last executing test programs: 40.380080603s ago: executing program 0 (id=2238): capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x800) ioctl$SG_NEXT_CMD_LEN(r0, 0x2284, 0x0) 39.995020203s ago: executing program 0 (id=2241): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) 34.700055638s ago: executing program 0 (id=2255): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1}, 0xc) 34.418956528s ago: executing program 0 (id=2257): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000400)=ANY=[@ANYBLOB="50000000100001040100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000300", @ANYRES32=0x0, @ANYBLOB="2800128008000100677470001c00028008000100", @ANYRES32=r1], 0x50}}, 0x0) 34.110576634s ago: executing program 1 (id=2260): sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000a747", @ANYRES16=0x0, @ANYBLOB="0000000000000000000001000000080001"], 0x58}, 0x1, 0xf000}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b00010a000000000000001807"], 0x114}], 0x1}, 0x0) 34.090241959s ago: executing program 0 (id=2261): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x5, 0xc18, 0x0, {0x77359400}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "f9c47f1eb878265c080dcb6759162ed1b30071457936910e9563e53a719b96bb2f04b43750e44572e6757419924ea8b9c62671ed8d13557139d7919a71a34132"}}, 0x80}}, 0x0) 33.822892912s ago: executing program 0 (id=2262): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x196f, 0x100, 0x19ef, 0x2800, 0x5, 0x2800, 0x2, 0x3, 0xbb6, 0x16, 0x10, {0x81, 0xfffffff8}, 0xd0, 0x9}}) 33.822486312s ago: executing program 1 (id=2263): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r4, @ANYBLOB="0100000000000000000010000000180001801400020069703667726530000000000000000000"], 0x2c}}, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) r6 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r7, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001740)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a0fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f000000000000000000000000000d503d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deecd5cb8d69ea6549c58a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f890000fe1a9d24417388290000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a626737e49646a8a14861f2bbd4d6abf0146052414c789df44b161b"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/167, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000280), 0x7, 0x10, 0x0, 0xfffffffffffffe0c, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r9 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r9, 0x89e0, &(0x7f00000001c0)={r7, r8}) sendmmsg$inet(r7, &(0x7f00000050c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000580)="83", 0x1}], 0x1}}], 0x1, 0x4c819) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000040)) r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r11 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time\x00', 0x275a, 0x0) write$UHID_CREATE2(r12, &(0x7f00000007c0)=ANY=[@ANYBLOB='.'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r12, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r10, 0x40045010, &(0x7f0000000000)) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r11, 0x4112, 0x0) 30.871820495s ago: executing program 4 (id=2270): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000900), r0) sendmsg$NFC_CMD_SE_IO(r0, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000100)=ANY=[@ANYBLOB="c4010000", @ANYRES16=r1, @ANYBLOB="010000000000000000001b00000008001500000000000400190008000100", @ANYRES32], 0x1c4}}, 0x0) 30.416059066s ago: executing program 4 (id=2272): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) read$FUSE(r0, &(0x7f0000000140)={0x2020}, 0x2020) write$9p(r0, &(0x7f0000000000)="fa1c4f8b", 0x4) 29.966955868s ago: executing program 4 (id=2274): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c) sendto$inet6(r0, 0x0, 0xf5ff, 0x2000c850, 0x0, 0x0) 29.703912041s ago: executing program 1 (id=2276): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000dc0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f00000000c0)={0x0, 0x1}) 29.586924859s ago: executing program 3 (id=2277): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x4}]}}}]}]}], {0x14}}, 0x74}}, 0x0) 29.534976101s ago: executing program 4 (id=2278): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000002540)={0x0, 0x0, &(0x7f0000002500)={&(0x7f00000004c0)={0x38, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_vlan\x00'}]}]}, 0x38}}, 0x0) 29.142963742s ago: executing program 1 (id=2280): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce71"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$bt_hci(r0, 0x84, 0x85, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) 29.131263565s ago: executing program 3 (id=2281): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000006ffc)=0x1132ccf3, 0x4) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1, "27d85592b6bfee2be57c8a209e5cfce2939c0b6b081aa505abcc55a7042fafc2", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000080)={"fe0d1acce4a37ef94acd000200", r8, 0xffffffffffffffff}) r10 = dup(r9) r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB]) close_range(r5, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@remote, 0x0, 0x3c}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@private2}]}, 0x104}}, 0x0) syz_emit_ethernet(0xb2, &(0x7f0000000300)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00\x00\b', 0x7c, 0x3a, 0xff, @remote, @mcast2, {[], @mlv2_query={0x82, 0x0, 0x0, 0xd, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3, 0x1, 0xf, 0x0, 0x6, [@private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1]}}}}}}, 0x0) 29.070258542s ago: executing program 4 (id=2282): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@file={0x0, '.\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000006ffc)=0x1132ccf3, 0x4) socketpair(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000000)={0x0, "f3c492eb0165203d36bec7080089b42c000004002231a110000000005900", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000140)={0x1, "27d85592b6bfee2be57c8a209e5cfce2939c0b6b081aa505abcc55a7042fafc2", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000080)={"fe0d1acce4a37ef94acd000200", r8, 0xffffffffffffffff}) r10 = dup(r9) r11 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r10, @ANYBLOB=',wfdno=', @ANYRESHEX=r11, @ANYBLOB]) close_range(r5, 0xffffffffffffffff, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newsa={0x104, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}, {@in=@remote, 0x0, 0x3c}, @in=@remote, {}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in6=@private2}]}, 0x104}}, 0x0) 27.720197152s ago: executing program 1 (id=2283): r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000006c0)='gre0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000000640)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000040)="a90500000000fd00000100338bb335529f56ed5c7a535071b312f933e594182008b348bf13f99f647c101d25", 0x2c}], 0x1}}], 0x1, 0x0) 27.594892958s ago: executing program 3 (id=2284): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002222000000962313060100033b228bea47e7e043042a9000b3"], 0x0}, 0x0) 27.324115252s ago: executing program 1 (id=2285): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSNPMODE(r0, 0x4008744b, 0x0) 25.150180138s ago: executing program 4 (id=2286): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000002340)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0xe}]}, 0x28}}, 0x0) 24.638456152s ago: executing program 3 (id=2287): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000400)=0x6, 0x4) bind$inet(r0, &(0x7f0000000500)={0x2, 0x4, @local}, 0x10) 24.409208958s ago: executing program 3 (id=2288): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, 'wlan1\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000940)='!A', 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000002f80)="ccf812e2fe4c3a87543ac69cfaa2b2880f54664f8a381e722c491fe827dfe4e4e0bfcf3d9c0b80eb6e7ddd69b093bfed76832f381b48cbd78466e7eecdb855172a3aa8ddca36668b0ae29de94f0cffdf96af730f73554709e2ad028088e83ec495006abb60c60124a686e79893728be2c75e435db572fe29a7f466bae770c29ae2ef0e8e85ebc6415d86d7b5247fb6cb31ffd34fc3bec264cb4dfd10685eca0caa26edb564e29b56e19c972cf5971048302c7d34fd66eec0129f71e495e1d598c3fb7296cbc02f5409564ef026e9110afaa537501371ed9689ee57a0bc5c31eaed895f64e8a763dbdbaf08a60b7933922a42ee09063b12e60f4d74dcc938", 0xfe}, {&(0x7f0000000980)="60abadf3de358d1b7a06a312b0d0f26ec24db4fbb5d3d6ef06704cf5672d7f730336d7fee331dabf24213838102d968f1c8c96fbeaa429333728", 0x3a}, {&(0x7f0000004000)="880018d14c59a12ff1f870578481fe095ac769f4e38d3c36e00fb2c5c940bb1e167f175c1df6d64da55316fbbddbeb91f9cb5d5ba02d40ab666d567e57cbfd35c4a39869afdde4155299154daad9ca9117805c46893a1ee45d296ded8302bad7ce8ab0e868fe476cd4a17d0145a827ed66b338ee60ac151e8850ef6f2a2281a8d8ed2deeae593efb73231523083c56664b3bb695a28e559ecfa749d901b7c6f59113fb726aaf7a66574f2062f9d94e5735724271551e955b0273a0b3968d4d8c86f3dd15cd2f0b78209c928d716f2893231a4809e103e4be25e2b830369f5703ac93c4de68eb70f160f4614aac2209468431601a57c4eca5f852f56d77e7868f5e590d1f61cf4b51633ecc2ff3c90c75a53bd5ad2772b602455bfeea4316453c0726bf7bd7e1da76bd344a7861c4e36da626d47daba72ef4c0d19d35e3e4bacf75d98b2d983d39c096d5ea33e7085fbc233a27c7a2cb26afecd700fd3b789120a941ba042453718470680c0ad7d30ebab7653924f8dc538e76b64f7f82cd9165b1fbb3a3a9c17216422fd7d608be940d8ba04c704b64cb3c241b177cdeefad19002e2ac52327791cdf2c2d208f26377dc0c213cec22d6d3dcb229d1d7262371863df982f26ba0131b2e40f38e08c245dd4b61f5b4acb95fa39333b04720751fd2ce716bba0acc314132e3907215d89680da738fb2f7c5d5d88e9e3b9eb697e3a3072babf7e406c5080d302fe148361ba21889cfb29680b5e37738c410cbc023effdf9b815b1b50eb8f61d5058e55c6152e76e80d2fd397ae4dad3abac4562c10ec1a290a54aa8b5fcf80f6be6e1cf5e86504f517c39327dde9c90c12194bdce7bd3b0c742144fb17a85d2f847f3a81ebe812369d9261895194222dd64a92f22539cec1561ace2af9e28cb10c5b6d5f8a310e5754d1e96cd88399ad2fa205f459b1230afc4d30791ed63a68c156a881c4995c75b3ff410cd7464c1ab12349fe060771ab7ccd099a41df4824e2c69a4f9dcc9ccdf9db3bd88981a2533a5a6135fd4b02a4ceb488c6091d4f564341c96d9c39e37db849f64a93bb5d083abee7521b7c081aa2abaae3b4ada84bdc9239c0b3ad72e310dd139b6ec32186988b620fe8aefe9d6a2b35e12cfaca01fdb13450255947e97c8440da75cd48920ca5e55873a8f25451f9a0c4f7a3aef8e6ddce9db1424c3581ce414f83b2c4ed6da6f5ab5341732457e70ee58b1cb6f9ffdc25c0812293e933e6d7464173a748739bc4768812a88d0d7f6dd74785df9a8f9a2d00994b0d4c6cfe48c3eacb7fc295f1163dd464bc3bef910aaa03ad6ecd943701c21793d8ebadc773df65f6d638a439e7c92a055361990770c67c3f5257f1843103b56b4096a358219811f82ec8a6b058000099804077ba4d521bb858795bf9ef6fc09d9772f03280c4eb2434cc3433eee26dcb63a8a1e0c21229bfe97d9760f66413de90d7dcd018e7aed74ac5be3eca52239345a109cade444e52d3596625afc0e49fcd59e835c12f1b5f35ce740402317c0d6f0289284855eda4064fb3692f4e651ae0ee84ce56fd4ce08668e3505b09cd23fd0cb3c13a91cf56b4c202f108afccdbde6f4dc0f36c1dfea8f805bcde64c060be15454f36c2d6a348acd6c861d9a4fefab5bde0171b25f5c09a5fe6c63eecb37517a01789a8926bc13d31b1e6fea3d959d4", 0x4b3}], 0x3}}], 0x2, 0x0) 24.054882693s ago: executing program 3 (id=2290): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_LOW={0x8, 0xf, 0x80000000}]}, 0x34}}, 0x0) 8.168735982s ago: executing program 2 (id=2313): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x80, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f043}) ppoll(&(0x7f0000000300)=[{r0, 0x2007}], 0x1, 0x0, 0x0, 0x0) 8.069154746s ago: executing program 2 (id=2314): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1, 0x2}}, 0x20) 7.97011811s ago: executing program 2 (id=2315): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f0000000b00)) syz_open_procfs$pagemap(0x0, 0x0) syz_open_dev$dmmidi(0x0, 0x200, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0) r8 = inotify_init1(0x800) fcntl$setown(r8, 0x8, 0xffffffffffffffff) fcntl$getownex(r8, 0x10, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000340)='statm\x00') pread64(r9, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000380)=ANY=[@ANYRES64=r9], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000100)) 1.239188546s ago: executing program 2 (id=2316): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f00000005c0)='contention_end\x00', r0}, 0x10) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) 974.656885ms ago: executing program 2 (id=2317): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080), 0xc, 0x0}, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f0000000b00)) syz_open_procfs$pagemap(0x0, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="59bb22bd7000000020001100000008002b01"], 0x28}}, 0x0) r8 = inotify_init1(0x800) fcntl$setown(r8, 0x8, 0xffffffffffffffff) fcntl$getownex(r8, 0x10, 0x0) r9 = syz_open_procfs(0x0, &(0x7f0000000340)='statm\x00') pread64(r9, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000380)=ANY=[@ANYRES64=r9], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000100)) 0s ago: executing program 2 (id=2318): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [{0x4}, {0x4}]}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}]}, 0x28}}, 0x0) kernel console output (not intermixed with test programs): 9] audit: type=1400 audit(1727472741.522:990): avc: denied { nlmsg_write } for pid=13091 comm="syz.3.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 1044.835307][ T29] audit: type=1400 audit(1727472741.682:991): avc: denied { execmem } for pid=13097 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 1045.406777][ T29] audit: type=1400 audit(1727472742.002:992): avc: denied { create } for pid=13097 comm="syz.2.1410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1045.785300][T11368] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1045.897711][T13095] Bluetooth: MGMT ver 1.23 [ 1046.472885][T13120] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1416'. [ 1049.005311][T11368] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1049.015522][T11368] Bluetooth: hci3: Injecting HCI hardware error event [ 1049.026933][T11368] Bluetooth: hci3: hardware error 0x00 [ 1049.713964][T13154] dlm: no locking on control device [ 1049.749668][T13161] xt_l2tp: wrong L2TP version: 0 [ 1050.126100][ T5370] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1050.305275][ T5370] usb 3-1: Using ep0 maxpacket: 16 [ 1050.324823][ T5370] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 1050.425964][ T5370] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 1050.640554][ T5370] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 1050.662970][ T5370] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.32 [ 1050.672396][ T5370] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.681141][ T5370] usb 3-1: Product: syz [ 1050.685773][ T5370] usb 3-1: Manufacturer: syz [ 1050.695521][ T5370] usb 3-1: SerialNumber: syz [ 1050.739714][ T5370] usb 3-1: config 0 descriptor?? [ 1050.818247][T13163] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1051.120812][ T5370] mceusb 3-1:0.0: mceusb_dev_probe: device setup failed! [ 1051.213151][ T5370] mceusb 3-1:0.0: probe with driver mceusb failed with error -12 [ 1051.418249][T11090] usb 3-1: USB disconnect, device number 21 [ 1051.456700][T11368] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1051.800827][ T29] audit: type=1400 audit(1727472748.842:993): avc: denied { write } for pid=13183 comm="syz.3.1444" name="mcfilter" dev="proc" ino=4026532896 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 1052.821623][T13196] netlink: 'syz.3.1449': attribute type 1 has an invalid length. [ 1052.931511][T13191] xt_nfacct: accounting object `sy' does not exists [ 1054.818827][T11090] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1055.495256][T11090] usb 3-1: Using ep0 maxpacket: 8 [ 1056.534095][T13227] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1458'. [ 1056.727127][ T5370] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 1056.955237][ T5370] usb 5-1: Using ep0 maxpacket: 32 [ 1056.963285][ T5370] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1056.986332][ T5370] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1057.025408][ T5370] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1057.081856][ T5370] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1057.107535][ T5370] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1057.147924][ T5370] usb 5-1: Product: syz [ 1057.166481][ T5370] usb 5-1: Manufacturer: syz [ 1057.184242][ T5370] usb 5-1: SerialNumber: syz [ 1057.324466][ T5370] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input55 [ 1057.960521][ T5275] usb 5-1: USB disconnect, device number 11 [ 1058.066977][ T5275] appletouch 5-1:1.0: input: appletouch disconnected [ 1058.251574][ T29] audit: type=1400 audit(1727472755.322:994): avc: denied { append } for pid=13245 comm="syz.0.1464" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1059.827362][ T29] audit: type=1400 audit(1727472756.902:995): avc: denied { ioctl } for pid=13253 comm="syz.0.1467" path="socket:[52574]" dev="sockfs" ino=52574 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1059.889878][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.933532][T13258] QAT: Stopping all acceleration devices. [ 1062.175221][T11090] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1062.214709][T11090] usb 3-1: unable to read config index 0 descriptor/start: -32 [ 1062.261144][T11090] usb 3-1: chopping to 0 config(s) [ 1062.342502][T11090] usb 3-1: can't read configurations, error -32 [ 1062.433126][T13285] netlink: 'syz.4.1479': attribute type 23 has an invalid length. [ 1062.453294][T13285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1479'. [ 1062.525684][T11090] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1062.685328][T11090] usb 3-1: device descriptor read/64, error -32 [ 1062.815833][T11090] usb usb3-port1: attempt power cycle [ 1063.185319][T11090] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1063.217789][T11090] usb 3-1: device descriptor read/8, error -32 [ 1063.465292][T11090] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1063.499859][T11090] usb 3-1: device descriptor read/8, error -32 [ 1063.642778][T11090] usb usb3-port1: unable to enumerate USB device [ 1064.157964][T12529] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1064.174388][T12529] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1064.187009][T12529] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1064.204337][T12529] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1064.454424][T12529] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1064.467743][T12529] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1065.556367][T13327] netlink: 'syz.4.1493': attribute