last executing test programs: 6m58.534868801s ago: executing program 2 (id=2119): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x1, 0x70bd2b, 0x0, {0x2, 0x0, 0x20}, [@FRA_SRC={0x8, 0x2, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20048055}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00!'], 0x28}}, 0x0) 6m58.149926809s ago: executing program 2 (id=2124): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00'}) 6m57.696625098s ago: executing program 2 (id=2131): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e056c3920"], 0x8) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008000}, 0x0) ioctl$VIDIOC_TRY_ENCODER_CMD(0xffffffffffffffff, 0xc028564e, 0x0) keyctl$restrict_keyring(0xa, 0x0, 0x0, 0x0) 6m57.568231592s ago: executing program 2 (id=2132): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000380)='./file0\x00', r0, 0x0, 0x40) 6m57.255470144s ago: executing program 2 (id=2137): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000140)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000006400), &(0x7f0000006c00)={'syz', 0x3}, &(0x7f0000000840)="3e12d23d346cfdeb1716f738274bc1c03bee4423fa20837e6e86b86592e9be8351aabbd6e24f37d5095f839fa4a3507df4f7526f2440e7988da94ccd868dd8741d1e43eba0b67b516be14a8b51a75bfd611b2d7ae6a21d056c2c5116a416a76b1a03dc55ea62d43c809e0ed6e56163fdab317afd5c34d61436", 0x79, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha256\x00'}}) 6m56.200941718s ago: executing program 2 (id=2147): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="cd5300180000000000001f"], 0x14}}, 0x0) 6m55.547044138s ago: executing program 32 (id=2147): r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="cd5300180000000000001f"], 0x14}}, 0x0) 5m39.508329277s ago: executing program 1 (id=2852): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000003280)={r1, 0xe0, &(0x7f0000003180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, &(0x7f0000003100), 0x8, 0x10, 0x8, 0x0, 0x0}}, 0x10) 5m39.369521137s ago: executing program 1 (id=2854): syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xab, 0xe9, 0x27, 0x10, 0x13b1, 0x42, 0x76fe, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x9, 0x2, 0x0, 0xc9, 0x18, 0x2}}]}}]}}, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0x9, 0x6, 0xfff}) 5m37.989026002s ago: executing program 1 (id=2862): r0 = syz_io_uring_setup(0x91f, &(0x7f0000000340)={0x0, 0x2919, 0x800, 0x1}, &(0x7f00000002c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_LINKAT={0x27, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x1000}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 5m37.362876059s ago: executing program 1 (id=2867): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000002fc0)=ANY=[@ANYBLOB="7a0af8ff75257078bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce72d75946c2b638d91dbef661962239c77edf2d34b12cd48a1b20fb7dd8432619f2c50d77bc0ea9b0af58e6fff4942eb613eff289026d5045ef76d7d864409eb2dc9518a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5208ff0df2db761014b1b999a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be3cdda66fb977aef7c9cb92428ef25d9bf665bd60024c09e9eed544126fabe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e022034ac81fd48f9b7314ffa730017fbd37fdb23bc26992529402a520ef67e246415a6a8ca9d4aa797a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f00000000008000000000000000000000000040000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) sendmsg$unix(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0xd0) 5m37.073698547s ago: executing program 1 (id=2870): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 5m36.890472512s ago: executing program 1 (id=2873): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000845}, 0x0) 5m21.694877214s ago: executing program 33 (id=2873): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r0, 0x1, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000845}, 0x0) 3m50.224917126s ago: executing program 4 (id=3769): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'bridge0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=@newlink={0x44, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}}, 0x0) 3m49.976837999s ago: executing program 4 (id=3771): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000059c0)={0x3c, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0x3c}}, 0x8000) 3m49.801011578s ago: executing program 4 (id=3772): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x143200, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x8, r2, 0x0, 0xfffffffffffffff5, 0x0, 0x0, 0x5}) 3m49.545015039s ago: executing program 4 (id=3773): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000004a40)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x0, @local, 0x4}, 0x1c, &(0x7f0000000680)=[{&(0x7f0000000240)='4', 0x1}], 0x1}}, {{&(0x7f0000000740)={0xa, 0x4e21, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8}, 0x1c, &(0x7f0000000780)=[{&(0x7f0000002740)="ea", 0x1}], 0x1}}], 0x2, 0x804) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x9, 0x8}, 0x8) 3m49.347322606s ago: executing program 4 (id=3774): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000004000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10) clock_gettime(0x1, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x0, &(0x7f0000000040)={r1, r2+10000000}) 3m49.215521546s ago: executing program 4 (id=3775): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24) recvmmsg$unix(r0, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0) 3m34.131416348s ago: executing