last executing test programs: 22.014044936s ago: executing program 0 (id=11424): r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ftruncate(r1, 0x0) 21.974263389s ago: executing program 0 (id=11425): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000007c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="1d000000", @ANYRES16=r1, @ANYBLOB="5d00000000000000000001"], 0x38}}, 0x0) 21.93529724s ago: executing program 0 (id=11426): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b27, &(0x7f0000000040)) 21.867487715s ago: executing program 0 (id=11428): r0 = memfd_create(&(0x7f0000000280)='%\x00', 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) preadv2(r0, &(0x7f0000000340)=[{&(0x7f0000000180)=""/157, 0x9d}], 0x1, 0x0, 0x0, 0x0) 21.818508671s ago: executing program 0 (id=11430): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000200)='./file0/bus\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0) 21.760003748s ago: executing program 0 (id=11432): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000540)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000200)="adfae70b2627", 0x0, 0x0, 0x0, 0x0, 0x0}) 11.485414266s ago: executing program 1 (id=11532): syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RENAMEAT={0x23, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x101a02, 0x0) pwritev(r0, &(0x7f0000002240)=[{&(0x7f00000001c0)="94", 0x8}], 0x1, 0x0, 0x0) 11.181989841s ago: executing program 1 (id=11534): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "f1"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x78}}, 0x0) 10.807725351s ago: executing program 1 (id=11537): syz_init_net_socket$netrom(0x6, 0x5, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8) 8.830736537s ago: executing program 2 (id=11549): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) readv(r0, 0x0, 0x0) 8.534319143s ago: executing program 2 (id=11550): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000140)) get_robust_list(r0, 0x0, 0x0) 8.194478189s ago: executing program 2 (id=11551): unshare(0x2a020400) r0 = socket$rds(0x15, 0x5, 0x0) ioctl$sock_ifreq(r0, 0x89b1, &(0x7f0000000100)={'bond0\x00', @ifru_names='bond_slave_1\x00'}) 7.807120189s ago: executing program 2 (id=11555): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f00000000c0)=0x81, 0x4) getsockopt$inet_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000100)) 7.791799243s ago: executing program 1 (id=11556): r0 = io_uring_setup(0x2026, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)=""/225, 0xe1}, {0x0, 0xfffffffffffffecf}], 0x0, 0x11a}, 0x20) 7.525418435s ago: executing program 2 (id=11559): r0 = memfd_secret(0x0) fcntl$setlease(r0, 0x400, 0x1) fremovexattr(r0, &(0x7f0000000180)=@known='user.incfs.size\x00') 7.246232813s ago: executing program 2 (id=11562): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0xfffd, 0x0, @mcast2, 0x5}}}, 0x88) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000040)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 7.003383327s ago: executing program 4 (id=11563): r0 = socket$inet6(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x10) 6.965035023s ago: executing program 1 (id=11564): r0 = socket$netlink(0x10, 0x3, 0xb) setresuid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000300)=0xd, 0x4) 6.809211828s ago: executing program 4 (id=11565): r0 = socket(0x2b, 0x80801, 0x1) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, 0x0, 0x0) 6.735934391s ago: executing program 1 (id=11566): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x162682, 0x0) r1 = dup(r0) fallocate(r1, 0x10, 0x0, 0x62000) 6.563337726s ago: executing program 4 (id=11567): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f0000004180)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_open_procfs(r1, 0x0) 6.460913419s ago: executing program 4 (id=11568): r0 = syz_open_dev$sndctrl(&(0x7f0000000e00), 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000700)={{0x1, 0x0, 0x2, 0x9, '\x00', 0x5}, 0x0, [0x5, 0x0, 0x3, 0x4000000000036, 0x401, 0x0, 0x1ff, 0x5, 0x7, 0x0, 0x9, 0x7f, 0x9, 0x0, 0x1, 0x1, 0x75f0b789, 0x83a, 0xffffffff, 0x0, 0x7, 0x0, 0x1a0c, 0x81, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x243, 0x0, 0x1, 0x0, 0x0, 0x401, 0x5, 0x3, 0x9, 0x0, 0x2, 0xfff8000000000000, 0x79, 0x9, 0xe5, 0x0, 0xfffffffffffff800, 0x1, 0x8000000000000001, 0x1, 0x81, 0x7, 0xb, 0x0, 0x0, 0x0, 0x0, 0x400000008000, 0x9, 0x0, 0x4a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x77, 0x8000000000000000, 0x7, 0x9c0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x200, 0x0, 0x0, 0x0, 0x2, 0x31, 0x0, 0x200, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff7fffffff, 0x7, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x8, 0x8, 0x20, 0x0, 0x0, 0x3ff, 0x10001, 0x7f, 0xfffffffd, 0x100000000, 0xfffffffffffffffe, 0x0, 0x1f, 0x0, 0x7fffffff]}) 6.31211759s ago: executing program 4 (id=11569): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x1004004, 0x0) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000340)) 6.171393159s ago: executing program 4 (id=11570): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x5, 0x2}}}, 0x24}}, 0x0) 563.632327ms ago: executing program 3 (id=11586): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000040)={0x0, 0x3938700}, 0x0, 0x0) 408.191433ms ago: executing program 3 (id=11587): r0 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x6e93ebbbcc0884f2, 0x148, &(0x7f0000000300)={0x0, 0x1, 0x3, 0x10}) clock_gettime(0x1, &(0x7f0000000c40)={0x0, 0x0}) mq_timedreceive(r0, &(0x7f0000000840)=""/44, 0x2c, 0x9, &(0x7f0000001980)={r1, r2+60000000}) 334.75323ms ago: executing program 3 (id=11588): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x0, 0x0, {0x2}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6}]}]}, 0x20}}, 0x0) 217.179793ms ago: executing program 3 (id=11589): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={{0x14, 0x10, 0x9000, 0x6}, [@NFT_MSG_NEWSET={0x38, 0x9, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x60}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0) 108.83833ms ago: executing program 3 (id=11590): r0 = syz_io_uring_setup(0x24fd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=11591): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4002}) writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="0bc3", 0x2}, {&(0x7f0000000640)='\x00\x00', 0x2}], 0x2) kernel console output (not intermixed with test programs): mm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.530940][ T5320] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 554.540957][ T5320] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 554.551394][ T29] audit: type=1326 audit(2000000177.670:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.573827][ T2637] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 554.574291][ T29] audit: type=1326 audit(2000000177.670:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.596939][ T5320] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 554.604308][ T29] audit: type=1326 audit(2000000177.670:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.635671][ T5320] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 554.645195][ T29] audit: type=1326 audit(2000000177.670:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.667745][ T29] audit: type=1326 audit(2000000177.670:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.689098][ T5273] usb 5-1: USB disconnect, device number 100 [ 554.689408][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.701872][ T29] audit: type=1326 audit(2000000177.670:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27473 comm="syz.2.10617" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 554.712524][ T5320] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 554.723508][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.760952][ T5320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.792654][ T5320] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 554.844639][ T2637] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 554.859389][ T2637] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.875703][ T2637] usb 4-1: Product: syz [ 554.880353][ T2637] usb 4-1: Manufacturer: syz [ 554.884983][ T2637] usb 4-1: SerialNumber: syz [ 554.887170][ T5301] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 554.913864][ T2637] usb 4-1: config 0 descriptor?? [ 554.963787][ T5320] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 554.994278][ T5320] usb 1-1: USB disconnect, device number 21 [ 555.056104][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 555.067658][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.083332][ T5301] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 555.103250][ T5301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.130432][ T5301] usb 3-1: config 0 descriptor?? [ 555.513895][ T2637] usb 4-1: Firmware version (0.0) predates our first public release. [ 555.524150][ T2637] usb 4-1: Please update to version 0.2 or newer [ 555.597577][ T5301] zydacron 0003:13EC:0006.002A: item fetching failed at offset 4/5 [ 555.606415][ T5301] zydacron 0003:13EC:0006.002A: parse failed [ 555.612545][ T5301] zydacron 0003:13EC:0006.002A: probe with driver zydacron failed with error -22 [ 555.674972][ T2637] usb 4-1: USB disconnect, device number 34 [ 555.778405][ T5320] usb 3-1: USB disconnect, device number 28 [ 556.073404][T27531] overlayfs: lower data-only dirs require metacopy support. [ 556.079561][ T29] audit: type=1400 audit(2000000179.376:241): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=27532 comm="syz.3.10645" daddr=::ffff:172.20.20.187 dest=11810 [ 556.557635][ T5320] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 556.574887][ T2637] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 556.705991][ T5320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.717381][ T5320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 556.729574][ T2637] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 556.738001][ T2637] usb 3-1: config 0 has no interface number 0 [ 556.747321][ T2637] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 556.768423][ T5320] usb 4-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00 [ 556.787924][ T2637] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 556.807148][ T5320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.821664][ T2637] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 556.845632][ T5320] usb 4-1: config 0 descriptor?? [ 556.865742][ T2637] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.902406][ T2637] usb 3-1: config 0 descriptor?? [ 557.243320][ T5320] kye 0003:0458:501B.002B: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 557.284879][ T5320] kye 0003:0458:501B.002B: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.3-1/input0 [ 557.313623][ T2637] prodikeys 0003:041E:2801.002C: item fetching failed at offset 5/7 [ 557.323173][ T5320] kye 0003:0458:501B.002B: tablet-enabling feature report not found [ 557.344587][ T2637] prodikeys 0003:041E:2801.002C: hid parse failed [ 557.351589][ T5320] kye 0003:0458:501B.002B: tablet enabling failed [ 557.361270][ T2637] prodikeys 0003:041E:2801.002C: probe with driver prodikeys failed with error -22 [ 557.438223][ T937] usb 4-1: USB disconnect, device number 35 [ 557.528845][ T2637] usb 3-1: USB disconnect, device number 29 [ 557.802565][T27546] kexec: Could not allocate control_code_buffer [ 558.136720][T27591] No control pipe specified [ 558.181138][T27593] bridge0: port 3(team0) entered disabled state [ 558.187779][T27593] bridge0: port 2(bridge_slave_1) entered disabled state [ 558.195030][T27593] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.225930][T27593] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 559.286740][T27658] program syz.0.10704 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 559.919325][T27677] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 560.804852][T27698] tipc: Started in network mode [ 560.811506][T27698] tipc: Node identity d, cluster identity 4711 [ 560.830311][T27698] tipc: Node number set to 13 [ 560.937739][T27702] netlink: 'syz.2.10723': attribute type 2 has an invalid length. [ 561.552593][ T5320] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 561.709462][ T5320] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 561.718561][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.776495][ T5320] usb 2-1: config 0 descriptor?? [ 561.785879][ T5320] cp210x 2-1:0.0: cp210x converter detected [ 562.363315][ T5320] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 562.373301][ T5320] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 562.405183][ T5320] usb 2-1: cp210x converter now attached to ttyUSB0 [ 562.462685][ T5320] usb 2-1: USB disconnect, device number 30 [ 562.502714][ T5320] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 562.531346][ T5320] cp210x 2-1:0.0: device disconnected [ 563.702751][T27757] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10746'. [ 563.738042][T27759] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10747'. [ 563.750970][ T5320] usb 2-1: new full-speed USB device number 31 using dummy_hcd [ 563.911338][ T5320] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 563.934351][ T5320] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.954766][ T5320] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 563.975775][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.013857][ T5320] usb 2-1: config 0 descriptor?? [ 564.037616][ T5320] hub 2-1:0.0: USB hub found [ 564.231069][ T5320] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 564.543510][ T5320] usbhid 2-1:0.0: can't add hid device: -71 [ 564.561967][ T5320] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 564.620670][ T5320] usb 2-1: USB disconnect, device number 31 [ 566.220659][T27812] IPVS: length: 60 != 8 [ 566.528612][ T29] audit: type=1400 audit(2000000190.481:242): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=27815 comm="syz.3.10771" daddr=::ffff:127.0.0.1 [ 566.658965][T27822] netlink: 'syz.2.10775': attribute type 1 has an invalid length. [ 567.623140][T27844] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.10784'. [ 567.664989][T27844] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 567.731137][ T5320] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 567.890403][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.906079][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.947646][ T5320] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 568.001425][ T5320] usb 1-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00 [ 568.031964][ T5320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.078182][ T5320] usb 1-1: config 0 descriptor?? [ 568.271073][ T5273] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 568.420925][T27860] sp0: Synchronizing with TNC [ 568.432717][ T5273] usb 3-1: Using ep0 maxpacket: 16 [ 568.479179][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 568.499377][ T5320] elecom 0003:056E:010C.002D: unknown main item tag 0x1 [ 568.520749][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 568.540818][ T5320] elecom 0003:056E:010C.002D: item fetching failed at offset 24/41 [ 568.565139][ T5273] usb 3-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00 [ 568.581389][ T5320] elecom 0003:056E:010C.002D: probe with driver elecom failed with error -22 [ 568.599575][ T5273] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.640455][ T5273] usb 3-1: config 0 descriptor?? [ 568.728471][ T5320] usb 1-1: USB disconnect, device number 22 [ 569.080530][ T5273] mcp2200 0003:04D8:00DF.002E: item fetching failed at offset 2/5 [ 569.101222][ T5273] mcp2200 0003:04D8:00DF.002E: can't parse reports [ 569.129905][ T5273] mcp2200 0003:04D8:00DF.002E: probe with driver mcp2200 failed with error -22 [ 569.275843][ T5273] usb 3-1: USB disconnect, device number 30 [ 569.320085][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 569.330769][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 569.339647][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 569.349793][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 569.359862][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 569.382953][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 569.522130][ T29] audit: type=1400 audit(2000000193.785:243): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=27888 comm="syz.0.10804" dest=2 [ 569.555145][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.571867][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 569.720211][ T29] audit: type=1326 audit(2000000194.011:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27898 comm="syz.1.10809" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x0 [ 569.768626][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.781173][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 569.838130][ T5273] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 569.913804][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 569.931730][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 569.987737][ T5273] usb 1-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=c2.c6 [ 569.987772][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.998516][ T5273] usb 1-1: config 0 descriptor?? [ 570.088237][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.088335][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 570.190052][ T5273] mxuport 1-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 570.190366][ T5273] mxuport 1-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71) [ 570.190417][ T5273] mxuport 1-1:0.0: probe with driver mxuport failed with error -71 [ 570.193401][ T5273] usb 1-1: USB disconnect, device number 23 [ 570.322573][ T5301] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 570.376476][ T12] bridge_slave_1: left allmulticast mode [ 570.376582][ T12] bridge_slave_1: left promiscuous mode [ 570.378527][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.418232][ T12] bridge_slave_0: left allmulticast mode [ 570.425650][ T12] bridge_slave_0: left promiscuous mode [ 570.425834][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 570.473047][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.499784][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.518192][ T5301] usb 4-1: New USB device found, idVendor=056a, idProduct=0325, bcdDevice= 0.00 [ 570.543135][ T5301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.561755][ T5301] usb 4-1: config 0 descriptor?? [ 570.965315][ T5301] wacom 0003:056A:0325.002F: hidraw0: USB HID v0.00 Device [HID 056a:0325] on usb-dummy_hcd.3-1/input0 [ 571.076848][ T5366] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 571.111864][ T5320] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 571.167340][ T5301] usb 4-1: USB disconnect, device number 36 [ 571.226368][ T5366] usb 1-1: Using ep0 maxpacket: 16 [ 571.235928][ T5366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.252050][ T5366] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.262155][ T5366] usb 1-1: New USB device found, idVendor=0c70, idProduct=f012, bcdDevice= 0.00 [ 571.272363][ T5320] usb 3-1: Using ep0 maxpacket: 8 [ 571.277922][ T5366] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.287457][ T5320] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.301015][ T5366] usb 1-1: config 0 descriptor?? [ 571.310574][ T5320] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 571.349292][ T5320] usb 3-1: New USB device found, idVendor=056a, idProduct=003f, bcdDevice= 0.00 [ 571.371292][ T5320] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 571.379991][T25120] Bluetooth: hci1: command tx timeout [ 571.403286][ T5320] usb 3-1: config 0 descriptor?? [ 571.516698][ T12] @ (unregistering): (slave 50ª): Releasing backup interface [ 571.537504][ T12] @ (unregistering): (slave bond_slave_1): Releasing backup interface [ 571.549321][ T12] @ (unregistering): Released all slaves [ 571.564390][ T12] bond1 (unregistering): Released all slaves [ 571.585147][T27878] chnl_net:caif_netlink_parms(): no params data found [ 571.706391][ T5366] aquacomputer_d5next 0003:0C70:F012.0030: unknown main item tag 0x0 [ 571.716462][ T5366] aquacomputer_d5next 0003:0C70:F012.0030: unknown main item tag 0x0 [ 571.728377][ T5366] aquacomputer_d5next 0003:0C70:F012.0030: hidraw0: USB HID v0.00 Device [HID 0c70:f012] on usb-dummy_hcd.0-1/input0 [ 571.760760][ T12] : left promiscuous mode [ 571.804808][ T5320] wacom 0003:056A:003F.0031: hidraw1: USB HID v0.00 Device [HID 056a:003f] on usb-dummy_hcd.2-1/input0 [ 571.908197][ T5366] usb 1-1: USB disconnect, device number 24 [ 571.996220][ T5301] usb 3-1: USB disconnect, device number 31 [ 572.003968][ T12] tipc: Disabling bearer [ 572.047683][ T12] tipc: Left network mode [ 572.055964][T27878] bridge0: port 1(bridge_slave_0) entered blocking state [ 572.080030][T27878] bridge0: port 1(bridge_slave_0) entered disabled state [ 572.139525][T27878] bridge_slave_0: entered allmulticast mode [ 572.156680][T27878] bridge_slave_0: entered promiscuous mode [ 572.188179][T27878] bridge0: port 2(bridge_slave_1) entered blocking state [ 572.206347][T27878] bridge0: port 2(bridge_slave_1) entered disabled state [ 572.213911][T27878] bridge_slave_1: entered allmulticast mode [ 572.243370][T27878] bridge_slave_1: entered promiscuous mode [ 572.495660][T27878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.545295][T27878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.810949][ T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 572.983598][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 573.004479][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 573.020144][ T9] usb 1-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00 [ 573.071237][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.091632][T27878] team0: Port device team_slave_0 added [ 573.100361][ T5301] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 573.136721][ T9] usb 1-1: config 0 descriptor?? [ 573.137876][T27878] team0: Port device team_slave_1 added [ 573.278669][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 573.295914][T27983] syz.1.10837 (27983): /proc/27982/oom_adj is deprecated, please use /proc/27982/oom_score_adj instead. [ 573.307806][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 573.317053][T25120] Bluetooth: hci1: command tx timeout [ 573.347701][ T5301] usb 3-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 573.386334][T27878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.404531][ T5301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.421526][T27878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.451565][ T5301] usb 3-1: config 0 descriptor?? [ 573.476777][T27878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 573.509443][ T937] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 573.512032][T27878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 573.556939][T27878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.567386][ T9] wacom 0003:056A:00D1.0032: Unknown device_type for 'HID 056a:00d1'. Assuming pen. [ 573.624395][T27878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 573.668438][ T9] wacom 0003:056A:00D1.0032: hidraw0: USB HID v0.00 Device [HID 056a:00d1] on usb-dummy_hcd.0-1/input0 [ 573.707750][ T937] usb 4-1: config 0 interface 0 altsetting 144 endpoint 0x81 has invalid wMaxPacketSize 0 [ 573.725244][ T9] input: Wacom Bamboo 2FG 4x5 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:056A:00D1.0032/input/input122 [ 573.744200][ T937] usb 4-1: config 0 interface 0 has no altsetting 0 [ 573.755670][ T937] usb 4-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 573.768730][ T937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.800452][ T937] usb 4-1: config 0 descriptor?? [ 573.891762][ T9] usb 1-1: USB disconnect, device number 25 [ 573.920544][ T5301] wacom 0003:056A:00F8.0033: hidraw1: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.2-1/input0 [ 574.148987][ T5366] usb 3-1: USB disconnect, device number 32 [ 574.183005][T27878] hsr_slave_0: entered promiscuous mode [ 574.192833][T27878] hsr_slave_1: entered promiscuous mode [ 574.201938][T27878] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 574.210682][T27878] Cannot create hsr debugfs directory [ 574.278877][ T937] wacom 0003:056A:032B.0034: hidraw0: USB HID v0.00 Device [HID 056a:032b] on usb-dummy_hcd.3-1/input0 [ 574.340070][ T5320] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 574.434470][ T9] usb 4-1: USB disconnect, device number 37 [ 574.512153][ T5320] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.534669][ T5320] usb 2-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 574.547518][ T12] hsr_slave_0: left promiscuous mode [ 574.557436][ T12] hsr_slave_1: left promiscuous mode [ 574.563405][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.577838][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 574.589076][ T5320] usb 2-1: config 0 descriptor?? [ 574.603628][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 574.621762][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 574.637051][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 574.692592][ T12] veth1_macvtap: left promiscuous mode [ 574.699226][ T12] veth0_macvtap: left promiscuous mode [ 574.705670][ T12] veth1_vlan: left promiscuous mode [ 574.712026][ T12] @ÿ: left promiscuous mode [ 575.009012][ T5320] hid-steam 0003:28DE:1205.0035: : USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.1-1/input0 [ 575.105094][ T5320] hid-steam 0003:28DE:1205.0035: Steam Controller 'XXXXXXXXXX' connected [ 575.135340][ T5320] input: Steam Deck as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1205.0035/input/input131 [ 575.167290][ T5320] input: Steam Deck Motion Sensors as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:28DE:1205.0035/input/input132 [ 575.252787][T25120] Bluetooth: hci1: command tx timeout [ 575.298470][ T5320] hid-steam 0003:28DE:1205.0036: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.1-1/input0 [ 575.316655][ T5320] usb 2-1: USB disconnect, device number 32 [ 575.409799][ T5320] hid-steam 0003:28DE:1205.0035: Steam Controller 'XXXXXXXXXX' disconnected [ 576.717746][ T29] audit: type=1326 audit(2000000201.532:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28037 comm="syz.0.10856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 576.766481][T28043] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false [ 576.790358][ T29] audit: type=1326 audit(2000000201.532:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28037 comm="syz.0.10856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 576.856394][T28047] devtmpfs: Too few inodes for current use [ 576.883883][ T29] audit: type=1326 audit(2000000201.532:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28037 comm="syz.0.10856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=281 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 576.950248][ T29] audit: type=1326 audit(2000000201.660:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28037 comm="syz.0.10856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 577.012407][ T29] audit: type=1326 audit(2000000201.660:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28037 comm="syz.0.10856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 577.107922][ T29] audit: type=1326 audit(2000000201.929:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28057 comm="syz.2.10863" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x0 [ 577.190797][T25120] Bluetooth: hci1: command tx timeout [ 577.322668][T28071] netlink: 48 bytes leftover after parsing attributes in process `syz.2.10866'. [ 577.560577][ T29] audit: type=1326 audit(2000000202.433:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28081 comm="syz.2.10871" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc213b7dff9 code=0x0 [ 577.661488][ T937] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 577.781955][T28091] program syz.1.10874 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 577.837505][T27878] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 577.840848][ T937] usb 4-1: config 0 has an invalid interface number: 250 but max is 0 [ 577.869295][ T937] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 577.888257][ T937] usb 4-1: config 0 has no interface number 0 [ 577.896347][ T937] usb 4-1: config 0 interface 250 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 577.913483][ T937] usb 4-1: config 0 interface 250 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 577.920486][T27878] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 577.952666][ T937] usb 4-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice=4f.2c [ 577.979364][ T937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.009295][T27878] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 578.013198][ T937] usb 4-1: config 0 descriptor?? [ 578.077580][T27878] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 578.147852][T28104] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10877'. [ 578.195196][ T937] usb 4-1: reset high-speed USB device number 38 using dummy_hcd [ 578.203901][T28108] tmpfs: Bad value for 'mpol' [ 578.294713][T27878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 578.346246][T27878] 8021q: adding VLAN 0 to HW filter on device team0 [ 578.390341][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.397618][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 578.447225][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.454425][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 578.576371][T28123] openvswitch: netlink: Actions may not be safe on all matching packets [ 578.967298][ T937] usb 4-1: device descriptor read/64, error -71 [ 579.006944][T27878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 579.207757][T28166] openvswitch: netlink: Actions may not be safe on all matching packets [ 579.232343][ T937] usb 4-1: reset high-speed USB device number 38 using dummy_hcd [ 579.419922][T28179] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 579.419922][T28179] The task syz.0.10898 (28179) triggered the difference, watch for misbehavior. [ 579.514544][T27878] veth0_vlan: entered promiscuous mode [ 579.550419][T27878] veth1_vlan: entered promiscuous mode [ 579.648546][T27878] veth0_macvtap: entered promiscuous mode [ 579.673467][ T937] usb 4-1: USB disconnect, device number 38 [ 579.688417][T27878] veth1_macvtap: entered promiscuous mode [ 579.746886][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 579.782860][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.812479][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 579.847548][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.866726][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 579.892379][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 579.928560][T27878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 579.952634][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 579.984181][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.019700][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.054861][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.088171][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.127288][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.157308][T27878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.204728][T27878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.231416][T27878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 580.279055][T27878] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.313799][T27878] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.322649][T27878] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.387650][T27878] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 580.663611][T11475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.686334][T11475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.750961][T11472] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 580.770720][T11472] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 580.818059][ T2637] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 581.012689][ T2637] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.033605][ T2637] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.059096][ T2637] usb 1-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 581.096202][ T2637] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.139666][ T2637] usb 1-1: config 0 descriptor?? [ 581.546401][ T2637] waltop 0003:172F:0500.0037: item fetching failed at offset 5/7 [ 581.559987][ T2637] waltop 0003:172F:0500.0037: probe with driver waltop failed with error -22 [ 581.637541][ T5273] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 581.731470][ T5320] usb 1-1: USB disconnect, device number 26 [ 581.789763][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 581.813909][ T5273] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 581.851929][ T5273] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 581.899053][ T5273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.927651][ T5273] usb 2-1: config 0 descriptor?? [ 582.023644][T28295] program syz.3.10934 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 582.107986][T28299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10935'. [ 582.334702][ T5273] keytouch 0003:0926:3333.0038: fixing up Keytouch IEC report