type 3 has an invalid length. [ 1065.594746][T13327] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.1493'. [ 1065.671866][T13313] chnl_net:caif_netlink_parms(): no params data found [ 1066.170879][T13313] bridge0: port 1(bridge_slave_0) entered blocking state [ 1066.178942][T13313] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.188722][T13313] bridge_slave_0: entered allmulticast mode [ 1066.198250][T13313] bridge_slave_0: entered promiscuous mode [ 1066.216228][T13313] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.236245][T13313] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.246438][T13313] bridge_slave_1: entered allmulticast mode [ 1066.286510][T13313] bridge_slave_1: entered promiscuous mode [ 1066.900499][T12529] Bluetooth: hci4: command tx timeout [ 1067.102045][T13313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1067.155535][T13313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1067.407748][T13344] dlm: no local IP address has been set [ 1067.415995][T13344] dlm: cannot start dlm midcomms -107 [ 1067.478176][T13347] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1067.584980][T11368] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1067.685369][T11368] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1067.716975][T11368] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1067.742521][T11368] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1067.751485][T11368] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1067.760466][T11368] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1067.968651][T13354] netlink: 'syz.4.1502': attribute type 1 has an invalid length. [ 1067.976669][T13354] netlink: 'syz.4.1502': attribute type 2 has an invalid length. [ 1068.007940][T13313] team0: Port device team_slave_0 added [ 1068.019447][T13313] team0: Port device team_slave_1 added [ 1068.244840][T13313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1068.263276][T13313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1068.296025][T13313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1068.316069][T13193] raw-gadget.0 gadget.2: failed to queue disconnect event [ 1068.341716][T13313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1068.374751][T13313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1068.474097][T13313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1068.674052][ T52] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1068.841048][T13313] hsr_slave_0: entered promiscuous mode [ 1068.861250][T13313] hsr_slave_1: entered promiscuous mode [ 1069.075236][T11368] Bluetooth: hci4: command tx timeout [ 1070.729999][T11368] Bluetooth: hci5: command tx timeout [ 1071.145234][T12529] Bluetooth: hci4: command tx timeout [ 1071.614831][ T52] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.933399][ T52] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.017587][T13385] netlink: 'syz.4.1512': attribute type 10 has an invalid length. [ 1072.079925][T13385] hsr0: entered promiscuous mode [ 1072.121098][T13385] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 1072.133970][T13385] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 1072.151519][T13385] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 1072.165432][T13385] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 1072.326554][ T52] bridge0: port 3(netdevsim0) entered disabled state [ 1072.447699][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode [ 1072.475919][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): left promiscuous mode [ 1072.499948][ T52] bridge0: port 3(netdevsim0) entered disabled state [ 1072.543121][ T52] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.905291][T12529] Bluetooth: hci5: command tx timeout [ 1073.065233][ T5222] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 1073.216680][T12529] Bluetooth: hci4: command tx timeout [ 1073.505040][ T52] bridge_slave_1: left allmulticast mode [ 1073.510873][ T52] bridge_slave_1: left promiscuous mode [ 1073.516823][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.526925][ T52] bridge_slave_0: left allmulticast mode [ 1073.532645][ T52] bridge_slave_0: left promiscuous mode [ 1073.539823][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1073.715284][ T5222] usb 5-1: Using ep0 maxpacket: 8 [ 1073.727905][ T5222] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1073.747312][ T5222] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 1073.765223][ T5222] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 1073.773490][ T5222] usb 5-1: SerialNumber: syz [ 1073.808318][ T5222] usb 5-1: config 0 descriptor?? [ 1073.824983][ T5222] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 1073.854046][ T5222] usb 5-1: No valid video chain found. [ 1074.022614][ T5222] usb 5-1: USB disconnect, device number 12 [ 1074.982412][T12529] Bluetooth: hci5: command tx timeout [ 1075.921611][T13425] netlink: 202920 bytes leftover after parsing attributes in process `syz.1.1518'. [ 1077.112793][T12529] Bluetooth: hci5: command tx timeout [ 1077.197748][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1077.219141][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1077.244203][ T52] bond0 (unregistering): Released all slaves [ 1077.286111][T13342] chnl_net:caif_netlink_parms(): no params data found [ 1077.399385][ T5222] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1077.409436][ T29] audit: type=1400 audit(1727472774.482:996): avc: denied { setopt } for pid=13435 comm="syz.1.1522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 1077.595244][ T5222] usb 5-1: Using ep0 maxpacket: 16 [ 1077.616826][ T5222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1077.645355][ T5222] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 1077.663298][ T5222] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x6B, changing to 0xB [ 1077.674863][ T5222] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1077.702226][ T5222] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 1077.711586][ T5222] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 1077.719990][ T5222] usb 5-1: Product: syz [ 1077.724219][ T5222] usb 5-1: Manufacturer: syz [ 1077.728959][ T5222] usb 5-1: SerialNumber: syz [ 1077.736342][ T5222] usb 5-1: config 0 descriptor?? [ 1077.743380][ T5222] usb 5-1: NFC: intf ffff88807ea6a000 id ffffffff8f0f98a0 [ 1078.036373][T13342] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.043544][T13342] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.104293][T13342] bridge_slave_0: entered allmulticast mode [ 1078.136745][T13342] bridge_slave_0: entered promiscuous mode [ 1078.163809][ T5274] usb 5-1: USB disconnect, device number 13 [ 1078.184645][T13342] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.201047][T13342] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.209131][T13342] bridge_slave_1: entered allmulticast mode [ 1078.217690][T13342] bridge_slave_1: entered promiscuous mode [ 1079.138441][T13342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1079.168739][T13342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1079.236804][T13458] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 1079.596589][T13342] team0: Port device team_slave_0 added [ 1079.644505][ T52] hsr_slave_0: left promiscuous mode [ 1079.653131][ T52] hsr_slave_1: left promiscuous mode [ 1079.660395][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1079.677595][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1079.688068][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1079.710787][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1079.806893][ T52] veth1_macvtap: left promiscuous mode [ 1079.812571][ T52] veth0_macvtap: left promiscuous mode [ 1079.831000][ T52] veth1_vlan: left promiscuous mode [ 1079.841806][ T52] veth0_vlan: left promiscuous mode [ 1079.985337][ T5274] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1080.226487][ T5274] usb 5-1: Using ep0 maxpacket: 8 [ 1080.266379][ T5274] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 23, changing to 8 [ 1080.300981][ T5274] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 1080.344893][ T5274] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 1080.401689][ T5274] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1080.448596][ T5274] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.477632][ T5274] usb 5-1: Product: 蔘ತ䛦≢⸺倃氟⧶ṬK堮㊡※࿰ꙴ⿜陾꧆钋꒹ነ늵띮섛婥햷﯒ᛥ뇳ᾶ燡䚘詊찚葷룃ꈌ죇귽璕惫ꈤꫀ뜧㥊쮥熨잱䨫䩋㟣牗 [ 1080.510261][ T5274] usb 5-1: Manufacturer: 䜰뢉饚ᆴᨉ鸺 [ 1080.562228][ T5274] usb 5-1: SerialNumber: ᐊ [ 1081.913365][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1082.018503][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1083.132721][T13342] team0: Port device team_slave_1 added [ 1083.143918][ T5274] cdc_ncm 5-1:1.0: bind() failure [ 1083.168971][T13493] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1542'. [ 1083.182913][ T5274] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 1083.190072][T13493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1542'. [ 1083.201794][ T5274] cdc_ncm 5-1:1.1: bind() failure [ 1083.276934][ T5274] usb 5-1: USB disconnect, device number 14 [ 1083.391082][T13342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.412443][T13342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.438454][ C1] vkms_vblank_simulate: vblank timer overrun [ 1083.450427][T13342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.464002][T13342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1083.475921][T13342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1083.521817][T13342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1083.754183][T13313] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1083.844439][T13313] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1083.918506][T13313] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1084.064095][T13313] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1084.153687][T13342] hsr_slave_0: entered promiscuous mode [ 1084.177079][T13342] hsr_slave_1: entered promiscuous mode [ 1084.201593][T13342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1084.219795][T13342] Cannot create hsr debugfs directory [ 1084.316254][ T52] IPVS: stop unused estimator thread 0... [ 1084.536980][T13313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1084.557190][T13313] 8021q: adding VLAN 0 to HW filter on device team0 [ 1084.693742][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.700968][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1084.733333][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1084.740616][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1085.668485][ T52] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.082195][ T52] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.307897][ T52] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.638543][ T52] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1086.784357][T13566] netlink: 'syz.4.1560': attribute type 10 has an invalid length. [ 1087.393363][ T52] bridge_slave_1: left allmulticast mode [ 1087.402958][ T52] bridge_slave_1: left promiscuous mode [ 1087.413007][ T52] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.444530][ T52] bridge_slave_0: left allmulticast mode [ 1087.495435][ T52] bridge_slave_0: left promiscuous mode [ 1087.510768][ T52] bridge0: port 1(bridge_slave_0) entered disabled state [ 1088.915753][ T29] audit: type=1400 audit(1727472785.992:997): avc: denied { setopt } for pid=13604 comm="syz.1.1571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1089.376298][T13617] dlm: no locking on control device [ 1089.481402][ T52] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1089.551605][ T52] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1089.580409][ T52] bond0 (unregistering): Released all slaves [ 1089.630348][T13313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1089.687017][T13615] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1576'. [ 1089.705834][T13615] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1576'. [ 1091.426905][T13342] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1091.480684][T13342] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1091.571181][ T52] hsr_slave_0: left promiscuous mode [ 1091.578772][ T52] hsr_slave_1: left promiscuous mode [ 1091.609849][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1091.634789][ T52] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1091.661249][ T52] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1091.684339][ T52] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1091.723639][ T52] batman_adv: batadv0: Interface deactivated: vlan1 [ 1091.734340][ T52] batman_adv: batadv0: Removing interface: vlan1 [ 1091.866961][ T52] veth1_macvtap: left promiscuous mode [ 1091.889574][ T52] veth0_macvtap: left promiscuous mode [ 1091.925800][ T52] veth1_vlan: left promiscuous mode [ 1091.939390][ T52] veth0_vlan: left promiscuous mode [ 1092.274746][ T29] audit: type=1400 audit(1727472789.342:998): avc: denied { setopt } for pid=13637 comm="syz.1.1583" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 1092.548200][T13640] netlink: 'syz.1.1584': attribute type 1 has an invalid length. [ 1092.565234][T13640] netlink: 'syz.1.1584': attribute type 2 has an invalid length. [ 1093.115261][ T5274] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1093.285399][ T5274] usb 2-1: Using ep0 maxpacket: 8 [ 1093.292643][ T5274] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1093.301845][ T5274] usb 2-1: config 0 has an invalid descriptor of length 217, skipping remainder of the config [ 1093.334612][ T5274] usb 2-1: config 0 has no interface number 0 [ 1093.357648][ T5274] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 147, changing to 11 [ 1093.420534][ T5274] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 58421, setting to 1024 [ 1093.474817][ T5274] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1093.500368][ T5274] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1093.512749][ T5274] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1093.528373][ T5274] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 1093.551921][ T5274] usb 2-1: Manufacturer: syz [ 1093.564303][ T5274] usb 2-1: config 0 descriptor?? [ 1093.876969][ T5274] input: syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input58 [ 1093.940814][ T52] team0 (unregistering): Port device team_slave_1 removed [ 1094.146785][T12899] usb 2-1: USB disconnect, device number 16 [ 1094.146902][ C0] synaptics_usb 2-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 1094.248442][ T52] team0 (unregistering): Port device team_slave_0 removed [ 1094.437209][ T5274] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 1094.597193][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1094.608936][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1094.625191][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1094.645369][ T5274] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1094.659214][ T5274] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1094.669029][ T5274] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.678594][ T5274] usb 5-1: Product: syz [ 1094.682944][ T5274] usb 5-1: Manufacturer: syz [ 1094.693045][ T5274] usb 5-1: SerialNumber: syz [ 1094.718716][ T5274] usb 5-1: config 0 descriptor?? [ 1094.949860][ T5274] adutux 5-1:0.0: Could not retrieve serial number [ 1094.965684][ T5274] adutux 5-1:0.0: probe with driver adutux failed with error -5 [ 1095.049082][ T29] audit: type=1400 audit(1727472792.082:999): avc: denied { setopt } for pid=13659 comm="syz.1.1592" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 1095.076570][ T5277] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1095.158998][ T5274] usb 5-1: USB disconnect, device number 15 [ 1095.252308][ T5277] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1095.266348][ T5277] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 1095.276446][ T5277] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1095.292774][ T5277] usb 1-1: config 0 descriptor?? [ 1095.547747][T13342] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1095.558231][T13342] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1095.569772][ T5277] usb 1-1: USB disconnect, device number 12 [ 1095.592967][T13313] veth0_vlan: entered promiscuous mode [ 1095.690605][T13313] veth1_vlan: entered promiscuous mode [ 1095.891740][T13313] veth0_macvtap: entered promiscuous mode [ 1095.940019][T13313] veth1_macvtap: entered promiscuous mode [ 1096.054070][T13342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1096.066072][ T52] IPVS: stop unused estimator thread 0... [ 1096.099706][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1096.130033][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.140578][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1096.151565][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.162189][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1096.173624][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.190386][T13313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1096.230451][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.261279][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.272052][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.283219][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.293657][T13313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1096.304786][T13313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1096.356470][T13313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1096.401705][T13342] 8021q: adding VLAN 0 to HW filter on device team0 [ 1096.425275][T13313] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.444336][T13313] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.464146][T13313] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.505216][T13313] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.531540][T13532] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.538723][T13532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1096.611034][T13532] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.618262][T13532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1096.710389][T13679] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1601'. [ 1096.743823][T13679] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1601'. [ 1096.795588][T13685] netlink: 732 bytes leftover after parsing attributes in process `syz.0.1603'. [ 1096.815718][T13685] netlink: 732 bytes leftover after parsing attributes in process `syz.0.1603'. [ 