program 34 (id=3775): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00000000000000000000000800040001000000", 0x24) recvmmsg$unix(r0, &(0x7f0000000040), 0x4000000000002ac, 0x0, 0x0) 1m2.369115087s ago: executing program 6 (id=5476): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000e8f70000000000ff000044850000000e000000650000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) close(r1) syz_usb_connect(0x0, 0x4f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb9050000000109023d0c020000000009049c00030103510009050a00000000000009050313"], 0x0) 1m1.446339627s ago: executing program 6 (id=5479): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000400)={'#! ', './file1/../file0', [{0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xff\xff\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\x8d5\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80S\x9a\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x86\xca\xd0k\xb0\x1b\xe96\xedpm\xcc\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\xf7\x81\xf4\xa9j\xc9\xbb\xf8\xf2K\"\x86\xf5h\xf5;\xd2\xaf\x9b\xea\xef-\xd7\xd6\xfa\x97-*\\\x98bE\r\xdc\x89\xd8&\x91\x1c+\x15\x89\xd7\xa7ceT\xea`5\xf9\x88\n \xdcA\xa6\x10\x93\"\xa4Y\x84\xee\xb2\xf9\xa9\x80uf\xab\xb3\xd1\x10i\x94x\x0f\xee\x94j2\xf9\x9ah\xf3b\x19P4\\\xad\xbaX]\xbc\xbbTA\x17d\a\x8fa\xe0\xc3K\x959'}, {}, {0x20, '\x86\xd7\xb5r\x03z\xf5\xe42\xad\xed\x122\x9db}\xd1\xff\xff\xff\x812\xd4\xef\xcd.\x8b\xf4\xa71iQA\x8d5\x8d\xaf\xe1\xd8\xae-\n\x95\x98\x96\xe8\x0e^\x80S\x9a\xca\xbf\x0e4C\'~_\xd0X\xb9\x94[\xf5,\xe0\xcd\x89\x1c\t\xd0\xf2\xfb\xf8\xfbe\xb2\r\xeeI\x86\xca\xd0k\xb0\x1b\xe96\xedpm\xcc\xdc\x91\xb9\xbft\xfb\x98\xe2\x02!\xfeq\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x009\xf7\x81\xf4\xa9j\xc9\xbb\xf8\xf2K\"\x86\xf5h\xf5;\xd2\xaf\x9b\xea\xef-\xd7\xd6\xfa\x97-*\\\x98bE\r\xdc\x89\xd8&\x91\x1c+\x15\x89\xd7\xa7ceT\xea`5\xf9\x88\n \xdcA\xa6\x10\x93\"\xa4Y\x84\xee\xb2\xf9\xa9\x80uf\xab\xb3\xd1\x10i\x94x\x0f\xee\x94j2\xf9\x9ah\xf3b\x19P4\\\xad\xbaX]\xbc\xbbTA\x17d\a\x8fa\xe0\xc3K\x959'}], 0xa, "0002783348b29e7bcaf3e29c2593b929f38db16e33ea"}, 0x1f1) write$UHID_INPUT(r1, &(0x7f0000001980)={0x8, {"44a84c5879c27d2e1114045c46c906e43123bdfd143540dbc6103348defb281f070e482078c620b30d72d3732ccdb79ff12a12f7bbe7bba3789aa307c04ea3cd717831498cb1950969d35ea81f19b8c858678584cada9e25ad90c0d9f30b60b164c8cc3cadbc41f6bf779b393e07a709530805a1692944667601a6fbe14c9fa8a9d0599b86a809b5912d822127dab0844a50d08271317325dcde7299970a031eb2a44bc76b06a12a7358cb9a7668f07f6c02b9cf06658cf3e75178b8078bff687c52c4cd446facc0c0a03194c151fc133b84e2239c731eb1ff0c54ee37ccd882ace9bfc21ef426bce9f9a4711bcd06990bda479ab815f3d09e1ab90fa639740df9550cc1dc06f448498486c6955c220b0d2bc387801e6efd679ee3bfc62ce1f1904c0a70b4173ce5d4f9009412b9008c8f7a271e7d466ad1b0a3d794b7fde32cd6932c15f7fded6527208d5663ddeb7589cce2491541c7ea121b11da0308f4862a334df194b744f876586b72aef9b72491abb6542b36a62fcf0794241f930b3eaa80727db2b321ad85d1b1721f2053847ac255849d6f7c784314664df325314446347cd30df67291f9c312379dfc6c28407ef3883548b34a253d32fb822f963c3dc2e8f4683e3ee7550a6458f6a710aeb89ce057a503adf6a7ab745daf6f5296ff99a68953ebd42c64743f61349415bbacc2d9bb07badd7f51ca2f9d72327350c937b9c5e7b5601781e4db691698f4b40a139540ef8d9eb3b459b17949caa6278d471e175c0dfaee1b8409d71dd25a8f41e8fd05a11de78b0a4a833fa5af5da80c90479c5a1235a4fc59b9bd8e1f0bc353ae770bec70134f7ed1cc3789ff29301ed5255b0b9270d8fe167758a309ec25a9e7316127d5930a08aaa0496dd719bf32dacb2f1a4be9b3a2a37bc0f2d632fc68bc782e646d569a4728d972c1c3edc5fdab0be2363278e64ba1bd8566abed8aabccb946adab1b2022b99d0543fdadd0f00cbaa045763e73c1c07770022939e9454263511eada4b5e8fb0645a49650ba7e113866ffaeb83f2429cc9b3860f39de7d01b17bbc711b00bd70ed76b37b2c760f88a45c1a8e451d81c64a50563b1e0538207bf2b74a84869fa9de2f516007006cfe0dab09c4e5e53e6ed73ca46dde1ab706abb8a7abef9fa707341a3f555077900aa1bf9c8dad084aebc9e0dab486982532b00b24ee2d3bfb5685ff7032c051960705412e0b95cd404986294ab0b375be15da57a7a90d777e2d63e8585fb7d72b457e57963ba6704093eb3026d63a9395af94975851d9a57793732bed502089095d16f2b52d27ebad57f3d4fac387691dff52123fd1d8a015d7bc08e5b3218bef8bd4efef2a492788d2c4cfffb223f7ba761e5d7eba50e7a55e596030e68e36ab7bf1605405a2a87996e2666f81aca7cd495d6d67c26fb548a77bfc16aa53ad163a3290e2e590a741d0eabd3d760f3465380bf8e75f20a8e0a17e6d59ba0efa23b776ffe6a5bfd53cd52938a05c4b90de62785dd5e93f509c7449de21ddcdd7b51f9bea75ea7236e3ad1a7d5b8b101c952bcb2d6d7472b9ab34b2fd180fc12a13c1912b5136664b89a1e7ff8ecb73618aea15fe2b1936eb5857ee12d3ad2997e79f9b9b27569ac5c80b9f311df153c656fb9f90260efc4b28748e46260166f3a81f7545cab2919f31037c652ca9956b708a1bde03ea2504f860c083d79dc574cb63b01b493d51ba179b61fca7b80dc00ef5ae42391fdad3d19d69a2319ba551a47d77c30c09f47b1f515d76c360bd19fe2e524835bdaa153600b2fe953bd187688b6cc084e63729d1110de6baff550068ba951d5294e7bc4112252a981a8500000f4c535cce8b4ca057b1a100e85e531068d961ca31f44f95912f72adac043ca454d2734959eb71fd6637cfed6bac3ae9668b585b80eb2fb7d113cdf888011f953987e5bbb282048fe59519283614f95a8fc45865d5bcf5e567d1395f95dbe06f88951fb300fe654a3f949280b1c7d09e9358334716f631cd0c25ce966e68e3c0f8ab3c1dd3073726e265590abc999c36581a9a33f7fe8ce5c702fc97ecfb2b7275cb39e9a9b7655e7e8a1b448b03739a95cb67c446b4cfd77b73ba4c5f8f29058d4d348ddf801b77bccd80887c2f4af14904d014d5bf6c1e928d4ac6f3e9b677152117755da9476d29e5bdc22c94ff76ca9dac925d964d018d29e399dc8b349c4daa7437abcc708f05d224dcbc123f861e6cbb1dbdb6309af9c7e2878f2ef9cf11c92d676cda6de677f79ef45a43c18601b23a35b91f242979624e7a3108c2752c076e3dec283cf0928e4143f7bc6647a1326f34ec5b72b5fe42eec3272048b0d18faafe25bae9cb1ea07195ab26aa