5227] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 911.983857][ T5227] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 912.025673][ T5227] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 912.035991][ T5227] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 912.064593][ T5227] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 912.072285][ T5227] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 913.816856][T11699] hsr_slave_0: entered promiscuous mode [ 913.861124][T11699] hsr_slave_1: entered promiscuous mode [ 913.902642][T11699] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 913.932671][T11699] Cannot create hsr debugfs directory [ 914.050984][ T2911] hsr_slave_0: left promiscuous mode [ 914.102649][ T2911] hsr_slave_1: left promiscuous mode [ 914.123025][ T5227] Bluetooth: hci3: command tx timeout [ 914.148753][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 914.172699][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 914.263523][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 914.292139][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 914.484141][ T2911] veth1_macvtap: left promiscuous mode [ 914.489845][ T2911] veth0_macvtap: left promiscuous mode [ 914.508785][ T2911] veth1_vlan: left promiscuous mode [ 914.526176][ T2911] veth0_vlan: left promiscuous mode [ 915.183676][T11907] Invalid ELF header magic: != ELF [ 915.417809][ T29] audit: type=1326 audit(1724035325.078:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11901 comm="syz.2.1433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e60779e79 code=0x0 [ 916.243775][ T5227] Bluetooth: hci3: command tx timeout [ 918.284026][ T8272] Bluetooth: hci3: command tx timeout [ 919.701441][ T2911] team0 (unregistering): Port device team_slave_1 removed [ 919.880766][ T2911] team0 (unregistering): Port device team_slave_0 removed [ 920.363623][ T8272] Bluetooth: hci3: command tx timeout [ 923.530487][T11874] udevd[11874]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 925.820423][ T2911] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.016220][T11858] chnl_net:caif_netlink_parms(): no params data found [ 926.122440][T11996] Invalid ELF header magic: != ELF [ 926.195700][ T2911] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.242919][ T5363] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 926.402276][ T29] audit: type=1326 audit(1724035336.048:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11992 comm="syz.0.1450" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a3f379e79 code=0x0 [ 926.472385][ T5363] usb 4-1: Using ep0 maxpacket: 16 [ 926.482936][ T5363] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 926.498364][ T5363] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 926.523156][ T5363] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 926.540832][ T5363] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 926.595731][ T2911] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 926.622452][ T5363] usb 4-1: config 0 descriptor?? [ 926.679080][ T5363] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 927.003272][ T2911] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 931.013028][ T9] usb 4-1: USB disconnect, device number 49 [ 931.474916][T11699] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 931.537334][T11699] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 931.599433][T11699] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 931.653069][T11858] bridge0: port 1(bridge_slave_0) entered blocking state [ 931.694396][T11858] bridge0: port 1(bridge_slave_0) entered disabled state [ 931.722418][T11858] bridge_slave_0: entered allmulticast mode [ 931.744614][T11858] bridge_slave_0: entered promiscuous mode [ 931.767657][T11858] bridge0: port 2(bridge_slave_1) entered blocking state [ 931.801533][T11858] bridge0: port 2(bridge_slave_1) entered disabled state [ 931.825555][T11858] bridge_slave_1: entered allmulticast mode [ 931.850886][T11858] bridge_slave_1: entered promiscuous mode [ 931.869528][T11699] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 932.108723][T11858] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 932.173588][T11858] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 932.579455][T11858] team0: Port device team_slave_0 added [ 932.627889][T11858] team0: Port device team_slave_1 added [ 932.651952][ T2911] bridge_slave_1: left allmulticast mode [ 932.691928][ T2911] bridge_slave_1: left promiscuous mode [ 932.712648][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state [ 932.784599][ T2911] bridge_slave_0: left allmulticast mode [ 932.790335][ T2911] bridge_slave_0: left promiscuous mode [ 932.822551][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state [ 933.198087][T12040] 9pnet_fd: Insufficient options for proto=fd [ 935.759307][T12064] 9pnet_fd: Insufficient options for proto=fd [ 936.017741][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 936.082415][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 936.109723][ T2911] bond0 (unregistering): Released all slaves [ 936.383498][ T2911] IPVS: stopping backup sync thread 8273 ... [ 936.953471][T11858] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 936.970206][T12059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 936.982112][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 937.412856][T11858] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 937.776310][T11858] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 937.784406][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 937.790860][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.049322][T12059] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 938.154029][T11858] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 938.180025][ C1] vkms_vblank_simulate: vblank timer overrun [ 938.212521][T11858] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 939.945674][T11858] hsr_slave_0: entered promiscuous mode [ 939.988859][T11858] hsr_slave_1: entered promiscuous mode [ 940.012111][T11858] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 940.024989][T11858] Cannot create hsr debugfs directory [ 941.620019][ T2911] hsr_slave_0: left promiscuous mode [ 941.682275][ T2911] hsr_slave_1: left promiscuous mode [ 941.718481][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 941.732170][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 941.766765][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 941.797824][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 941.911345][ T2911] veth1_macvtap: left promiscuous mode [ 941.928346][ T2911] veth0_macvtap: left promiscuous mode [ 941.946577][ T2911] veth1_vlan: left promiscuous mode [ 941.959796][ T2911] veth0_vlan: left promiscuous mode [ 943.867772][T12131] 9pnet_fd: Insufficient options for proto=fd [ 943.947778][ T2911] team0 (unregistering): Port device team_slave_1 removed [ 944.051324][ T2911] team0 (unregistering): Port device team_slave_0 removed [ 945.135971][ T5227] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 945.147572][ T5227] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 945.184933][ T5227] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 945.203596][ T5227] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 945.214746][ T5227] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 945.223048][ T5227] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 945.305935][ T8272] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 945.314867][ T8272] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 945.333663][ T8272] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 945.370150][ T8272] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 945.385413][ T8272] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 945.394105][ T8272] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 946.226023][T12151] ALSA: mixer_oss: invalid OSS volume '' [ 946.272350][T12151] ALSA: mixer_oss: invalid OSS volume '&+ö'' [ 947.483704][ T8272] Bluetooth: hci5: command tx timeout [ 948.095830][T12180] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=128 sclass=netlink_route_socket pid=12180 comm=syz.2.1474 [ 948.632336][ T5299] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 948.893257][ T5299] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 949.096482][ T5299] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 949.263641][ T5299] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 949.362367][ T5299] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 949.442477][ T5299] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 949.451613][ T5299] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 949.495945][ T5299] usb 1-1: Product: syz [ 949.500205][ T5299] usb 1-1: Manufacturer: syz [ 949.505274][T11858] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 949.554463][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 949.559848][ T5299] cdc_wdm 1-1:1.0: skipping garbage [ 949.566575][T11858] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 949.572575][ T8272] Bluetooth: hci5: command tx timeout [ 949.591596][T12132] chnl_net:caif_netlink_parms(): no params data found [ 949.610850][ T5299] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 949.652505][ T5299] cdc_wdm 1-1:1.0: Unknown control protocol [ 949.685434][T11858] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 949.749907][T11858] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 949.842601][ T5363] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 950.088695][ C0] wdm_int_callback: 6085 callbacks suppressed [ 950.088731][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.101502][ C0] wdm_int_callback: 6085 callbacks suppressed [ 