1097.056536][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.064405][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.165761][T13695] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1609'. [ 1097.182614][T13695] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1609'. [ 1097.223189][ T3029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.275948][ T3029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1098.530372][T13342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1098.683544][T13342] veth0_vlan: entered promiscuous mode [ 1098.924463][T13342] veth1_vlan: entered promiscuous mode [ 1099.021847][T13719] : renamed from hsr0 (while UP) [ 1099.167548][T13342] veth0_macvtap: entered promiscuous mode [ 1099.191416][T13342] veth1_macvtap: entered promiscuous mode [ 1099.255248][ T5370] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1099.296080][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1099.331078][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1099.341182][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1099.352513][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1099.362525][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1099.373907][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1099.385949][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1099.397843][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1099.744297][T13342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1100.085219][ T5370] usb 2-1: Using ep0 maxpacket: 32 [ 1100.094713][ T5370] usb 2-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01 [ 1100.105160][ T5370] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.113232][ T5370] usb 2-1: Product: syz [ 1100.125268][ T5370] usb 2-1: Manufacturer: syz [ 1100.129940][ T5370] usb 2-1: SerialNumber: syz [ 1100.137099][ T5370] usb 2-1: config 0 descriptor?? [ 1100.148201][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.208121][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.228335][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.240424][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.250924][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.261807][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.272533][T13342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1100.283474][T13342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1100.308617][T13342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1100.349965][T13342] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.363269][ T5370] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1100.377541][T13342] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.407798][T13342] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.455305][T13342] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.521029][T13734] netlink: 'syz.4.1621': attribute type 1 has an invalid length. [ 1100.572783][ T5306] usb 2-1: USB disconnect, device number 17 [ 1101.528353][T13532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1101.591626][T13532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1101.663565][ T3029] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1101.688260][ T3029] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1101.876742][T13750] netlink: 'syz.4.1627': attribute type 32 has an invalid length. [ 1103.309830][T13766] openvswitch: netlink: Missing valid actions attribute. [ 1103.334875][T13766] openvswitch: netlink: Actions may not be safe on all matching packets [ 1108.573654][T13843] overlayfs: failed to resolve './file1': -2 [ 1112.010385][T13882] netlink: 'syz.1.1674': attribute type 2 has an invalid length. [ 1112.036212][T13882] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1674'. [ 1112.653816][T12529] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 1112.664524][T12529] Bluetooth: hci5: Injecting HCI hardware error event [ 1112.675824][T12529] Bluetooth: hci5: hardware error 0x00 [ 1115.816582][ T29] audit: type=1400 audit(1727472812.812:1000): avc: denied { ioctl } for pid=13914 comm="syz.0.1683" path="socket:[55747]" dev="sockfs" ino=55747 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1115.978451][T13918] dlm: no locking on control device [ 1116.105933][T11368] Bluetooth: hci5: unexpected event for opcode 0x0407 [ 1116.348562][T13932] overlayfs: failed to resolve './file0': -2 [ 1116.727772][T13937] dlm: no locking on control device [ 1117.814884][T13952] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1697'. [ 1117.885414][T12529] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1118.349683][ T29] audit: type=1400 audit(1727472815.422:1001): avc: denied { ioctl } for pid=13961 comm="syz.3.1700" path="/dev/btrfs-control" dev="devtmpfs" ino=1117 ioctlcmd=0x9405 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 1118.940739][T13971] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1701'. [ 1118.967720][T13971] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1701'. [ 1119.419681][T13977] xt_CT: No such helper "snmp" [ 1119.957262][T13991] overlayfs: failed to resolve './file0': -2 [ 1119.995001][T13984] dlm: no locking on control device [ 1120.905283][ T29] audit: type=1400 audit(1727472817.882:1002): avc: denied { bind } for pid=13999 comm="syz.2.1711" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1121.306786][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1122.056282][T14016] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1124.976774][T12529] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1125.008755][T12529] Bluetooth: hci4: Injecting HCI hardware error event [ 1125.028128][T12529] Bluetooth: hci4: hardware error 0x00 [ 1125.535305][T11090] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1125.701519][T11090] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1125.745477][T11090] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1125.804529][T11090] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1125.855424][T11090] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1125.881771][T11090] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1125.925277][T11090] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1125.960232][T11090] usb 3-1: config 0 descriptor?? [ 1126.216815][T11090] hdpvr 3-1:0.0: firmware version 0x1e dated q|RC@22[7BD^jvi0 [ 1126.216815][T11090] pY [ 1126.616454][T11090] hdpvr 3-1:0.0: device init failed [ 1126.622030][T11090] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12 [ 1126.636283][T11090] usb 3-1: USB disconnect, device number 26 [ 1126.759936][ T5274] IPVS: starting estimator thread 0... [ 1126.875222][T14057] IPVS: using max 14 ests per chain, 33600 per kthread [ 1127.188590][T12529] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1127.654656][T14063] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1129.654999][T14072] dlm: no locking on control device [ 1129.773267][T14091] netlink: 'syz.1.1741': attribute type 21 has an invalid length. [ 1129.833214][T14091] netlink: 'syz.1.1741': attribute type 20 has an invalid length. [ 1129.841773][T14091] IPv6: NLM_F_CREATE should be specified when creating new route [ 1131.857611][T14108] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1132.285547][T14124] tmpfs: Bad value for 'mpol' [ 1132.437525][ T29] audit: type=1400 audit(1727472829.502:1003): avc: denied { ioctl } for pid=14125 comm="syz.4.1755" path="socket:[56900]" dev="sockfs" ino=56900 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1134.233738][T14144] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1760'. [ 1134.266619][ T5224] IPVS: starting estimator thread 0... [ 1134.406026][T14145] IPVS: using max 13 ests per chain, 31200 per kthread [ 1134.790340][T14149] netlink: 'syz.4.1763': attribute type 6 has an invalid length. [ 1134.800479][T14149] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1763'. [ 1134.833853][T14154] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1135.069387][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.069387][T14156] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0 [ 1135.113344][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.113344][T14156] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1135.155671][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.155671][T14156] nbd1: rw=0, sector=0, nr_sectors = 2 limit=0 [ 1135.214465][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.214465][T14156] nbd1: rw=0, sector=18, nr_sectors = 2 limit=0 [ 1135.237743][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.237743][T14156] nbd1: rw=0, sector=30, nr_sectors = 2 limit=0 [ 1135.263023][T14156] syz.1.1766: attempt to access beyond end of device [ 1135.263023][T14156] nbd1: rw=0, sector=36, nr_sectors = 2 limit=0 [ 1135.287968][T14156] VFS: unable to find oldfs superblock on device nbd1 [ 1138.130733][T14194] program syz.0.1777 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1138.140343][T12899] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1138.322558][T12899] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1138.344248][T12899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1138.361630][T12899] usb 2-1: Product: syz [ 1138.374027][T12899] usb 2-1: Manufacturer: syz [ 1138.388354][T12899] usb 2-1: SerialNumber: syz [ 1138.449029][T12899] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1138.476276][ T5275] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1138.643373][T14201] netlink: 'syz.0.1780': attribute type 6 has an invalid length. [ 1139.040962][T12899] usb 2-1: USB disconnect, device number 18 [ 1139.535533][ T5275] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1139.542707][ T5275] ath9k_htc: Failed to initialize the device [ 1139.602774][T14216] program syz.0.1785 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1139.634628][T12899] usb 2-1: ath9k_htc: USB layer deinitialized [ 1139.638461][T14213] dlm: no locking on control device [ 1140.475940][T14237] kAFS: unparsable volume name [ 1141.102041][T14252] Cannot find set identified by id 4 to match [ 1141.103346][T14253] tmpfs: Bad value for 'mpol' [ 1142.393840][T14277] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1810'. [ 1142.442047][T14277] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1810'. [ 1142.595151][T11090] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1143.790929][T11090] usb 2-1: Using ep0 maxpacket: 8 [ 1143.807003][T11090] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1143.815352][T11090] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1143.825612][T11090] usb 2-1: config 0 has no interface number 0 [ 1143.832650][T11090] usb 2-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0x77, changing to 0x7 [ 1143.846895][T11090] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1143.865417][T11090] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1143.920944][T11090] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1144.119500][T11090] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1144.139599][T11090] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00 [ 1144.159320][T11090] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1144.221742][T11090] usb 2-1: config 0 descriptor?? [ 1144.485700][ T5275] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1145.085600][ T5274] usb 2-1: USB disconnect, device number 19 [ 1145.703458][T14316] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1827'. [ 1146.326930][ T5275] usb 4-1: Using ep0 maxpacket: 8 [ 1146.393872][T14327] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1146.601381][T14331] netlink: 'syz.2.1832': attribute type 4 has an invalid length. [ 1146.636887][T14331] netlink: 128124 bytes leftover after parsing attributes in process `syz.2.1832'. [ 1146.715320][ T29] audit: type=1400 audit(1727472843.782:1004): avc: denied { getopt } for pid=14334 comm="syz.1.1834" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 1147.215595][T11090] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1148.319718][T11090] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1148.339455][T11090] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1148.369132][T11090] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1148.403505][T11090] usb 3-1: config 0 descriptor?? [ 1148.750340][T14353] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1148.885532][T11090] ath6kl: Failed to read usb control message: -71 [ 1148.954226][T11090] ath6kl: Unable to read the bmi data from the device: -71 [ 1148.985987][T11090] ath6kl: Unable to recv target info: -71 [ 1149.005151][T11090] ath6kl: Failed to init ath6kl core: -71 [ 1149.045319][T11090] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1149.122731][T11090] usb 3-1: USB disconnect, device number 27 [ 1149.632463][T14369] netlink: 'syz.0.1848': attribute type 10 has an invalid length. [ 1149.696840][T14369] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 1149.725871][T14369] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1149.749054][T14372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1849'. [ 1150.059734][T14379] netlink: 'syz.1.1852': attribute type 8 has an invalid length. [ 1150.080131][T14379] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1852'. [ 1150.514458][T14380] dlm: no locking on control device [ 1152.063145][T14410] netlink: 'syz.4.1865': attribute type 1 has an invalid length. [ 1152.091602][T14410] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1865'. [ 1153.275635][T14420] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1869'. [ 1153.611001][T14424] netlink: 'syz.4.1871': attribute type 3 has an invalid length. [ 1153.839293][ T5275] usb 4-1: unable to get BOS descriptor set [ 1154.464219][ T5275] usb 4-1: unable to read config index 0 descriptor/start: -32 [ 1154.472117][ T5275] usb 4-1: chopping to 0 config(s) [ 1154.477447][ T5275] usb 4-1: can't read configurations, error -32 [ 1154.658207][ T5275] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1155.135099][ T5275] usb 4-1: device descriptor read/64, error -32 [ 1155.160294][T11368] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1155.172067][T11368] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1155.181814][T11368] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1155.197664][T11368] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1155.206798][T11368] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1155.214293][T11368] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1155.257489][T12899] IPVS: starting estimator thread 0... [ 1155.304272][ T5275] usb usb4-port1: attempt power cycle [ 1155.445226][T14450] IPVS: using max 22 ests per chain, 52800 per kthread [ 1156.759424][T14445] chnl_net:caif_netlink_parms(): no params data found [ 1157.090927][T14445] bridge0: port 1(bridge_slave_0) entered blocking state [ 1157.098376][T14445] bridge0: port 1(bridge_slave_0) entered disabled state [ 1157.106544][T14445] bridge_slave_0: entered allmulticast mode [ 1157.113528][T14445] bridge_slave_0: entered promiscuous mode [ 1157.123701][T14445] bridge0: port 2(bridge_slave_1) entered blocking state [ 1157.131274][T14445] bridge0: port 2(bridge_slave_1) entered disabled state [ 1157.145570][T14445] bridge_slave_1: entered allmulticast mode [ 1157.152375][T14445] bridge_slave_1: entered promiscuous mode [ 1157.180368][T14445] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1157.201130][T14445] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1157.296346][T11368] Bluetooth: hci1: command tx timeout [ 1157.327821][T14445] team0: Port device team_slave_0 added [ 1157.342744][T14445] team0: Port device team_slave_1 added [ 1157.435396][T14445] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1157.442419][T14445] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1157.582969][T14445] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1157.672945][ T5275] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1157.733538][T14445] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1157.787447][T14445] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1157.888534][T14445] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1158.154529][T14445] hsr_slave_0: entered promiscuous mode [ 1158.210067][T14445] hsr_slave_1: entered promiscuous mode [ 1158.239252][T14445] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1158.305404][T14445] Cannot create hsr debugfs directory [ 1158.777800][T14487] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1158.943027][T14445] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1159.375549][T11368] Bluetooth: hci1: command tx timeout [ 1160.608209][T14445] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.843088][T14445] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1160.907657][T14499] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1896'. [ 1161.150335][T14445] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1161.191348][ T5275] usb 4-1: device descriptor read/8, error -32 [ 1161.261551][T14501] overlayfs: empty lowerdir [ 1161.321372][T14503] kAFS: Can only specify source 'none' with -o dyn [ 1161.462092][T11368] Bluetooth: hci1: command tx timeout [ 1161.606324][T12529] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1161.689025][T14445] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1161.700671][T14445] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1161.797226][T12529] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1161.806914][T12529] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1161.816469][T12529] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1161.825897][T12529] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1161.833177][T12529] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1161.866191][T14445] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1162.035848][T14445] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1162.045188][ T5275] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1162.065513][ T5275] usb 4-1: device descriptor read/8, error -32 [ 1162.175620][ T5275] usb usb4-port1: unable to enumerate USB device [ 1162.706510][T14504] chnl_net:caif_netlink_parms(): no params data found [ 1162.927323][T14292] raw-gadget.1 gadget.3: failed to queue disconnect event [ 1163.102899][T14529] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1163.425604][T14445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1163.445326][T14445] 8021q: adding VLAN 0 to HW filter on device team0 [ 1163.467232][ T9688] bridge0: port 1(bridge_slave_0) entered blocking state [ 1163.474368][ T9688] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1163.537992][T12529] Bluetooth: hci1: command tx timeout [ 1163.578350][T14540] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1163.746490][ T9688] bridge0: port 2(bridge_slave_1) entered blocking state [ 1163.753672][ T9688] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1163.790327][ T11] bridge_slave_1: left allmulticast mode [ 1163.801744][ T11] bridge_slave_1: left promiscuous mode [ 1163.837612][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1163.874181][ T11] bridge_slave_0: left allmulticast mode [ 1163.882637][ T11] bridge_slave_0: left promiscuous mode [ 1163.990370][T12529] Bluetooth: hci6: command tx timeout [ 1164.134357][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1166.057022][T12529] Bluetooth: hci6: command tx timeout [ 1166.166495][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1166.188497][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1166.206816][ T11] bond0 (unregistering): Released all slaves [ 1166.224892][ T11] bond1 (unregistering): Released all slaves [ 1166.516270][T14504] bridge0: port 1(bridge_slave_0) entered blocking state [ 1166.523541][T14504] bridge0: port 1(bridge_slave_0) entered disabled state [ 1166.547509][T14504] bridge_slave_0: entered allmulticast mode [ 1166.585370][T14504] bridge_slave_0: entered promiscuous mode [ 1166.744463][T14504] bridge0: port 2(bridge_slave_1) entered blocking state [ 1166.772354][T14504] bridge0: port 2(bridge_slave_1) entered disabled state [ 1166.791537][T14504] bridge_slave_1: entered allmulticast mode [ 1166.812109][T14504] bridge_slave_1: entered promiscuous mode [ 1167.198378][T14504] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1167.286267][T14504] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1167.415733][ T11] hsr_slave_0: left promiscuous mode [ 1167.427004][ T11] hsr_slave_1: left promiscuous mode [ 1167.444888][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1167.453653][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1167.474575][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1167.507140][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1167.588522][ T11] veth1_macvtap: left promiscuous mode [ 1167.610364][ T11] veth0_macvtap: left promiscuous mode [ 1167.651301][ T11] veth1_vlan: left promiscuous mode [ 1167.657937][ T11] veth0_vlan: left promiscuous mode [ 1167.785290][ T5277] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1167.981021][ T5277] usb 3-1: Using ep0 maxpacket: 32 [ 1168.022198][ T5277] usb 3-1: config 0 has an invalid interface number: 182 but max is 0 [ 1168.041611][ T5277] usb 3-1: config 0 has no interface number 0 [ 1168.085445][ T5277] usb 3-1: config 0 interface 182 has no altsetting 0 [ 1168.095402][T12529] Bluetooth: hci6: command tx timeout [ 1168.114099][ T5277] usb 3-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8d.fa [ 1168.161338][ T5277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.181554][ T5277] usb 3-1: Product: syz [ 1168.214336][ T5277] usb 3-1: Manufacturer: syz [ 1168.232645][ T5277] usb 3-1: SerialNumber: syz [ 1168.253501][ T5277] usb 3-1: config 0 descriptor?? [ 1168.305779][ T5277] usb-storage 3-1:0.182: USB Mass Storage device detected [ 1168.349888][ T5277] usb-storage 3-1:0.182: Quirks match for vid 07cf pid 1001: a [ 1168.594781][ T5277] usb 3-1: USB disconnect, device number 28 [ 1170.154707][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1170.244419][T12529] Bluetooth: hci6: command tx timeout [ 1170.640061][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1173.234662][T14504] team0: Port device team_slave_0 added [ 1173.304950][T14445] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1173.388568][T14504] team0: Port device team_slave_1 added [ 1173.537835][T14504] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1173.544821][T14504] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1173.705250][T14504] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1173.797263][T14504] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1173.833876][T14504] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1173.980101][T14504] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1174.199382][T14504] hsr_slave_0: entered promiscuous mode [ 1174.242909][T14504] hsr_slave_1: entered promiscuous mode [ 1174.282151][T14504] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1174.302539][T14504] Cannot create hsr debugfs directory [ 1174.315215][ T29] audit: type=1400 audit(1727472871.382:1005): avc: denied { getopt } for pid=14621 comm="syz.2.1933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1174.362826][T14445] veth0_vlan: entered promiscuous mode [ 1174.514693][T14445] veth1_vlan: entered promiscuous mode [ 1174.927298][T14378] sched: DL replenish lagged too much [ 1175.140220][T14445] veth0_macvtap: entered promiscuous mode [ 1175.191863][T11368] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1175.205781][T11368] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1175.214632][T11368] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1175.231541][T11368] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1175.239484][T11368] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1175.247535][T11368] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1175.302550][T14445] veth1_macvtap: entered promiscuous mode [ 1175.569386][T14504] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1175.772435][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1175.805196][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1175.955144][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1175.965968][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.057798][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1176.157328][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.167402][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1176.178069][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.190771][T14445] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1176.201081][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.211658][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.221804][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.232697][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.242854][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.253432][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.266150][T14445] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1176.276847][T14445] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1176.347017][T14445] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1176.484558][T14504] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.677884][T14504] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1176.750727][T14445] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.776798][T14445] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.810092][T14445] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.834347][T14445] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1176.943717][T14504] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1177.267924][ T9690] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1177.275973][ T9690] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1177.296413][T11368] Bluetooth: hci5: command tx timeout [ 1177.469391][T14631] chnl_net:caif_netlink_parms(): no params data found [ 1177.482462][ T9690] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1177.510359][T14504] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1177.531669][T14504] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1177.543979][ T9690] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1177.697740][T14504] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1177.745655][T14504] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1178.126100][T14504] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1178.140806][T14631] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.181657][T14631] bridge0: port 1(bridge_slave_0) entered disabled state [ 1178.208463][T14631] bridge_slave_0: entered allmulticast mode [ 1178.243559][T14631] bridge_slave_0: entered promiscuous mode [ 1178.294917][T14631] bridge0: port 2(bridge_slave_1) entered blocking state [ 1178.321578][T14631] bridge0: port 2(bridge_slave_1) entered disabled state [ 1178.345350][ T5277] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1178.356774][T14631] bridge_slave_1: entered allmulticast mode [ 1178.376420][T14631] bridge_slave_1: entered promiscuous mode [ 1178.446545][T14504] 8021q: adding VLAN 0 to HW filter on device team0 [ 1178.503878][T14631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1178.513884][ T5277] usb 4-1: Using ep0 maxpacket: 32 [ 1178.544621][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1178.570507][ T5277] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=11.bf [ 1178.590307][ T5277] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1178.622711][T14631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1178.641131][ T5277] usb 4-1: Product: syz [ 1178.656179][ T5277] usb 4-1: Manufacturer: syz [ 1178.672544][ T9678] bridge0: port 1(bridge_slave_0) entered blocking state [ 1178.679704][ T9678] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1178.696145][ T5277] usb 4-1: SerialNumber: syz [ 1178.702695][ T5277] usb 4-1: config 0 descriptor?? [ 1178.733472][ T5277] usb 4-1: MBOX3: Invalid descriptor size=18. [ 1178.750332][ T9678] bridge0: port 2(bridge_slave_1) entered blocking state [ 1178.757573][ T9678] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1178.976225][T14631] team0: Port device team_slave_0 added [ 1178.998195][T11090] usb 4-1: USB disconnect, device number 23 [ 1179.052157][T14631] team0: Port device team_slave_1 added [ 1179.106891][T14631] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1179.115189][T14631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1179.205748][T14631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1179.240642][T14631] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1179.248701][T14631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1179.349515][T14631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1179.380984][T11368] Bluetooth: hci5: command tx timeout [ 1179.514567][T14631] hsr_slave_0: entered promiscuous mode [ 1179.521116][T14631] hsr_slave_1: entered promiscuous mode [ 1179.556013][T14631] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1179.613787][T14631] Cannot create hsr debugfs directory [ 1179.993252][T14504] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1180.075332][T14676] netlink: 'syz.3.1948': attribute type 32 has an invalid length. [ 1180.121526][T14676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1948'. [ 1180.163957][T14676] (unnamed net_device) (uninitialized): Setting coupled_control to off (0) [ 1180.458671][T14631] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1181.483580][T11368] Bluetooth: hci5: command tx timeout [ 1181.626331][T14631] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1181.715311][ T5224] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1181.811859][T14504] veth0_vlan: entered promiscuous mode [ 1181.843179][T14504] veth1_vlan: entered promiscuous mode [ 1181.885485][ T5224] usb 3-1: Using ep0 maxpacket: 16 [ 1181.892710][ T5224] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1181.910518][ T5224] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1181.932376][ T5224] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1181.944059][ T5224] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1182.043042][ T5224] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1182.085286][ T5224] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1182.123618][ T5224] usb 3-1: Manufacturer: syz [ 1182.137974][ T5224] usb 3-1: config 0 descriptor?? [ 1182.279798][T14631] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.374875][ T5224] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1182.433187][ T5224] usb 3-1: USB disconnect, device number 29 [ 1182.620196][T14631] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1182.655590][T11090] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 1182.747979][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1182.822513][T14504] veth0_macvtap: entered promiscuous mode [ 1182.837889][T11090] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1182.860590][ T3029] bridge_slave_1: left allmulticast mode [ 1182.869141][ T3029] bridge_slave_1: left promiscuous mode [ 1182.874928][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state [ 1182.884122][T11090] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1182.904915][T11090] usb 5-1: New USB device found, idVendor=05ac, idProduct=022a, bcdDevice= 0.00 [ 1182.935414][T11090] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1182.954842][ T3029] bridge_slave_0: left allmulticast mode [ 1182.963260][T11090] usb 5-1: config 0 descriptor?? [ 1182.963857][ T3029] bridge_slave_0: left promiscuous mode [ 1182.974168][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state [ 1183.854004][T11090] appletouch 5-1:0.0: Failed to request geyser raw mode [ 1183.866934][T11090] appletouch 5-1:0.0: probe with driver appletouch failed with error -5 [ 1183.882002][T11368] Bluetooth: hci5: command tx timeout [ 1183.950689][T11090] usb 5-1: USB disconnect, device number 16 [ 1184.579882][T14705] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1184.766986][T14710] netlink: 'syz.4.1958': attribute type 21 has an invalid length. [ 1186.127927][T11090] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 1186.179056][ T3029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1186.205706][ T3029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1186.234750][ T3029] bond0 (unregistering): Released all slaves [ 1186.276587][T14723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1964'. [ 1186.294789][T14723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1964'. [ 1186.326139][T11090] usb 5-1: Using ep0 maxpacket: 16 [ 1186.355460][T14504] veth1_macvtap: entered promiscuous mode [ 1186.386878][T11090] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 1186.403246][T11090] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1186.415703][T11090] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.431938][T11090] usb 5-1: Product: syz [ 1186.440252][T11090] usb 5-1: Manufacturer: syz [ 1186.444946][T11090] usb 5-1: SerialNumber: syz [ 1186.526478][T11090] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1186.607354][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1186.635589][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.645835][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1186.656823][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.666966][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1186.681165][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.691322][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1186.702577][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.712796][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1186.723529][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.757438][T14504] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1186.772737][ T5224] usb 5-1: USB disconnect, device number 17 [ 1186.947710][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1186.958543][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.969158][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1186.980622][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1186.991675][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1187.003469][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1187.021643][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1187.037545][T14733] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1187.050751][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1187.062116][T14504] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1187.073927][T14504] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1187.190687][T14504] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1187.263363][ T3029] hsr_slave_0: left promiscuous mode [ 1187.283624][ T3029] hsr_slave_1: left promiscuous mode [ 1187.291027][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1187.298990][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1187.326014][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1187.333545][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1187.402534][ T3029] veth1_macvtap: left promiscuous mode [ 1187.408308][ T3029] veth0_macvtap: left promiscuous mode [ 1187.414027][ T3029] veth1_vlan: left promiscuous mode [ 1187.419570][ T3029] veth0_vlan: left promiscuous mode [ 1187.638350][T14740] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1970'. [ 1188.227318][T14749] capability: warning: `syz.2.1974' uses 32-bit capabilities (legacy support in use) [ 1188.608684][T14759] netlink: 'syz.2.1978': attribute type 6 has an invalid length. [ 1188.637000][T14759] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.1978'. [ 1189.093193][ T3029] team0 (unregistering): Port device team_slave_1 removed [ 1189.199304][ T3029] team0 (unregistering): Port device team_slave_0 removed [ 1189.535335][T11368] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1189.554369][T11368] Bluetooth: hci1: Injecting HCI hardware error event [ 1189.575880][T12529] Bluetooth: hci1: hardware error 0x00 [ 1190.041849][T14504] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.050888][T14504] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.064760][T14504] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.074442][T14504] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1190.117255][T14763] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 1190.428159][T14631] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1190.468864][T14631] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1190.636577][T14631] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1190.722056][T14631] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1190.853723][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1190.910437][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1190.954966][T14631] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1191.069290][T14782] netlink: 'syz.4.1989': attribute type 6 has an invalid length. [ 1191.081270][T14782] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1989'. [ 1191.094092][T14784] ip6t_srh: unknown srh match flags 4001 [ 1191.117201][T14631] 8021q: adding VLAN 0 to HW filter on device team0 [ 1191.155184][ T9669] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1191.165670][ T3029] IPVS: stop unused estimator thread 0... [ 1191.187489][ T9669] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1191.194327][T14631] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1191.205287][T14631] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1191.257877][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 1191.265173][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1191.284584][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 1191.291769][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1191.517625][ T3029] bridge_slave_1: left allmulticast mode [ 1191.550533][ T3029] bridge_slave_1: left promiscuous mode [ 1191.567887][ T3029] bridge0: port 2(bridge_slave_1) entered disabled state [ 1191.791948][T12529] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1191.811963][ T3029] bridge_slave_0: left allmulticast mode [ 1191.817750][ T3029] bridge_slave_0: left promiscuous mode [ 1191.824286][ T3029] bridge0: port 1(bridge_slave_0) entered disabled state [ 1191.918709][ T5222] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1192.105844][ T5222] usb 3-1: Using ep0 maxpacket: 16 [ 1192.766826][ T5222] usb 3-1: config 1 has too many interfaces: 255, using maximum allowed: 32 [ 1192.801484][ T5222] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 255 [ 1192.841674][ T5222] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1192.876374][ T5222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1192.892308][T14798] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1991'. [ 1192.901562][ T5222] usb 3-1: Product: syz [ 1192.906549][ T5222] usb 3-1: Manufacturer: syz [ 1192.911221][ T5222] usb 3-1: SerialNumber: syz [ 1192.947686][ T5222] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1193.512290][ T5222] r8152-cfgselector 3-1: USB disconnect, device number 30 [ 1194.172970][T14819] netlink: 'syz.4.2001': attribute type 1 has an invalid length. [ 1194.184777][T14819] netlink: 512 bytes leftover after parsing attributes in process `syz.4.2001'. [ 1195.462692][T14833] netlink: 'syz.2.2005': attribute type 2 has an invalid length. [ 1195.470763][T14833] netlink: 'syz.2.2005': attribute type 1 has an invalid length. [ 1195.512639][T14833] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2005'. [ 1195.529623][T14833] netlink: 'syz.2.2005': attribute type 1 has an invalid length. [ 1195.684162][ T3029] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1195.708327][ T3029] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1195.760713][ T3029] bond0 (unregistering): Released all slaves [ 1196.593693][T14631] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1196.690454][T14853] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2013'. [ 1196.857244][ T3029] hsr_slave_0: left promiscuous mode [ 1196.902573][ T3029] hsr_slave_1: left promiscuous mode [ 1196.909663][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1197.166333][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1197.441791][ T3029] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1197.645122][ T3029] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1197.863646][ T3029] veth1_macvtap: left promiscuous mode [ 1197.925182][ T3029] veth0_macvtap: left promiscuous mode [ 1197.930968][ T3029] veth1_vlan: left promiscuous mode [ 1197.956033][ T3029] veth0_vlan: left promiscuous mode [ 1198.055318][ T29] audit: type=1400 audit(1727472895.122:1006): avc: denied { write } for pid=14867 comm="syz.3.2020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1200.082444][ T3029] team0 (unregistering): Port device team_slave_1 removed [ 1200.184752][ T3029] team0 (unregistering): Port device team_slave_0 removed [ 1201.125306][ T5224] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 1201.208109][T14878] netlink: 'syz.2.2022': attribute type 2 has an invalid length. [ 1201.225878][T14882] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2024'. [ 1201.315200][ T5224] usb 5-1: config 0 has an invalid interface number: 142 but max is 0 [ 1201.323626][ T5224] usb 5-1: config 0 has no interface number 0 [ 1201.359975][ T5224] usb 5-1: too many endpoints for config 0 interface 142 altsetting 187: 79, using maximum allowed: 30 [ 1201.393913][T14631] veth0_vlan: entered promiscuous mode [ 1201.399952][ T5224] usb 5-1: config 0 interface 142 altsetting 187 has 0 endpoint descriptors, different from the interface descriptor's value: 79 [ 1201.431710][T14631] veth1_vlan: entered promiscuous mode [ 1201.445360][ T5224] usb 5-1: config 0 interface 142 has no altsetting 0 [ 1201.452485][ T5224] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 1201.467657][T14898] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2032'. [ 1201.507465][ T5224] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1201.586316][ T5224] usb 5-1: config 0 descriptor?? [ 1201.608055][T14631] veth0_macvtap: entered promiscuous mode [ 1201.620849][ T5224] ums-realtek 5-1:0.142: USB Mass Storage device detected [ 1201.644155][T14631] veth1_macvtap: entered promiscuous mode [ 1201.901723][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.935913][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1201.956037][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1201.974111][ T5222] usb 5-1: USB disconnect, device number 18 [ 1201.984619][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.040661][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1202.060327][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.113062][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1202.140863][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.189402][T14631] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1202.217354][T14907] netlink: 10 bytes leftover after parsing attributes in process `syz.3.2034'. [ 1202.279025][ T3029] IPVS: stop unused estimator thread 0... [ 1202.288468][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1202.338651][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.374591][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1202.424176][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.450524][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1202.473171][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.495713][T14631] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1202.526305][T14631] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1202.563627][T14631] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1202.602684][T14631] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1202.645132][T14631] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1202.674678][T14631] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1202.745137][T14631] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1202.899680][T14923] xt_TPROXY: Can be used only with -p tcp or -p udp [ 1202.914716][T14919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2040'. [ 1203.103798][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1203.154766][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1203.257728][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1203.289174][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1203.630032][ T29] audit: type=1400 audit(1727472900.702:1007): avc: denied { getopt } for pid=14934 comm="syz.4.2047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1205.175559][ T5222] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1205.258180][ T29] audit: type=1400 audit(1727472902.292:1008): avc: denied { write } for pid=14957 comm="syz.1.2054" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 1205.338069][ T29] audit: type=1400 audit(1727472902.292:1009): avc: denied { open } for pid=14957 comm="syz.1.2054" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 1205.415619][ T5222] usb 4-1: New USB device found, idVendor=093a, idProduct=2603, bcdDevice=ca.84 [ 1205.425314][ T5222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1205.433372][ T5222] usb 4-1: Product: syz [ 1205.495237][ T5222] usb 4-1: Manufacturer: syz [ 1205.516296][ T5222] usb 4-1: SerialNumber: syz [ 1205.547558][ T5222] usb 4-1: config 0 descriptor?? [ 1205.581910][ T5222] gspca_main: pac7311-2.14.0 probing 093a:2603 [ 1206.008939][ T5222] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 1206.025502][ T5222] pac7311 4-1:0.0: probe with driver pac7311 failed with error -71 [ 1206.090818][ T5222] usb 4-1: USB disconnect, device number 24 [ 1206.165275][ T25] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 1206.348264][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 1206.367784][ T25] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=a2.43 [ 1206.385078][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1206.409719][ T25] usb 5-1: Product: syz [ 1206.424603][ T25] usb 5-1: Manufacturer: syz [ 1206.444701][ T25] usb 5-1: SerialNumber: syz [ 1206.464211][ T25] usb 5-1: config 0 descriptor?? [ 1206.473948][T14982] syz.1.2064: attempt to access beyond end of device [ 1206.473948][T14982] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 1206.488710][T14982] efs: cannot read volume header [ 1206.703977][ T25] usb 5-1: Cannot retrieve CPort count: 0 [ 1206.717854][ T25] usb 5-1: Cannot retrieve CPort count: -5 [ 1206.744362][ T25] es2_ap_driver 5-1:0.0: probe with driver es2_ap_driver failed with error -5 [ 1207.053788][ T5370] usb 5-1: USB disconnect, device number 19 [ 1208.885231][T15010] IPv6: NLM_F_CREATE should be specified when creating new route [ 1211.635384][ T5222] IPVS: starting estimator thread 0... [ 1211.825275][T15040] IPVS: using max 15 ests per chain, 36000 per kthread [ 1213.328158][T15063] dlm: no locking on control device [ 1214.678410][T15070] netlink: 'syz.2.2094': attribute type 21 has an invalid length. [ 1214.745292][T15074] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.2096'. [ 1215.828953][ T5222] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1215.895194][ T25] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1215.965173][T12899] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1215.985143][ T5222] usb 1-1: Using ep0 maxpacket: 16 [ 1215.996552][ T5222] usb 1-1: config index 0 descriptor too short (expected 16456, got 72) [ 1216.010254][ T5222] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 1216.033357][ T5222] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 1216.045100][T15105] dlm: no locking on control device [ 1216.050774][ T5222] usb 1-1: config 0 has an invalid interface number: 125 but max is 1 [ 1216.065672][ T5222] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1216.076086][ T5222] usb 1-1: config 0 has no interface number 0 [ 1216.083113][ T5222] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 1216.095704][ T25] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1216.105264][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1216.113560][ T25] usb 2-1: Product: syz [ 1216.118888][ T25] usb 2-1: Manufacturer: syz [ 1216.124825][ T5222] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 1216.134971][T12899] usb 4-1: Using ep0 maxpacket: 8 [ 1216.141108][ T25] usb 2-1: SerialNumber: syz [ 1216.149561][T12899] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 23, changing to 8 [ 1216.161263][T12899] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 1216.172701][ T5222] usb 1-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1216.184533][T12899] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 1216.195962][ T25] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1216.212665][ T5222] usb 1-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1216.235868][ T5222] usb 1-1: config 0 interface 125 has no altsetting 0 [ 1216.246788][ T5222] usb 1-1: config 0 interface 125 has no altsetting 2 [ 1216.247167][T12899] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1216.265657][T12899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1216.298966][T12899] usb 4-1: Product: ᐊ [ 1216.302526][ T5306] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1216.319612][ T5222] usb 1-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 1216.331476][T12899] usb 4-1: Manufacturer: 蔘ತ䛦≢⸺倃氟⧶ṬK堮㊡※࿰ꙴ⿜陾꧆钋꒹ነ늵띮섛婥햷﯒ᛥ뇳ᾶ燡䚘詊찚葷룃ꈌ죇귽璕惫ꈤꫀ뜧㥊쮥熨잱䨫䩋㟣牗 [ 1216.367045][ T5222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1216.391803][ T5222] usb 1-1: Product: syz [ 1216.402882][ T5222] usb 1-1: Manufacturer: syz [ 1216.426702][ T5222] usb 1-1: SerialNumber: syz [ 1216.485687][ T5222] usb 1-1: config 0 descriptor?? [ 1216.519907][ T5222] usb 1-1: selecting invalid altsetting 2 [ 1217.008552][ C1] usb 1-1: async_complete: urb error -71 [ 1217.014377][ C1] usb 1-1: async_complete: urb error -71 [ 1217.020242][ C1] usb 1-1: async_complete: urb error -71 [ 1217.038542][ T5222] get_1284_register: usb error -71 [ 1217.044133][ T5222] uss720 1-1:0.125: probe with driver uss720 failed with error -71 [ 1217.062751][ T5222] usb 1-1: USB disconnect, device number 13 [ 1217.170114][ T5275] usb 2-1: USB disconnect, device number 20 [ 1217.321573][T12899] cdc_ncm 4-1:1.0: bind() failure [ 1217.331196][T12899] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1217.351429][T12899] cdc_ncm 4-1:1.1: bind() failure [ 1217.375202][ T5306] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1217.384348][T12899] usb 4-1: USB disconnect, device number 25 [ 1217.401092][ T5306] ath9k_htc: Failed to initialize the device [ 1217.436277][ T5275] usb 2-1: ath9k_htc: USB layer deinitialized [ 1218.169902][ T29] audit: type=1400 audit(1727472915.242:1010): avc: denied { getopt } for pid=15118 comm="syz.0.2113" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1 [ 1218.355158][ T5306] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 1219.523819][ T5306] usb 5-1: Using ep0 maxpacket: 32 [ 1219.561454][ T5306] usb 5-1: config 0 has an invalid interface number: 123 but max is 1 [ 1219.569938][ T5306] usb 5-1: config 0 has an invalid interface number: 20 but max is 1 [ 1219.578349][ T5306] usb 5-1: config 0 has no interface number 0 [ 1219.584625][ T5306] usb 5-1: config 0 has no interface number 1 [ 1219.599225][ T5306] usb 5-1: New USB device found, idVendor=1485, idProduct=0001, bcdDevice=3e.65 [ 1219.609249][ T5306] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1219.618078][ T5306] usb 5-1: Product: syz [ 1219.622393][ T5306] usb 5-1: Manufacturer: syz [ 1219.627158][ T5306] usb 5-1: SerialNumber: syz [ 1219.638205][ T5306] usb 5-1: config 0 descriptor?? [ 1219.877065][ T5306] kaweth 5-1:0.123: Firmware present in device. [ 1220.074406][ T5306] kaweth 5-1:0.123: Error reading configuration (-71), no net device created [ 1220.092344][ T5306] kaweth 5-1:0.123: probe with driver kaweth failed with error -5 [ 1220.150451][ T5306] kaweth 5-1:0.20: Firmware present in device. [ 1220.162057][ T5306] kaweth 5-1:0.20: Error reading configuration (-71), no net device created [ 1220.491285][ T5306] kaweth 5-1:0.20: probe with driver kaweth failed with error -5 [ 1222.352447][T12529] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 1222.361571][T12529] Bluetooth: hci6: Injecting HCI hardware error event [ 1222.378881][T12529] Bluetooth: hci6: hardware error 0x00 [ 1222.570016][ T5306] usb 5-1: USB disconnect, device number 20 [ 1224.655804][T12529] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1224.925692][ T29] audit: type=1400 audit(1727472921.992:1011): avc: denied { write } for pid=15172 comm="syz.3.2132" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 1226.145500][T12899] IPVS: starting estimator thread 0... [ 1226.645626][T15187] IPVS: using max 15 ests per chain, 36000 per kthread [ 1226.791176][T15192] tipc: Enabling of bearer rejected, failed to enable media [ 1228.100299][T12899] IPVS: starting estimator thread 0... [ 1228.785252][T15202] IPVS: using max 15 ests per chain, 36000 per kthread [ 1228.981659][T15210] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1228.995391][ T937] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1229.039276][T12899] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1229.165281][ T937] usb 2-1: Using ep0 maxpacket: 16 [ 1229.172710][ T937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1229.196915][ T937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1229.202418][T12899] usb 5-1: Using ep0 maxpacket: 16 [ 1229.210948][ T937] usb 2-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 1229.220081][T12899] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1229.232020][T12899] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1229.232642][ T937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1229.256785][T12899] usb 5-1: Product: syz [ 1229.261253][T12899] usb 5-1: Manufacturer: syz [ 1229.293745][T12899] usb 5-1: SerialNumber: syz [ 1229.294202][ T937] usb 2-1: config 0 descriptor?? [ 1229.354398][T12899] usb 5-1: config 0 descriptor?? [ 1229.653143][T12899] usb 5-1: USB disconnect, device number 21 [ 1229.790021][ T937] samsung 0003:0419:0001.0005: report_id 0 is invalid [ 1229.797717][ T937] samsung 0003:0419:0001.0005: item 0 0 1 8 parsing failed [ 1229.810093][ T937] samsung 0003:0419:0001.0005: parse failed [ 1229.816239][ T937] samsung 0003:0419:0001.0005: probe with driver samsung failed with error -22 [ 1230.009901][ T937] usb 2-1: USB disconnect, device number 21 [ 1230.423910][T15223] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2149'. [ 1230.772339][T15230] futex_wake_op: syz.1.2152 tries to shift op by 144; fix this program [ 1230.885445][ T937] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1231.130690][ T937] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 1231.143126][ T937] usb 1-1: config 0 has no interface number 0 [ 1231.151994][ T937] usb 1-1: New USB device found, idVendor=1164, idProduct=2edc, bcdDevice=62.de [ 1231.166566][ T937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1231.174664][ T937] usb 1-1: Product: syz [ 1231.180264][ T937] usb 1-1: Manufacturer: syz [ 1231.184922][ T937] usb 1-1: SerialNumber: syz [ 1231.245587][ T937] usb 1-1: config 0 descriptor?? [ 1231.505309][T12899] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1231.520728][ T937] dvb-usb: found a 'Yuan PD378S' in warm state. [ 1231.695768][T12899] usb 4-1: Using ep0 maxpacket: 32 [ 1231.753111][T12899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1232.351443][ T937] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1232.393340][T12899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1232.425683][ T937] dvbdev: DVB: registering new adapter (Yuan PD378S) [ 1232.433162][ T937] usb 1-1: media controller created [ 1232.474432][T12899] usb 4-1: New USB device found, idVendor=04b4, idProduct=de64, bcdDevice= 0.00 [ 1232.479068][ T937] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1232.484898][T12899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1232.538592][T12899] usb 