42d7e66b08e2619ae9840db6605e997ce03a8dce2db95dd9ded7797159a67b0e1f9c2618a0908ca27be9df8d68cbd6ad5dd7737bc09a33883eddc681b80b5e86159863e64320850fcd3c916dc86e12fb132630f2be5f1c7cdb66bc91bba015d624a52d63437a2aa8900602e391ef7fc75a768edf82a674f07f8af7a9e46c6f6a3082f324f19a62a1b83dbdcd4b9791606336d5d6d9f417ade86389c1aba7ac8a2a4a9fe384028f9e0df8a813b0720db6ad0dd178c51238c591f8708b4334a92d18215a0eeb0182007ea9768ccad5d1ac5ce2c247206cd2e04527501d4dcf41618d0a395a0325a8694f25bd266bd907cc7583f48f3dc0290bda67af53d7217a30a19a3349dce265408afa814e1d99e7db0f254b2fc4e4646f011153eb120c8972e37b82d95f18e905baf2a572095ab61037a771d1cb32a51c9800f2f7c37dc5212d122fe9417d8028e01017262783ebbe1eaab826f74195df4f51cf221f804eb18e7b698819a490d978f13542f01483e6dedfd14b364ab1419b056f0d902b7bb62f7500b2c771336ac772778f96df87d1dffbccecdeb90fc1204248f2485f1b2c063e9eaa2d8eb3ef296c2dd6212ad0a217678f1dc3142df75acb79309fefbd0effb1dde65e748e47581f33378f3cfb10324938df5c9458ff3a545748a96fd55866fa8f64a4c6b9e47d7f1ae9f9c8f3edaf278e7105df96276f215a99d27e089ddad23f124ce3f0b405925a26d2f62b49527ac7aab6b7505bb872898598616b6ddcc16f80d8d4088dd8636fde2c1acf0e9efae9c0c57745e9a83943f969c5c10db16a06b6be16b55b1aeaffc61ee3c68602bccd2e0efc674b378081acc15e3e3e95f515b11958ec7f634d183f70a90d3eec1c498741778e7fa0f2728ee97b22a382f4e881ebc2fd2d2b6a92c7c976c8d98da2e0c14cfaf972388e043f9ae555ad6a43e2000d53c8dd0dc1a001506b4a3e5237215cf93a0b9f55d5fdd97646f0f54734dac297edbcbdfd5dbf0b101fb717758e81509cc374fdc24fc91793eea72ba3357e3a79cf36113ce811a2d04ac0488f4cc16958bc6492580730b68196531e283f1b0273857da41017450b0be024b59bbc5b042475b982bc762dad6b8c13436abc79b2bc48b7cef53f0f446b6a1dc840af188ffdbbc45da52880ad9d6d8c4c08d854fcf66dd0950f656fafc271823691b5f94476d7128fc2ba3ec6e79924681035f69a10743ce235c8ceaf46a9394d63d124da957dc7ed90b7382a3c0a1bf0ba7ef598902a7d496256647be9af8b5a4af4d6a3b480df953e2e6256459ea7f5fbbd8c324ecd13e9824fa43bc386a36448227ad9519333082edce3cf919f2cd8b9bbcf4b018a1374909b28edfe0a2ddfc52880011d493f47c35c6b4f369bc5d69c863148d1d03e3c7049df5ff72bc0772760124ce38990566385da69f1fb76c6771de6fef80cab8dfe85dd61e162486a85a75cde26a18cc87f9947e4fac8ff24676992a978b2bd01a1efbdbcea569c558ca38bd6471547e2235c77b8b440b284b2d003bd56a79041ccc0127a66914b2b7387495adc8c954fb669ff321ddb0f5d18c0c83628679b28222ce111cd02d276e2e7e0bd5160dff564bf5e6710a217060ec351fdbeae0b9050f08564450b08baeb944fbb0fd6142582a64fde41aaad4cc441ab94ca69ebea702de4814a0c14aaa2b8db9b3ea6185b6a13fc7589f1b539696dd384323e129655370c5468aede18e4f34300b28009b477031a125910adb0d4adaa6bd41a765ab2562434c60f7553897d478e43db5266ca74796a355cc93abb09701fa0ac569e1803973ad54c29c90da86ae038f3ac0163fc5f53a8d2579faf5079f4cbd36f8a262ea467f4a1e074a2f8ca3f7cedb08f516b0751ab81824f8afaedf5a57d2684ca44ff57f3748941d174495c79bb49f8490d86a410b9bf736a8e99cce04a30b5670b750b2242809b0963d4fcabe1fa579e5fca4c9dd0563d236c9a9d06093fc5246403c9d12e7a67b517535fb972fbb0c8d19e22c1c157019340913628e06b138ae246025fc3e13f02cd96127becf9bea4bef4dc1a6e7434d0a952ec1f7b884e2438b3332eb33f291a8e386901fa2ba34d8d61485e84af8887da8bd33b3fd96c1aeb8f03b1e47ae8a5ab516efcb3afa48914ac79c36e05611105bf965b67b4d4b67eb03ce0e8c1115d35d2d1b2d3b4856afbc338d9f214e384cce36c7a4c783c9c8cda5d5dd6b21cb83f51873dfb2b22e6817deb03ca887cfae4419c1fab2a20c930cb0e7d7c08a9af9d37c17f35d38a0aa4bef1436a4b005fb87331692549487e166f68065924352ac76cb06e6d12a05ebee06fd42166f804ac0d4dbf68f39c474c0cb4a33a35d2e0bf32d1a24dfb5321ac1cb80a83a32d37c8d4a9f749b4c870db5c04b41cfcca98ec9b6dc2ce30218d8a2463ed5f10fa0fdb03ce8a07052bdb85c0b1eeece5671cc166a45cef60ed0d82afc3e545c94dec7c8bf7171d9a8ca3d2f1a643574f9b2cd7959bb94f555c125ac9c0ae6f314f3a51301bd8e8ae2fd26d95e675e808a829eca0ee3c63c32ee8b2f43a3ea6122a8f20ba050fc56a09cc77503be7a80b09d6d7dda5fc73f0ff4fb69f336dfb8786ca52ab35a1b455ed790ab633ea792e01fa426295676211e4a5429b005b46a6b3a32fbcd87dd5d3fb9da1df843d7d3358a8caa8ac350536bd34cd7a084a5de8d38594bc2893dde748cf0326e511b49619f0ceeb8a3b6fe845074eadb8362579c0cdcea4e84ed8d2c5a810f4103c93d574a181155e654141fdc5f77f6cce6380675932a97bb7f383a73cf29546a66dfa2a6dd4c7bfa0846ea37ba5d25e92352a18c3a75e6cbd8cb49551015c70f25fad8e554fcc356a02ce535e31f5b3779a68d2dbbe0dce8c2462e03e686d19849fae341cd073abf8d2a742dec739b054fa1ce9517cd8c059c4a1f757abe612fd6dcf2cb8c799cc0f3b78a7972dbfaeb0872092e462bb08d5c5e01bdaceba5127e8e43d221bc197e95168def225848991efda3f17a9d8cdfd2c36c853557f8be91c6803f985f16fac225b4ee760daa9864250c8159c3712e8bd41c33a0f2ac7eefc7a9102e72bfa13bef0cdda4cee2aaf9a31810e325afb256590a175c24d1b243ecf296e0590241e1262dd6a5702378a7794253d14b28e83be89b014356f85b5e298bb2ec5e317e8ca93e2561d5269681d55fed66b2287189410a5ff885a7588c8080ad8067900baa8dfe6317db95704a57cd54739f9b38f2edb4f2eaa46b9d06464f1bf772bc09ccc55e06a52cc4a78a599be0f109efdb2fdfe72d8af79189d4a5129aac82125bfcab1bf79f77fdb58c6bbbb9934bea0d999b81c8a88d402f5f0124d6a7a0e64482b11f266a49f68b069282e8e62379a8087713b3c981c0a619a97f", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd400", "9001001c551265406c7f306003d8a0f4bd0000000300"}}) 1m1.065021465s ago: executing program 6 (id=5480): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000200)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000040)={0xc, r1}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x1) 1m0.803474245s ago: executing program 6 (id=5481): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000040), &(0x7f00000003c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50) 58.906754224s ago: executing program 5 (id=5492): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4) r1 = socket(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macvtap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000080)="330320000a00140000007ef52f555f2a0c0900000000000000f786dd3baa4b1f0f858c4632f47042195e", 0x2a, 0x40008c1, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x62, 0x6, @broadcast}, 0x14) 57.084818451s ago: executing program 7 (id=5499): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='westwood\x00', 0x9) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000400)="89000000120081ae08060cdc03a6000000000002000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100002400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0) 56.744677571s ago: executing program 7 (id=5500): io_uring_register$IORING_REGISTER_CLONE_BUFFERS(0xffffffffffffffff, 0x1e, 0x0, 0x1) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000010d804dd000000000000010902240001000000e9090400000103000000092105000001220500090581030002"], 0x0) socket$nl_route(0x10, 0x3, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0) 54.677690488s ago: executing program 5 (id=5501): r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xafUD\x9dA\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000980)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) mq_unlink(&(0x7f0000000000)='eth0\x00') close(r0) 54.4785534s ago: executing program 0 (id=5503): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) write$binfmt_script(r0, &(0x7f0000001200)={'#! ', './file0', [{0x20, '\x98\xe1Cvg\x9cO\x16\xc0TC\xe8\xb8\x91W\xb8\x84\xdf\xbe\xbd\x8f\x81!\xf2V[\x03V\xba/\xb9+\xd2\x95\xe0t\x0f<}T\v\x0f\xe8\xae\x89\xfa^\xce\xae[t/\x12\x1f\x02\x85\xbd\xbc\r(\xfd\xf2\xeeB\x12\xdc\x06\x1d\xd8\x86g\xcf\xb6\xde\xeb\xfc\xfc~A\x95\x8a6'}, {0x20, '5\xed\xe9\xe8\f\xcb\x82;\xc5\x98\"\x1c\x8d\xbb,X}\xec\x9f\xe5\xf0\x1f\x02\a\x0e\xe09\x17\xa9\xdbXP\x94}L\x17WT\xc0Rc\xe5\xd3\x9a\xcfGr3\xbaf\x8aS\xc6Q\x16\xf4\x9f\x02u.\xaf\xf3\xb8\x0e\x85a8\x03\x02\xf4\xf1\\b\x1ew\xd4F\xf1\xf9I\xe4\xca\xb1\xa51Sk\xdf\xc7\xd2\x87.b\xb9|+\x9f3@\xdfs\xa0\x01\x8fV/0\x8bo\xccQ\x9c\x9e\xae!b\xa0 \xea\xa4(C\n\x96\xdf\xd2\xd6\x91\x90\x83 \xb2\xb4\xac{\x02\xde,Ff\x98\x84\x16\x1b\x96\xac\x9e\x17\xf0\x13\xfa\xd1+\xcc\x19\x81ZZ\xa0\xde\xeb\xf3`\x0e\x87:` \x1b\xec\xc81\xb7\x91\xfdcL\xdcH/0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000001c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fbdbdd254400000008000300", @ANYRES32=r2, @ANYBLOB="1800700004000700050008000f0000e704000100000000000a0018"], 0x40}}, 0x24040890) 54.103148921s ago: executing program 0 (id=5506): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x8a883, 0x2) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}}) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x6) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, 0x0) 53.816985438s ago: executing program 3 (id=5507): pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r1, 0x0, r0, 0x0, 0x6, 0x0) write(r0, &(0x7f0000000240)="fe", 0x1) sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x14, 0x1, 0x9, 0x101}, 0x14}}, 0x0) 53.560943605s ago: executing program 7 (id=5508): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000002c0), 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000280)=0xc9, 0x4) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001b80)=""/4096, 0x1000}, {0x0}], 0x2) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=r0], 0x80}}, 0x4000800) 53.559176837s ago: executing program 5 (id=5509): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) sendmsg$sock(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) shutdown(r0, 0x1) 53.189247363s ago: executing program 3 (id=5510): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000080), r1) 53.036706406s ago: executing program 3 (id=5511): r0 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000580)=[{0x0}, {0x0}, {&(0x7f0000000180)=""/117, 0x75}], 0x0, 0x3}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x2, 0x71, 0x10, 0x69, 0x3}}, 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES(r0, 0x1e, &(0x7f0000000000)=[r0], 0x1) 52.88079791s ago: executing program 3 (id=5512): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = eventfd(0x0) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x2, 0x0, 0x8000000000000000, 0xffff}) 52.731068147s ago: executing program 3 (id=5513): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0xffc8}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) getrusage(0xffffffffffffffff, &(0x7f0000000380)) 52.379254153s ago: executing program 5 (id=5514): r0 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000180)={'#! ', './file1/../file0', [{0x20, '\x00\x85\x95\xf1#R7\x9f~\xfe\x91\x8d\xc9>\x8a\'\xb6\xc8\xe5\xa8\x00\xeeU\xa4\xf4'}, {0x20, '@\x1d$.%{'}, {}], 0xa, "0000783348b29e910024000029f50a8993360100000000000000137228b60a0fd94415ad24ed37066498a2e1fed31075654e1b44cec7543fb562146903f434b5d6957398b43841d87d000e28863c057abb20db364524f96af9fabc4777fc7aeb7cb194e16c00007ff4d8c1549b48eb44ad378a000000000000"}, 