950.101527][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.114107][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.120795][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.127298][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.133988][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.140422][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.147070][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.153889][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.160556][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.167034][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.174476][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.181053][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.187709][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.195393][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.202060][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.208478][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.215218][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.221982][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 950.228635][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 950.360975][ T5269] usb 1-1: USB disconnect, device number 48 [ 950.361020][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 950.370150][ T5363] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 950.412986][T12132] bridge0: port 1(bridge_slave_0) entered blocking state [ 950.420274][T12132] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.430299][ T5363] usb 4-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 951.298952][ T5363] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 951.319593][ T5363] usb 4-1: Product: syz [ 951.325071][ T5363] usb 4-1: Manufacturer: syz [ 951.329848][ T5363] usb 4-1: SerialNumber: syz [ 951.358299][T12132] bridge_slave_0: entered allmulticast mode [ 951.381109][ T5363] usb 4-1: config 0 descriptor?? [ 951.394504][T12132] bridge_slave_0: entered promiscuous mode [ 951.459589][ T5363] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 951.520180][ T2911] bridge_slave_1: left allmulticast mode [ 951.538127][ T2911] bridge_slave_1: left promiscuous mode [ 951.551744][ T5363] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 951.564461][ T5363] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 951.586188][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.613429][ T2911] bridge_slave_0: left allmulticast mode [ 951.641212][ T2911] bridge_slave_0: left promiscuous mode [ 951.650241][ T8272] Bluetooth: hci5: command tx timeout [ 951.667566][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.782165][ T5363] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 951.799023][ T5363] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 951.874948][T12198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 951.889108][T12198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 951.922162][ T5363] usb 4-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 951.950742][ T5363] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 952.135468][ T5363] usb 4-1: USB disconnect, device number 50 [ 952.991180][T12232] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1483'. [ 953.022500][T12232] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1483'. [ 953.045755][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 953.090053][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 953.117715][ T2911] bond0 (unregistering): Released all slaves [ 953.206714][T12132] bridge0: port 2(bridge_slave_1) entered blocking state [ 953.222262][T12132] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.229829][T12132] bridge_slave_1: entered allmulticast mode [ 953.277234][T12132] bridge_slave_1: entered promiscuous mode [ 953.563788][T12132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 953.664275][ T2911] hsr_slave_0: left promiscuous mode [ 953.691223][ T2911] hsr_slave_1: left promiscuous mode [ 953.740309][ T8272] Bluetooth: hci5: command tx timeout [ 953.782545][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 953.813396][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 954.005652][ T5299] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 954.329929][ T5299] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 954.360372][ T5299] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 954.404029][ T5299] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 954.431522][ T5299] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 954.470760][ T5299] usb 4-1: Manufacturer: syz [ 954.491162][ T5299] usb 4-1: config 0 descriptor?? [ 954.527033][ T5299] igorplugusb 4-1:0.0: incorrect number of endpoints [ 954.534009][ T2911] team0 (unregistering): Port device team_slave_1 removed [ 954.645243][ T2911] team0 (unregistering): Port device team_slave_0 removed [ 956.215179][T12132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 956.351130][T12132] team0: Port device team_slave_0 added [ 956.535212][T12132] team0: Port device team_slave_1 added [ 956.723974][T12132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 956.734432][T12132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 956.767780][T12132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 956.797266][T12132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 956.804471][T12132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 956.830986][T12132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 956.912106][ T5299] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 957.047590][ T5271] usb 4-1: USB disconnect, device number 51 [ 957.222055][ T5299] usb 1-1: Using ep0 maxpacket: 16 [ 957.255344][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 957.292159][ T5299] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 957.329042][ T5299] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 957.402177][ T5299] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 957.448628][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 957.494493][ T5299] usb 1-1: config 0 descriptor?? [ 957.591390][T12132] hsr_slave_0: entered promiscuous mode [ 957.629093][T12132] hsr_slave_1: entered promiscuous mode [ 957.654759][T12132] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 957.679294][T12132] Cannot create hsr debugfs directory [ 958.962260][T12272] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1489'. [ 959.026585][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1489'. [ 959.038372][T12272] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1489'. [ 959.320329][T11858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 959.402474][ T5292] usb 3-1: new full-speed USB device number 40 using dummy_hcd [ 959.617415][T11858] 8021q: adding VLAN 0 to HW filter on device team0 [ 959.617728][ T5292] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 959.641619][ T5292] usb 3-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 959.651161][ T5292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 959.660586][ T5292] usb 3-1: Product: syz [ 959.665063][ T5292] usb 3-1: Manufacturer: syz [ 959.671157][ T5292] usb 3-1: SerialNumber: syz [ 959.715348][ T5292] usb 3-1: config 0 descriptor?? [ 959.736416][ T5292] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 959.782350][ T5292] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 959.789207][ T5292] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 959.825050][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.832389][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 959.910127][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 959.917616][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 959.936025][ T5292] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 959.948713][ T5299] usbhid 1-1:0.0: can't add hid device: -71 [ 959.963627][ T5292] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 959.980890][ T5299] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 960.025240][T12282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 960.064889][ T5299] usb 1-1: USB disconnect, device number 49 [ 960.092239][ T5292] usb 3-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 960.105378][T12282] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 960.196351][ T5292] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 960.904589][ T5299] usb 3-1: USB disconnect, device number 40 [ 963.088678][T12132] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 963.167981][T12132] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 963.209988][T12132] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 963.294018][T12132] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 963.740582][T11858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 964.192098][ T5299] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 964.258069][T11858] veth0_vlan: entered promiscuous mode [ 964.361035][T12132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 964.487708][ T5299] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 964.497113][T11858] veth1_vlan: entered promiscuous mode [ 964.497423][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 964.546514][ T5299] usb 1-1: config 0 descriptor?? [ 964.773761][T12132] 8021q: adding VLAN 0 to HW filter on device team0 [ 966.119200][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 966.126526][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 966.276704][T11858] veth0_macvtap: entered promiscuous mode [ 966.344575][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 966.351930][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 966.633706][T12347] 9pnet_virtio: no channels available for device 127.0.0.1 [ 967.309537][ T5299] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 967.328695][ T5299] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 967.340279][ T5299] [drm:udl_init] *ERROR* Selecting channel failed [ 967.365665][ T5299] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 967.372508][ T5299] [drm] Initialized udl on minor 2 [ 967.380128][ T5299] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 