descriptor [ 582.400723][ T5273] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0038/input/input133 [ 582.567423][T28323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10944'. [ 582.592379][ T5273] keytouch 0003:0926:3333.0038: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 582.650091][ T5273] usb 2-1: USB disconnect, device number 33 [ 582.709435][ T5320] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 582.869086][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 582.894296][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 582.925232][ T5320] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 582.950356][ T5320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.976845][ T5320] usb 1-1: config 0 descriptor?? [ 583.287025][ T29] audit: type=1400 audit(2000000208.570:252): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=28361 comm="syz.1.10955" daddr=::ffff:172.20.20.170 dest=20002 [ 583.393637][ T5320] sony 0003:054C:024B.0039: unknown main item tag 0x0 [ 583.408193][ T5320] sony 0003:054C:024B.0039: unknown main item tag 0x0 [ 583.425528][ T5320] sony 0003:054C:024B.0039: unknown main item tag 0x0 [ 583.440379][ T5320] sony 0003:054C:024B.0039: unknown main item tag 0x0 [ 583.463060][ T5320] sony 0003:054C:024B.0039: unknown main item tag 0x0 [ 583.500884][ T5320] sony 0003:054C:024B.0039: hiddev0,hidraw0: USB HID v0.00 Device [HID 054c:024b] on usb-dummy_hcd.0-1/input0 [ 583.537240][ T5320] sony 0003:054C:024B.0039: failed to claim input [ 583.585559][ T937] usb 1-1: USB disconnect, device number 27 [ 584.438753][T28426] netlink: 584 bytes leftover after parsing attributes in process `syz.3.10975'. [ 584.868650][T28452] netlink: 'syz.2.10983': attribute type 1 has an invalid length. [ 585.178870][ T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 585.355812][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 585.371697][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 585.398386][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 585.428918][ T9] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 585.455638][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.480110][ T9] usb 4-1: config 0 descriptor?? [ 586.153614][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.160903][ T9] cherry 0003:046A:0027.003A: unknown main item tag 0x0 [ 586.194969][ T9] cherry 0003:046A:0027.003A: unknown main item tag 0xe [ 586.202462][ T9] cherry 0003:046A:0027.003A: unknown main item tag 0x5 [ 586.234449][ T9] cherry 0003:046A:0027.003A: unknown main item tag 0x4 [ 586.251296][ T9] cherry 0003:046A:0027.003A: ignoring exceeding usage max [ 586.296668][ T9] cherry 0003:046A:0027.003A: usage index exceeded [ 586.313647][ T9] cherry 0003:046A:0027.003A: item 0 0 2 0 parsing failed [ 586.335376][ T9] cherry 0003:046A:0027.003A: probe with driver cherry failed with error -22 [ 586.378726][ T9] usb 4-1: USB disconnect, device number 39 [ 586.455358][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.606625][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 586.617484][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.629302][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 586.639666][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 586.651510][ T5320] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 586.659538][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 586.667398][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 586.674892][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 586.707913][ T5273] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 586.760623][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 586.807111][ T5320] usb 2-1: Using ep0 maxpacket: 8 [ 586.822400][ T5320] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 586.854640][ T5320] usb 2-1: config 0 has no interface number 0 [ 586.866067][ T5273] usb 3-1: Using ep0 maxpacket: 32 [ 586.894522][ T5320] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 586.919536][ T5273] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 586.954494][ T5320] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 586.966141][ T5273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.989758][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.004467][ T5273] usb 3-1: Product: syz [ 587.014366][ T12] bridge_slave_1: left allmulticast mode [ 587.014445][ T5273] usb 3-1: Manufacturer: syz [ 587.028828][ T12] bridge_slave_1: left promiscuous mode [ 587.042167][ T5273] usb 3-1: SerialNumber: syz [ 587.053409][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.064955][ T5320] usb 2-1: config 0 descriptor?? [ 587.100842][ T5320] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 587.113493][ T5273] usb 3-1: config 0 descriptor?? [ 587.133345][ T12] bridge_slave_0: left allmulticast mode [ 587.164883][ T12] bridge_slave_0: left promiscuous mode [ 587.173131][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.312529][ T5274] usb 2-1: USB disconnect, device number 34 [ 587.323029][ T5274] iowarrior 2-1:0.1: I/O-Warror #0 now disconnected [ 587.720982][ T5273] (unnamed net_device) (uninitialized): Assigned a random MAC address: ca:9b:0a:b7:06:6c [ 587.872553][ T5274] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 588.041617][ T5274] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.053562][ T5274] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.063672][ T5274] usb 4-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 588.073657][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 588.073790][ T5274] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.093237][ T5274] usb 4-1: config 0 descriptor?? [ 588.107328][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 588.126051][ T12] bond0 (unregistering): Released all slaves [ 588.145793][T28542] tipc: Enabling of bearer rejected, failed to enable media [ 588.195659][ T5273] rtl8150 3-1:0.0: eth5: rtl8150 is detected [ 588.216069][ T5273] usb 3-1: USB disconnect, device number 33 [ 588.331762][T28556] netlink: 'syz.0.11021': attribute type 1 has an invalid length. [ 588.347577][T28556] netlink: 9364 bytes leftover after parsing attributes in process `syz.0.11021'. [ 588.373626][T28556] netlink: 'syz.0.11021': attribute type 1 has an invalid length. [ 588.499493][ T5274] petalynx 0003:18B1:0037.003B: unknown main item tag 0xd [ 588.536158][ T5274] petalynx 0003:18B1:0037.003B: unexpected long global item [ 588.547954][ T5274] petalynx 0003:18B1:0037.003B: parse failed [ 588.567235][ T5274] petalynx 0003:18B1:0037.003B: probe with driver petalynx failed with error -22 [ 588.599815][ T54] Bluetooth: hci1: command tx timeout [ 588.727663][ T5320] usb 4-1: USB disconnect, device number 40 [ 588.951109][T28511] chnl_net:caif_netlink_parms(): no params data found [ 589.093943][T28590] netlink: 276 bytes leftover after parsing attributes in process `syz.1.11033'. [ 589.239245][ T12] hsr_slave_0: left promiscuous mode [ 589.248303][ T12] hsr_slave_1: left promiscuous mode [ 589.254850][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 589.262873][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 589.280787][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 589.302112][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 589.330611][ T12] veth1_macvtap: left promiscuous mode [ 589.370210][ T12] veth0_macvtap: left promiscuous mode [ 589.380927][ T12] veth1_vlan: left promiscuous mode [ 589.402493][ T12] veth0_vlan: left promiscuous mode [ 590.157211][ T12] team0 (unregistering): Port device team_slave_1 removed [ 590.217467][ T12] team0 (unregistering): Port device team_slave_0 removed [ 590.291783][T28615] Falling back ldisc for ttyS3. [ 590.543902][ T54] Bluetooth: hci1: command tx timeout [ 591.159741][ T29] audit: type=1326 audit(2000000217.014:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28650 comm="syz.0.11052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 591.181401][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.189378][ T29] audit: type=1326 audit(2000000217.014:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28650 comm="syz.0.11052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 591.211081][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.219798][ T29] audit: type=1326 audit(2000000217.014:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28650 comm="syz.0.11052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=75 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 591.241440][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.248566][ T29] audit: type=1326 audit(2000000217.014:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28650 comm="syz.0.11052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 591.270201][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.281520][ T29] audit: type=1326 audit(2000000217.014:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28650 comm="syz.0.11052" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc2457dff9 code=0x7ffc0000 [ 591.303294][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.309655][ T5320] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 591.319430][T28511] bridge0: port 1(bridge_slave_0) entered blocking state [ 591.360267][T28511] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.367597][T28511] bridge_slave_0: entered allmulticast mode [ 591.427461][T28511] bridge_slave_0: entered promiscuous mode [ 591.447724][T28511] bridge0: port 2(bridge_slave_1) entered blocking state [ 591.475856][ T5320] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 591.488635][ T5320] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 591.500391][T28511] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.529608][T28511] bridge_slave_1: entered allmulticast mode [ 591.535819][ T5320] usb 2-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 591.552270][T28511] bridge_slave_1: entered promiscuous mode [ 591.563441][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.603838][ T5320] usb 2-1: config 0 descriptor?? [ 591.700064][T28511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 591.757306][T28511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.922980][T28511] team0: Port device team_slave_0 added [ 591.961530][T28511] team0: Port device team_slave_1 added [ 592.010659][ T5320] uclogic 0003:2179:0053.003C: interface is invalid, ignoring [ 592.083695][T28511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 592.101606][T28511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.189159][T28511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 592.201695][ T5320] usb 2-1: USB disconnect, device number 35 [ 592.249696][T28511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 592.272379][T28511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 592.331849][T28511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 592.469047][T28511] hsr_slave_0: entered promiscuous mode [ 592.476732][ T54] Bluetooth: hci1: command tx timeout [ 592.509652][T28511] hsr_slave_1: entered promiscuous mode [ 592.518098][T28511] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 592.552139][T28511] Cannot create hsr debugfs directory [ 592.775226][T28717] netlink: 188 bytes leftover after parsing attributes in process `syz.2.11080'. [ 592.800052][T28717] netlink: 'syz.2.11080': attribute type 1 has an invalid length. [ 592.990292][ T29] audit: type=1326 audit(2000000218.977:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28728 comm="syz.2.11085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 593.043421][ T29] audit: type=1326 audit(2000000218.977:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28728 comm="syz.2.11085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 593.110571][ T29] audit: type=1326 audit(2000000218.988:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28728 comm="syz.2.11085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 593.137092][ T29] audit: type=1326 audit(2000000218.988:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28728 comm="syz.2.11085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 593.159240][ T29] audit: type=1326 audit(2000000218.988:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28728 comm="syz.2.11085" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 593.394023][T28746] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11089'. [ 593.906180][T28511] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 593.961780][T28511] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 594.004494][T28511] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 594.045279][T28511] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 594.075340][T28777] netlink: 'syz.0.11100': attribute type 2 has an invalid length. [ 594.090933][T28777] netlink: 'syz.0.11100': attribute type 2 has an invalid length. [ 594.107579][T28777] netlink: 206648 bytes leftover after parsing attributes in process `syz.0.11100'. [ 594.201019][ T937] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 594.301943][T28511] 8021q: adding VLAN 0 to HW filter on device bond0 [ 594.367662][T28511] 8021q: adding VLAN 0 to HW filter on device team0 [ 594.404149][T11475] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.411391][T11475] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.439692][ T54] Bluetooth: hci1: command tx timeout [ 594.454409][T11467] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.456109][ T937] usb 3-1: Using ep0 maxpacket: 16 [ 594.461634][T11467] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.561490][T28511] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 594.598720][ T937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.614325][ T937] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 594.662293][ T937] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 594.673862][ T937] usb 3-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 594.698862][ T937] usb 3-1: Product: syz [ 594.707868][ T937] usb 3-1: Manufacturer: syz [ 594.726868][ T937] usb 3-1: config 0 descriptor?? [ 594.780337][ T2637] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 594.928083][ T2637] usb 4-1: Using ep0 maxpacket: 16 [ 594.935176][ T2637] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 594.963595][ T2637] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 595.001988][T28511] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 595.017191][ T2637] usb 4-1: New USB device found, idVendor=1e71, idProduct=170e, bcdDevice= 0.00 [ 595.037981][ T2637] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 595.093997][ T2637] usb 4-1: config 0 descriptor?? [ 595.146147][ T937] kovaplus 0003:1E7D:2D50.003D: item fetching failed at offset 5/7 [ 595.156240][ T937] kovaplus 0003:1E7D:2D50.003D: parse failed [ 595.164346][ T937] kovaplus 0003:1E7D:2D50.003D: probe with driver kovaplus failed with error -22 [ 595.402874][ T9] usb 3-1: USB disconnect, device number 34 [ 595.532589][ T2637] nzxt-kraken2 0003:1E71:170E.003E: hidraw0: USB HID v0.00 Device [HID 1e71:170e] on usb-dummy_hcd.3-1/input0 [ 595.652649][T28511] veth0_vlan: entered promiscuous mode [ 595.726297][ T9] usb 4-1: USB disconnect, device number 41 [ 595.746203][T28511] veth1_vlan: entered promiscuous mode [ 595.821343][T28511] veth0_macvtap: entered promiscuous mode [ 595.848924][T28511] veth1_macvtap: entered promiscuous mode [ 595.885870][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.907162][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.924655][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.982467][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.028290][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.065607][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.103916][T28511] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 596.139280][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.162114][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.191827][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.234351][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.273737][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.314312][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.331963][ T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 596.354758][T28511] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 596.401048][T28511] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.436115][T28511] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 596.515721][T28511] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.534373][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 596.550567][T28511] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.578499][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.586625][T28511] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.591923][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.612556][ T9] usb 1-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 596.624279][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.642799][T28511] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.659947][ T9] usb 1-1: config 0 descriptor?? [ 596.804576][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.817425][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 596.824232][T11467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 596.833634][T11467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 597.039790][T28868] netlink: 'syz.2.11121': attribute type 1 has an invalid length. [ 597.156872][ T9] elecom 0003:056E:00FC.003F: unknown main item tag 0x0 [ 597.163916][ T9] elecom 0003:056E:00FC.003F: item fetching failed at offset 3/5 [ 597.172559][ T9] elecom 0003:056E:00FC.003F: probe with driver elecom failed with error -22 [ 597.301932][T28881] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11123'. [ 597.396489][ T5320] usb 1-1: USB disconnect, device number 28 [ 597.483561][T28884] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11128'. [ 597.566736][T28780] syz.1.11102 (28780): drop_caches: 1 [ 597.648853][T28892] devtmpfs: Cannot disable swap on remount [ 598.321184][ T2637] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 598.391974][T28944] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11149'. [ 598.423232][ T5301] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 598.472631][ T2637] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 598.501127][ T2637] usb 5-1: config 1 has no interface number 0 [ 598.529957][ T2637] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.551039][ T2637] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 598.561510][ T2637] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 598.576148][ T2637] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 598.600205][ T5301] usb 4-1: Using ep0 maxpacket: 32 [ 598.607364][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.629518][ T2637] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 598.631831][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.660285][ T2637] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.663358][ T5301] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 598.677326][ T2637] usb 5-1: Product: syz [ 598.681696][ T2637] usb 5-1: Manufacturer: syz [ 598.686385][ T2637] usb 5-1: SerialNumber: syz [ 598.727801][ T5301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.768602][ T5301] usb 4-1: config 0 descriptor?? [ 598.905647][ T2637] cdc_ncm 5-1:1.1: bind() failure [ 598.917917][ T2637] usb 5-1: USB disconnect, device number 101 [ 599.168119][ T5301] kye 0003:0458:5016.0040: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 599.222663][ T5301] kye 0003:0458:5016.0040: hidraw0: USB HID v0.00 Device [HID 0458:5016] on usb-dummy_hcd.3-1/input0 [ 599.266073][ T5301] kye 0003:0458:5016.0040: tablet-enabling feature report not found [ 599.297295][ T5301] kye 0003:0458:5016.0040: tablet enabling failed [ 599.395608][ T5301] usb 4-1: USB disconnect, device number 42 [ 600.066502][T29035] netlink: 4068 bytes leftover after parsing attributes in process `syz.4.11177'. [ 600.077994][T29035] openvswitch: netlink: Message has 16 unknown bytes. [ 600.082621][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 600.082636][ T29] audit: type=1326 audit(2000000226.584:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.126020][ T29] audit: type=1326 audit(2000000226.638:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.185288][ T29] audit: type=1326 audit(2000000226.680:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9a1cb7c990 code=0x7ffc0000 [ 600.249235][ T29] audit: type=1326 audit(2000000226.680:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.325371][ T29] audit: type=1326 audit(2000000226.680:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.347321][ T29] audit: type=1326 audit(2000000226.680:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.368898][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.375912][ T29] audit: type=1326 audit(2000000226.680:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29032 comm="syz.3.11178" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 600.425546][T29046] netlink: 248 bytes leftover after parsing attributes in process `syz.3.11184'. [ 600.566730][ T2637] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 600.717337][ T2637] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 600.727453][ T2637] usb 2-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 600.742985][ T2637] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.770305][ T2637] usb 2-1: config 0 descriptor?? [ 601.172774][ T2637] aquacomputer_d5next 0003:0C70:F014.0041: item fetching failed at offset 2/5 [ 601.210948][ T2637] aquacomputer_d5next 0003:0C70:F014.0041: probe with driver aquacomputer_d5next failed with error -22 [ 601.420404][ T5301] usb 2-1: USB disconnect, device number 36 [ 601.536232][ T2637] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 601.582781][ T937] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 601.685703][ T2637] usb 5-1: Using ep0 maxpacket: 16 [ 601.696465][ T2637] usb 5-1: config 0 has an invalid interface number: 183 but max is 0 [ 601.705097][ T2637] usb 5-1: config 0 has no interface number 0 [ 601.712373][ T2637] usb 5-1: config 0 interface 183 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.735305][ T937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.737407][ T2637] usb 5-1: config 0 interface 183 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.756475][ T937] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.776407][ T2637] usb 5-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00 [ 601.786294][ T937] usb 4-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 601.795716][ T2637] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.805064][ T2637] usb 5-1: config 0 descriptor?? [ 601.818418][ T937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.838066][ T937] usb 4-1: config 0 descriptor?? [ 602.213900][ T2637] uclogic 0003:5543:0781.0042: item fetching failed at offset 2/5 [ 602.227385][ T2637] uclogic 0003:5543:0781.0042: parse failed [ 602.239759][ T2637] uclogic 0003:5543:0781.0042: probe with driver uclogic failed with error -22 [ 602.252113][ T937] microsoft 0003:045E:009D.0043: unbalanced delimiter at end of report description [ 602.285909][ T937] microsoft 0003:045E:009D.0043: parse failed [ 602.301130][ T937] microsoft 0003:045E:009D.0043: probe with driver microsoft failed with error -22 [ 602.408441][ T2637] usb 5-1: USB disconnect, device number 102 [ 602.420885][T29112] sg_read: process 4841 (syz.2.11204) changed security contexts after opening file descriptor, this is not allowed. [ 602.463015][ T937] usb 4-1: USB disconnect, device number 43 [ 602.997611][T29129] netlink: 44 bytes leftover after parsing attributes in process `syz.4.11210'. [ 603.577465][ T9] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 603.627953][ T2637] usb 4-1: new full-speed USB device number 44 using dummy_hcd [ 603.745330][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 603.758725][ T9] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 603.788160][ T2637] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 520, setting to 64 [ 603.788569][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.818922][ T2637] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 603.829158][ T9] usb 5-1: Product: syz [ 603.847938][ T9] usb 5-1: Manufacturer: syz [ 603.854980][ T9] usb 5-1: SerialNumber: syz [ 603.863103][ T2637] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 603.884676][ T2637] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 603.885911][ T9] usb 5-1: config 0 descriptor?? [ 603.911952][ T9] gspca_main: se401-2.14.0 probing 047d:5003 [ 603.920005][ T2637] usb 4-1: SerialNumber: syz [ 603.936817][T29148] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 604.480770][ T9] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input134 [ 604.526063][ T9] usb 5-1: USB disconnect, device number 103 [ 604.943701][T29174] nbd: must specify an index to disconnect [ 606.248850][ T2637] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71 [ 606.299095][ T9] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 606.302851][ T2637] usb 4-1: USB disconnect, device number 44 [ 606.324098][T29132] syz.2.11212: vmalloc error: size 3874816, failed to allocated page array size 7568, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 606.377369][T29132] CPU: 0 UID: 0 PID: 29132 Comm: syz.2.11212 Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 [ 606.388299][T29132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 606.398387][T29132] Call Trace: [ 606.401691][T29132] [ 606.404645][T29132] dump_stack_lvl+0x241/0x360 [ 606.409356][T29132] ? __pfx_dump_stack_lvl+0x10/0x10 [ 606.414581][T29132] ? __pfx__printk+0x10/0x10 [ 606.419214][T29132] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 606.420988][T29211] netlink: 'syz.0.11250': attribute type 1 has an invalid length. [ 606.425645][T29132] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 606.425682][T29132] warn_alloc+0x278/0x410 [ 606.433775][T29211] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 606.439979][T29132] ? __pfx_warn_alloc+0x10/0x10 [ 606.440037][T29132] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 606.440064][T29132] ? __get_vm_area_node+0x23d/0x270 [ 606.444430][T29211] IPv6: NLM_F_CREATE should be set when creating new route [ 606.451565][T29132] __vmalloc_node_range_noprof+0x691/0x13f0 [ 606.451621][T29132] ? __kmalloc_cache_node_noprof+0x1d3/0x300 [ 606.486913][T29132] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 606.493293][T29132] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 606.499491][T29132] ? __get_vm_area_node+0x23d/0x270 [ 606.504736][T29132] __vmalloc_node_range_noprof+0x59c/0x13f0 [ 606.510673][T29132] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 606.516862][T29132] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 606.522644][T29132] ? rcu_is_watching+0x15/0xb0 [ 606.527442][T29132] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 606.533811][T29132] ? rcu_is_watching+0x15/0xb0 [ 606.538609][T29132] ? trace_kmalloc+0x1f/0xd0 [ 606.543227][T29132] ? __kmalloc_node_noprof+0x247/0x440 [ 606.548716][T29132] ? __kvmalloc_node_noprof+0x72/0x190 [ 606.554217][T29132] __kvmalloc_node_noprof+0x142/0x190 [ 606.559621][T29132] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 606.565806][T29132] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 606.571827][T29132] ? tpg_update_mv_step+0x361/0x4f0 [ 606.577085][T29132] vivid_update_format_cap+0x133c/0x2090 [ 606.582768][T29132] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 606.588796][T29132] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 606.594654][T29132] __video_do_ioctl+0xc23/0xdd0 [ 606.599557][T29132] ? __pfx___video_do_ioctl+0x10/0x10 [ 606.604988][T29132] ? __might_fault+0xc6/0x120 [ 606.609723][T29132] video_usercopy+0x89b/0x1180 [ 606.614534][T29132] ? __pfx___video_do_ioctl+0x10/0x10 [ 606.619939][T29132] ? __pfx_video_usercopy+0x10/0x10 [ 606.625189][T29132] ? smack_file_ioctl+0x2f7/0x3a0 [ 606.630263][T29132] ? __fget_files+0x3f3/0x470 [ 606.634979][T29132] v4l2_ioctl+0x189/0x1e0 [ 606.639353][T29132] ? __pfx_v4l2_ioctl+0x10/0x10 [ 606.644250][T29132] __se_sys_ioctl+0xf9/0x170 [ 606.648881][T29132] do_syscall_64+0xf3/0x230 [ 606.653416][T29132] ? clear_bhb_loop+0x35/0x90 [ 606.658124][T29132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 606.664063][T29132] RIP: 0033:0x7fc213b7dff9 [ 606.668487][T29132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 606.688095][T29132] RSP: 002b:00007fc21490a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 606.696870][T29132] RAX: ffffffffffffffda RBX: 00007fc213d35f80 RCX: 00007fc213b7dff9 [ 606.704876][T29132] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 606.712880][T29132] RBP: 00007fc213bf0296 R08: 0000000000000000 R09: 0000000000000000 [ 606.720888][T29132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 606.728890][T29132] R13: 0000000000000000 R14: 00007fc213d35f80 R15: 00007ffec9d08ef8 [ 606.736906][T29132] [ 606.765650][T29132] Mem-Info: [ 606.768824][T29132] active_anon:19 inactive_anon:4383 isolated_anon:0 [ 606.768824][T29132] active_file:3740 inactive_file:336 isolated_file:0 [ 606.768824][T29132] unevictable:768 dirty:244 writeback:0 [ 606.768824][T29132] slab_reclaimable:9699 slab_unreclaimable:103143 [ 606.768824][T29132] mapped:21614 shmem:1218 pagetables:956 [ 606.768824][T29132] sec_pagetables:0 bounce:0 [ 606.768824][T29132] kernel_misc_reclaimable:0 [ 606.768824][T29132] free:1328520 free_pcp:800 free_cma:0 [ 606.829623][T29132] Node 0 active_anon:76kB inactive_anon:17532kB active_file:14908kB inactive_file:1336kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:86404kB dirty:976kB writeback:0kB shmem:3336kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10592kB pagetables:3824kB sec_pagetables:0kB all_unreclaimable? no [ 606.876517][T29132] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:8kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 606.970502][T29132] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 607.082706][T29132] lowmem_reserve[]: 0 2465 2466 0 0 [ 607.140592][T29132] Node 0 DMA32 free:1372984kB boost:0kB min:34200kB low:42748kB high:51296kB reserved_highatomic:0KB active_anon:76kB inactive_anon:17624kB active_file:14432kB inactive_file:1196kB unevictable:1536kB writepending:1004kB present:3129332kB managed:2552500kB mlocked:0kB bounce:0kB free_pcp:3212kB local_pcp:1344kB free_cma:0kB [ 607.286013][T29132] lowmem_reserve[]: 0 0 0 0 0 [ 607.294289][T29238] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11257'. [ 607.313899][T29132] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:16kB inactive_anon:224kB active_file:504kB inactive_file:108kB unevictable:0kB writepending:0kB present:1048580kB managed:880kB mlocked:0kB bounce:0kB free_pcp:28kB local_pcp:20kB free_cma:0kB [ 607.343573][T29238] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11257'. [ 607.368469][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 607.380610][T29132] lowmem_reserve[]: 0 0 0 0 0 [ 607.400319][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 607.407848][T29132] Node 1 [ 607.410615][ T9] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 607.426798][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.429592][T29132] Normal free:3925284kB boost:0kB min:55688kB low:69608kB high:83528kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:8kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111168kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 607.466321][ T9] usb 5-1: config 0 descriptor?? [ 607.548806][ T29] audit: type=1326 audit(2000000234.609:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.573821][T29132] lowmem_reserve[]: 0 0 0 0 0 [ 607.585069][ T29] audit: type=1326 audit(2000000234.609:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.611320][T29132] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 607.650252][T29132] Node 0 DMA32: 856*4kB (UME) 724*8kB (ME) 541*16kB (UME) 415*32kB (UME) 336*64kB (ME) 168*128kB (M) 74*256kB (UME) 218*512kB (UM) 162*1024kB (UM) 18*2048kB (UM) 236*4096kB (UM) = 1374128kB [ 607.666960][ T29] audit: type=1326 audit(2000000234.609:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.688228][T29132] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 607.715772][T29132] Node 1 Normal: 153*4kB (UME) 46*8kB (UE) 27*16kB (UE) 199*32kB (UE) 95*64kB (UME) 26*128kB (UME) 16*256kB (UME) 7*512kB (UME) 3*1024kB (UME) 3*2048kB (ME) 950*4096kB (M) = 3925284kB [ 607.754899][T29132] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 607.764968][T29132] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 607.774595][T29132] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 607.777037][ T29] audit: type=1326 audit(2000000234.609:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.784399][T29132] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 607.784422][T29132] 5296 total pagecache pages [ 607.784432][T29132] 1 pages in swap cache [ 607.784442][T29132] Free swap = 124292kB [ 607.784452][T29132] Total swap = 124996kB [ 607.784464][T29132] 2097051 pages RAM [ 607.784473][T29132] 0 pages HighMem/MovableOnly [ 607.784481][T29132] 427074 pages reserved [ 607.784490][T29132] 0 pages cma reserved [ 607.879284][ T29] audit: type=1326 audit(2000000234.609:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.901245][ T29] audit: type=1326 audit(2000000234.609:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=82 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.923693][ T29] audit: type=1326 audit(2000000234.609:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 607.946182][ T29] audit: type=1326 audit(2000000234.609:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29247 comm="syz.3.