0xaf) write$UHID_INPUT(r1, &(0x7f00000007c0)={0x8, {"dc5d3b0169633d3eba3eabbc09167be55101d4af4b22a373236464d2dbfaa84399b77bd438a54364a7ebc5bdaab4f9decb7c044318cd59a0af8279bcab35dd7daf7a0ceb381df2c32eff45b13e2c8f40e1895355bf6f165200cb1ca41a155730ee2e9f83183f9fafe029d0401b0770618254a8b2dc87b630072b1e2de160d1afed51b74c14b71ec1b226a324482d14ad586b1a4ce80e458fe45244c01eddeddf3564af838d6d5324f8a77023d6eb7aa14397a0e1413ea1c3dfdf063a35b709e627f36fe403ee3117365be5017682f53595f28543062c740a94a794312f5cebc315044b8ea000a5d0f27812ab0ce149d11e6f6f7620c5f3e250bf67d13a1ca39dbb7b8b5a31e3d7ba7ebe5849a7a09b61fc9f2cfc54b89e9cd0105bca49483ce55e0187ce2ad692a18219d881057c838587b915337169ee054655f26a04df913a658fccbf4def6aad750ca4796b74d322c67e9d4ee6a530a22dcc35db850b424d6ec9f62495b9f9fd2b000feadd57d26dbd505798c208d91eb0aab0fd97537631b8bf81ce0e2241c4272be4ff69b390e4485d574146b76d1fdbf7fc5334906805534cdae1e47240af7761a18fc8bd0a694be47529da98bc0f98eb7db3fc4a74cbb6e486f4de90fbf2452e72c2e1dca44543ad9ad094b8bc861eef1e814662d0b350339e3a510d459c6f83aabd5fd3dcb38224056d761e7df9b482b9905f1e2135c1929be328ecdb69c007a3efd548502c83106f6df1ab1178fac499eda92ad4373155227ec2df150c919d322ecb3ea37e659285f18a3e2f79b59900ca438df3a1381380a12d3ad7678e0a8d3bdfb40651389b4ac8c66138d442d70eafdc2df8b080028006b124e4ebe0d9883ef100f1934e42794146382c1d628fd2ebe5859b6c243824903d056d800975675bb1913142adbc039a9c68c2f146a0e8903447313f5e5549905f397a9b1f21a93b80c4d04a8ea7a29a50fbc5407a9305bba420edf898ea678d6879489c39692c99bb6dacf61f5f97637b94c1031d635b5423b38b9196fafaaf87b2796eadc21466af5a10281e6a808748969d29efb444c99a4cb2111732a792dbca4376a125a68f7cdac065cc6173dc21caafba48c742d9a7df2f771ff2f5725b22c247d4e0c6106f9f5f6929b69929ab37e9a9b326ce618bb702b883b12026f1300f21f2c7440cac8c5f1210a78aa067211d2827f5dcc7578252c2ccc3f67bab9d1bb6939b21b550788ef550acfed4bf50c0b4fb3ca4d2872ee64f95d611a317d9daaf373a10d868680b2226396c95fa2b0ab4d6fce06c3b42cb97d17a7b5089061537fdeb1a53040869f7befca330358fdba86754fc2e46c2113e1484cb37534af8f0408a7ee313778dab49f08229964298f847ea66c4ec319f64b6a12da585bc59e82e0263c507b397d3efee3b4066f4d25566aa1549f6185f6375f84b65fa8945148b90430c86a5b6fdf58d5c812b98d9dc621fd9a3d9f1a577495356516d1cbcf5e8bb8923b54b247225b9c3892b18a9e137f3620c734052af9dc8f1ea36f0d4592d5ee32e35676a84dc891f97456f2ac3a4ab58a42bcdc221a4ac8bb28d428add2fcbe5b110a8afd5d23b31e827bd16167b2d88cae024afc04a722ac0b4d45c52512e6b6f102aac4be21bc89ce246539048370553665b0a4336a6db99d0d19399be6437bf21419304331b4342b2c1db580f0c9bf681fdb8e9fa3e025454197bbc82ef93ee2f385660818ec5127080675a8013766469afe3b1e36e81bf2f04c3a26eaf4517551e734d21ba3bc90e48aea0891792970c39f3f528397e9b7ae190f1760fe5960dc763ee0a17939c60bfcac0a8914be82c749e4fe85d1ac5fa733413468fb8941085e8c4d6e0b6d1e62e20da58440facd640ddbb6c1f694b3ca48757a34c5a11668368711a1d4f3a81d31ac30d71277d7ae77882b6841cfa6289e6cce84a3ad57eeb328f831888ac7d3cfcd3a472a48d903f20cec8c8ae8d0bea04ebf7413ef7693f8ed876e49bd5f89d7e1078208ff62712e330fc0341b9ccf26845578d44b1e0c66d1bebc14742baedfabb8e9a2c8f42730360c72997efe0ce786ff330c2eb6e0ff20896f813c2a515ce76f826c11a1c1588eb369231ddeb4a2f9f9591ecdecc74d20aeb50047beb3ab89a9e4e1b805a20b645c79d0bc5d0247fab8ba46a97a07630b1f1cb69b42b568af746733d2c581f057873d64fe6e659b00b4a26745f5fba1fe7406a86b007936c7cfdac53a4c5b0ea9f6604863c8e3f174eddbb09175f6e13cda9a860cf400ef9ed02b895502ac6e6de6a658249c3c6e8a653517eae2231e56e0f120547923c6549ebc1ed14c623637ce3d96af5c93a32e58e2d9659d8b5b145888b52d9a5b5cb3cdf594eb137bcef2ba068cfd2c6ccf7ab6e5b4ec55e9197bfb91c9b8729f7b50cf0b0326f7ea3e712c77674d48545ca2a86744c3c38f149d69cf811beacf7e5f49c7bfba20f1dcf3d7bc0b9c796016820a46495d244c9606a06fe2e14233eda78d69ae4523ad7b708b0c7ead44d7fd376fed60e3cc2ee25e9600adfbe87ac7c8fb8269aec9459602af0f420becda6120ce7d9626c65ae7f860639e8bf664eb4301ec18add0e436c0356c12ab6b4ca35da2b43c4a8c239fd0b59a2ce94843cdfa1667053165053633b062844dbb0d00070fde74fa3178eb5f1f5fd02e2088d8690379f39ab22c080cdcb29d700bac74fabd8a356fe99afe83a5d99aa5024e9158a299eda6c99b6701e64f1d68e7e2c0c6e88396bb535a02d0948f0a250a6e090041c96d9c9acd6134d44d516fd1010c39e572b86b05bb1326a2a4f23f11181186f9c2a01dc7b58c0129f4b851ca9b1e3dc35db7364e29ef646211796b1651511e041345abce427fa5d6e48b8fb078c8432061a4cc518a8f2a2caf709a5c1473a62112a6650afc64eec12f8f9c08cff1b6fbf7a1209fc8661f62303b7c5d49c1d0b32a9f37e81ed9ab6193816d40995ed49c10b9f5752e04d57535a3d16f06c65d32846c31ec9787ec4a965679eb804e86b45d007f38d8104550770dc6f313bc846e43a14a8c21d0628c744e3e83cb998d1b7acfe996541a8c03852dadf9326444c582b481cae844e4f3fe3d638903b38f24633b63adbad841ac6c4c1169d781a0e271e8a967b1c7e986fcb3a66168e86e3559a44fcfa92452260491da9397659af60453f4cd4be2d15439445ec2b4366a79d3283da912d9d499df1242bd174edc235848caa21d2c997aff0e95c7e5cc0803c90fab84e7be7b37909d0e2f3bc9974e3388acb6800baba183ecc8eea8c71c0d65d669e41f99ceae523b7a6b772f3b8ebba1d2127ccc3ddb7ddcb4ec73cbdc26fc87c3848e258a0b5484d3a13e40ec4e4a65dd92f09e9fe1e3e2f8b96c4e363aa3683860dee62dfcf8823ee4a3593a092e0bd9c4cedacf44a272faa164447b01f46a7795642a40c61b0034a37f0e9b792428a0ddcd144fe8263088eaac8016f8f1cd30b55ac90a8f10d785b7570dd9e639a4a068d3fe98a420b9f72e79de817f676c2a224300d749571ad43f49d1fbe838f4566bc7b5f104c384ad87189213152b644d9fcbdf98bafeee569d640ce9045779f1d90024c023a7480a358dee276fba139c14b4fdb12885240903d0e61dc161659a68f62c92b899007e0f2b65bf0a069e9e57c9b6ae50a3b30dd1003fb0eead73ae2f6010b3b356b4060579a4f29935e1f00c01d12e5f44e8e3163d81dfef7ca8560604240c7e96e4454c6971614df306c768121abb3f628e3f1d2d026f58d1087334c5bdb74d7c949b0ee66a4531ba4e9b922aee3d0f802ed034734507a5913c52966f1f8bd4577840de0253aabc23299dced2a299859c07af9fb0f9c29b6533b9d84d471390d59ab315f5ddb226f6b8dd7889295f0fb1f7bd1adafe4cc520a1e84bf2a59d5b9795aeafc8d6fd66a8228aba8653b98622617ddfeb5d6795c9bd2f35d4a0c386e862675a50e3314c3fbb17aca151c13c7fc8b1d1b72ed0a958537b5ddc9e74bddc2b9571ec3f2b7775b125338d4852a75a63941564c65bb36dfb6bea4aab1ae7a4f285c2177aa98406eb2cc10934aa92d5a9612d4455c84ad200841d289b5c2d5deab0d8e2459598ef183d3dc47f6bad0b9513710600cfa4d69fcd5763cdcc4f2c2b7cd7d4491fd52f4aec82ce846c0988f6f0123e21e900d39c61085e68c9badc350b44004f6c042d64b0d0cbf91ad0592b198f1eeea1e52200bc8e6d62848d6884b10bdde72466