967.413658][ T5299] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 967.421604][ T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 967.499436][ T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 967.520489][ T5299] usb 1-1: USB disconnect, device number 50 [ 967.522622][T11858] veth1_macvtap: entered promiscuous mode [ 967.542415][ T8] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 967.732219][ T5269] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 967.818892][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 967.846364][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 967.874300][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 967.886384][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 967.904654][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 967.920835][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 967.941542][T11858] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 967.986130][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 968.005246][ T5269] usb 4-1: Using ep0 maxpacket: 16 [ 968.020194][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 968.044063][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 968.056785][ T5269] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 968.075797][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 968.094977][ T5269] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 968.095397][T11858] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 968.119193][T11858] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 968.143567][ T5299] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 968.168394][ T5269] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 968.174553][T11858] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 968.190424][ T5269] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 968.228409][ T5269] usb 4-1: config 0 descriptor?? [ 968.281464][ T5269] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 968.334174][T11858] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.362187][ T5299] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 968.373169][T11858] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.381942][T11858] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.395800][ T5299] usb 1-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85 [ 968.412220][T11858] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 968.422047][ T5299] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.441448][ T5299] usb 1-1: Product: syz [ 968.447190][ T5299] usb 1-1: Manufacturer: syz [ 968.459910][ T5299] usb 1-1: SerialNumber: syz [ 968.494268][ T5299] usb 1-1: config 0 descriptor?? [ 968.544478][ T5299] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 968.629083][ T5299] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 968.651106][ T5299] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 968.957896][T12356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 968.995143][ T5299] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 969.002651][ T5299] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 969.043800][T12356] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 969.059004][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 969.099566][ T5299] usb 1-1: dvb_usb_v2: found a 'DVBSky T330' in warm state [ 970.453070][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 970.843301][ T5299] usb 1-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 971.637981][T12132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 971.807741][ T5299] usb 1-1: USB disconnect, device number 51 [ 971.994797][ T5363] usb 4-1: USB disconnect, device number 52 [ 972.934699][T12389] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1505'. [ 972.965746][T12389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1505'. [ 972.975302][T12389] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1505'. [ 973.111650][ T5227] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 973.126010][ T5227] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 973.233145][ T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 973.277704][ T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 973.286126][ T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 973.294195][ T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 973.304331][ T11] Bluetooth: hci3: Frame reassembly failed (-84) [ 973.526660][T12132] veth0_vlan: entered promiscuous mode [ 973.630557][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 973.832962][T12132] veth1_vlan: entered promiscuous mode [ 973.928400][ T5498] Bluetooth: hci6: Frame reassembly failed (-84) [ 974.040871][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 974.401409][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 974.666386][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 974.735207][T12132] veth0_macvtap: entered promiscuous mode [ 974.790886][T12132] veth1_macvtap: entered promiscuous mode [ 975.001205][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.052643][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.081207][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.111598][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.142100][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.164250][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.182166][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 975.211477][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.243171][ T8272] Bluetooth: hci3: command 0x1003 tx timeout [ 975.251433][T12132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 975.261587][ T5227] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 975.410249][ T5227] Bluetooth: hci2: command tx timeout [ 975.588434][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 975.610842][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.640123][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 975.674443][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.689862][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 975.701902][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.720193][T12132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 975.734672][T12132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 975.750061][T12132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 975.856033][T12428] overlayfs: missing 'lowerdir' [ 975.963760][ T5227] Bluetooth: hci6: command 0x1003 tx timeout [ 975.971619][ T55] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 976.680056][ T62] bridge_slave_1: left allmulticast mode [ 976.686274][ T62] bridge_slave_1: left promiscuous mode [ 976.703968][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 976.985011][ T62] bridge_slave_0: left allmulticast mode [ 976.990787][ T62] bridge_slave_0: left promiscuous mode [ 977.011641][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 977.492192][ T55] Bluetooth: hci2: command tx timeout [ 979.100090][T12448] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1516'. [ 979.129736][T12448] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1516'. [ 979.165551][T12448] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1516'. [ 979.563508][ T55] Bluetooth: hci2: command tx timeout [ 979.756788][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 979.808567][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 979.858856][ T62] bond0 (unregistering): Released all slaves [ 980.016320][T12132] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.039419][T12132] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.060065][T12132] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.084054][T12132] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 980.806239][T12407] chnl_net:caif_netlink_parms(): no params data found [ 980.829435][T12452] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 981.652129][ T55] Bluetooth: hci2: command tx timeout [ 982.252183][ T5299] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 982.542207][ T5299] usb 3-1: device descriptor read/64, error -71 [ 982.754288][T12480] Invalid ELF header magic: != ELF [ 982.839886][ T5299] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 983.033119][ T62] hsr_slave_0: left promiscuous mode [ 983.048802][ T5299] usb 3-1: device descriptor read/64, error -71 [ 983.092757][ T62] hsr_slave_1: left promiscuous mode [ 983.187616][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 983.188348][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 983.199692][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 983.203031][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 983.212878][ T5299] usb usb3-port1: attempt power cycle [ 983.266218][ T62] veth1_macvtap: left promiscuous mode [ 983.266361][ T62] veth0_macvtap: left promiscuous mode [ 983.266595][ T62] veth1_vlan: left promiscuous mode [ 983.266747][ T62] veth0_vlan: left promiscuous mode [ 983.653971][ T5299] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 983.727480][ T5299] usb 3-1: device descriptor read/8, error -71 [ 983.860557][ T29] audit: type=1326 audit(1724035393.518:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12472 comm="syz.0.1520" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1a3f379e79 code=0x0 [ 984.063906][T12493] Invalid ELF header magic: != ELF [ 984.217646][ T29] audit: type=1326 audit(1724035393.878:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12491 comm="syz.2.1521" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e60779e79 code=0x0 [ 984.790741][ T62] team0 (unregistering): Port device team_slave_1 removed [ 984.855237][ T62] team0 (unregistering): Port device team_slave_0 removed [ 985.725155][T12407] bridge0: port 1(bridge_slave_0) entered blocking state [ 985.813069][T12407] bridge0: port 1(bridge_slave_0) entered disabled state [ 985.828902][T12407] bridge_slave_0: entered allmulticast mode [ 