4-1: config 0 descriptor?? [ 1232.588666][ T937] DVB: Unable to find symbol dib7000p_attach() [ 1232.595300][ T937] dvb-usb: no frontend was attached by 'Yuan PD378S' [ 1232.763309][ T937] rc_core: IR keymap rc-dib0700-rc5 not found [ 1232.774257][ T937] Registered IR keymap rc-empty [ 1232.780019][ T937] dvb-usb: could not initialize remote control. [ 1232.786828][ T937] dvb-usb: Yuan PD378S successfully initialized and connected. [ 1232.802390][ T937] usb 1-1: USB disconnect, device number 14 [ 1232.930219][ T937] dvb-usb: Yuan PD378S successfully deinitialized and disconnected. [ 1233.089984][T12899] cypress 0003:04B4:DE64.0006: collection stack underflow [ 1233.104261][T12899] cypress 0003:04B4:DE64.0006: item 0 1 0 12 parsing failed [ 1233.116320][ T5277] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 1233.129334][T12899] cypress 0003:04B4:DE64.0006: parse failed [ 1233.141735][T12899] cypress 0003:04B4:DE64.0006: probe with driver cypress failed with error -22 [ 1233.324490][ T5277] usb 5-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64 [ 1233.345278][ T5277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.364047][ T5277] usb 5-1: Product: syz [ 1233.382185][ T5277] usb 5-1: Manufacturer: syz [ 1233.408585][ T937] usb 4-1: USB disconnect, device number 26 [ 1233.418314][ T5277] usb 5-1: SerialNumber: syz [ 1233.452317][ T5277] usb 5-1: config 0 descriptor?? [ 1233.464340][ T5277] hub 5-1:0.0: bad descriptor, ignoring hub [ 1233.481473][ T5277] hub 5-1:0.0: probe with driver hub failed with error -5 [ 1233.505334][ T5277] f81232 5-1:0.0: f81534a converter detected [ 1234.203055][ T5277] usb 5-1: f81534a converter now attached to ttyUSB0 [ 1234.240105][ T5277] usb 5-1: USB disconnect, device number 22 [ 1234.267140][ T5277] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0 [ 1234.322108][ T5277] f81232 5-1:0.0: device disconnected [ 1234.564723][T15270] UHID_CREATE from different security context by process 149 (syz.3.2168), this is not allowed. [ 1235.085118][ T937] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1235.235563][ T5277] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1235.286991][ T937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1236.086286][ T937] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1236.096960][ T937] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1236.110525][ T937] usb 2-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00 [ 1236.119770][ T937] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1236.154553][ T937] usb 2-1: config 0 descriptor?? [ 1236.226429][ T5277] usb 1-1: Using ep0 maxpacket: 16 [ 1236.266972][ T5277] usb 1-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice=29.82 [ 1236.276311][ T5277] usb 1-1: New USB device strings: Mfr=83, Product=5, SerialNumber=10 [ 1236.292061][ T5277] usb 1-1: Product: syz [ 1236.304480][ T5277] usb 1-1: Manufacturer: syz [ 1236.321545][ T5277] usb 1-1: SerialNumber: syz [ 1236.331016][ T5277] usb 1-1: config 0 descriptor?? [ 1236.356534][ T5277] usb 1-1: selecting invalid altsetting 1 [ 1236.399509][ T5277] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1236.442608][T14038] udevd[14038]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1236.562670][ T5277] usb 1-1: USB disconnect, device number 15 [ 1236.796457][ T937] macally 0003:060B:0001.0007: hidraw0: USB HID v0.00 Device [HID 060b:0001] on usb-dummy_hcd.1-1/input0 [ 1236.886168][ T937] usb 2-1: USB disconnect, device number 22 [ 1237.247862][ T5277] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1237.405429][ T5277] usb 3-1: Using ep0 maxpacket: 16 [ 1237.431191][ T5277] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1237.447969][ T5277] usb 3-1: config 0 has no interface number 0 [ 1237.482619][ T5277] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1237.511824][ T5277] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.543708][ T5277] usb 3-1: Product: syz [ 1237.570347][ T5277] usb 3-1: Manufacturer: syz [ 1237.599726][ T5277] usb 3-1: SerialNumber: syz [ 1237.661379][ T5277] usb 3-1: config 0 descriptor?? [ 1237.739327][ T5277] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1238.404439][ T5277] gspca_spca1528: reg_w err -71 [ 1238.426495][ T5277] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 1238.465240][ T5277] usb 3-1: USB disconnect, device number 31 [ 1240.825296][ T29] audit: type=1400 audit(1727472937.892:1012): avc: denied { connect } for pid=15334 comm="syz.1.2193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1241.135256][ T5370] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1241.408940][ T5370] usb 1-1: Using ep0 maxpacket: 32 [ 1241.444616][ T5370] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1242.249502][ T5370] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1242.260397][ T5370] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1242.271126][ T5370] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1242.296280][ T5370] usb 1-1: config 0 descriptor?? [ 1242.746531][ T5370] uclogic 0003:28BD:0094.0008: interface is invalid, ignoring [ 1242.964668][ T5274] usb 1-1: USB disconnect, device number 16 [ 1243.713159][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2203'. [ 1244.177180][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.224303][T15380] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2209'. [ 1244.282418][T15380] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2209'. [ 1245.635276][ T5306] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1245.823994][ T5306] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30 [ 1245.852587][ T5306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1245.875682][ T5306] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1245.896770][ T5306] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 34 [ 1245.925257][ T5306] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 1245.935718][ T5306] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1245.947446][ T5306] usb 5-1: config 0 descriptor?? [ 1246.644700][ T5306] wacom 0003:056A:0331.0009: hidraw0: USB HID v0.00 Device [HID 056a:0331] on usb-dummy_hcd.4-1/input0 [ 1246.726784][ T5306] usb 5-1: USB disconnect, device number 23 [ 1247.675375][T15426] netlink: 'syz.1.2225': attribute type 4 has an invalid length. [ 1247.754871][T15426] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2225'. [ 1248.187594][ T29] audit: type=1400 audit(1727472945.222:1013): avc: denied { setopt } for pid=15432 comm="syz.0.2227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1249.000456][T15453] netlink: 'syz.0.2236': attribute type 1 has an invalid length. [ 1249.046498][T15453] netlink: 9380 bytes leftover after parsing attributes in process `syz.0.2236'. [ 1249.099616][T15453] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2236'. [ 1250.289570][ T5274] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1250.447306][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1250.468690][ T5274] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1250.515179][ T5274] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 1250.555292][ T5274] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1250.584370][ T5274] usb 2-1: config 0 descriptor?? [ 1251.051891][ T5274] pyra 0003:1E7D:2CF6.000A: item fetching failed at offset 6/7 [ 1251.120574][ T5274] pyra 0003:1E7D:2CF6.000A: parse failed [ 1251.146493][ T5274] pyra 0003:1E7D:2CF6.000A: probe with driver pyra failed with error -22 [ 1251.324064][ T5274] usb 2-1: USB disconnect, device number 23 [ 1251.492397][T15479] netlink: 'syz.2.2243': attribute type 5 has an invalid length. [ 1251.642937][ T29] audit: type=1400 audit(1727472948.712:1014): avc: denied { connect } for pid=15482 comm="syz.4.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1252.325183][ T5274] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1255.775184][T15516] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2257'. [ 1255.794086][ T29] audit: type=1400 audit(1727472952.862:1015): avc: denied { listen } for pid=15517 comm="syz.1.2258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1255.858938][ T29] audit: type=1400 audit(1727472952.912:1016): avc: denied { connect } for pid=15517 comm="syz.1.2258" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1256.112193][T15522] netlink: 248 bytes leftover after parsing attributes in process `syz.1.2260'. [ 1257.025175][ T5275] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 1257.215166][ T5275] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 1257.247111][ T5275] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1257.312680][ T5275] usb 5-1: config 0 descriptor?? [ 1257.382226][ T5275] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 1257.755271][ T5306] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1257.925437][ T5306] usb 4-1: Using ep0 maxpacket: 16 [ 1257.961005][ T5306] usb 4-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1258.001170][ T5306] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.032709][ T5275] gspca_cpia1: usb_control_msg 01, error -71 [ 1258.064351][ T5306] usb 4-1: Product: syz [ 1258.068837][ T5275] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 1258.097277][ T5306] usb 4-1: Manufacturer: syz [ 1258.125161][ T5306] usb 4-1: SerialNumber: syz [ 1258.140756][ T5275] usb 5-1: USB disconnect, device number 24 [ 1258.157645][ T5306] usb 4-1: config 0 descriptor?? [ 1258.204945][ T5306] visor 4-1:0.0: Sony Clie 3.5 converter detected [ 1258.637531][ T5306] usb 4-1: clie_3_5_startup: get interface number bad return length: 0 [ 1258.672444][ T5306] visor 4-1:0.0: probe with driver visor failed with error -5 [ 1258.858833][ T5306] usb 4-1: USB disconnect, device number 27 [ 1259.430027][T15545] netlink: 412 bytes leftover after parsing attributes in process `syz.4.2270'. [ 1260.189417][T15551] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2273'. [ 1262.835819][ T5306] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1263.007959][ T5306] usb 4-1: Using ep0 maxpacket: 16 [ 1263.026961][ T5306] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1263.048754][ T5306] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1263.078126][ T5306] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1263.118963][ T5306] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1263.149933][ T5306] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1263.184949][ T5306] usb 4-1: config 0 descriptor?? [ 1263.679963][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.718310][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.735319][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.767285][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.780682][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.802619][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.830779][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.839060][T15526] syz.0.2262: vmalloc error: size 3874816, failed to allocated page array size 7568, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1263.867638][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.889234][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1263.901306][T15526] CPU: 1 UID: 0 PID: 15526 Comm: syz.0.2262 Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1263.911807][T15526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1263.921952][T15526] Call Trace: [ 1263.925365][T15526] [ 1263.928360][T15526] dump_stack_lvl+0x16c/0x1f0 [ 1263.933106][T15526] warn_alloc+0x24d/0x3a0 [ 1263.937504][T15526] ? __pfx_warn_alloc+0x10/0x10 [ 1263.942437][T15526] ? __get_vm_area_node+0x190/0x2d0 [ 1263.947739][T15526] ? __get_vm_area_node+0x1bc/0x2d0 [ 1263.953025][T15526] __vmalloc_node_range_noprof+0x1116/0x15b0 [ 1263.959143][T15526] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1263.965377][T15526] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1263.971799][T15526] ? __get_vm_area_node+0x190/0x2d0 [ 1263.977074][T15526] ? __get_vm_area_node+0x1bc/0x2d0 [ 1263.982357][T15526] __vmalloc_node_range_noprof+0xd92/0x15b0 [ 1263.988349][T15526] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1263.994588][T15526] ? __mutex_trylock_common+0xea/0x250 [ 1264.000144][T15526] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1264.006391][T15526] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1264.012806][T15526] ? rcu_is_watching+0x12/0xc0 [ 1264.017649][T15526] ? rcu_is_watching+0x12/0xc0 [ 1264.022483][T15526] ? trace_kmalloc+0x2d/0xe0 [ 1264.027151][T15526] ? __kmalloc_node_noprof.cold+0x5a/0x5f [ 1264.032949][T15526] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1264.039178][T15526] __kvmalloc_node_noprof+0x14f/0x1a0 [ 1264.044618][T15526] ? __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1264.050847][T15526] __v4l2_ctrl_modify_dimensions+0x1c7/0x650 [ 1264.056901][T15526] vivid_update_format_cap+0x127b/0x2530 [ 1264.062624][T15526] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 1264.068696][T15526] ? v4l2_match_dv_timings+0x1df/0x1010 [ 1264.074351][T15526] vivid_vid_cap_s_dv_timings+0xc0f/0xfb0 [ 1264.080332][T15526] vidioc_s_dv_timings+0xa5/0xc0 [ 1264.085360][T15526] ? v4l_stub_s_dv_timings+0x1b/0x60 [ 1264.090713][T15526] __video_do_ioctl+0xaf0/0xf00 [ 1264.095671][T15526] ? __pfx___video_do_ioctl+0x10/0x10 [ 1264.101317][T15526] video_usercopy+0x4ce/0x1600 [ 1264.106257][T15526] ? __pfx___video_do_ioctl+0x10/0x10 [ 1264.111710][T15526] ? __pfx_video_usercopy+0x10/0x10 [ 1264.117067][T15526] v4l2_ioctl+0x1ba/0x250 [ 1264.121484][T15526] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1264.126522][T15526] __x64_sys_ioctl+0x18f/0x220 [ 1264.131444][T15526] do_syscall_64+0xcd/0x250 [ 1264.136104][T15526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.142074][T15526] RIP: 0033:0x7f125897df39 [ 1264.146548][T15526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1264.166304][T15526] RSP: 002b:00007f125971b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1264.174875][T15526] RAX: ffffffffffffffda RBX: 00007f1258b35f80 RCX: 00007f125897df39 [ 1264.182906][T15526] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 1264.191108][T15526] RBP: 00007f12589f0216 R08: 0000000000000000 R09: 0000000000000000 [ 1264.199136][T15526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1264.207248][T15526] R13: 0000000000000000 R14: 00007f1258b35f80 R15: 00007ffe5e32be38 [ 1264.215390][T15526] [ 1264.653020][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1264.663757][ T5306] microsoft 0003:045E:07DA.000B: unknown main item tag 0x0 [ 1264.674443][ T5306] microsoft 0003:045E:07DA.000B: No inputs registered, leaving [ 1264.727318][ T5306] microsoft 0003:045E:07DA.000B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 1264.739274][ T5306] microsoft 0003:045E:07DA.000B: no inputs found [ 1264.745941][ T5306] microsoft 0003:045E:07DA.000B: could not initialize ff, continuing anyway [ 1264.762946][ T5306] usb 4-1: USB disconnect, device number 28 [ 1264.794485][T15526] Mem-Info: [ 1264.801684][T15526] active_anon:10895 inactive_anon:0 isolated_anon:0 [ 1264.801684][T15526] active_file:13996 inactive_file:38979 isolated_file:0 [ 1264.801684][T15526] unevictable:768 dirty:296 writeback:0 [ 1264.801684][T15526] slab_reclaimable:6199 slab_unreclaimable:106059 [ 1264.801684][T15526] mapped:23126 shmem:5331 pagetables:860 [ 1264.801684][T15526] sec_pagetables:0 bounce:0 [ 1264.801684][T15526] kernel_misc_reclaimable:0 [ 1264.801684][T15526] free:1276229 free_pcp:336 free_cma:0 [ 1265.102154][T15526] Node 0 active_anon:39180kB inactive_anon:0kB active_file:55820kB inactive_file:155844kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:90376kB dirty:1084kB writeback:100kB shmem:19788kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10092kB pagetables:3340kB sec_pagetables:0kB all_unreclaimable? no [ 1265.144950][T15526] Node 1 active_anon:0kB inactive_anon:0kB active_file:164kB inactive_file:72kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1265.185925][T15526] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1265.224947][T15526] lowmem_reserve[]: 0 2461 2461 0 0 [ 1265.232514][T15526] Node 0 DMA32 free:1167864kB boost:0kB min:34168kB low:42708kB high:51248kB reserved_highatomic:0KB active_anon:39148kB inactive_anon:0kB active_file:55820kB inactive_file:155528kB unevictable:1536kB writepending:1184kB present:3129332kB managed:2549136kB mlocked:0kB bounce:0kB free_pcp:896kB local_pcp:44kB free_cma:0kB [ 1265.271691][T15526] lowmem_reserve[]: 0 0 0 0 0 [ 1265.279565][T15526] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:32kB inactive_anon:0kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:1048580kB managed:364kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:4kB free_cma:0kB [ 1265.325894][T15526] lowmem_reserve[]: 0 0 0 0 0 [ 1265.331064][T15526] Node 1 Normal free:3927844kB boost:0kB min:55728kB low:69660kB high:83592kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:164kB inactive_file:72kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1265.368528][T15526] lowmem_reserve[]: 0 0 0 0 0 [ 1265.374034][T15526] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1265.436099][T15526] Node 0 DMA32: 692*4kB (ME) 540*8kB (UME) 471*16kB (UME) 336*32kB (UME) 194*64kB (UME) 34*128kB (UME) 15*256kB (UME) 13*512kB (ME) 9*1024kB (UM) 7*2048kB (UME) 266*4096kB (M) = 1165728kB [ 1265.518692][T15526] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1265.553838][T15526] Node 1 Normal: 161*4kB (UME) 52*8kB (UE) 32*16kB (UME) 170*32kB (UME) 85*64kB (UME) 33*128kB (UME) 16*256kB (UME) 9*512kB (UM) 3*1024kB (U) 0*2048kB 952*4096kB (M) = 3927844kB [ 1265.610555][T15526] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1265.638136][T15526] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1265.676537][T15526] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1265.725678][T15526] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1265.784550][T15526] 58306 total pagecache pages [ 1265.809791][T15526] 0 pages in swap cache [ 1265.830960][T15526] Free swap = 124228kB [ 1265.854073][T15526] Total swap = 124996kB [ 1265.871288][T15526] 2097051 pages RAM [ 1265.891597][T15526] 0 pages HighMem/MovableOnly [ 1265.911583][T15526] 428045 pages reserved [ 1265.934430][T15526] 0 pages cma reserved [ 1266.218028][T15597] netlink: 'syz.2.2291': attribute type 1 has an invalid length. [ 1266.253323][T15597] netlink: 9396 bytes leftover after parsing attributes in process `syz.2.2291'. [ 1266.608577][ T29] audit: type=1400 audit(1727472963.672:1017): avc: denied { write } for pid=15599 