039da488be6b340c23148f666f2fe6e032c07dac43586df182aca9116f4600313fa8375c76337ba86bdc391dae6450218f58f047ced64befc6bb5c2a60024669630a6279fedf2fe45e7e19ce582ad96ae0d023eb9b39f5f1e666e73bb038ae38157275be5eb3e7cbc8b05adf53e817646bdc2cfce98e5d162bf7faaca787db8717ab8b27b9e35609c5fb9fe9def07f010df8b43cf5c96851eadfdeff0b7bc5826e7e15490ae9c3d14166ee81bef007070e7981235a673804ad89943ee6b51ac63364f7870e121e6ff23a0c7d179527cd58dd7a4ca37247c2bd9efc79b720bb1ee2d39862e98cb81e93cf5b48d5d02ee8ac737ab504c867a1c49e678300803c94fbe978dea918a1e71b9791ee1e4d30056e86c26a4675a8b090be2365c0b451a13ece52a89a7057fe2052e11c6666eb916d823ea66bf217c320acba3b714910734b2d27c2fa586bd7f7664b0d1422adabad2ce2afc10270057f11940fac1a51d023ce48bd04ea39b7f99381b239fd0ddeea0dce7863ec1f8f61775013b6414ecf86e686a340a3148f87a9d7d60a1f2da53436d16fc88d6a4e7c3d55e0dd004cbecc15a5558eb705d82aacb1862ddc251dd5d9cbf1d78f97900ce6e8dab0ea678cb823bd1e7bbd1e927841af08f5427878c19f4f322228f9b36287fc13e7c1293ea875ae73815e052d6c2ebc40df8f7b9d1f76e0b10e35aa160944983d8e6b790df0d9b13f3460657336d81f7d83c0350324b930ec9c7557ce12887f76372e126f504b0980fea27f31a780c05187b9b5353dafc6b101543b24332b96e15bc26b19062e52fa9f86d260ee3a3bc92a133e328407bb85357ee5c45cb87228f44888b14941b5911b050e9319fe88033f830a8490917a9c0572ebbc5492b4e1083a2e3d77215a34abef947b5b9a950e780662de18873e55899c92db3ad3d437e8407890afa6b0c04ef861b8bc85fbbe1bb67b3d9ef001409f84b8ec4f01d861cecc143a805b981ab5cf5b605057b63cb2c84ec358e510a69cd8c33a8a62fe4680d0c980145cc709157832bfaef261cb0466c237376ca2944ce9affffd4b1dc7cc9511da0b34bffb9ac216fb8cf7c6572d95627787720d1ba67c6512fcdb16f6329e9668681c404efebad559f81f05971b5efb6b4cca97ad0346753cc0a40a877242d8a808c602b03dc962cee38e646cb18abb079c70d357c30738a70f55cd3c5956a83a1bfcd6649dd765f16bfe968066345df7380bbc0c16b3b5af513d6458c791343952f33a051c5d711c1f35af1b47f3db9bbfb5c7c636b3a2b52805d606479879be0b404a28ade5649a3185e0f85a85fc15cd824671c2befdd0da509597c87d869f0bd7ad163ad93ca28fc0c4025eccaafe385ec3fc06c54ebcd7b07b6c7e0197c5b9ef886159a1585ae45248f865be760db6f5bc8f868fc6aefd04e34ecb51159e4cdcc2214b42b1ca9caec13ba3e1b2e7a3c736977b226213d265c2873195122a9b448088c8b50edd549be41c38ab176807b75e7267f86e4", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc5e3ed1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "9001001c551265406c7f306003d8a0f4bd0000000300"}}) 52.211542618s ago: executing program 5 (id=5515): ioperm(0x0, 0x3, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 51.1770316s ago: executing program 6 (id=5516): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0xc010) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 51.10113398s ago: executing program 6 (id=5517): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}}, 0x8000) 48.003251069s ago: executing program 0 (id=5518): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f0000000240)=0x1, 0x4) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0, 0x2}], 0x38) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000580)=[@in={0x2, 0x4e21, @multicast2}], 0x10) 47.880188727s ago: executing program 0 (id=5519): r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000500)={0x0, 0x69e5, 0x10000, 0x0, 0x33c, 0x0, r0}, &(0x7f00000003c0)=0x0, &(0x7f0000001040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000200)=""/9, 0x9}, {0x0}], 0x2}) io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 47.795871423s ago: executing program 0 (id=5520): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8) 46.764739062s ago: executing program 0 (id=5521): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b40)={&(0x7f0000000100)={0x2c, r1, 0x123, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x5}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}]}, 0x45}, 0x1, 0x0, 0x0, 0x2000}, 0x0) 46.512595259s ago: executing program 3 (id=5522): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x80000001, 0x0, 0x1, r2, 0x3}) 43.118605888s ago: executing program 7 (id=5523): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @broadcast}, 0xc) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0xe0, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 37.031409989s ago: executing program 35 (id=5515): ioperm(0x0, 0x3, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 35.934086434s ago: executing program 36 (id=5517): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="adffa88800000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}}, 0x8000) 31.496383144s ago: executing program 37 (id=5521): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000b40)={&(0x7f0000000100)={0x2c, r1, 0x123, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x5}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}]}, 0x45}, 0x1, 0x0, 0x0, 0x2000}, 0x0) 31.005479189s ago: executing program 38 (id=5522): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x80000001, 0x0, 0x1, r2, 0x3}) 29.599997278s ago: executing program 7 (id=5528): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0xf93, 0x80, 0x8, 0x5}}}}]}, 0x48}}, 0x44080) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x34, 0x24, 0xd0f, 0x70ad26, 0x0, {0x60, 0x0, 0x0, r2, {}, {0x8, 0xa}, {0xfff2, 0x7}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c040}, 0x0) 15.130717793s ago: executing program 7 (id=5529): r0 = socket(0x10, 0x80003, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffde7, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) 0s ago: executing program 39 (id=5529): r0 = socket(0x10, 0x80003, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0xfffffffffffffde7, &(0x7f0000000480)={&(0x7f0000000080)=ANY=[], 