985.875071][T12407] bridge_slave_0: entered promiscuous mode [ 985.898676][T12407] bridge0: port 2(bridge_slave_1) entered blocking state [ 985.918831][T12407] bridge0: port 2(bridge_slave_1) entered disabled state [ 985.956620][T12407] bridge_slave_1: entered allmulticast mode [ 985.999097][T12407] bridge_slave_1: entered promiscuous mode [ 986.309675][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 986.352879][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 986.406884][T12407] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 986.486368][T12407] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 986.840939][T12407] team0: Port device team_slave_0 added [ 986.892787][T12407] team0: Port device team_slave_1 added [ 987.179732][T12407] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 987.196383][T12407] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.292402][T12407] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 987.331207][T12407] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 987.345889][T12407] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 987.372136][ C1] vkms_vblank_simulate: vblank timer overrun [ 987.418570][T12507] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 987.427482][T12507] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 987.435471][T12407] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 987.600821][T12507] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 987.631461][T12507] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 987.737531][T12407] hsr_slave_0: entered promiscuous mode [ 987.762912][T12407] hsr_slave_1: entered promiscuous mode [ 987.775594][T12407] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 987.795478][T12407] Cannot create hsr debugfs directory [ 998.770658][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.777389][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 1060.217166][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 1060.223675][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.658739][ T1275] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.667748][ T1275] ieee802154 phy1 wpan1: encryption failed: -22 [ 1147.892135][ T30] INFO: task dhcpcd:4883 blocked for more than 143 seconds. [ 1147.899503][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1147.907459][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1147.922876][ T30] task:dhcpcd state:D stack:25360 pid:4883 tgid:4883 ppid:1 flags:0x00000002 [ 1147.938115][ T30] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1147.941466][ T30] [ 1147.952192][ T30] __schedule+0xe37/0x5490 [ 1147.956809][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1147.973610][ T30] ? __pfx___schedule+0x10/0x10 [ 1147.978570][ T30] ? schedule+0x298/0x350 [ 1147.988569][ T30] ? __pfx_lock_release+0x10/0x10 [ 1148.002614][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1148.007405][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1148.042346][ T30] schedule+0xe7/0x350 [ 1148.046690][ T30] schedule_preempt_disabled+0x13/0x30 [ 1148.094554][ T30] __mutex_lock+0x5b8/0x9c0 [ 1148.099168][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1148.117547][ T30] ? genl_rcv_msg+0x580/0x800 [ 1148.124428][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1148.129547][ T30] ? __radix_tree_lookup+0x21f/0x2c0 [ 1148.135635][ T30] ? genl_rcv_msg+0x580/0x800 [ 1148.140399][ T30] genl_rcv_msg+0x580/0x800 [ 1148.147327][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1148.152567][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.157855][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.163199][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.168456][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.173814][ T30] netlink_rcv_skb+0x16b/0x440 [ 1148.178655][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1148.183857][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1148.189205][ T30] ? down_read+0xc9/0x330 [ 1148.193699][ T30] ? __pfx_down_read+0x10/0x10 [ 1148.198536][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1148.204186][ T30] genl_rcv+0x28/0x40 [ 1148.208261][ T30] netlink_unicast+0x53c/0x7f0 [ 1148.214411][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1148.219768][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1148.224960][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1148.230323][ T30] ? __import_iovec+0x1fd/0x6e0 [ 1148.235367][ T30] ____sys_sendmsg+0xab5/0xc90 [ 1148.240279][ T30] ? copy_msghdr_from_user+0x10b/0x160 [ 1148.245863][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1148.251235][ T30] ? hlock_class+0x4e/0x130 [ 1148.256080][ T30] ? __lock_acquire+0x1620/0x3cb0 [ 1148.261186][ T30] ___sys_sendmsg+0x135/0x1e0 [ 1148.266428][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1148.271699][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.277339][ T30] ? find_held_lock+0x2d/0x110 [ 1148.283469][ T30] ? __fget_light+0x173/0x210 [ 1148.288231][ T30] __sys_sendmsg+0x117/0x1f0 [ 1148.292946][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1148.298104][ T30] ? __pfx___seccomp_filter+0x10/0x10 [ 1148.303661][ T30] ? __secure_computing+0x273/0x3f0 [ 1148.308921][ T30] do_syscall_64+0xcd/0x250 [ 1148.313572][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1148.319536][ T30] RIP: 0033:0x7f10211aaa4b [ 1148.324556][ T30] RSP: 002b:00007fff182c97a8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1148.333742][ T30] RAX: ffffffffffffffda RBX: 0000560f251b094f RCX: 00007f10211aaa4b [ 1148.341811][ T30] RDX: 0000000000000000 RSI: 00007fff182c97f0 RDI: 0000000000000010 [ 1148.349930][ T30] RBP: 00007fff182ddcb8 R08: 0000000000000000 R09: 0000000000000000 [ 1148.358031][ T30] R10: 00007fff182ddf00 R11: 0000000000000246 R12: 0000000000000010 [ 1148.366292][ T30] R13: 00007fff182cd850 R14: 0000000000000000 R15: 0000560f5fb2c000 [ 1148.374504][ T30] [ 1148.377584][ T30] INFO: task kworker/0:5:5292 blocked for more than 143 seconds. [ 1148.385758][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1148.393923][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1148.402706][ T30] task:kworker/0:5 state:D stack:23344 pid:5292 tgid:5292 ppid:2 flags:0x00004000 [ 1148.413063][ T30] Workqueue: events rfkill_global_led_trigger_worker [ 1148.419821][ T30] Call Trace: [ 1148.423166][ T30] [ 1148.426131][ T30] __schedule+0xe37/0x5490 [ 1148.430576][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1148.436038][ T30] ? __pfx___schedule+0x10/0x10 [ 1148.440963][ T30] ? schedule+0x298/0x350 [ 1148.446038][ T30] ? __pfx_lock_release+0x10/0x10 [ 1148.451133][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1148.456534][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1148.461790][ T30] schedule+0xe7/0x350 [ 1148.465952][ T30] schedule_preempt_disabled+0x13/0x30 [ 1148.471484][ T30] __mutex_lock+0x5b8/0x9c0 [ 1148.476165][ T30] ? rfkill_global_led_trigger_worker+0x1b/0x160 [ 1148.482717][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1148.487832][ T30] ? rfkill_global_led_trigger_worker+0x1b/0x160 [ 1148.494319][ T30] rfkill_global_led_trigger_worker+0x1b/0x160 [ 1148.500547][ T30] process_one_work+0x9c5/0x1b40 [ 1148.505598][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 1148.510714][ T30] ? __pfx_process_one_work+0x10/0x10 [ 1148.516312][ T30] ? assign_work+0x1a0/0x250 [ 1148.520959][ T30] worker_thread+0x6c8/0xf20 [ 1148.526010][ T30] ? __kthread_parkme+0x148/0x220 [ 1148.531118][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1148.536425][ T30] kthread+0x2c1/0x3a0 [ 1148.540544][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1148.545917][ T30] ? __pfx_kthread+0x10/0x10 [ 1148.550565][ T30] ret_from_fork+0x45/0x80 [ 1148.555174][ T30] ? __pfx_kthread+0x10/0x10 [ 1148.559853][ T30] ret_from_fork_asm+0x1a/0x30 [ 1148.564737][ T30] [ 1148.567883][ T30] INFO: task syz-executor:12132 blocked for more than 144 seconds. [ 1148.578001][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1148.585789][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1148.594563][ T30] task:syz-executor state:D stack:23952 pid:12132 tgid:12132 ppid:1 flags:0x00004006 [ 1148.605112][ T30] Call Trace: [ 1148.608433][ T30] [ 1148.611398][ T30] __schedule+0xe37/0x5490 [ 1148.615971][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.621313][ T30] ? preempt_schedule_notrace+0x62/0xe0 [ 1148.627025][ T30] ? preempt_schedule_notrace_thunk+0x1a/0x30 [ 1148.633184][ T30] ? __pfx___schedule+0x10/0x10 [ 1148.638068][ T30] ? schedule+0x298/0x350 [ 1148.642549][ T30] ? __pfx_lock_release+0x10/0x10 [ 1148.647626][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1148.652411][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1148.657930][ T30] schedule+0xe7/0x350 [ 1148.662195][ T30] schedule_preempt_disabled+0x13/0x30 [ 1148.667720][ T30] __mutex_lock+0x5b8/0x9c0 [ 1148.672316][ T30] ? rfkill_register+0x3a/0xb40 [ 1148.677203][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1148.682384][ T30] ? __pfx_netdev_run_todo+0x10/0x10 [ 1148.687741][ T30] ? mod_delayed_work_on+0x1a9/0x1d0 [ 1148.693132][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1148.698401][ T30] ? mod_delayed_work_on+0x14d/0x1d0 [ 1148.703902][ T30] ? rfkill_register+0x3a/0xb40 [ 1148.708834][ T30] rfkill_register+0x3a/0xb40 [ 1148.713912][ T30] wiphy_register+0x26b1/0x2d00 [ 1148.718825][ T30] ? __pfx_wiphy_register+0x10/0x10 [ 1148.724141][ T30] ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0 [ 1148.730266][ T30] ieee80211_register_hw+0x2aaa/0x41b0 [ 1148.735868][ T30] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1148.741721][ T30] ? lockdep_init_map_type+0x16d/0x7d0 [ 1148.747383][ T30] ? __asan_memset+0x23/0x50 [ 1148.752071][ T30] ? __hrtimer_init+0x106/0x2c0 [ 1148.757336][ T30] mac80211_hwsim_new_radio+0x304e/0x54d0 [ 1148.763290][ T30] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1148.769509][ T30] hwsim_new_radio_nl+0xb42/0x12b0 [ 1148.774760][ T30] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1148.780367][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1148.788024][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1148.795568][ T30] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1148.801180][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1148.807363][ T30] ? ns_capable+0xd7/0x110 [ 1148.811840][ T30] genl_rcv_msg+0x565/0x800 [ 1148.816495][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1148.821588][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1148.826941][ T30] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1148.832601][ T30] netlink_rcv_skb+0x16b/0x440 [ 1148.837526][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1148.842670][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1148.848033][ T30] ? down_read+0xc9/0x330 [ 1148.852501][ T30] ? __pfx_down_read+0x10/0x10 [ 1148.857337][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1148.862742][ T30] genl_rcv+0x28/0x40 [ 1148.866782][ T30] netlink_unicast+0x53c/0x7f0 [ 1148.871610][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1148.877045][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1148.881881][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1148.887363][ T30] __sys_sendto+0x47f/0x4e0 [ 1148.891985][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1148.897148][ T30] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 1148.903319][ T30] ? kasan_quarantine_put+0x10a/0x240 [ 1148.908777][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1148.914100][ T30] __x64_sys_sendto+0xe0/0x1c0 [ 1148.918926][ T30] ? do_syscall_64+0x91/0x250 [ 1148.923795][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1148.929065][ T30] do_syscall_64+0xcd/0x250 [ 1148.933684][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1148.939673][ T30] RIP: 0033:0x7fd1b237bd0c [ 1148.944231][ T30] RSP: 002b:00007ffce99e0d10 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1148.952755][ T30] RAX: ffffffffffffffda RBX: 00007fd1b3044620 RCX: 00007fd1b237bd0c [ 1148.960778][ T30] RDX: 0000000000000024 RSI: 00007fd1b3044670 RDI: 0000000000000003 [ 1148.968857][ T30] RBP: 0000000000000000 R08: 00007ffce99e0d64 R09: 000000000000000c [ 1148.976995][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 1148.985396][ T30] R13: 0000000000000000 R14: 00007fd1b3044670 R15: 0000000000000000 [ 1148.993711][ T30] [ 1148.996810][ T30] INFO: task syz-executor:12407 blocked for more than 144 seconds. [ 1149.005288][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1149.013246][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1149.022081][ T30] task:syz-executor state:D stack:23888 pid:12407 tgid:12407 ppid:1 flags:0x00000004 [ 1149.032371][ T30] Call Trace: [ 1149.035783][ T30] [ 1149.038750][ T30] __schedule+0xe37/0x5490 [ 1149.043267][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.048522][ T30] ? __orc_find+0x104/0x130 [ 1149.053116][ T30] ? __pfx___schedule+0x10/0x10 [ 1149.058074][ T30] ? schedule+0x298/0x350 [ 1149.062516][ T30] ? __pfx_lock_release+0x10/0x10 [ 1149.067669][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1149.072462][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1149.077982][ T30] schedule+0xe7/0x350 [ 1149.082619][ T30] schedule_preempt_disabled+0x13/0x30 [ 1149.088161][ T30] __mutex_lock+0x5b8/0x9c0 [ 1149.092800][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1149.097642][ T30] ? genl_rcv_msg+0x580/0x800 [ 1149.102459][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1149.107553][ T30] ? __radix_tree_lookup+0x21f/0x2c0 [ 1149.112984][ T30] ? genl_rcv_msg+0x580/0x800 [ 1149.117737][ T30] genl_rcv_msg+0x580/0x800 [ 1149.122395][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1149.127489][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.132796][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.138045][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.143328][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.148628][ T30] netlink_rcv_skb+0x16b/0x440 [ 1149.153508][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1149.158601][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1149.164093][ T30] ? down_read+0xc9/0x330 [ 1149.168498][ T30] ? __pfx_down_read+0x10/0x10 [ 1149.173476][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1149.178821][ T30] genl_rcv+0x28/0x40 [ 1149.182911][ T30] netlink_unicast+0x53c/0x7f0 [ 1149.187740][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1149.193148][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1149.197990][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1149.203374][ T30] __sys_sendto+0x47f/0x4e0 [ 1149.207934][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1149.213096][ T30] __x64_sys_sendto+0xe0/0x1c0 [ 1149.217925][ T30] ? do_syscall_64+0x91/0x250 [ 1149.222713][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1149.228075][ T30] do_syscall_64+0xcd/0x250 [ 1149.232702][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.238681][ T30] RIP: 0033:0x7f2527f7bd0c [ 1149.243215][ T30] RSP: 002b:00007ffe415ea920 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1149.251684][ T30] RAX: ffffffffffffffda RBX: 00007f2528c44620 RCX: 00007f2527f7bd0c [ 1149.259785][ T30] RDX: 0000000000000020 RSI: 00007f2528c44670 RDI: 0000000000000005 [ 1149.267862][ T30] RBP: 0000000000000000 R08: 00007ffe415ea974 R09: 000000000000000c [ 1149.276129][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005 [ 1149.284217][ T30] R13: 00007ffe415ea9c8 R14: 00007f2528c44670 R15: 0000000000000000 [ 1149.292297][ T30] [ 1149.295370][ T30] INFO: task syz.0.1522:12499 blocked for more than 144 seconds. [ 1149.303308][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1149.310969][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1149.319751][ T30] task:syz.0.1522 state:D stack:26352 pid:12499 tgid:12495 ppid:5220 flags:0x00000004 [ 1149.330152][ T30] Call Trace: [ 1149.333682][ T30] [ 1149.336657][ T30] __schedule+0xe37/0x5490 [ 1149.341099][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.346421][ T30] ? __pfx___schedule+0x10/0x10 [ 1149.351332][ T30] ? schedule+0x298/0x350 [ 1149.355752][ T30] ? __pfx_lock_release+0x10/0x10 [ 1149.360832][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1149.365719][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1149.371267][ T30] schedule+0xe7/0x350 [ 1149.375448][ T30] schedule_preempt_disabled+0x13/0x30 [ 1149.380982][ T30] __mutex_lock+0x5b8/0x9c0 [ 1149.385623][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1149.390445][ T30] ? genl_rcv_msg+0x580/0x800 [ 1149.395258][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1149.400347][ T30] ? __radix_tree_lookup+0x21f/0x2c0 [ 1149.405789][ T30] ? genl_rcv_msg+0x580/0x800 [ 1149.410563][ T30] genl_rcv_msg+0x580/0x800 [ 1149.415160][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1149.420243][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.425574][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.430829][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.436157][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.441421][ T30] netlink_rcv_skb+0x16b/0x440 [ 1149.446320][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1149.451406][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1149.456832][ T30] ? down_read+0xc9/0x330 [ 1149.461226][ T30] ? __pfx_down_read+0x10/0x10 [ 1149.466103][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1149.471448][ T30] genl_rcv+0x28/0x40 [ 1149.475529][ T30] netlink_unicast+0x53c/0x7f0 [ 1149.480397][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1149.485814][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1149.490645][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1149.496067][ T30] __sys_sendto+0x47f/0x4e0 [ 1149.500735][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1149.505856][ T30] ? reacquire_held_locks+0x20b/0x4c0 [ 1149.511287][ T30] ? do_user_addr_fault+0xdc7/0x13f0 [ 1149.516745][ T30] ? xfd_validate_state+0x5d/0x180 [ 1149.521982][ T30] __x64_sys_sendto+0xe0/0x1c0 [ 1149.526792][ T30] ? do_syscall_64+0x91/0x250 [ 1149.531542][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1149.537019][ T30] do_syscall_64+0xcd/0x250 [ 1149.541610][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.547670][ T30] RIP: 0033:0x7f1a3f37bd0c [ 1149.552178][ T30] RSP: 002b:00007f1a40074ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1149.560656][ T30] RAX: ffffffffffffffda RBX: 00007f1a40074fc0 RCX: 00007f1a3f37bd0c [ 1149.568866][ T30] RDX: 000000000000001c RSI: 00007f1a40075010 RDI: 0000000000000009 [ 1149.576925][ T30] RBP: 0000000000000000 R08: 00007f1a40074f14 R09: 000000000000000c [ 1149.585005][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000009 [ 1149.593065][ T30] R13: 00007f1a40074f68 R14: 00007f1a40075010 R15: 0000000000000000 [ 1149.601117][ T30] [ 1149.604251][ T30] INFO: task syz.0.1522:12506 blocked for more than 145 seconds. [ 1149.612150][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1149.619817][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1149.628551][ T30] task:syz.0.1522 state:D stack:28544 pid:12506 tgid:12495 ppid:5220 flags:0x00004006 [ 1149.638837][ T30] Call Trace: [ 1149.642202][ T30] [ 1149.645179][ T30] __schedule+0xe37/0x5490 [ 1149.649661][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.654995][ T30] ? __pfx___schedule+0x10/0x10 [ 1149.659912][ T30] ? schedule+0x298/0x350 [ 1149.664355][ T30] ? __pfx_lock_release+0x10/0x10 [ 1149.669436][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1149.674241][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1149.679759][ T30] schedule+0xe7/0x350 [ 1149.683928][ T30] schedule_preempt_disabled+0x13/0x30 [ 1149.689445][ T30] __mutex_lock+0x5b8/0x9c0 [ 1149.694049][ T30] ? rfkill_unregister+0xde/0x2c0 [ 