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 608.359611][ T9] hid-multitouch 0003:1FD2:6007.0044: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 608.610640][ T9] usb 5-1: USB disconnect, device number 104 [ 608.789513][T29273] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x32314142, 8, 0, 0, 0) [ 608.985035][ T29] audit: type=1326 audit(2000000236.143:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29274 comm="syz.3.11268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 609.019298][ T29] audit: type=1326 audit(2000000236.165:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29274 comm="syz.3.11268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a1cb7dff9 code=0x7ffc0000 [ 610.230700][T29309] mkiss: ax0: crc mode is auto. [ 610.337967][T29311] netlink: 'syz.4.11282': attribute type 24 has an invalid length. [ 610.412790][T29319] UBIFS error (pid: 29319): cannot open "u", error -22 [ 611.430533][T29357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11299'. [ 611.706537][T29375] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11305'. [ 611.734284][ T5320] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 611.892071][ T5320] usb 4-1: Using ep0 maxpacket: 16 [ 611.898844][ T5320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.917831][ T5320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.965521][ T5320] usb 4-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 612.005265][ T5320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.040554][ T5320] usb 4-1: config 0 descriptor?? [ 612.445864][ T5320] wacom 0003:056A:032F.0045: unknown main item tag 0x0 [ 612.469743][ T5320] wacom 0003:056A:032F.0045: unknown main item tag 0x0 [ 612.476741][ T5320] wacom 0003:056A:032F.0045: unknown main item tag 0x0 [ 612.497837][ T5320] wacom 0003:056A:032F.0045: hidraw0: USB HID v0.00 Device [HID 056a:032f] on usb-dummy_hcd.3-1/input0 [ 612.649920][ T5320] usb 4-1: USB disconnect, device number 45 [ 612.656062][ T5273] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 612.814065][ T5273] usb 3-1: Using ep0 maxpacket: 32 [ 612.828566][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 612.847974][ T5273] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 612.869434][ T5273] usb 3-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00 [ 612.903607][T29440] vlan0: entered promiscuous mode [ 612.912749][ T5273] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 612.961971][ T5273] usb 3-1: config 0 descriptor?? [ 613.028975][T29440] team0: Port device vlan0 added [ 613.055731][ T9] IPVS: starting estimator thread 0... [ 613.160152][T29448] IPVS: using max 21 ests per chain, 50400 per kthread [ 613.611784][ T5366] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 613.664747][ T5320] usb 3-1: USB disconnect, device number 35 [ 613.825554][ T5366] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.867552][ T5366] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 613.910954][ T5366] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 613.936240][ T5366] usb 4-1: New USB device found, idVendor=046d, idProduct=c287, bcdDevice= 0.00 [ 613.946475][ T5366] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.971208][ T5366] usb 4-1: config 0 descriptor?? [ 614.378775][ T5366] logitech 0003:046D:C287.0047: unknown main item tag 0x3 [ 614.406155][ T5366] logitech 0003:046D:C287.0047: hidraw0: USB HID v0.00 Device [HID 046d:c287] on usb-dummy_hcd.3-1/input0 [ 614.420515][ T5366] logitech 0003:046D:C287.0047: no inputs found [ 614.445327][ T5301] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 614.590549][ T9] usb 4-1: USB disconnect, device number 46 [ 614.625123][ T5301] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 614.644479][ T5301] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 614.665148][ T5301] usb 1-1: Product: syz [ 614.675082][ T5301] usb 1-1: Manufacturer: syz [ 614.681778][ T5301] usb 1-1: SerialNumber: syz [ 614.692628][ T5301] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 614.750138][ T5274] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 614.848044][T29529] netlink: 'syz.1.11354': attribute type 33 has an invalid length. [ 614.910226][T29532] program syz.2.11356 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 615.068305][T29542] nftables ruleset with unbound chain [ 615.183510][ T937] usb 1-1: USB disconnect, device number 29 [ 615.219321][ T5366] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 615.257064][ T9] usb 2-1: new low-speed USB device number 37 using dummy_hcd [ 615.368160][ T5320] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 615.375967][ T5366] usb 5-1: Using ep0 maxpacket: 8 [ 615.383606][ T5366] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 615.392012][ T5366] usb 5-1: config 0 has no interface number 0 [ 615.395808][ T5301] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 615.398232][ T5366] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 615.416883][ T5366] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 615.426733][ T5366] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.434351][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 615.444207][ T5366] usb 5-1: config 0 descriptor?? [ 615.450375][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 615.463834][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 615.464357][ T5366] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 615.481878][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 615.503980][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 615.515758][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 615.519112][ T5320] usb 4-1: config 0 has an invalid interface number: 170 but max is 0 [ 615.531651][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 615.531996][ T5320] usb 4-1: config 0 has no interface number 0 [ 615.549834][ T5320] usb 4-1: config 0 interface 170 altsetting 68 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.562381][ T5320] usb 4-1: config 0 interface 170 altsetting 68 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.573233][ T5320] usb 4-1: config 0 interface 170 has no altsetting 0 [ 615.580393][ T5301] usb 3-1: Using ep0 maxpacket: 16 [ 615.580447][ T5320] usb 4-1: New USB device found, idVendor=5543, idProduct=004d, bcdDevice= 0.00 [ 615.594860][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 615.595663][ T5320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.618177][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 615.626229][ T5320] usb 4-1: config 0 descriptor?? [ 615.630641][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.654163][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 615.665297][ T5301] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.684906][ T5301] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 615.708211][ T5301] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 615.717490][ T5301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 615.728436][ T9] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 615.733321][ T5366] usb 5-1: USB disconnect, device number 105 [ 615.742639][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 615.753082][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 615.763793][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 615.775946][ T9] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 615.787547][ T5301] usb 3-1: config 0 descriptor?? [ 615.793667][ T5274] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 615.799791][ T5366] iowarrior 5-1:0.1: I/O-Warror #0 now disconnected [ 615.800818][ T5274] ath9k_htc: Failed to initialize the device [ 615.814934][ T937] usb 1-1: ath9k_htc: USB layer deinitialized [ 615.840985][ T9] usb 2-1: string descriptor 0 read error: -22 [ 615.847933][ T9] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 615.866751][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.913489][ T9] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 616.028005][ T5320] uclogic 0003:5543:004D.0048: interface is invalid, ignoring [ 616.092320][T29538] usb 2-1: Couldn't submit interrupt_out_urb -90 [ 616.105393][ T937] usb 2-1: USB disconnect, device number 37 [ 616.145590][T29555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11367'. [ 616.213097][ T5301] microsoft 0003:045E:07DA.0049: ignoring exceeding usage max [ 616.222873][ T5301] microsoft 0003:045E:07DA.0049: ignoring exceeding usage max [ 616.231141][ T5301] microsoft 0003:045E:07DA.0049: No inputs registered, leaving [ 616.246212][ T5301] microsoft 0003:045E:07DA.0049: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 616.257859][ T5301] microsoft 0003:045E:07DA.0049: no inputs found [ 616.264842][ T5301] microsoft 0003:045E:07DA.0049: could not initialize ff, continuing anyway [ 616.337015][ T5273] usb 4-1: USB disconnect, device number 47 [ 616.429533][ T5366] usb 3-1: USB disconnect, device number 36 [ 616.700603][ T937] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 616.869049][ T937] usb 5-1: Using ep0 maxpacket: 32 [ 616.895263][ T937] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 616.922860][ T937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 616.938156][ T937] usb 5-1: Product: syz [ 616.942380][ T937] usb 5-1: Manufacturer: syz [ 616.956967][ T937] usb 5-1: SerialNumber: syz [ 616.974728][ T29] kauditd_printk_skb: 3 callbacks suppressed [ 616.974744][ T29] audit: type=1400 audit(2000000244.716:289): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=29591 comm="syz.3.11385" daddr=::ffff:172.20.20.187 [ 617.001271][ T937] usb 5-1: config 0 descriptor?? [ 617.092184][ T5301] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 617.164668][T29596] ebtables: ebtables: counters copy to user failed while replacing table [ 617.259435][ T5301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.286782][ T5301] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.298575][ T5301] usb 2-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 617.300745][T29609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11392'. [ 617.322938][ T5301] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.342827][ T5301] usb 2-1: config 0 descriptor?? [ 617.360590][T29609] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check. [ 617.596395][ T937] (unnamed net_device) (uninitialized): Assigned a random MAC address: 7a:7b:5f:40:2e:d9 [ 617.625592][ T937] rtl8150 5-1:0.0: eth1: rtl8150 is detected [ 617.639745][ T937] usb 5-1: USB disconnect, device number 106 [ 617.708251][ T9] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 617.744581][ T5274] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 617.755775][ T5301] cypress 0003:04B4:DE61.004A: item fetching failed at offset 5/7 [ 617.774442][ T5301] cypress 0003:04B4:DE61.004A: parse failed [ 617.780419][ T5301] cypress 0003:04B4:DE61.004A: probe with driver cypress failed with error -22 [ 617.866804][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 617.882845][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 617.896771][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 617.908056][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 617.921725][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 617.932903][ T5274] usb 1-1: Using ep0 maxpacket: 16 [ 617.939276][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 617.952196][ T5274] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.968421][ T5274] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.984810][ T937] usb 2-1: USB disconnect, device number 38 [ 617.996895][ T5274] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c1e, bcdDevice= 0.00 [ 618.010126][ T9] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 618.025019][ T5274] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.034635][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.045964][ T9] usb 3-1: Product: syz [ 618.050171][ T9] usb 3-1: Manufacturer: syz [ 618.056262][ T5274] usb 1-1: config 0 descriptor?? [ 618.070959][ T9] usb 3-1: SerialNumber: syz [ 618.080512][ T9] usb 3-1: config 0 descriptor?? [ 618.368831][ T5301] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 618.387589][ T5271] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 618.449771][ T5274] corsair-psu 0003:1B1C:1C1E.004B: hidraw0: USB HID v0.00 Device [HID 1b1c:1c1e] on usb-dummy_hcd.0-1/input0 [ 618.466591][ T9] input input138: Device does not respond to id packet M [ 618.518334][ T5301] usb 4-1: Using ep0 maxpacket: 16 [ 618.523712][ T5274] corsair-psu 0003:1B1C:1C1E.004B: unable to initialize device (-38) [ 618.536412][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 618.549529][ T5271] usb 5-1: Using ep0 maxpacket: 16 [ 618.555751][ T5274] corsair-psu 0003:1B1C:1C1E.004B: probe with driver corsair-psu failed with error -38 [ 618.567749][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 618.579576][ T5271] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 618.592352][ T5271] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 618.602380][ T5271] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 618.616771][ T5271] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 618.626065][ T5271] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 618.634774][ T5301] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 618.656699][ T5273] usb 1-1: USB disconnect, device number 30 [ 618.658963][ T5271] usb 5-1: config 0 descriptor?? [ 618.673247][ T5301] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 618.682714][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.692669][ T9] input input138: Device does not respond to id packet P [ 618.699894][ T5301] usb 4-1: Product: syz [ 618.710557][ T5301] usb 4-1: Manufacturer: syz [ 618.715791][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.721852][ T9] input input138: Device does not respond to id packet B [ 618.736855][ T5301] usb 4-1: config 0 descriptor?? [ 618.757210][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.767869][ T9] input input138: Device does not respond to id packet N [ 618.776598][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.783326][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.789811][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.796947][ T9] iforce 3-1:0.0: usb_submit_urb failed: -71 [ 618.805420][ T9] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input138 [ 618.827551][ T9] usb 3-1: USB disconnect, device number 37 [ 619.030945][ T29] audit: type=1326 audit(2000000246.915:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.055398][ T29] audit: type=1326 audit(2000000246.915:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.077463][ T29] audit: type=1326 audit(2000000246.948:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.118809][ T29] audit: type=1326 audit(2000000246.948:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.141766][ T5271] ryos 0003:1E7D:31CE.004C: hidraw0: USB HID v0.00 Device [HID 1e7d:31ce] on usb-dummy_hcd.4-1/input0 [ 619.157420][ T5301] kovaplus 0003:1E7D:2D50.004D: item fetching failed at offset 5/7 [ 619.171134][ T5301] kovaplus 0003:1E7D:2D50.004D: parse failed [ 619.177216][ T5301] kovaplus 0003:1E7D:2D50.004D: probe with driver kovaplus failed with error -22 [ 619.196291][ T29] audit: type=1326 audit(2000000246.948:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.222618][ T29] audit: type=1326 audit(2000000246.948:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.272897][ T29] audit: type=1326 audit(2000000246.948:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 619.326368][ T5271] usb 5-1: USB disconnect, device number 107 [ 619.356413][ T5301] usb 4-1: USB disconnect, device number 48 [ 619.375648][ T29] audit: type=1326 audit(2000000246.948:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29648 comm="syz.1.11412" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 620.670533][T29702] netlink: 60 bytes leftover after parsing attributes in process `syz.3.11439'. [ 622.101568][T29741] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.11458'. [ 622.163237][T29741] openvswitch: netlink: Actions may not be safe on all matching packets [ 622.348643][T29743] netlink: 24 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.410261][T29743] netlink: 88 