comm="syz.2.2293" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 1266.692160][ T29] audit: type=1400 audit(1727472963.672:1018): avc: denied { read } for pid=15599 comm="syz.2.2293" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 1267.577749][T11368] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1267.595818][T11368] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1267.606284][T11368] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1267.614693][T11368] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1267.635369][T11368] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1267.646571][T11368] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1268.124297][T15605] 9pnet_fd: Insufficient options for proto=fd [ 1268.217719][T15606] syz.2.2294 (15606): drop_caches: 2 [ 1269.695213][T11368] Bluetooth: hci0: command tx timeout [ 1270.146831][T15608] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2295'. [ 1271.775184][T11368] Bluetooth: hci0: command tx timeout [ 1271.843258][T15617] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2299'. [ 1272.528240][ T29] audit: type=1400 audit(1727472969.602:1019): avc: denied { read } for pid=15620 comm="syz.2.2301" path="socket:[63739]" dev="sockfs" ino=63739 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 1273.855156][T11368] Bluetooth: hci0: command tx timeout [ 1274.174741][T12529] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1274.192695][T12529] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1274.202404][T12529] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1274.211546][T12529] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1274.227787][T12529] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1274.235526][T12529] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1275.955173][T12529] Bluetooth: hci0: command tx timeout [ 1276.336854][T11368] Bluetooth: hci3: command tx timeout [ 1276.367912][T11368] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1276.391640][T11368] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1276.402886][T11368] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1276.413390][T11368] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1276.421581][T11368] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1276.429339][T11368] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1277.124745][T12529] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1277.145270][T12529] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1277.165473][T12529] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1277.175487][T12529] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1277.183748][T12529] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 1277.191670][T12529] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1278.415230][T12529] Bluetooth: hci3: command tx timeout [ 1278.501822][T12529] Bluetooth: hci6: command tx timeout [ 1278.983812][ T29] audit: type=1400 audit(1727472976.052:1020): avc: denied { listen } for pid=15646 comm="syz.2.2310" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 1279.505224][T12529] Bluetooth: hci7: command tx timeout [ 1280.498113][T12529] Bluetooth: hci3: command tx timeout [ 1280.575510][T12529] Bluetooth: hci6: command tx timeout [ 1281.541474][T12529] Bluetooth: hci7: command tx timeout [ 1282.575276][T12529] Bluetooth: hci3: command tx timeout [ 1282.655467][T12529] Bluetooth: hci6: command tx timeout [ 1283.617724][T12529] Bluetooth: hci7: command tx timeout [ 1284.735439][T12529] Bluetooth: hci6: command tx timeout [ 1285.695235][T12529] Bluetooth: hci7: command tx timeout [ 1297.467084][T12529] Bluetooth: hci5: command 0x0406 tx timeout [ 1300.906102][T12529] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 1300.919764][T12529] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 1300.928466][T12529] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 1300.937792][T12529] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 1300.946563][T12529] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 1300.954044][T12529] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 1303.061851][T12529] Bluetooth: hci8: command tx timeout [ 1305.141649][T12529] Bluetooth: hci8: command tx timeout [ 1305.625411][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1307.215142][T12529] Bluetooth: hci8: command tx timeout [ 1309.295157][T12529] Bluetooth: hci8: command tx timeout [ 1327.774026][T11368] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1327.784847][T11368] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1327.794796][T11368] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1327.804029][T11368] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1327.825166][T11368] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1327.845270][T11368] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1329.940708][T12529] Bluetooth: hci9: command tx timeout [ 1332.017852][T12529] Bluetooth: hci9: command tx timeout [ 1334.095332][T12529] Bluetooth: hci9: command tx timeout [ 1334.299001][T11368] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 1334.310145][T11368] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 1334.319963][T11368] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 1334.330824][T11368] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 1334.339044][T11368] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 1334.346929][T11368] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 1336.175252][T12529] Bluetooth: hci9: command tx timeout [ 1336.325980][T11368] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1336.345696][T11368] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1336.356922][T11368] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1336.373668][T11368] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1336.384698][T11368] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1336.398935][T11368] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1336.416024][T11368] Bluetooth: hci10: command tx timeout [ 1337.251888][T12529] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 1337.273861][T12529] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 1337.283567][T12529] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 1337.302755][T12529] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 1337.310922][T12529] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 1337.319286][T12529] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 1338.495124][T11368] Bluetooth: hci10: command tx timeout [ 1338.502484][T12529] Bluetooth: hci11: command tx timeout [ 1339.381688][T12529] Bluetooth: hci12: command tx timeout [ 1340.575165][T11368] Bluetooth: hci10: command tx timeout [ 1340.582844][T12529] Bluetooth: hci11: command tx timeout [ 1341.455847][T12529] Bluetooth: hci12: command tx timeout [ 1342.655201][T12529] Bluetooth: hci11: command tx timeout [ 1342.660971][T12529] Bluetooth: hci10: command tx timeout [ 1343.535416][T12529] Bluetooth: hci12: command tx timeout [ 1344.735186][T12529] Bluetooth: hci11: command tx timeout [ 1345.615294][T12529] Bluetooth: hci12: command tx timeout [ 1361.523913][T11368] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 1361.552937][T11368] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 1361.568590][T11368] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 1361.577397][T11368] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 1361.585370][T11368] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 1361.592916][T11368] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 1363.695138][T12529] Bluetooth: hci13: command tx timeout [ 1365.775205][T12529] Bluetooth: hci13: command tx timeout [ 1367.065392][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1367.855089][T12529] Bluetooth: hci13: command tx timeout [ 1369.935173][T12529] Bluetooth: hci13: command tx timeout [ 1388.406425][T11368] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 1388.425328][T11368] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 1388.439964][T11368] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 1388.448448][T11368] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 1388.456453][T11368] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 1388.466173][T11368] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 1390.575461][T12529] Bluetooth: hci14: command tx timeout [ 1392.665513][T11368] Bluetooth: hci14: command tx timeout [ 1394.742558][T15695] Bluetooth: hci14: command tx timeout [ 1394.748400][T12529] Bluetooth: hci0: command 0x0406 tx timeout [ 1394.934050][T12529] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 1394.949989][T12529] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 1394.960225][T12529] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 1394.969155][T12529] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 1394.977598][T12529] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 1394.988805][T12529] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 1396.815531][T12529] Bluetooth: hci14: command tx timeout [ 1396.886413][T11368] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 1396.900664][T11368] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 1396.910787][T11368] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 1396.919425][T11368] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 1396.927830][T11368] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 1396.939339][T11368] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 1397.055096][T11368] Bluetooth: hci15: command tx timeout [ 1397.456963][T12529] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 1397.468517][T12529] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 1397.479098][T12529] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 1397.493509][T12529] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 1397.501504][T12529] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 1397.511500][T12529] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 1398.975296][ T5242] Bluetooth: hci16: command tx timeout [ 1399.135216][ T5242] Bluetooth: hci15: command tx timeout [ 1399.615297][ T5242] Bluetooth: hci17: command tx timeout [ 1399.855494][ T5242] Bluetooth: hci7: command 0x0406 tx timeout [ 1399.861691][ T5242] Bluetooth: hci3: command 0x0406 tx timeout [ 1399.880686][ T5242] Bluetooth: hci6: command 0x0406 tx timeout [ 1401.055118][T11368] Bluetooth: hci16: command tx timeout [ 1401.223219][T11368] Bluetooth: hci15: command tx timeout [ 1401.695071][T11368] Bluetooth: hci17: command tx timeout [ 1403.135301][T11368] Bluetooth: hci16: command tx timeout [ 1403.295162][T11368] Bluetooth: hci15: command tx timeout [ 1403.775055][T11368] Bluetooth: hci17: command tx timeout [ 1405.215122][T11368] Bluetooth: hci16: command tx timeout [ 1405.855182][T11368] Bluetooth: hci17: command tx timeout [ 1409.935202][ T30] INFO: task kworker/1:3:5275 blocked for more than 143 seconds. [ 1409.943024][ T30] Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1410.002131][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1410.055047][ T30] task:kworker/1:3 state:D stack:22704 pid:5275 tgid:5275 ppid:2 flags:0x00004000 [ 1410.104266][ T30] Workqueue: events_power_efficient reg_check_chans_work [ 1410.202842][ T30] Call Trace: [ 1410.240286][ T30] [ 1410.243313][ T30] __schedule+0xed6/0x5920 [ 1410.297793][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1410.314364][ T30] ? __pfx___schedule+0x10/0x10 [ 1410.325442][ T30] ? schedule+0x298/0x350 [ 1410.330015][ T30] ? __pfx_lock_release+0x10/0x10 [ 1410.342546][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1410.348225][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1410.353519][ T30] schedule+0xe7/0x350 [ 1410.371982][ T30] schedule_preempt_disabled+0x13/0x30 [ 1410.381059][ T30] __mutex_lock+0x5b8/0x9c0 [ 1410.392753][ T30] ? hlock_class+0x4e/0x130 [ 1410.397805][ T30] ? reg_check_chans_work+0x84/0x1130 [ 1410.403286][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1410.413557][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1410.421954][ T30] ? reg_check_chans_work+0x84/0x1130 [ 1410.430476][ T30] reg_check_chans_work+0x84/0x1130 [ 1410.441461][ T30] ? __pfx_reg_check_chans_work+0x10/0x10 [ 1410.450656][ T30] ? __pfx_lock_release+0x10/0x10 [ 1410.460319][ T30] process_one_work+0x9c5/0x1ba0 [ 1410.468505][ T30] ? __pfx_psi_avgs_work+0x10/0x10 [ 1410.473712][ T30] ? __pfx_process_one_work+0x10/0x10 [ 1410.485810][ T30] ? assign_work+0x1a0/0x250 [ 1410.490516][ T30] worker_thread+0x6c8/0xf00 [ 1410.501810][ T30] ? __kthread_parkme+0x148/0x220 [ 1410.507422][ T30] ? __pfx_worker_thread+0x10/0x10 [ 1410.512649][ T30] kthread+0x2c1/0x3a0 [ 1410.526640][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1410.531959][ T30] ? __pfx_kthread+0x10/0x10 [ 1410.543768][ T30] ret_from_fork+0x45/0x80 [ 1410.548715][ T30] ? __pfx_kthread+0x10/0x10 [ 1410.553405][ T30] ret_from_fork_asm+0x1a/0x30 [ 1410.565960][ T30] [ 1410.569166][ T30] INFO: task syz.1.2285:15583 blocked for more than 143 seconds. [ 1410.581720][ T30] Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1410.594062][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1410.606442][ T30] task:syz.1.2285 state:D stack:25824 pid:15583 tgid:15583 ppid:14631 flags:0x00004004 [ 1410.623624][ T30] Call Trace: [ 1410.633067][ T30] [ 1410.640341][ T30] __schedule+0xed6/0x5920 [ 1410.644861][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1410.653476][ T30] ? __pfx_lockdep_lock+0x10/0x10 [ 1410.663470][ T30] ? __pfx___schedule+0x10/0x10 [ 1410.671508][ T30] ? schedule+0x298/0x350 [ 1410.680197][ T30] ? __pfx_lock_release+0x10/0x10 [ 1410.691953][ T30] ? __pfx_mark_lock+0x10/0x10 [ 1410.701106][ T30] schedule+0xe7/0x350 [ 1410.708750][ T30] schedule_timeout+0x258/0x2a0 [ 1410.713787][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1410.724212][ T30] ? mark_held_locks+0x9f/0xe0 [ 1410.732219][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1410.745047][ T30] __wait_for_common+0x3e1/0x600 [ 1410.750082][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 1410.767815][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 1410.773381][ T30] ? mark_held_locks+0x9f/0xe0 [ 1410.784264][ T30] __flush_work+0x776/0xc30 [ 1410.791432][ T30] ? __pfx___flush_work+0x10/0x10 [ 1410.803449][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 1410.809424][ T30] ? __pfx___might_resched+0x10/0x10 [ 1410.814800][ T30] ? mark_held_locks+0x9f/0xe0 [ 1410.824975][ T30] unregister_netdevice_many_notify+0x1643/0x1e40 [ 1410.831562][ T30] ? __mutex_trylock_common+0xea/0x250 [ 1410.843291][ T30] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1410.853037][ T30] ? trace_contention_end+0xea/0x140 [ 1410.864961][ T30] ? __mutex_lock+0x1a6/0x9c0 [ 1410.869905][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1410.882721][ T30] ? __fsnotify_parent+0x276/0xa30 [ 1410.890500][ T30] ? ppp_release+0x167/0x230 [ 1410.902122][ T30] unregister_netdevice_queue+0x307/0x3f0 [ 1410.908430][ T30] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1410.914771][ T30] ? __pfx_locks_remove_file+0x10/0x10 [ 1410.930661][ T30] ? __pfx_ppp_release+0x10/0x10 [ 1410.937471][ T30] ppp_release+0x209/0x230 [ 1410.941981][ T30] __fput+0x3f6/0xb60 [ 1410.951812][ T30] task_work_run+0x14e/0x250 [ 1410.958249][ T30] ? __pfx_task_work_run+0x10/0x10 [ 1410.963469][ T30] syscall_exit_to_user_mode+0x27b/0x2a0 [ 1410.975131][ T30] do_syscall_64+0xda/0x250 [ 1410.979731][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1410.994017][ T30] RIP: 0033:0x7f4cbed7df39 [ 1410.998943][ T30] RSP: 002b:00007ffc7980d4f8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1411.016788][ T30] RAX: 0000000000000000 RBX: 00000000001344e0 RCX: 00007f4cbed7df39 [ 1411.024859][ T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1411.041145][ T30] RBP: 00007f4cbef37a80 R08: 0000000000000001 R09: 00007ffc7980d7ef [ 1411.051210][ T30] R10: 00007f4cbec00000 R11: 0000000000000246 R12: 000000000013453a [ 1411.065052][ T30] R13: 00007ffc7980d600 R14: 0000000000000032 R15: ffffffffffffffff [ 1411.073210][ T30] [ 1411.085427][ T30] INFO: task syz.4.2286:15587 blocked for more than 144 seconds. [ 1411.102038][ T30] Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1411.109969][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1411.125516][ T30] task:syz.4.2286 state:D stack:27248 pid:15587 tgid:15586 ppid:12386 flags:0x00000004 [ 1411.143092][ T30] Call Trace: [ 1411.148658][ T30] [ 1411.151658][ T30] __schedule+0xed6/0x5920 [ 1411.161884][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1411.170774][ T30] ? __pfx_stack_trace_save+0x10/0x10 [ 1411.182104][ T30] ? __pfx___schedule+0x10/0x10 [ 1411.188817][ T30] ? schedule+0x298/0x350 [ 1411.193278][ T30] ? __pfx_lock_release+0x10/0x10 [ 1411.205186][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1411.209958][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1411.225629][ T30] schedule+0xe7/0x350 [ 1411.229817][ T30] schedule_preempt_disabled+0x13/0x30 [ 1411.241615][ T30] __mutex_lock+0x5b8/0x9c0 [ 1411.250231][ T30] ? nl80211_pre_doit+0xb4/0xb10 [ 1411.261449][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1411.268287][ T30] ? __nla_parse+0x40/0x60 [ 1411.272791][ T30] ? nl80211_pre_doit+0xb4/0xb10 [ 1411.283579][ T30] nl80211_pre_doit+0xb4/0xb10 [ 1411.290343][ T30] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1411.305023][ T30] genl_family_rcv_msg_doit+0x1be/0x2f0 [ 1411.310696][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1411.324832][ T30] ? bpf_lsm_capable+0x9/0x10 [ 1411.330749][ T30] ? security_capable+0x7e/0x260 [ 1411.342855][ T30] genl_rcv_msg+0x565/0x800 [ 1411.347926][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1411.353036][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1411.364741][ T30] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1411.371985][ T30] ? __pfx_nl80211_set_reg+0x10/0x10 [ 1411.382884][ T30] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1411.390249][ T30] netlink_rcv_skb+0x16b/0x440 [ 1411.401864][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1411.411487][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1411.421245][ T30] ? down_read+0xc9/0x330 [ 1411.428642][ T30] ? __pfx_down_read+0x10/0x10 [ 1411.434136][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1411.443970][ T30] genl_rcv+0x28/0x40 [ 1411.451209][ T30] netlink_unicast+0x53c/0x7f0 [ 1411.460309][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1411.468682][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1411.473551][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1411.485200][ T30] ? __import_iovec+0x1fd/0x6e0 [ 1411.490168][ T30] ____sys_sendmsg+0xaaf/0xc90 [ 1411.501323][ T30] ? copy_msghdr_from_user+0x10b/0x160 [ 1411.509261][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1411.514642][ T30] ? __pfx___futex_wait+0x10/0x10 [ 1411.525679][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1411.531063][ T30] ___sys_sendmsg+0x135/0x1e0 [ 1411.545805][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1411.551165][ T30] ? fdget+0x176/0x210 [ 1411.563219][ T30] __sys_sendmsg+0x117/0x1f0 [ 1411.569798][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1411.580568][ T30] ? __x64_sys_futex+0x1e1/0x4c0 [ 1411.587913][ T30] do_syscall_64+0xcd/0x250 [ 1411.592511][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1411.604274][ T30] RIP: 0033:0x7f8e0157df39 [ 1411.612928][ T30] RSP: 002b:00007f8e02306038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1411.624959][ T30] RAX: ffffffffffffffda RBX: 00007f8e01735f80 RCX: 00007f8e0157df39 [ 1411.642701][ T30] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 1411.653238][ T30] RBP: 00007f8e015f0216 R08: 0000000000000000 R09: 0000000000000000 [ 1411.665270][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1411.673318][ T30] R13: 0000000000000000 R14: 00007f8e01735f80 R15: 00007ffeb3f35758 [ 1411.687729][ T30] [ 1411.690900][ T30] INFO: task syz.3.2290:15595 blocked for more than 145 seconds. [ 1411.703749][ T30] Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1411.721356][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1411.732465][ T30] task:syz.3.2290 state:D stack:27248 pid:15595 tgid:15594 ppid:14445 flags:0x00004004 [ 1411.748935][ T30] Call Trace: [ 1411.752286][ T30] [ 1411.760550][ T30] __schedule+0xed6/0x5920 [ 1411.769444][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1411.774854][ T30] ? __pfx___schedule+0x10/0x10 [ 1411.790049][ T30] ? schedule+0x298/0x350 [ 1411.794458][ T30] ? __pfx_lock_release+0x10/0x10 [ 1411.813541][ T30] ? __mutex_lock+0x5b3/0x9c0 [ 1411.821386][ T30] ? __mutex_trylock_common+0x78/0x250 [ 1411.831349][ T30] schedule+0xe7/0x350 [ 1411.838555][ T30] schedule_preempt_disabled+0x13/0x30 [ 1411.844117][ T30] __mutex_lock+0x5b8/0x9c0 [ 1411.853947][ T30] ? ethnl_default_set_doit+0x2e8/0x6f0 [ 1411.871551][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1411.876748][ T30] ? __pfx_ethnl_parse_header_dev_get+0x10/0x10 [ 1411.883094][ T30] ? __pfx___nla_validate_parse+0x10/0x10 [ 1411.897199][ T30] ? ethnl_default_set_doit+0x2e8/0x6f0 [ 1411.902896][ T30] ? rtnl_lock+0x9/0x20 [ 1411.911571][ T30] ethnl_default_set_doit+0x2e8/0x6f0 [ 1411.922485][ T30] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 1411.933413][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1411.944472][ T30] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1411.955930][ T30] genl_family_rcv_msg_doit+0x202/0x2f0 [ 1411.961671][ T30] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1411.974846][ T30] ? bpf_lsm_capable+0x9/0x10 [ 1411.980033][ T30] ? security_capable+0x7e/0x260 [ 1411.992013][ T30] ? ns_capable+0xd7/0x110 [ 1411.996971][ T30] genl_rcv_msg+0x565/0x800 [ 1412.001568][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1412.013860][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1412.021862][ T30] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 1412.036418][ T30] netlink_rcv_skb+0x16b/0x440 [ 1412.041285][ T30] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1412.053065][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1412.058847][ T30] ? down_read+0xc9/0x330 [ 1412.063260][ T30] ? __pfx_down_read+0x10/0x10 [ 1412.075322][ T30] ? netlink_deliver_tap+0x1ae/0xd90 [ 1412.080795][ T30] genl_rcv+0x28/0x40 [ 1412.084850][ T30] netlink_unicast+0x53c/0x7f0 [ 1412.095016][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 1412.100407][ T30] netlink_sendmsg+0x8b8/0xd70 [ 1412.116545][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1412.123166][ T30] ? __import_iovec+0x1fd/0x6e0 [ 1412.136145][ T30] ____sys_sendmsg+0xaaf/0xc90 [ 1412.141009][ T30] ? copy_msghdr_from_user+0x10b/0x160 [ 1412.153481][ T30] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1412.161039][ T30] ? __pfx___futex_wait+0x10/0x10 [ 1412.171873][ T30] ? __pfx___lock_acquire+0x10/0x10 [ 1412.179239][ T30] ___sys_sendmsg+0x135/0x1e0 [ 1412.184025][ T30] ? __pfx____sys_sendmsg+0x10/0x10 [ 1412.195006][ T30] ? fdget+0x176/0x210 [ 1412.199264][ T30] __sys_sendmsg+0x117/0x1f0 [ 1412.203932][ T30] ? __pfx___sys_sendmsg+0x10/0x10 [ 1412.216310][ T30] ? __x64_sys_futex+0x1e1/0x4c0 [ 1412.223425][ T30] do_syscall_64+0xcd/0x250 [ 1412.233712][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1412.241428][ T30] RIP: 0033:0x7fa22af7df39 [ 1412.251767][ T30] RSP: 002b:00007fa22a9ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1412.263738][ T30] RAX: ffffffffffffffda RBX: 00007fa22b135f80 RCX: 00007fa22af7df39 [ 1412.277445][ T30] RDX: 0000000000000000 RSI: 0000000020000540 RDI: 0000000000000003 [ 1412.290064][ T30] RBP: 00007fa22aff0216 R08: 0000000000000000 R09: 0000000000000000 [ 1412.301148][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1412.313573][ T30] R13: 0000000000000000 R14: 00007fa22b135f80 R15: 00007fffbb367ce8 [ 1412.330943][ T30] [ 1412.334129][ T30] [ 1412.334129][ T30] Showing all locks held in the system: [ 1412.344657][ T30] 1 lock held by khungtaskd/30: [ 1412.357738][ T30] #0: ffffffff8e1b7f80 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x75/0x340 [ 1412.374145][ T30] 8 locks held by kworker/0:2/937: [ 1412.381058][ T30] 2 locks held by getty/4979: [ 1412.391376][ T30] #0: ffff8880328ea0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1412.403056][ T30] #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0xfba/0x1480 [ 1412.421130][ T30] 7 locks held by kworker/0:4/5274: [ 1412.430269][ T30] 3 locks held by kworker/1:3/5275: [ 1412.441055][ T30] #0: ffff88801b081948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 1412.455601][ T30] #1: ffffc900040ffd80 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 1412.472085][ T30] #2: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x84/0x1130 [ 1412.483897][ T30] 3 locks held by kworker/1:6/5306: [ 1412.496199][ T30] #0: ffff88801b080948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 1412.512799][ T30] #1: ffffc90004207d80 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 1412.523776][ T30] #2: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 1412.543587][ T30] 3 locks held by kworker/u8:14/9669: [ 1412.549489][ T30] #0: ffff88802e2ca148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x129b/0x1ba0 [ 1412.568686][ T30] #1: ffffc90003abfd80 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0 [ 1412.587137][ T30] #2: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x12/0x30 [ 1412.604333][ T30] 1 lock held by syz.0.2262/15526: [ 1412.610092][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x38/0x230 [ 1412.625260][ T30] 2 locks held by syz.1.2285/15583: [ 1412.633569][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x167/0x230 [ 1412.648645][ T30] #1: ffffffff8e05b950 (cpu_hotplug_lock){++++}-{0:0}, at: unregister_netdevice_many_notify+0x53b/0x1e40 [ 1412.670212][ T30] 2 locks held by syz.4.2286/15587: [ 1412.677426][ T30] #0: ffffffff8ff7deb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1412.692093][ T30] #1: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb10 [ 1412.703234][ T30] 2 locks held by syz.3.2290/15595: [ 1412.714534][ T30] #0: ffffffff8ff7deb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1412.724738][ T30] #1: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0x2e8/0x6f0 [ 1412.744087][ T30] 1 lock held by syz-executor/15601: [ 1412.750728][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.767931][ T30] 1 lock held by syz-executor/15627: [ 1412.773386][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.787372][ T30] 1 lock held by syz-executor/15634: [ 1412.792758][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.806839][ T30] 1 lock held by syz-executor/15636: [ 1412.812207][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.835853][ T30] 2 locks held by syz.2.2318/15669: [ 1412.841225][ T30] #0: ffffffff8ff7deb0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40 [ 1412.855747][ T30] #1: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0xb4/0xb10 [ 1412.871445][ T30] 1 lock held by syz-executor/15676: [ 1412.878543][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.893946][ T30] 1 lock held by syz-executor/15683: [ 1412.905142][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.914876][ T30] 1 lock held by syz-executor/15688: [ 1412.930435][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.950145][ T30] 1 lock held by syz-executor/15693: [ 1412.957220][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.973133][ T30] 1 lock held by syz-executor/15697: [ 1412.982583][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1412.998050][ T30] 1 lock held by syz-executor/15700: [ 1413.003409][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1413.016420][ T30] 1 lock held by syz-executor/15706: [ 1413.021778][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1413.035466][ T30] 1 lock held by syz-executor/15713: [ 1413.050061][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1413.062685][ T30] 1 lock held by syz-executor/15717: [ 1413.073742][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1413.087501][ T30] 1 lock held by syz-executor/15720: [ 1413.092968][ T30] #0: ffffffff8fedf6a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x372/0xea0 [ 1413.107265][ T30] [ 1413.109644][ T30] ============================================= [ 1413.109644][ T30] [ 1413.122729][ T30] NMI backtrace for cpu 1 [ 1413.127113][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1413.137410][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1413.147520][ T30] Call Trace: [ 1413.150872][ T30] [ 1413.153847][ T30] dump_stack_lvl+0x116/0x1f0 [ 1413.158593][ T30] nmi_cpu_backtrace+0x27b/0x390 [ 1413.163606][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1413.169671][ T30] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1413.175793][ T30] watchdog+0xf0c/0x1240 [ 1413.180116][ T30] ? __pfx_watchdog+0x10/0x10 [ 1413.184867][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1413.190131][ T30] ? __kthread_parkme+0x148/0x220 [ 1413.195754][ T30] ? __pfx_watchdog+0x10/0x10 [ 1413.200508][ T30] kthread+0x2c1/0x3a0 [ 1413.204640][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1413.209918][ T30] ? __pfx_kthread+0x10/0x10 [ 1413.214580][ T30] ret_from_fork+0x45/0x80 [ 1413.219070][ T30] ? __pfx_kthread+0x10/0x10 [ 1413.223722][ T30] ret_from_fork_asm+0x1a/0x30 [ 1413.228582][ T30] [ 1413.232711][ T30] Sending NMI from CPU 1 to CPUs 0: [ 1413.238645][ C0] NMI backtrace for cpu 0 [ 1413.238662][ C0] CPU: 0 UID: 0 PID: 937 Comm: kworker/0:2 Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1413.238694][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1413.238713][ C0] Workqueue: events nsim_dev_trap_report_work [ 1413.238754][ C0] RIP: 0010:__kernel_text_address+0xd/0x40 [ 1413.238801][ C0] Code: e8 58 54 96 00 e9 6a ff ff ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 53 48 89 fb e8 e3 fe ff ff <85> c0 75 1b 48 81 fb 00 a0 d7 91 72 0c 31 c0 48 81 fb 6a f7 f7 91 [ 1413.238833][ C0] RSP: 0018:ffffc900000071a8 EFLAGS: 00000282 [ 1413.238853][ C0] RAX: 0000000000000001 RBX: ffffffff88f29525 RCX: 0000000000000000 [ 1413.238871][ C0] RDX: 1ffff92000000e43 RSI: ffffc900000075b8 RDI: ffffffff88f29525 [ 1413.238891][ C0] RBP: ffffc90000007218 R08: ffffc90000007204 R09: ffffffff917efda4 [ 1413.238910][ C0] R10: ffffc900000071d0 R11: 000000000007f1ea R12: ffffffff8178a6b0 [ 1413.238929][ C0] R13: ffffc90000007290 R14: 0000000000000000 R15: ffff888026475a00 [ 1413.238947][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1413.238977][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1413.238996][ C0] CR2: 000000110c34974b CR3: 000000000df7c000 CR4: 00000000003506f0 [ 1413.239014][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1413.239031][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1413.239049][ C0] Call Trace: [ 1413.239056][ C0] [ 1413.239067][ C0] ? nmi_cpu_backtrace+0x1d8/0x390 [ 1413.239110][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1413.239150][ C0] ? nmi_handle+0x1a9/0x5c0 [ 1413.239178][ C0] ? __kernel_text_address+0xd/0x40 [ 1413.239220][ C0] ? default_do_nmi+0x6a/0x160 [ 1413.239256][ C0] ? exc_nmi+0x170/0x1e0 [ 1413.239291][ C0] ? end_repeat_nmi+0xf/0x53 [ 1413.239319][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1413.239351][ C0] ? consume_skb+0x85/0x100 [ 1413.239394][ C0] ? consume_skb+0x85/0x100 [ 1413.239433][ C0] ? __kernel_text_address+0xd/0x40 [ 1413.239475][ C0] ? __kernel_text_address+0xd/0x40 [ 1413.239517][ C0] ? __kernel_text_address+0xd/0x40 [ 1413.239559][ C0] [ 1413.239568][ C0] [ 1413.239577][ C0] unwind_get_return_address+0x59/0xa0 [ 1413.239605][ C0] arch_stack_walk+0xa7/0x100 [ 1413.239638][ C0] ? consume_skb+0x85/0x100 [ 1413.239680][ C0] stack_trace_save+0x95/0xd0 [ 1413.239709][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1413.239744][ C0] kasan_save_stack+0x33/0x60 [ 1413.239785][ C0] ? kasan_save_stack+0x33/0x60 [ 1413.239830][ C0] ? __kasan_record_aux_stack+0xba/0xd0 [ 1413.239862][ C0] ? __call_rcu_common.constprop.0+0x99/0x7a0 [ 1413.239889][ C0] ? dst_release+0x1b5/0x1e0 [ 1413.239917][ C0] ? skb_release_head_state+0x234/0x290 [ 1413.239980][ C0] __kasan_record_aux_stack+0xba/0xd0 [ 1413.240014][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 1413.240043][ C0] __call_rcu_common.constprop.0+0x99/0x7a0 [ 1413.240073][ C0] dst_release+0x1b5/0x1e0 [ 1413.240101][ C0] skb_release_head_state+0x234/0x290 [ 1413.240141][ C0] consume_skb+0x85/0x100 [ 1413.240180][ C0] nft_synproxy_do_eval+0xa51/0xd60 [ 1413.240213][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 1413.240242][ C0] ? mark_lock+0xb5/0xc60 [ 1413.240282][ C0] ? mark_lock+0xb5/0xc60 [ 1413.240320][ C0] ? mark_lock+0xb5/0xc60 [ 1413.240359][ C0] ? __pfx_nft_synproxy_eval+0x10/0x10 [ 1413.240390][ C0] nft_do_chain+0x2e6/0x18f0 [ 1413.240424][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 1413.240451][ C0] ? ipt_do_table+0xd4c/0x1aa0 [ 1413.240483][ C0] ? __local_bh_enable_ip+0xa4/0x120 [ 1413.240513][ C0] ? lockdep_hardirqs_on+0x7c/0x110 [ 1413.240550][ C0] nft_do_chain_inet+0x18b/0x350 [ 1413.240578][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1413.240606][ C0] ? __pfx_ipt_do_table+0x10/0x10 [ 1413.240634][ C0] ? nf_nat_ipv4_local_in+0x181/0x720 [ 1413.240672][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 1413.240698][ C0] nf_hook_slow+0xbb/0x200 [ 1413.240737][ C0] nf_hook.constprop.0+0x42e/0x750 [ 1413.240774][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1413.240819][ C0] ? __pfx_nf_hook.constprop.0+0x10/0x10 [ 1413.240857][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 1413.240897][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 1413.240941][ C0] ip_local_deliver+0x169/0x1f0 [ 1413.240978][ C0] ? __pfx_ip_local_deliver+0x10/0x10 [ 1413.241016][ C0] ip_rcv+0x2c3/0x5d0 [ 1413.241053][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 1413.241089][ C0] __netif_receive_skb_one_core+0x199/0x1e0 [ 1413.241122][ C0] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 1413.241154][ C0] ? process_backlog+0x3f1/0x15f0 [ 1413.241185][ C0] ? __pfx_lock_release+0x10/0x10 [ 1413.241226][ C0] ? mark_held_locks+0x9f/0xe0 [ 1413.241267][ C0] ? process_backlog+0x3f1/0x15f0 [ 1413.241297][ C0] __netif_receive_skb+0x1d/0x160 [ 1413.241328][ C0] process_backlog+0x443/0x15f0 [ 1413.241363][ C0] __napi_poll.constprop.0+0xb7/0x550 [ 1413.241398][ C0] net_rx_action+0xa92/0x1010 [ 1413.241430][ C0] ? tmigr_handle_remote+0x153/0xdd0 [ 1413.241476][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1413.241508][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10 [ 1413.241551][ C0] ? run_timer_base+0x119/0x190 [ 1413.241595][ C0] ? run_timer_base+0x11e/0x190 [ 1413.241630][ C0] ? __pfx_run_timer_base+0x10/0x10 [ 1413.241668][ C0] handle_softirqs+0x213/0x8f0 [ 1413.241698][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1413.241727][ C0] ? irqtime_account_irq+0x18d/0x2e0 [ 1413.241757][ C0] ? nsim_dev_trap_report_work+0x870/0xc80 [ 1413.241794][ C0] do_softirq+0xb2/0xf0 [ 1413.241826][ C0] [ 1413.241834][ C0] [ 1413.241843][ C0] __local_bh_enable_ip+0x100/0x120 [ 1413.241873][ C0] nsim_dev_trap_report_work+0x870/0xc80 [ 1413.241917][ C0] process_one_work+0x9c5/0x1ba0 [ 1413.241970][ C0] ? __pfx_psi_avgs_work+0x10/0x10 [ 1413.242000][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1413.242046][ C0] ? assign_work+0x1a0/0x250 [ 1413.242085][ C0] worker_thread+0x6c8/0xf00 [ 1413.242131][ C0] ? __kthread_parkme+0x148/0x220 [ 1413.242163][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1413.242205][ C0] kthread+0x2c1/0x3a0 [ 1413.242233][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1413.242274][ C0] ? __pfx_kthread+0x10/0x10 [ 1413.242304][ C0] ret_from_fork+0x45/0x80 [ 1413.242344][ C0] ? __pfx_kthread+0x10/0x10 [ 1413.242374][ C0] ret_from_fork_asm+0x1a/0x30 [ 1413.242422][ C0] [ 1413.903140][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1413.910074][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-11624-ge477dba5442c #0 [ 1413.920288][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1413.930393][ T30] Call Trace: [ 1413.933712][ T30] [ 1413.937132][ T30] dump_stack_lvl+0x3d/0x1f0 [ 1413.941802][ T30] panic+0x71d/0x800 [ 1413.945768][ T30] ? __pfx_panic+0x10/0x10 [ 1413.950252][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1413.955685][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1413.961730][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 1413.967170][ T30] ? watchdog+0xd76/0x1240 [ 1413.971652][ T30] ? watchdog+0xd69/0x1240 [ 1413.976574][ T30] watchdog+0xd87/0x1240 [ 1413.980896][ T30] ? __pfx_watchdog+0x10/0x10 [ 1413.985639][ T30] ? lockdep_hardirqs_on+0x7c/0x110 [ 1413.990892][ T30] ? __kthread_parkme+0x148/0x220 [ 1413.995979][ T30] ? __pfx_watchdog+0x10/0x10 [ 1414.000720][ T30] kthread+0x2c1/0x3a0 [ 1414.004846][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 1414.010112][ T30] ? __pfx_kthread+0x10/0x10 [ 1414.014767][ T30] ret_from_fork+0x45/0x80 [ 1414.019259][ T30] ? __pfx_kthread+0x10/0x10 [ 1414.023902][ T30] ret_from_fork_asm+0x1a/0x30 [ 1414.028750][ T30] [ 1414.032276][ T30] Kernel Offset: disabled [ 1414.037151][ T30] Rebooting in 86400 seconds..