1149.699132][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1149.704279][ T30] ? device_del+0x6b6/0x9f0 [ 1149.708841][ T30] ? __pfx_device_del+0x10/0x10 [ 1149.713765][ T30] ? rfkill_unregister+0xde/0x2c0 [ 1149.718831][ T30] rfkill_unregister+0xde/0x2c0 [ 1149.723812][ T30] nfc_unregister_device+0x94/0x330 [ 1149.729073][ T30] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 1149.734884][ T30] virtual_ncidev_close+0x51/0xb0 [ 1149.739939][ T30] __fput+0x408/0xbb0 [ 1149.744013][ T30] task_work_run+0x14e/0x250 [ 1149.748653][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1149.753862][ T30] get_signal+0x1ca/0x2770 [ 1149.758346][ T30] ? __pfx_get_signal+0x10/0x10 [ 1149.763326][ T30] ? kick_process+0xf6/0x1b0 [ 1149.767975][ T30] ? task_work_add+0x1d6/0x370 [ 1149.772842][ T30] arch_do_signal_or_restart+0x90/0x7e0 [ 1149.778466][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1149.784794][ T30] ? ksys_read+0x1ab/0x260 [ 1149.789257][ T30] ? __pfx_ksys_read+0x10/0x10 [ 1149.794119][ T30] syscall_exit_to_user_mode+0x150/0x2a0 [ 1149.799813][ T30] do_syscall_64+0xda/0x250 [ 1149.805475][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1149.811464][ T30] RIP: 0033:0x7f1a3f379e79 [ 1149.816006][ T30] RSP: 002b:00007f1a3edff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1149.824494][ T30] RAX: fffffffffffffff2 RBX: 00007f1a3f516130 RCX: 00007f1a3f379e79 [ 1149.832551][ T30] RDX: 0000000000000064 RSI: 0000000020000200 RDI: 0000000000000007 [ 1149.840559][ T30] RBP: 00007f1a3f3e7916 R08: 0000000000000000 R09: 0000000000000000 [ 1149.848666][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1149.856763][ T30] R13: 0000000000000000 R14: 00007f1a3f516130 R15: 00007ffc5df10d68 [ 1149.864846][ T30] [ 1149.867909][ T30] INFO: task syz.2.1523:12507 blocked for more than 145 seconds. [ 1149.875744][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1149.883574][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1149.892682][ T30] task:syz.2.1523 state:D stack:26656 pid:12507 tgid:12497 ppid:5218 flags:0x00004006 [ 1149.902987][ T30] Call Trace: [ 1149.906302][ T30] [ 1149.909267][ T30] __schedule+0xe37/0x5490 [ 1149.913804][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1149.919095][ T30] ? preempt_schedule_notrace+0x62/0xe0 [ 1149.924782][ T30] ? __pfx___schedule+0x10/0x10 [ 1149.929714][ T30] ? schedule+0x298/0x350 [ 1149.934130][ T30] ? __pfx_lock_release+0x10/0x10 [ 1149.939221][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1149.944042][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1149.949557][ T30] schedule+0xe7/0x350 [ 1149.953798][ T30] schedule_preempt_disabled+0x13/0x30 [ 1149.959316][ T30] __mutex_lock+0x5b8/0x9c0 [ 1149.963998][ T30] ? nfc_dev_down+0x2d/0x2e0 [ 1149.968640][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1149.973791][ T30] ? find_held_lock+0x2d/0x110 [ 1149.978617][ T30] ? rfkill_set_block+0x198/0x560 [ 1149.983775][ T30] ? __pfx_lock_release+0x10/0x10 [ 1149.988850][ T30] ? nfc_dev_down+0x2d/0x2e0 [ 1149.993610][ T30] nfc_dev_down+0x2d/0x2e0 [ 1149.998079][ T30] nfc_rfkill_set_block+0x39/0xe0 [ 1150.003221][ T30] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 1150.009018][ T30] rfkill_set_block+0x203/0x560 [ 1150.014012][ T30] rfkill_fop_write+0x2d4/0x570 [ 1150.018931][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 1150.024410][ T30] ? security_file_permission+0x30/0xc0 [ 1150.030038][ T30] ? __pfx_rfkill_fop_write+0x10/0x10 [ 1150.035532][ T30] vfs_write+0x29a/0x1140 [ 1150.039918][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1150.045518][ T30] ? do_futex+0x123/0x350 [ 1150.049933][ T30] ? __fget_files+0x256/0x400 [ 1150.054730][ T30] ? __fget_light+0x173/0x210 [ 1150.059475][ T30] ksys_write+0x1f8/0x260 [ 1150.063933][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1150.068829][ T30] do_syscall_64+0xcd/0x250 [ 1150.073464][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.079440][ T30] RIP: 0033:0x7f7e60779e79 [ 1150.083985][ T30] RSP: 002b:00007f7e614ea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1150.092528][ T30] RAX: ffffffffffffffda RBX: 00007f7e60916058 RCX: 00007f7e60779e79 [ 1150.100536][ T30] RDX: 0000000000000008 RSI: 0000000020000080 RDI: 0000000000000008 [ 1150.108618][ T30] RBP: 00007f7e607e7916 R08: 0000000000000000 R09: 0000000000000000 [ 1150.116668][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1150.124836][ T30] R13: 0000000000000000 R14: 00007f7e60916058 R15: 00007ffcb4ded7e8 [ 1150.132913][ T30] [ 1150.136055][ T30] INFO: task syz.3.1526:12516 blocked for more than 145 seconds. [ 1150.143854][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1150.151515][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1150.160285][ T30] task:syz.3.1526 state:D stack:27712 pid:12516 tgid:12514 ppid:5395 flags:0x00000004 [ 1150.170635][ T30] Call Trace: [ 1150.174021][ T30] [ 1150.176989][ T30] __schedule+0xe37/0x5490 [ 1150.181475][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1150.186814][ T30] ? __pfx___schedule+0x10/0x10 [ 1150.191741][ T30] ? schedule+0x298/0x350 [ 1150.196159][ T30] ? __pfx_lock_release+0x10/0x10 [ 1150.201236][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1150.206262][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1150.211869][ T30] schedule+0xe7/0x350 [ 1150.216067][ T30] schedule_preempt_disabled+0x13/0x30 [ 1150.221612][ T30] __mutex_lock+0x5b8/0x9c0 [ 1150.226247][ T30] ? genl_rcv_msg+0x580/0x800 [ 1150.230984][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1150.236119][ T30] ? __dev_queue_xmit+0x86d/0x4300 [ 1150.241287][ T30] ? __radix_tree_lookup+0x21f/0x2c0 [ 1150.246702][ T30] ? genl_rcv_msg+0x580/0x800 [ 1150.251553][ T30] genl_rcv_msg+0x580/0x800 [ 1150.256183][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1150.261271][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1150.266578][ T30] netlink_rcv_skb+0x16b/0x440 [ 1150.271397][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1150.276525][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1150.282831][ T30] ? down_read+0xc9/0x330 [ 1150.287244][ T30] ? __pfx_down_read+0x10/0x10 [ 1150.292134][ T30] ? rcu_is_watching+0x12/0xc0 [ 1150.296953][ T30] genl_rcv+0x28/0x40 [ 1150.300964][ T30] netlink_unicast+0x53c/0x7f0 [ 1150.305874][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1150.311247][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1150.316161][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1150.321512][ T30] __sys_sendto+0x47f/0x4e0 [ 1150.326108][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 1150.331155][ T30] ? __pfx___schedule+0x10/0x10 [ 1150.336090][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1150.341356][ T30] __x64_sys_sendto+0xe0/0x1c0 [ 1150.346235][ T30] ? do_syscall_64+0x91/0x250 [ 1150.350984][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1150.356300][ T30] do_syscall_64+0xcd/0x250 [ 1150.360863][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.366967][ T30] RIP: 0033:0x7fda6457bd0c [ 1150.371442][ T30] RSP: 002b:00007fda6535aec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 1150.380164][ T30] RAX: ffffffffffffffda RBX: 00007fda6535afc0 RCX: 00007fda6457bd0c [ 1150.388223][ T30] RDX: 000000000000001c RSI: 00007fda6535b010 RDI: 000000000000000d [ 1150.396274][ T30] RBP: 0000000000000000 R08: 00007fda6535af14 R09: 000000000000000c [ 1150.404351][ T30] R10: 0000000000000000 R11: 0000000000000293 R12: 000000000000000d [ 1150.412433][ T30] R13: 00007fda6535af68 R14: 00007fda6535b010 R15: 0000000000000000 [ 1150.420445][ T30] [ 1150.423589][ T30] INFO: task syz-executor:12520 blocked for more than 145 seconds. [ 1150.431511][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1150.439244][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1150.448193][ T30] task:syz-executor state:D stack:28880 pid:12520 tgid:12520 ppid:1 flags:0x00004004 [ 1150.458494][ T30] Call Trace: [ 1150.461798][ T30] [ 1150.464913][ T30] __schedule+0xe37/0x5490 [ 1150.469396][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1150.474712][ T30] ? __pfx___schedule+0x10/0x10 [ 1150.479589][ T30] ? schedule+0x298/0x350 [ 1150.484026][ T30] ? __pfx_lock_release+0x10/0x10 [ 1150.489100][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1150.493915][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1150.499451][ T30] schedule+0xe7/0x350 [ 1150.503648][ T30] schedule_preempt_disabled+0x13/0x30 [ 1150.509185][ T30] __mutex_lock+0x5b8/0x9c0 [ 1150.513803][ T30] ? rfkill_register+0x3a/0xb40 [ 1150.518714][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1150.524594][ T30] ? lockdep_init_map_type+0x16d/0x7d0 [ 1150.530124][ T30] ? __init_waitqueue_head+0xca/0x150 [ 1150.535817][ T30] ? rfkill_register+0x3a/0xb40 [ 1150.540738][ T30] ? rfkill_alloc+0x25b/0x330 [ 1150.545535][ T30] rfkill_register+0x3a/0xb40 [ 1150.550249][ T30] hci_register_dev+0x3cc/0xc60 [ 1150.555277][ T30] __vhci_create_device+0x357/0x7e0 [ 1150.560565][ T30] vhci_write+0x2c9/0x480 [ 1150.565045][ T30] vfs_write+0x6b6/0x1140 [ 1150.569416][ T30] ? __pfx_vhci_write+0x10/0x10 [ 1150.574474][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1150.579293][ T30] ? find_held_lock+0x2d/0x110 [ 1150.584171][ T30] ? __pfx_lock_release+0x10/0x10 [ 1150.589259][ T30] ? __fget_light+0x173/0x210 [ 1150.594082][ T30] ksys_write+0x12f/0x260 [ 1150.598466][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1150.603423][ T30] ? do_user_addr_fault+0x83d/0x13f0 [ 1150.608864][ T30] do_syscall_64+0xcd/0x250 [ 1150.613487][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.619459][ T30] RIP: 0033:0x7f279ad78920 [ 1150.623986][ T30] RSP: 002b:00007fffa9a6d7b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1150.632511][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f279ad78920 [ 1150.640518][ T30] RDX: 0000000000000002 RSI: 00007fffa9a6d7ca RDI: 00000000000000ca [ 1150.648623][ T30] RBP: 00007f279af16a38 R08: 0000000000000000 R09: 00007f279ba4d6c0 [ 1150.656712][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 1150.664776][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1150.672929][ T30] [ 1150.675963][ T30] INFO: task syz-executor:12522 blocked for more than 146 seconds. [ 1150.683949][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1150.691630][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1150.700421][ T30] task:syz-executor state:D stack:28672 pid:12522 tgid:12522 ppid:1 flags:0x00000004 [ 1150.710727][ T30] Call Trace: [ 1150.714108][ T30] [ 1150.717090][ T30] __schedule+0xe37/0x5490 [ 1150.721574][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1150.727021][ T30] ? __pfx___schedule+0x10/0x10 [ 1150.731987][ T30] ? schedule+0x298/0x350 [ 1150.736372][ T30] ? __pfx_lock_release+0x10/0x10 [ 1150.741423][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1150.746215][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1150.751762][ T30] schedule+0xe7/0x350 [ 1150.755957][ T30] schedule_preempt_disabled+0x13/0x30 [ 1150.761512][ T30] __mutex_lock+0x5b8/0x9c0 [ 1150.766168][ T30] ? rfkill_register+0x3a/0xb40 [ 1150.771080][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1150.776238][ T30] ? lockdep_init_map_type+0x16d/0x7d0 [ 1150.781790][ T30] ? __init_waitqueue_head+0xca/0x150 [ 1150.787269][ T30] ? rfkill_register+0x3a/0xb40 [ 1150.792243][ T30] ? rfkill_alloc+0x25b/0x330 [ 1150.797001][ T30] rfkill_register+0x3a/0xb40 [ 1150.801730][ T30] hci_register_dev+0x3cc/0xc60 [ 1150.806694][ T30] __vhci_create_device+0x357/0x7e0 [ 1150.812011][ T30] vhci_write+0x2c9/0x480 [ 1150.816416][ T30] vfs_write+0x6b6/0x1140 [ 1150.820803][ T30] ? __pfx_vhci_write+0x10/0x10 [ 1150.825804][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1150.830616][ T30] ? find_held_lock+0x2d/0x110 [ 1150.835524][ T30] ? __pfx_lock_release+0x10/0x10 [ 1150.840599][ T30] ? __fget_light+0x173/0x210 [ 1150.845418][ T30] ksys_write+0x12f/0x260 [ 1150.849814][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1150.854811][ T30] ? do_user_addr_fault+0x83d/0x13f0 [ 1150.860206][ T30] do_syscall_64+0xcd/0x250 [ 1150.865210][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1150.871187][ T30] RIP: 0033:0x7f2d3e178920 [ 1150.875785][ T30] RSP: 002b:00007ffeafdd9788 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1150.884481][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f2d3e178920 [ 1150.893008][ T30] RDX: 0000000000000002 RSI: 00007ffeafdd979a RDI: 00000000000000ca [ 1150.901029][ T30] RBP: 00007f2d3e316a38 R08: 0000000000000000 R09: 00007f2d3ee4d6c0 [ 1150.909109][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 1150.917191][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1150.925297][ T30] [ 1150.928353][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1150.937468][ T30] INFO: task syz-executor:12524 blocked for more than 146 seconds. [ 1150.945454][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1150.953197][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1150.961961][ T30] task:syz-executor state:D stack:28880 pid:12524 tgid:12524 ppid:1 flags:0x00000004 [ 1150.972265][ T30] Call Trace: [ 1150.975576][ T30] [ 1150.978550][ T30] __schedule+0xe37/0x5490 [ 1150.983096][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1150.988363][ T30] ? __pfx___schedule+0x10/0x10 [ 1150.993347][ T30] ? schedule+0x298/0x350 [ 1150.997730][ T30] ? __pfx_lock_release+0x10/0x10 [ 1151.002859][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1151.007630][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1151.013225][ T30] schedule+0xe7/0x350 [ 1151.017390][ T30] schedule_preempt_disabled+0x13/0x30 [ 1151.022938][ T30] __mutex_lock+0x5b8/0x9c0 [ 1151.027526][ T30] ? rfkill_register+0x3a/0xb40 [ 1151.032501][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1151.037597][ T30] ? lockdep_init_map_type+0x16d/0x7d0 [ 1151.043183][ T30] ? __init_waitqueue_head+0xca/0x150 [ 1151.048629][ T30] ? rfkill_register+0x3a/0xb40 [ 1151.053634][ T30] ? rfkill_alloc+0x25b/0x330 [ 1151.058342][ T30] rfkill_register+0x3a/0xb40 [ 1151.063202][ T30] hci_register_dev+0x3cc/0xc60 [ 1151.068114][ T30] __vhci_create_device+0x357/0x7e0 [ 1151.073429][ T30] vhci_write+0x2c9/0x480 [ 1151.077843][ T30] vfs_write+0x6b6/0x1140 [ 1151.082478][ T30] ? __pfx_vhci_write+0x10/0x10 [ 1151.087395][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1151.092281][ T30] ? find_held_lock+0x2d/0x110 [ 1151.097327][ T30] ? __pfx_lock_release+0x10/0x10 [ 1151.102679][ T30] ? __fget_light+0x173/0x210 [ 1151.107424][ T30] ksys_write+0x12f/0x260 [ 1151.111799][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1151.116783][ T30] ? do_user_addr_fault+0x83d/0x13f0 [ 1151.122188][ T30] do_syscall_64+0xcd/0x250 [ 1151.126729][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.132830][ T30] RIP: 0033:0x7f9526178920 [ 1151.137286][ T30] RSP: 002b:00007ffebe332c38 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1151.145804][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f9526178920 [ 1151.153877][ T30] RDX: 0000000000000002 RSI: 00007ffebe332c4a RDI: 00000000000000ca [ 1151.162027][ T30] RBP: 00007f9526316a38 R08: 0000000000000000 R09: 00007f9526e4d6c0 [ 1151.170322][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 1151.178435][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1151.186518][ T30] [ 1151.189548][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1151.198699][ T30] INFO: task syz-executor:12526 blocked for more than 146 seconds. [ 1151.206689][ T30] Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1151.214410][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1151.223174][ T30] task:syz-executor state:D stack:28880 pid:12526 tgid:12526 ppid:1 flags:0x00000004 [ 1151.233510][ T30] Call Trace: [ 1151.236834][ T30] [ 1151.239794][ T30] __schedule+0xe37/0x5490 [ 1151.244349][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1151.249636][ T30] ? __pfx___schedule+0x10/0x10 [ 1151.254643][ T30] ? schedule+0x298/0x350 [ 1151.259038][ T30] ? __pfx_lock_release+0x10/0x10 [ 1151.264145][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1151.268885][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1151.274454][ T30] schedule+0xe7/0x350 [ 1151.278575][ T30] schedule_preempt_disabled+0x13/0x30 [ 1151.284191][ T30] __mutex_lock+0x5b8/0x9c0 [ 1151.288844][ T30] ? rfkill_register+0x3a/0xb40 [ 1151.293790][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1151.298877][ T30] ? lockdep_init_map_type+0x16d/0x7d0 [ 1151.304504][ T30] ? __init_waitqueue_head+0xca/0x150 [ 1151.310046][ T30] ? rfkill_register+0x3a/0xb40 [ 1151.315011][ T30] ? rfkill_alloc+0x25b/0x330 [ 1151.319743][ T30] rfkill_register+0x3a/0xb40 [ 1151.324535][ T30] hci_register_dev+0x3cc/0xc60 [ 1151.329452][ T30] __vhci_create_device+0x357/0x7e0 [ 1151.334769][ T30] vhci_write+0x2c9/0x480 [ 1151.339152][ T30] vfs_write+0x6b6/0x1140 [ 1151.343584][ T30] ? __pfx_vhci_write+0x10/0x10 [ 1151.348503][ T30] ? __pfx_vfs_write+0x10/0x10 [ 1151.353371][ T30] ? find_held_lock+0x2d/0x110 [ 1151.358216][ T30] ? __pfx_lock_release+0x10/0x10 [ 1151.363335][ T30] ? __fget_light+0x173/0x210 [ 1151.368168][ T30] ksys_write+0x12f/0x260 [ 1151.372771][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1151.377689][ T30] ? do_user_addr_fault+0x83d/0x13f0 [ 1151.383207][ T30] do_syscall_64+0xcd/0x250 [ 1151.387786][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.393816][ T30] RIP: 0033:0x7f11d2178920 [ 1151.398273][ T30] RSP: 002b:00007fff60179b28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 1151.406890][ T30] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f11d2178920 [ 1151.415149][ T30] RDX: 0000000000000002 RSI: 00007fff60179b3a RDI: 00000000000000ca [ 1151.423279][ T30] RBP: 00007f11d2316a38 R08: 0000000000000000 R09: 00007f11d2e4d6c0 [ 1151.431292][ T30] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000c [ 1151.439352][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 1151.447544][ T30] [ 1151.450600][ T30] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1151.459696][ T30] [ 1151.459696][ T30] Showing all locks held in the system: [ 1151.467491][ T30] 1 lock held by khungtaskd/30: [ 1151.472429][ T30] #0: ffffffff8ddb5ba0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 1151.482508][ T30] 2 locks held by dhcpcd/4883: [ 1151.487339][ T30] #0: ffffffff8fac0670 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1151.495651][ T30] #1: ffffffff8fac0728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800 [ 1151.504822][ T30] 2 locks held by getty/4975: [ 1151.509574][ T30] #0: ffff88802fb900a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1151.519559][ T30] #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfc8/0x1490 [ 1151.529877][ T30] 3 locks held by kworker/0:5/5292: [ 1151.535191][ T30] #0: ffff888015880948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40 [ 1151.545837][ T30] #1: ffffc90003e5fd80 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40 [ 1151.559107][ T30] #2: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_global_led_trigger_worker+0x1b/0x160 [ 1151.571031][ T30] 3 locks held by syz-executor/12132: [ 1151.576605][ T30] #0: ffffffff8fac0670 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1151.584987][ T30] #1: ffffffff8fac0728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800 [ 1151.594299][ T30] #2: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.604420][ T30] 2 locks held by syz-executor/12407: [ 1151.609804][ T30] #0: ffffffff8fac0670 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1151.618153][ T30] #1: ffffffff8fac0728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800 [ 1151.627269][ T30] 2 locks held by syz.0.1522/12499: [ 1151.632595][ T30] #0: ffffffff8fac0670 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1151.640885][ T30] #1: ffffffff8fac0728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800 [ 1151.650049][ T30] 2 locks held by syz.0.1522/12506: [ 1151.655344][ T30] #0: ffff88801f9c4100 (&dev->mutex){....