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.454070][T29743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.490928][T29743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.541935][T29743] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.587618][T29743] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11459'. [ 622.778016][ T9] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 622.876341][T29756] netlink: zone id is out of range [ 622.899210][T29756] netlink: zone id is out of range [ 622.924701][T29756] netlink: zone id is out of range [ 622.953095][T29756] netlink: zone id is out of range [ 622.963184][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 622.996044][T29756] netlink: zone id is out of range [ 623.002490][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 623.016022][T29756] netlink: zone id is out of range [ 623.043133][T29756] netlink: zone id is out of range [ 623.055127][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 623.085689][T29756] netlink: zone id is out of range [ 623.114095][T29756] netlink: zone id is out of range [ 623.122996][ T9] usb 5-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 623.173712][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 623.225060][ T9] usb 5-1: config 0 descriptor?? [ 623.655592][ T9] holtek_mouse 0003:04D9:A070.004E: invalid report_size 862009739 [ 623.701586][ T9] holtek_mouse 0003:04D9:A070.004E: item 0 4 1 7 parsing failed [ 623.757806][ T9] holtek_mouse 0003:04D9:A070.004E: hid parse failed: -22 [ 623.786653][ T9] holtek_mouse 0003:04D9:A070.004E: probe with driver holtek_mouse failed with error -22 [ 623.894312][ T9] usb 5-1: USB disconnect, device number 108 [ 624.191992][T29786] netlink: 'syz.2.11478': attribute type 10 has an invalid length. [ 624.208341][T29786] netlink: 181292 bytes leftover after parsing attributes in process `syz.2.11478'. [ 624.278192][ T5320] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 624.427858][ T5320] usb 4-1: Using ep0 maxpacket: 8 [ 624.444220][ T5320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.466370][ T5320] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 624.484457][ T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 624.487832][ T5320] usb 4-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00 [ 624.510677][ T5320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.534028][ T5320] usb 4-1: config 0 descriptor?? [ 624.644750][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.661123][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.688407][ T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 624.697876][ T5301] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 624.705805][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.720027][ T9] usb 2-1: config 0 descriptor?? [ 624.879322][ T5301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 624.899411][ T5301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 624.912960][ T5301] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 624.927848][ T5320] hid (null): unknown global tag 0xe [ 624.940193][ T5301] usb 5-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 624.943184][ T5320] semitek 0003:1EA7:0907.004F: unknown global tag 0xe [ 624.955104][ T5301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 624.968719][ T5301] usb 5-1: config 0 descriptor?? [ 624.990466][ T5320] semitek 0003:1EA7:0907.004F: item 0 1 1 14 parsing failed [ 625.004682][ T5320] semitek 0003:1EA7:0907.004F: probe with driver semitek failed with error -22 [ 625.125573][ T9] cm6533_jd 0003:0D8C:0022.0050: unknown main item tag 0x0 [ 625.166790][ T9] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0050/input/input139 [ 625.188526][ T5320] usb 4-1: USB disconnect, device number 49 [ 625.237682][ T9] cm6533_jd 0003:0D8C:0022.0050: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 625.336577][ T9] usb 2-1: USB disconnect, device number 39 [ 625.368333][ T5301] betop 0003:11C2:2208.0051: item fetching failed at offset 4/5 [ 625.380145][ T5301] betop 0003:11C2:2208.0051: parse failed [ 625.396343][ T5301] betop 0003:11C2:2208.0051: probe with driver betop failed with error -22 [ 625.569017][ T5301] usb 5-1: USB disconnect, device number 109 [ 626.224072][T29815] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 626.235566][ T5301] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 626.440995][ T5301] usb 4-1: Using ep0 maxpacket: 16 [ 626.451868][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 626.478690][ T5301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 626.519913][ T5301] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 626.547838][ T5301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.551860][ T5301] usb 4-1: config 0 descriptor?? [ 626.647173][ T29] audit: type=1326 audit(2000000255.102:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.657997][ T29] audit: type=1326 audit(2000000255.112:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.693632][ T29] audit: type=1326 audit(2000000255.134:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.693704][ T29] audit: type=1326 audit(2000000255.134:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.693734][ T29] audit: type=1326 audit(2000000255.134:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.693763][ T29] audit: type=1326 audit(2000000255.134:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.693793][ T29] audit: type=1326 audit(2000000255.134:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29834 comm="syz.1.11501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5aee37dff9 code=0x7ffc0000 [ 626.946663][ T5301] konepure 0003:1E7D:2DB4.0052: unknown main item tag 0x0 [ 626.948655][ T5301] konepure 0003:1E7D:2DB4.0052: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.3-1/input0 [ 626.998218][T29845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11505'. [ 627.137739][ T5301] usb 4-1: USB disconnect, device number 50 [ 628.500662][ T54] Bluetooth: hci2: unexpected event for opcode 0x203c [ 628.602995][ T5320] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 628.643043][T29887] random: crng reseeded on system resumption [ 628.758735][ T5320] usb 2-1: config 0 has an invalid interface number: 108 but max is 0 [ 628.799421][ T5320] usb 2-1: config 0 has no interface number 0 [ 628.843497][ T5320] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 628.909607][ T5320] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.051507][ T5320] usb 2-1: config 0 descriptor?? [ 629.079735][ T5320] cp210x 2-1:0.108: cp210x converter detected [ 629.480732][ T5320] cp210x 2-1:0.108: failed to get vendor val 0x000e size 3: -71 [ 629.522921][ T5320] usb 2-1: cp210x converter now attached to ttyUSB0 [ 629.595324][ T29] audit: type=1400 audit(2000000258.256:305): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=29896 comm="syz.4.11528" daddr=::ffff:172.20.20.31 [ 629.654560][ T5320] usb 2-1: USB disconnect, device number 40 [ 629.738332][ T5320] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 629.818530][ T5320] cp210x 2-1:0.108: device disconnected [ 630.288616][T29903] netlink: 'syz.4.11531': attribute type 4 has an invalid length. [ 630.421135][ T5366] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 630.626049][ T5366] usb 3-1: Using ep0 maxpacket: 16 [ 630.661624][ T5366] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 630.717713][ T5366] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 630.779798][ T5366] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 630.853706][ T5366] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 630.924282][ T5366] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 630.976085][ T5366] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.014042][T25120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 631.025713][T25120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 631.034696][T25120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 631.045825][T25120] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 631.063012][T25120] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 631.073058][T25120] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 631.137929][ T5366] usb 3-1: Product: syz [ 631.169668][ T5366] usb 3-1: Manufacturer: syz [ 631.197992][ T5366] usb 3-1: SerialNumber: syz [ 631.501622][ T5366] usb 3-1: USB disconnect, device number 38 [ 631.596897][T29795] udevd[29795]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 631.930577][ T2637] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 632.040370][ T5320] kernel write not supported for file /snd/seq (pid: 5320 comm: kworker/1:6) [ 632.104746][ T2637] usb 4-1: config index 0 descriptor too short (expected 68, got 36) [ 632.135607][ T29] audit: type=1400 audit(2000000260.981:306): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="M" requested=w pid=29931 comm="syz.2.11544" daddr=::ffff:172.20.20.31 [ 632.158478][ T2637] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 632.216669][ T2637] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 632.284164][ T2637] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 632.340812][ T2637] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.391740][ T2637] usb 4-1: config 0 descriptor?? [ 632.835041][ T2637] hid-rmi 0003:06CB:81A7.0053: item 0 0 0 11 parsing failed [ 632.896052][ T2637] hid-rmi 0003:06CB:81A7.0053: parse failed [ 632.937457][ T2637] hid-rmi 0003:06CB:81A7.0053: probe with driver hid-rmi failed with error -22 [ 632.967715][ T29] audit: type=1326 audit(2000000261.882:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.042479][ T1117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.053788][T25120] Bluetooth: hci3: command tx timeout [ 633.079754][ T2637] usb 4-1: USB disconnect, device number 51 [ 633.119266][ T29] audit: type=1326 audit(2000000261.914:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.161645][ T1117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 48056 - 0 [ 633.190349][ T1117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 40939 - 0 [ 633.220396][ T29] audit: type=1326 audit(2000000261.914:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.344462][ T29] audit: type=1326 audit(2000000261.914:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.437588][ T29] audit: type=1326 audit(2000000261.914:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.551194][ T29] audit: type=1326 audit(2000000261.914:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 633.666513][ T29] audit: type=1326 audit(2000000261.914:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29942 comm="syz.2.11549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc213b7dff9 code=0x7ffc0000 [ 634.452014][T29914] chnl_net:caif_netlink_parms(): no params data found [ 634.568307][ T5273] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 634.736563][ T5273] usb 4-1: Using ep0 maxpacket: 8 [ 634.754923][ T5273] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.785319][ T5273] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.839526][ T5273] usb 4-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00 [ 634.878736][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.917158][ T5273] usb 4-1: config 0 descriptor?? [ 634.978270][T25120] Bluetooth: hci3: command tx timeout [ 635.335903][ T5273] wacom 0003:056A:0333.0054: hidraw0: USB HID v0.00 Device [HID 056a:0333] on usb-dummy_hcd.3-1/input0 [ 635.538064][ T5320] usb 4-1: USB disconnect, device number 52 [ 636.385734][ T5273] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 636.548712][ T5273] usb 4-1: too many configurations: 57, using maximum allowed: 8 [ 636.567913][ T5273] usb 4-1: config index 0 descriptor too short (expected 65379, got 173) [ 636.581938][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.605413][ T5273] usb 4-1: config index 1 descriptor too short (expected 65379, got 173) [ 636.626501][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.648740][ T5273] usb 4-1: config index 2 descriptor too short (expected 65379, got 173) [ 636.667270][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.688532][ T5273] usb 4-1: config index 3 descriptor too short (expected 65379, got 173) [ 636.707274][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.729498][ T5273] usb 4-1: config index 4 descriptor too short (expected 65379, got 173) [ 636.749371][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.769828][ T5273] usb 4-1: config index 5 descriptor too short (expected 65379, got 173) [ 636.786874][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.808953][ T5273] usb 4-1: config index 6 descriptor too short (expected 65379, got 173) [ 636.824056][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.844763][ T5273] usb 4-1: config index 7 descriptor too short (expected 65379, got 173) [ 636.864691][ T5273] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 636.887042][ T5273] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 636.908276][ T5273] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.927472][T25120] Bluetooth: hci3: command tx timeout [ 636.934549][ T5273] usb 4-1: Product: syz [ 636.945367][ T5273] usb 4-1: Manufacturer: syz [ 636.953500][ T5273] usb 4-1: SerialNumber: syz [ 636.981522][ T5273] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 637.006481][ T5320] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 637.510027][ T2637] usb 4-1: USB disconnect, device number 53 [ 638.035431][ T5320] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 638.055776][ T5320] ath9k_htc: Failed to initialize the device [ 638.085529][ T2637] usb 4-1: ath9k_htc: USB layer deinitialized [ 638.856393][T25120] Bluetooth: hci3: command tx timeout [ 639.256565][ T5320] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 639.424230][ T5320] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 639.441356][ T5320] usb 4-1: config 0 has no interface number 0 [ 639.449855][ T5320] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 639.467538][ T5320] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 639.487278][ T5320] usb 4-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 639.506657][ T5320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.538405][ T5320] usb 4-1: config 0 descriptor?? [ 639.956857][ T5320] uclogic 0003:28BD:0905.0055: Interface probing failed: -22 [ 639.980785][ T5320] uclogic 0003:28BD:0905.0055: interface is invalid, ignoring [ 640.175335][ T5320] usb 4-1: USB disconnect, device number 54 [ 641.476007][T30034] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11589'. [ 644.773315][ T54] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 644.787667][ T54] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 644.796726][ T54] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 644.817494][ T54] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 644.825944][ T54] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 644.833494][ T54] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 645.355837][ T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 645.369410][ T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 645.380188][ T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 645.396223][ T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 645.408744][ T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 645.416400][ T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 645.810487][T25120] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 645.821479][T25120] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 645.832637][T25120] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 645.841134][T25120] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 645.848976][T25120] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 645.859269][T25120] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 646.759963][T25120] Bluetooth: hci5: command tx timeout [ 647.356703][T25120] Bluetooth: hci6: command tx timeout [ 647.505393][ C0] sched: DL replenish lagged too much [ 647.810722][T25120] Bluetooth: hci7: command tx timeout [ 648.698421][T25120] Bluetooth: hci5: command tx timeout [ 649.294599][T25120] Bluetooth: hci6: command tx timeout [ 649.742379][T25120] Bluetooth: hci7: command tx timeout [ 650.637371][T25120] Bluetooth: hci5: command tx timeout [ 651.235151][T25120] Bluetooth: hci6: command tx timeout [ 651.626408][ T54] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 651.642544][ T54] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 651.651421][ T54] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 651.661103][ T54] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 651.671845][ T54] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 651.679189][ T54] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 