0x78}}, 0x0) kernel console output (not intermixed with test programs): t 1(bridge_slave_0) entered disabled state [ 449.083959][T14779] bridge_slave_0: entered allmulticast mode [ 449.111321][T14779] bridge_slave_0: entered promiscuous mode [ 449.120974][T14779] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.121178][T14779] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.121416][T14779] bridge_slave_1: entered allmulticast mode [ 449.124240][T14779] bridge_slave_1: entered promiscuous mode [ 449.180598][ T5903] usb 7-1: USB disconnect, device number 10 [ 449.430727][T14779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 449.458323][T14779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 449.675162][ T5848] Bluetooth: hci1: command tx timeout [ 449.703970][T14779] team0: Port device team_slave_0 added [ 449.727642][T14779] team0: Port device team_slave_1 added [ 449.932124][ T5849] cgroup: fork rejected by pids controller in /syz3 [ 449.962942][T14779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 449.962958][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.962981][T14779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 449.996803][T14779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 449.996819][T14779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 449.996851][T14779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 450.045151][ T5969] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 450.148422][T14844] netlink: 201392 bytes leftover after parsing attributes in process `syz.6.3693'. [ 450.148447][T14844] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16) [ 450.148462][T14844] openvswitch: netlink: Message has 8454 unknown bytes. [ 450.214808][ T5969] usb 1-1: config 0 has no interfaces? [ 450.214842][ T5969] usb 1-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 450.214861][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.226976][ T5969] usb 1-1: config 0 descriptor?? [ 450.460807][T14837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.461168][T14837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.519893][ T31] usb 1-1: USB disconnect, device number 34 [ 450.612164][T14779] hsr_slave_0: entered promiscuous mode [ 450.613573][T14779] hsr_slave_1: entered promiscuous mode [ 450.614591][T14779] debugfs: 'hsr0' already exists in 'hsr' [ 450.614613][T14779] Cannot create hsr debugfs directory [ 450.766492][ T5903] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 450.927542][ T5903] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 450.927573][ T5903] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.951265][ T5903] usb 7-1: config 0 descriptor?? [ 451.015080][ T31] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 451.185074][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 451.230934][ T31] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 451.230961][ T31] usb 1-1: config 0 has no interface number 0 [ 451.231007][ T31] usb 1-1: config 0 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 451.231036][ T31] usb 1-1: config 0 interface 1 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 451.231059][ T31] usb 1-1: config 0 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 451.231080][ T31] usb 1-1: config 0 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 451.231103][ T31] usb 1-1: config 0 interface 1 has no altsetting 0 [ 451.231136][ T31] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 451.231158][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.316413][ T31] usb 1-1: config 0 descriptor?? [ 451.555986][ T31] usb 1-1: USB disconnect, device number 35 [ 451.566693][ T5903] ath6kl: mismatched byte count 0 vs. expected 12 [ 451.575300][ T5903] ath6kl: Failed to init ath6kl core: -22 [ 451.600879][ T5903] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 451.765219][ T5848] Bluetooth: hci1: command tx timeout [ 451.789672][ T9] usb 7-1: USB disconnect, device number 11 [ 451.918909][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 451.950325][ T5851] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 451.951798][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 451.953520][ T5851] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 451.954304][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 452.264809][ T1537] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 452.773075][ T1537] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.145532][ T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 453.297610][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 453.297652][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 453.297691][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 453.297714][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.304264][T14879] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 453.320311][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 453.373012][ T1537] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 453.533899][ T9] usb 5-1: USB disconnect, device number 25 [ 453.835202][ T5848] Bluetooth: hci1: command tx timeout [ 453.892641][ T1537] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.080508][ T5848] Bluetooth: hci2: command tx timeout [ 454.291075][ T37] kauditd_printk_skb: 2896 callbacks suppressed [ 454.291095][ T37] audit: type=1326 audit(1757793778.776:3482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 454.291620][ T37] audit: type=1326 