}-{3:3}, at: nfc_unregister_device+0x60/0x330 [ 1151.665285][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_unregister+0xde/0x2c0 [ 1151.675610][ T30] 2 locks held by syz.2.1523/12507: [ 1151.680840][ T30] #0: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x16e/0x570 [ 1151.691066][ T30] #1: ffff88801f9c4100 (&dev->mutex){....}-{3:3}, at: nfc_dev_down+0x2d/0x2e0 [ 1151.700184][ T30] 2 locks held by syz.3.1526/12516: [ 1151.705459][ T30] #0: ffffffff8fac0670 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1151.713817][ T30] #1: ffffffff8fac0728 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg+0x580/0x800 [ 1151.723054][ T30] 2 locks held by syz-executor/12520: [ 1151.728462][ T30] #0: ffff88802aa18118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.738038][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.748177][ T30] 2 locks held by syz-executor/12522: [ 1151.753627][ T30] #0: ffff88802aa1a118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.763285][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.773396][ T30] 2 locks held by syz-executor/12524: [ 1151.778813][ T30] #0: ffff888020491918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.788385][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.798499][ T30] 2 locks held by syz-executor/12526: [ 1151.804146][ T30] #0: ffff88807b798918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.813760][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.823891][ T30] 2 locks held by syz-executor/12529: [ 1151.829326][ T30] #0: ffff88807c424118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.838858][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.849228][ T30] 2 locks held by syz-executor/12532: [ 1151.854719][ T30] #0: ffff88806057f918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.864276][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.874365][ T30] 2 locks held by syz-executor/12535: [ 1151.879772][ T30] #0: ffff88801db26918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.889851][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.899947][ T30] 2 locks held by syz-executor/12537: [ 1151.905417][ T30] #0: ffff888044278118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.915013][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.925106][ T30] 2 locks held by syz-executor/12539: [ 1151.930525][ T30] #0: ffff888021b91118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.940085][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.950179][ T30] 2 locks held by syz-executor/12542: [ 1151.955660][ T30] #0: ffff88806334a918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.965286][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1151.975402][ T30] 2 locks held by syz-executor/12545: [ 1151.980821][ T30] #0: ffff8880192c6118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1151.990379][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1152.000485][ T30] 2 locks held by syz-executor/12548: [ 1152.005950][ T30] #0: ffff88802a728118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1152.015526][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1152.025732][ T30] 2 locks held by syz-executor/12550: [ 1152.031143][ T30] #0: ffff88807bb6b918 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1152.040685][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1152.050762][ T30] 2 locks held by syz-executor/12552: [ 1152.056209][ T30] #0: ffff88807bac6118 (&data->open_mutex){+.+.}-{3:3}, at: vhci_write+0x2bd/0x480 [ 1152.065778][ T30] #1: ffffffff8feac728 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_register+0x3a/0xb40 [ 1152.076027][ T30] [ 1152.078392][ T30] ============================================= [ 1152.078392][ T30] [ 1152.087014][ T30] NMI backtrace for cpu 0 [ 1152.091398][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1152.101929][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1152.112005][ T30] Call Trace: [ 1152.115302][ T30] [ 1152.118261][ T30] dump_stack_lvl+0x116/0x1f0 [ 1152.122979][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1152.127970][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1152.133998][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1152.140017][ T30] watchdog+0xf0c/0x1240 [ 1152.144302][ T30] ? __pfx_watchdog+0x10/0x10 [ 1152.149016][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1152.154250][ T30] ? __kthread_parkme+0x148/0x220 [ 1152.159318][ T30] ? __pfx_watchdog+0x10/0x10 [ 1152.164116][ T30] kthread+0x2c1/0x3a0 [ 1152.168219][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1152.173455][ T30] ? __pfx_kthread+0x10/0x10 [ 1152.178069][ T30] ret_from_fork+0x45/0x80 [ 1152.182526][ T30] ? __pfx_kthread+0x10/0x10 [ 1152.187145][ T30] ret_from_fork_asm+0x1a/0x30 [ 1152.191959][ T30] [ 1152.195688][ T30] Sending NMI from CPU 0 to CPUs 1: [ 1152.200966][ C1] NMI backtrace for cpu 1 [ 1152.200980][ C1] CPU: 1 UID: 0 PID: 5498 Comm: kworker/u8:10 Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1152.201012][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1152.201029][ C1] Workqueue: bat_events batadv_nc_worker [ 1152.201070][ C1] RIP: 0010:__lock_acquire+0xbb3/0x3cb0 [ 1152.201104][ C1] Code: 48 c7 c2 74 21 13 90 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 0f b6 14 02 48 c7 c0 74 21 13 90 83 e0 07 83 c0 03 38 d0 7c 08 <84> d2 0f 85 a6 30 00 00 44 8b 1d 32 ed aa 0e 45 85 db 75 40 44 8b [ 1152.201128][ C1] RSP: 0018:ffffc90002e8f950 EFLAGS: 00000002 [ 1152.201147][ C1] RAX: 0000000000000007 RBX: 0ca86e78e4147fdb RCX: ffffffff816836d8 [ 1152.201164][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000ca86e780 [ 1152.201180][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff28c54d8 [ 1152.201196][ C1] R10: ffffffff9462a6c7 R11: 0000000000000002 R12: dffffc0000000000 [ 1152.201212][ C1] R13: ffff88805f3b8b30 R14: 0000000000000004 R15: ffff88805f3b8000 [ 1152.201228][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 1152.201253][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1152.201271][ C1] CR2: 000055655447fcc0 CR3: 000000000db7c000 CR4: 00000000003506f0 [ 1152.201288][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1152.201303][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1152.201319][ C1] Call Trace: [ 1152.201327][ C1] [ 1152.201336][ C1] ? show_regs+0x8c/0xa0 [ 1152.201375][ C1] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1152.201411][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1152.201465][ C1] ? nmi_handle+0x1a9/0x5c0 [ 1152.201489][ C1] ? __lock_acquire+0xbb3/0x3cb0 [ 1152.201526][ C1] ? default_do_nmi+0x6a/0x160 [ 1152.201553][ C1] ? exc_nmi+0x170/0x1e0 [ 1152.201578][ C1] ? end_repeat_nmi+0xf/0x53 [ 1152.201607][ C1] ? __lock_acquire+0xe58/0x3cb0 [ 1152.201637][ C1] ? __lock_acquire+0xbb3/0x3cb0 [ 1152.201668][ C1] ? __lock_acquire+0xbb3/0x3cb0 [ 1152.201699][ C1] ? __lock_acquire+0xbb3/0x3cb0 [ 1152.201728][ C1] [ 1152.201736][ C1] [ 1152.201748][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 1152.201780][ C1] ? __pfx_register_lock_class+0x10/0x10 [ 1152.201813][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 1152.201846][ C1] lock_acquire+0x1b1/0x560 [ 1152.201877][ C1] ? batadv_nc_worker+0x164/0x1060 [ 1152.201922][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1152.201957][ C1] ? batadv_nc_worker+0x887/0x1060 [ 1152.202001][ C1] ? __pfx_lock_release+0x10/0x10 [ 1152.202040][ C1] ? __pfx___lock_acquire+0x10/0x10 [ 1152.202079][ C1] batadv_nc_worker+0x16a/0x1060 [ 1152.202120][ C1] ? batadv_nc_worker+0x164/0x1060 [ 1152.202160][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 1152.202199][ C1] ? __pfx_lock_release+0x10/0x10 [ 1152.202234][ C1] process_one_work+0x9c5/0x1b40 [ 1152.202272][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 1152.202310][ C1] ? __pfx_process_one_work+0x10/0x10 [ 1152.202346][ C1] ? assign_work+0x1a0/0x250 [ 1152.202376][ C1] worker_thread+0x6c8/0xf20 [ 1152.202414][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1152.202447][ C1] kthread+0x2c1/0x3a0 [ 1152.202469][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1152.202507][ C1] ? __pfx_kthread+0x10/0x10 [ 1152.202530][ C1] ret_from_fork+0x45/0x80 [ 1152.202569][ C1] ? __pfx_kthread+0x10/0x10 [ 1152.202593][ C1] ret_from_fork_asm+0x1a/0x30 [ 1152.202635][ C1] [ 1152.222072][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1152.222117][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-rc3-syzkaller-00338-gc3f2d783a459 #0 [ 1152.222160][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1152.222182][ T30] Call Trace: [ 1152.222194][ T30] [ 1152.222206][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1152.222249][ T30] panic+0x6f5/0x7a0 [ 1152.222288][ T30] ? __pfx_panic+0x10/0x10 [ 1152.222327][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1152.222365][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1152.222416][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1152.222451][ T30] ? watchdog+0xd76/0x1240 [ 1152.222507][ T30] ? watchdog+0xd69/0x1240 [ 1152.222554][ T30] watchdog+0xd87/0x1240 [ 1152.222617][ T30] ? __pfx_watchdog+0x10/0x10 [ 1152.222662][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1152.222708][ T30] ? __kthread_parkme+0x148/0x220 [ 1152.222769][ T30] ? __pfx_watchdog+0x10/0x10 [ 1152.222815][ T30] kthread+0x2c1/0x3a0 [ 1152.222845][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1152.222889][ T30] ? __pfx_kthread+0x10/0x10 [ 1152.222920][ T30] ret_from_fork+0x45/0x80 [ 1152.222972][ T30] ? __pfx_kthread+0x10/0x10 [ 1152.223003][ T30] ret_from_fork_asm+0x1a/0x30 [ 1152.223058][ T30] [ 1152.228541][ T30] Kernel Offset: disabled [ 1152.672614][ T30] Rebooting in 86400 seconds..