651.686840][ T54] Bluetooth: hci7: command tx timeout [ 652.576124][T30057] Bluetooth: hci5: command tx timeout [ 653.172647][T30057] Bluetooth: hci6: command tx timeout [ 653.620310][ T5236] Bluetooth: hci7: command tx timeout [ 653.627452][T30057] Bluetooth: hci8: command tx timeout [ 655.558971][T30057] Bluetooth: hci8: command tx timeout [ 657.500306][T30057] Bluetooth: hci8: command tx timeout [ 657.683330][ T1117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 657.739862][ T1117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 48056 - 0 [ 657.781281][ T1117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 40939 - 0 [ 658.828042][T29975] team0: Port device syz_tun removed [ 659.436266][T30057] Bluetooth: hci8: command tx timeout [ 688.506284][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 688.558754][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 688.594653][ T5236] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 688.627382][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 688.635128][ T5236] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 688.642803][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 690.529235][ T5236] Bluetooth: hci0: command tx timeout [ 692.467900][ T5236] Bluetooth: hci0: command tx timeout [ 694.406143][ T5236] Bluetooth: hci0: command tx timeout [ 696.352371][ T5236] Bluetooth: hci0: command tx timeout [ 701.607054][T30057] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 701.619736][T30057] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 701.628534][T30057] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 701.637811][T30057] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 701.645650][T30057] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 701.676300][T30057] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 701.836514][ T5236] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 701.848137][ T5236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 701.856570][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 701.867003][ T5236] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 701.877562][ T5236] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 701.885594][ T5236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 702.124732][T30057] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 702.136597][T30057] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 702.146547][T30057] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 702.156195][T30057] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 702.166971][T30057] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 702.175202][T30057] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 703.578163][T30057] Bluetooth: hci1: command tx timeout [ 703.801174][T30057] Bluetooth: hci2: command tx timeout [ 704.100043][T30057] Bluetooth: hci9: command tx timeout [ 705.516805][T30057] Bluetooth: hci1: command tx timeout [ 705.740531][ T5236] Bluetooth: hci2: command tx timeout [ 706.038672][T30057] Bluetooth: hci9: command tx timeout [ 707.462936][T30057] Bluetooth: hci1: command tx timeout [ 707.676924][ T5236] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 707.684889][T25120] Bluetooth: hci2: command tx timeout [ 707.695723][T25120] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 707.705697][T25120] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 707.715181][T25120] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 707.723772][T25120] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 707.735289][T25120] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 707.977208][T25120] Bluetooth: hci9: command tx timeout [ 709.394056][T25120] Bluetooth: hci1: command tx timeout [ 709.617966][T25120] Bluetooth: hci2: command tx timeout [ 709.692508][T25120] Bluetooth: hci10: command tx timeout [ 709.916175][T25120] Bluetooth: hci9: command tx timeout [ 711.631048][T25120] Bluetooth: hci10: command tx timeout [ 713.569625][T25120] Bluetooth: hci10: command tx timeout [ 715.507852][T25120] Bluetooth: hci10: command tx timeout [ 745.008197][T30057] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 745.050584][T30057] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 745.097549][T30057] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 745.158477][ T5236] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 745.208678][ T5236] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 745.227378][ T5236] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 747.058256][T25120] Bluetooth: hci3: command 0x0406 tx timeout [ 747.272879][T30057] Bluetooth: hci11: command tx timeout [ 749.211330][T30057] Bluetooth: hci11: command tx timeout [ 751.150088][T30057] Bluetooth: hci11: command tx timeout [ 753.088683][T30057] Bluetooth: hci11: command tx timeout [ 758.186131][T25120] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 758.196690][T25120] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 758.224684][T25120] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 758.232791][T25120] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 758.242457][T25120] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 758.249922][T25120] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 758.337282][T30057] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 758.364211][T30057] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 758.375174][T30057] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 758.386249][T30057] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 758.395460][T30057] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 758.403926][T30057] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 758.459372][T30057] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 758.469753][T30057] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 758.479086][T30057] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 758.497062][T30057] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 758.504992][T30057] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 758.512427][T30057] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 760.172350][ T54] Bluetooth: hci12: command tx timeout [ 760.321523][ T54] Bluetooth: hci13: command tx timeout [ 760.470588][ T54] Bluetooth: hci14: command tx timeout [ 761.381973][ T54] Bluetooth: hci6: command 0x0406 tx timeout [ 761.402491][ T54] Bluetooth: hci5: command 0x0406 tx timeout [ 761.441683][ T54] Bluetooth: hci7: command 0x0406 tx timeout [ 762.110990][T30057] Bluetooth: hci12: command tx timeout [ 762.260192][T30057] Bluetooth: hci13: command tx timeout [ 762.409534][T30057] Bluetooth: hci14: command tx timeout [ 763.796906][T25120] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 763.809857][T25120] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 763.818718][T25120] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 763.827933][T25120] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 763.837130][T25120] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 763.845042][T25120] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 764.049604][T25120] Bluetooth: hci12: command tx timeout [ 764.198906][T30057] Bluetooth: hci13: command tx timeout [ 764.347991][T30057] Bluetooth: hci14: command tx timeout [ 765.765788][T30057] Bluetooth: hci15: command tx timeout [ 765.988362][T30057] Bluetooth: hci12: command tx timeout [ 766.145165][T30057] Bluetooth: hci8: command 0x0406 tx timeout [ 766.151491][ T5236] Bluetooth: hci13: command tx timeout [ 766.286769][T25120] Bluetooth: hci14: command tx timeout [ 767.703346][T25120] Bluetooth: hci15: command tx timeout [ 769.642105][T25120] Bluetooth: hci15: command tx timeout [ 771.580562][T25120] Bluetooth: hci15: command tx timeout [ 788.557329][ T1117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 788.571500][ T1117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 48056 - 0 [ 788.606574][ T1117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 40939 - 0 [ 800.010226][ T5236] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 800.023469][ T5236] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 800.033225][ T5236] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 800.042191][ T5236] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 800.051198][ T5236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 800.059066][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 802.002854][ T5236] Bluetooth: hci3: command tx timeout [ 803.941536][ T5236] Bluetooth: hci3: command tx timeout [ 804.321613][ T5236] Bluetooth: hci0: command 0x0406 tx timeout [ 805.881026][T25120] Bluetooth: hci3: command tx timeout [ 807.818887][T25120] Bluetooth: hci3: command tx timeout [ 814.731990][ T5236] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 814.745584][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 814.755579][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 814.772950][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 814.782508][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 814.791619][ T5236] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 814.839623][T25120] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 814.851278][T25120] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 814.863665][T25120] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 814.872652][T25120] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 814.883959][T25120] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 814.895174][T25120] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 814.972207][ T5236] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 814.982818][ T5236] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 814.994988][ T5236] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 815.003580][ T5236] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 815.011526][ T5236] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 815.023255][ T5236] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 816.766810][ T5236] Bluetooth: hci4: command tx timeout [ 816.841119][ T5236] Bluetooth: hci16: command tx timeout [ 816.915674][ T5236] Bluetooth: hci17: command tx timeout [ 818.646681][T30107] Bluetooth: hci1: command 0x0406 tx timeout [ 818.653042][T30107] Bluetooth: hci2: command 0x0406 tx timeout [ 818.663112][ T5236] Bluetooth: hci9: command 0x0406 tx timeout [ 818.705603][T30108] Bluetooth: hci4: command tx timeout [ 818.779647][T30135] Bluetooth: hci16: command tx timeout [ 818.854422][T25120] Bluetooth: hci17: command tx timeout [ 819.849960][T30135] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 819.861499][T30135] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 819.869947][T30135] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 819.879773][T30135] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 819.888057][T30135] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3 [ 819.895941][T30135] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 820.644023][T30135] Bluetooth: hci4: command tx timeout [ 820.718593][T30135] Bluetooth: hci16: command tx timeout [ 820.792416][T30135] Bluetooth: hci17: command tx timeout [ 821.837099][T30135] Bluetooth: hci18: command tx timeout [ 822.591790][T30135] Bluetooth: hci4: command tx timeout [ 822.657303][T30135] Bluetooth: hci16: command tx timeout [ 822.731772][ T54] Bluetooth: hci17: command tx timeout [ 823.412043][ T54] Bluetooth: hci10: command 0x0406 tx timeout [ 823.775653][T25120] Bluetooth: hci18: command tx timeout [ 825.713658][T25120] Bluetooth: hci18: command tx timeout [ 827.652958][T25120] Bluetooth: hci18: command tx timeout [ 833.990416][ T30] INFO: task syz-executor:30065 blocked for more than 143 seconds. [ 833.998375][ T30] Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 834.043959][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 834.091018][ T30] task:syz-executor state:D stack:24128 pid:30065 tgid:30065 ppid:1 flags:0x00004006 [ 834.177363][ T30] Call Trace: [ 834.180707][ T30] [ 834.183671][ T30] __schedule+0x1843/0x4ae0 [ 834.251865][ T30] ? __pfx___schedule+0x10/0x10 [ 834.256810][ T30] ? __pfx_lock_release+0x10/0x10 [ 834.307924][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 834.313473][ T30] ? schedule+0x90/0x320 [ 834.373231][ T30] schedule+0x14b/0x320 [ 834.377551][ T30] schedule_preempt_disabled+0x13/0x30 [ 834.429016][ T30] __mutex_lock+0x6a7/0xd70 [ 834.433603][ T30] ? xas_find_marked+0xf80/0x10e0 [ 834.494214][ T30] ? __mutex_lock+0x52a/0xd70 [ 834.498970][ T30] ? add_one_compat_dev+0x10d/0x710 [ 834.536633][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 834.542129][ T30] ? xa_find+0x36c/0x420 [ 834.546423][ T30] ? __pfx_down_read+0x10/0x10 [ 834.587561][ T30] add_one_compat_dev+0x10d/0x710 [ 834.592667][ T30] ? fs_reclaim_acquire+0x93/0x130 [ 834.632286][ T30] rdma_dev_init_net+0x1f1/0x280 [ 834.652720][ T30] ? __pfx_rdma_dev_init_net+0x10/0x10 [ 834.658265][ T30] ops_init+0x31e/0x590 [ 834.698725][ T30] ? lockdep_init_map_type+0xa1/0x910 [ 834.719900][ T30] setup_net+0x287/0x9e0 [ 834.724220][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 834.764012][ T30] ? __pfx_setup_net+0x10/0x10 [ 834.783132][ T30] copy_net_ns+0x33f/0x570 [ 834.787628][ T30] create_new_namespaces+0x425/0x7b0 [ 834.803213][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 834.809003][ T30] ksys_unshare+0x57d/0xa70 [ 834.825497][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 834.836053][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 834.847422][ T30] ? do_syscall_64+0x100/0x230 [ 834.857025][ T30] __x64_sys_unshare+0x38/0x40 [ 834.866644][ T30] do_syscall_64+0xf3/0x230 [ 834.871203][ T30] ? clear_bhb_loop+0x35/0x90 [ 834.875910][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.892182][ T30] RIP: 0033:0x7f001ed7f7f7 [ 834.900617][ T30] RSP: 002b:00007ffdf835b908 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 834.913697][ T30] RAX: ffffffffffffffda RBX: 00007f001ef35f40 RCX: 00007f001ed7f7f7 [ 834.921722][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 834.943362][ T30] RBP: 00007f001ef36a38 R08: 0000000000000000 R09: 0000000000000000 [ 834.961834][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c [ 834.978270][ T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 834.995932][ T30] [ 834.999208][ T30] [ 834.999208][ T30] Showing all locks held in the system: [ 835.016580][ T30] 1 lock held by khungtaskd/30: [ 835.021478][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 835.042114][ T30] 3 locks held by kworker/u8:4/81: [ 835.049980][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 835.075110][ T30] #1: ffffc900015d7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 835.090231][ T30] #2: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 835.099295][ T30] 6 locks held by kworker/u8:5/1117: [ 835.115124][ T30] #0: ffff88801baeb148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 835.135939][ T30] #1: ffffc90004e27d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 835.157865][ T30] #2: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 835.174550][ T30] #3: ffff88805f02e0e8 (&dev->mutex){....}-{3:3}, at: devlink_pernet_pre_exit+0x13b/0x440 [ 835.196731][ T30] #4: ffff88805f02f250 (&devlink->lock_key#4){+.+.}-{3:3}, at: devlink_pernet_pre_exit+0x14d/0x440 [ 835.211449][ T30] #5: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0 [ 835.220442][ T30] 2 locks held by getty/4973: [ 835.235685][ T30] #0: ffff88802f3cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 835.250605][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 835.270072][ T30] 6 locks held by kworker/0:6/5301: [ 835.275331][ T30] 1 lock held by syz-executor/29914: [ 835.286140][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 835.295193][ T30] 2 locks held by syz.4.11570/29995: [ 835.311247][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 835.323219][ T30] #1: ffffffff8e7d1dd0 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x5ea/0x1da0 [ 835.343835][ T30] 1 lock held by syz.3.11591/30038: [ 835.349078][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 835.369577][ T30] 5 locks held by syz-executor/30042: [ 835.375437][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.394581][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 835.407499][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 835.425704][ T30] #3: ffff88807b2e0f38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 835.446066][ T30] #4: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0x153/0x800 [ 835.466248][ T30] 2 locks held by syz-executor/30048: [ 835.471678][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.491333][ T30] #1: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720 [ 835.511315][ T30] 4 locks held by syz-executor/30050: [ 835.516736][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.535818][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 835.557598][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 835.572779][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 835.595344][ T30] 3 locks held by kworker/u8:0/30052: [ 835.600774][ T30] #0: ffff88802dfdd948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 835.622734][ T30] #1: ffffc900037dfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 835.646407][ T30] #2: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 835.667672][ T30] 6 locks held by syz-executor/30054: [ 835.673656][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.693974][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 835.714650][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 835.735275][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 835.752822][ T30] #4: ffff88807ef1d230 (&rxe->usdev_lock){+.+.}-{3:3}, at: rxe_query_port+0x61/0x260 [ 835.773010][ T30] #5: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: ib_get_eth_speed+0x153/0x800 [ 835.789467][ T30] 4 locks held by syz-executor/30065: [ 835.800463][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.817911][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 835.838375][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 835.855482][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 835.877280][ T30] 4 locks held by syz-executor/30073: [ 835.888723][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.907566][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 835.928063][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 835.948124][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 835.969078][ T30] 4 locks held by syz-executor/30077: [ 835.974499][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 835.994838][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.013320][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.032605][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.050508][ T30] 4 locks held by syz-executor/30079: [ 836.055927][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.076345][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.096735][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.116044][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.136738][ T30] 4 locks held by syz-executor/30084: [ 836.142158][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.161237][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.182493][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.202623][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.223326][ T30] 4 locks held by syz-executor/30089: [ 836.233972][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.253247][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.273822][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.294426][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.311309][ T30] 2 locks held by syz-executor/30097: [ 836.316740][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.336205][ T30] #1: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 836.355776][ T30] 4 locks held by syz-executor/30100: [ 836.362964][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.380763][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.400993][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.413851][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.433802][ T30] 1 lock held by syz-executor/30103: [ 836.439148][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.452804][ T30] 4 locks held by syz-executor/30112: [ 836.458220][ T30] #0: ffffffff8fcb2dd0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 836.479127][ T30] #1: ffffffff8fa2ea70 (devices_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x198/0x280 [ 836.498146][ T30] #2: ffffffff8fa2ec30 (rdma_nets_rwsem){++++}-{3:3}, at: rdma_dev_init_net+0x1e6/0x280 [ 836.517912][ T30] #3: ffff88807ef1cf38 (&device->compat_devs_mutex){+.+.}-{3:3}, at: add_one_compat_dev+0x10d/0x710 [ 836.544265][ T30] 1 lock held by syz-executor/30117: [ 836.550215][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.570245][ T30] 1 lock held by syz-executor/30125: [ 836.577147][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.591660][ T30] 1 lock held by syz-executor/30128: [ 836.596989][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.620683][ T30] 1 lock held by syz-executor/30131: [ 836.626023][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.640714][ T30] 1 lock held by syz-executor/30139: [ 836.646044][ T30] #0: ffffffff8fcbf8c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0 [ 836.665264][ T30] [ 836.669473][ T30] ============================================= [ 836.669473][ T30] [ 836.691036][ T30] NMI backtrace for cpu 1 [ 836.695408][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 [ 836.705938][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 836.716013][ T30] Call Trace: [ 836.719305][ T30] [ 836.722253][ T30] dump_stack_lvl+0x241/0x360 [ 836.726959][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 836.732178][ T30] ? __pfx__printk+0x10/0x10 [ 836.736807][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 836.741776][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 836.747261][ T30] ? _printk+0xd5/0x120 [ 836.751444][ T30] ? __pfx__printk+0x10/0x10 [ 836.756058][ T30] ? __wake_up_klogd+0xcc/0x110 [ 836.760937][ T30] ? __pfx__printk+0x10/0x10 [ 836.765559][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 836.770609][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 836.776618][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 836.782630][ T30] watchdog+0xff4/0x1040 [ 836.786904][ T30] ? watchdog+0x1ea/0x1040 [ 836.791356][ T30] ? __pfx_watchdog+0x10/0x10 [ 836.796055][ T30] kthread+0x2f0/0x390 [ 836.800138][ T30] ? __pfx_watchdog+0x10/0x10 [ 836.804839][ T30] ? __pfx_kthread+0x10/0x10 [ 836.809446][ T30] ret_from_fork+0x4b/0x80 [ 836.813886][ T30] ? __pfx_kthread+0x10/0x10 [ 836.818501][ T30] ret_from_fork_asm+0x1a/0x30 [ 836.823305][ T30] [ 836.827217][ T30] Sending NMI from CPU 1 to CPUs 0: [ 836.832476][ C0] NMI backtrace for cpu 0 [ 836.832489][ C0] CPU: 0 UID: 0 PID: 5301 Comm: kworker/0:6 Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 [ 836.832510][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 836.832522][ C0] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 836.832549][ C0] RIP: 0010:unwind_next_frame+0x1cb/0x22d0 [ 836.832569][ C0] Code: 17 ef 0c 00 0f 45 d1 8d 42 ff 44 39 f0 0f 86 55 18 00 00 44 89 f0 48 8d 1c 85 f0 88 49 91 48 89 d8 48 c1 e8 03 42 0f b6 04 20 <84> c0 4c 89 e5 0f 85 97 1a 00 00 44 8b 23 44 89 f0 ff c0 48 8d 1c [ 836.832584][ C0] RSP: 0018:ffffc90000006a30 EFLAGS: 00000a02 [ 836.832597][ C0] RAX: 0000000000000000 RBX: ffffffff91498a48 RCX: 00000000000b0001 [ 836.832609][ C0] RDX: 00000000000b0001 RSI: ffffffff8100568a RDI: 0000000000000001 [ 836.832620][ C0] RBP: ffffc90000006b35 R08: 0000000000000019 R09: ffffc90000006bf0 [ 836.832633][ C0] R10: ffffc90000006b50 R11: ffffffff8180a090 R12: dffffc0000000000 [ 836.832645][ C0] R13: ffffc90000006b00 R14: 0000000000000056 R15: ffffffff81005689 [ 836.832658][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 836.832678][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 836.832689][ C0] CR2: 0000000020000080 CR3: 000000000e734000 CR4: 00000000003526f0 [ 836.832704][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 836.832714][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 836.832725][ C0] Call Trace: [ 836.832731][ C0] [ 836.832738][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 836.832759][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 836.832784][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 836.832804][ C0] ? nmi_handle+0x2a/0x5a0 [ 836.832828][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 836.832849][ C0] ? nmi_handle+0x14f/0x5a0 [ 836.832865][ C0] ? nmi_handle+0x2a/0x5a0 [ 836.832883][ C0] ? unwind_next_frame+0x1cb/0x22d0 [ 836.832898][ C0] ? default_do_nmi+0x63/0x160 [ 836.832919][ C0] ? exc_nmi+0x123/0x1f0 [ 836.832937][ C0] ? end_repeat_nmi+0xf/0x53 [ 836.832952][ C0] ? ret_from_fork_asm+0x19/0x30 [ 836.832975][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 836.832997][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 836.833018][ C0] ? unwind_next_frame+0x1cb/0x22d0 [ 836.833034][ C0] ? unwind_next_frame+0x1cb/0x22d0 [ 836.833050][ C0] ? unwind_next_frame+0x1cb/0x22d0 [ 836.833066][ C0] [ 836.833072][ C0] [ 836.833082][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 836.833106][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 836.833125][ C0] arch_stack_walk+0x11c/0x150 [ 836.833145][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 836.833169][ C0] stack_trace_save+0x118/0x1d0 [ 836.833188][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 836.833206][ C0] ? stack_trace_save+0x118/0x1d0 [ 836.833223][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 836.833244][ C0] kasan_save_track+0x3f/0x80 [ 836.833265][ C0] ? kasan_save_track+0x3f/0x80 [ 836.833285][ C0] ? __kasan_kmalloc+0x98/0xb0 [ 836.833304][ C0] ? __kmalloc_node_track_caller_noprof+0x225/0x440 [ 836.833322][ C0] ? kmalloc_reserve+0x111/0x2a0 [ 836.833339][ C0] ? __alloc_skb+0x1f3/0x440 [ 836.833354][ C0] ? synproxy_send_client_synack+0x1ba/0xf30 [ 836.833380][ C0] ? nft_synproxy_eval_v4+0x3ca/0x610 [ 836.833403][ C0] ? nft_synproxy_do_eval+0x362/0xa60 [ 836.833425][ C0] ? nft_do_chain+0x4ad/0x1da0 [ 836.833439][ C0] ? nft_do_chain_inet+0x418/0x6b0 [ 836.833462][ C0] ? nf_hook_slow+0xc3/0x220 [ 836.833483][ C0] ? NF_HOOK+0x29e/0x450 [ 836.833499][ C0] ? NF_HOOK+0x3a4/0x450 [ 836.833516][ C0] ? __netif_receive_skb+0x2bf/0x650 [ 836.833536][ C0] ? process_backlog+0x662/0x15b0 [ 836.833556][ C0] ? __napi_poll+0xcb/0x490 [ 836.833574][ C0] ? net_rx_action+0x89b/0x1240 [ 836.833594][ C0] ? handle_softirqs+0x2c5/0x980 [ 836.833614][ C0] ? do_softirq+0x11b/0x1e0 [ 836.833633][ C0] ? __local_bh_enable_ip+0x1bb/0x200 [ 836.833653][ C0] ? wg_packet_tx_worker+0x160/0x810 [ 836.833679][ C0] ? process_scheduled_works+0xa63/0x1850 [ 836.833700][ C0] ? worker_thread+0x870/0xd30 [ 836.833720][ C0] ? kthread+0x2f0/0x390 [ 836.833734][ C0] ? ret_from_fork+0x4b/0x80 [ 836.833756][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 836.833792][ C0] __kasan_kmalloc+0x98/0xb0 [ 836.833814][ C0] __kmalloc_node_track_caller_noprof+0x225/0x440 [ 836.833833][ C0] ? __alloc_skb+0x1f3/0x440 [ 836.833849][ C0] ? __alloc_skb+0x1f3/0x440 [ 836.833864][ C0] kmalloc_reserve+0x111/0x2a0 [ 836.833881][ C0] __alloc_skb+0x1f3/0x440 [ 836.833899][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 836.833919][ C0] synproxy_send_client_synack+0x1ba/0xf30 [ 836.833944][ C0] ? kasan_quarantine_put+0xdc/0x230 [ 836.833964][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 836.833989][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 836.834013][ C0] ? synproxy_pernet+0x45/0x270 [ 836.834037][ C0] nft_synproxy_eval_v4+0x3ca/0x610 [ 836.834063][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 836.834087][ C0] ? nf_ip_checksum+0x13a/0x500 [ 836.834104][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 836.834130][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 836.834157][ C0] ? __pfx_validate_chain+0x10/0x10 [ 836.834179][ C0] nft_do_chain+0x4ad/0x1da0 [ 836.834201][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 836.834215][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 836.834248][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 836.834267][ C0] nft_do_chain_inet+0x418/0x6b0 [ 836.834292][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 836.834314][ C0] ? ipt_do_table+0x312/0x1860 [ 836.834345][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 836.834368][ C0] nf_hook_slow+0xc3/0x220 [ 836.834389][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 836.834407][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 836.834426][ C0] NF_HOOK+0x29e/0x450 [ 836.834445][ C0] ? NF_HOOK+0x9a/0x450 [ 836.834462][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 836.834481][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 836.834503][ C0] ? ip_rcv_finish+0x406/0x560 [ 836.834521][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 836.834540][ C0] NF_HOOK+0x3a4/0x450 [ 836.834556][ C0] ? __lock_acquire+0x1384/0x2050 [ 836.834580][ C0] ? NF_HOOK+0x9a/0x450 [ 836.834597][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 836.834614][ C0] ? ip_rcv_core+0x801/0xd10 [ 836.834633][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 836.834654][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 836.834676][ C0] __netif_receive_skb+0x2bf/0x650 [ 836.834698][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 836.834720][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 836.834739][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 836.834762][ C0] ? __pfx_lock_release+0x10/0x10 [ 836.834785][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 836.834813][ C0] process_backlog+0x662/0x15b0 [ 836.834836][ C0] ? process_backlog+0x33b/0x15b0 [ 836.834860][ C0] ? __pfx_process_backlog+0x10/0x10 [ 836.834880][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 836.834904][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 836.834929][ C0] __napi_poll+0xcb/0x490 [ 836.834951][ C0] net_rx_action+0x89b/0x1240 [ 836.834982][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 836.835002][ C0] ? __run_timer_base+0x178/0x8e0 [ 836.835023][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 836.835061][ C0] handle_softirqs+0x2c5/0x980 [ 836.835084][ C0] ? do_softirq+0x11b/0x1e0 [ 836.835105][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 836.835130][ C0] do_softirq+0x11b/0x1e0 [ 836.835149][ C0] [ 836.835155][ C0] [ 836.835161][ C0] ? __pfx_do_softirq+0x10/0x10 [ 836.835181][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 836.835204][ C0] ? mod_peer_timer+0x21/0x260 [ 836.835223][ C0] ? rcu_is_watching+0x15/0xb0 [ 836.835243][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 836.835264][ C0] ? mod_peer_timer+0x21/0x260 [ 836.835282][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 836.835304][ C0] ? mod_peer_timer+0x21/0x260 [ 836.835323][ C0] ? mod_peer_timer+0x212/0x260 [ 836.835343][ C0] wg_packet_tx_worker+0x160/0x810 [ 836.835367][ C0] ? process_scheduled_works+0x976/0x1850 [ 836.835388][ C0] process_scheduled_works+0xa63/0x1850 [ 836.835422][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 836.835449][ C0] ? assign_work+0x364/0x3d0 [ 836.835472][ C0] worker_thread+0x870/0xd30 [ 836.835497][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 836.835520][ C0] ? __kthread_parkme+0x169/0x1d0 [ 836.835544][ C0] ? __pfx_worker_thread+0x10/0x10 [ 836.835566][ C0] kthread+0x2f0/0x390 [ 836.835580][ C0] ? __pfx_worker_thread+0x10/0x10 [ 836.835602][ C0] ? __pfx_kthread+0x10/0x10 [ 836.835617][ C0] ret_from_fork+0x4b/0x80 [ 836.835639][ C0] ? __pfx_kthread+0x10/0x10 [ 836.835654][ C0] ret_from_fork_asm+0x1a/0x30 [ 836.835687][ C0] [ 837.695217][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 837.702111][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00074-gd3d1556696c1 #0 [ 837.712632][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 837.722715][ T30] Call Trace: [ 837.726009][ T30] [ 837.728957][ T30] dump_stack_lvl+0x241/0x360 [ 837.733668][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 837.738886][ T30] ? __pfx__printk+0x10/0x10 [ 837.743508][ T30] ? vscnprintf+0x5d/0x90 [ 837.747862][ T30] panic+0x349/0x880 [ 837.751783][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 837.757961][ T30] ? __pfx_panic+0x10/0x10 [ 837.762403][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 837.767794][ T30] ? __irq_work_queue_local+0x137/0x410 [ 837.773365][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 837.778759][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 837.784932][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 837.791111][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 837.797290][ T30] watchdog+0x1033/0x1040 [ 837.801654][ T30] ? watchdog+0x1ea/0x1040 [ 837.806099][ T30] ? __pfx_watchdog+0x10/0x10 [ 837.810797][ T30] kthread+0x2f0/0x390 [ 837.814882][ T30] ? __pfx_watchdog+0x10/0x10 [ 837.819579][ T30] ? __pfx_kthread+0x10/0x10 [ 837.824186][ T30] ret_from_fork+0x4b/0x80 [ 837.828628][ T30] ? __pfx_kthread+0x10/0x10 [ 837.833240][ T30] ret_from_fork_asm+0x1a/0x30 [ 837.838037][ T30] [ 837.841347][ T30] Kernel Offset: disabled [ 837.845665][ T30] Rebooting in 86400 seconds..