audit(1757793778.796:3483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.293234][ T37] audit: type=1326 audit(1757793778.796:3484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.294578][ T37] audit: type=1326 audit(1757793778.796:3485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.352830][ T37] audit: type=1326 audit(1757793778.856:3486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.352882][ T37] audit: type=1326 audit(1757793778.856:3487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.352922][ T37] audit: type=1326 audit(1757793778.856:3488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.352961][ T37] audit: type=1326 audit(1757793778.856:3489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.352999][ T37] audit: type=1326 audit(1757793778.856:3490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.370891][ T37] audit: type=1326 audit(1757793778.856:3491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14890 comm="syz.0.3713" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 454.615925][T14779] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 454.716534][T14899] bond0: entered promiscuous mode [ 454.716556][T14899] bond_slave_0: entered promiscuous mode [ 454.716936][T14899] bond_slave_1: entered promiscuous mode [ 454.731064][T14899] batadv0: entered promiscuous mode [ 454.741281][T14899] hsr1: entered promiscuous mode [ 454.742129][T14899] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 455.045269][ T5856] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 455.050533][T14779] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.219506][ T5856] usb 1-1: Using ep0 maxpacket: 16 [ 455.221455][ T5856] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.221614][ T5856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 455.221643][ T5856] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 455.221665][ T5856] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 455.221689][ T5856] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 455.224178][ T5856] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 455.224204][ T5856] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 455.224223][ T5856] usb 1-1: Manufacturer: syz [ 455.317425][ T5856] usb 1-1: config 0 descriptor?? [ 455.439907][T12313] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 455.459871][T14779] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 455.595364][T12313] usb 7-1: Using ep0 maxpacket: 8 [ 455.609642][T12313] usb 7-1: unable to get BOS descriptor or descriptor too short [ 455.611147][T12313] usb 7-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 455.611203][T12313] usb 7-1: config 7 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 455.611228][T12313] usb 7-1: No eUSB2 isoc ep 7 companion for config 7 interface 0 altsetting 0 [ 455.611247][T12313] usb 7-1: config 7 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 455.614227][T12313] usb 7-1: New USB device found, idVendor=0489, idProduct=e0b5, bcdDevice=ae.2a [ 455.614253][T12313] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.614271][T12313] usb 7-1: Product: syz [ 455.614285][T12313] usb 7-1: Manufacturer: syz [ 455.614298][T12313] usb 7-1: SerialNumber: syz [ 455.641673][ T5856] rc_core: IR keymap rc-hauppauge not found [ 455.641693][ T5856] Registered IR keymap rc-empty [ 455.641847][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.718882][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.736631][ T5856] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 455.767294][ T5856] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input38 [ 455.788851][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.791008][ C1] mceusb 1-1:0.0: long-range (0x1) receiver active [ 455.815361][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.845680][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.862908][T12313] usb 7-1: USB disconnect, device number 12 [ 455.865311][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.885141][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.905230][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.925240][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.926919][ T5848] Bluetooth: hci1: command tx timeout [ 455.955252][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.984227][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 455.995317][ T5856] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 456.024562][ T5856] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 456.024586][ T5856] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x1 active) [ 456.047661][ T5856] usb 1-1: USB disconnect, device number 36 [ 456.104291][T14779] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 456.165413][ T5848] Bluetooth: hci2: command tx timeout [ 456.345163][ T1537] bridge0: port 2(bridge_slave_1) entered disabled state [ 456.437720][ T1537] bridge_slave_0: left allmulticast mode [ 456.437753][ T1537] bridge_slave_0: left promiscuous mode [ 456.438750][ T1537] bridge0: port 1(bridge_slave_0) entered disabled state [ 456.795267][ T31] usb 7-1: new full-speed USB device number 13 using dummy_hcd [ 456.962877][ T31] usb 7-1: config 5 has an invalid interface number: 3 but max is 0 [ 456.962904][ T31] usb 7-1: config 5 has no interface number 0 [ 456.966035][ T31] usb 7-1: New USB device found, idVendor=09fb, idProduct=602a, bcdDevice=fd.36 [ 456.966064][ T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.966084][ T31] usb 7-1: Product: syz [ 456.966099][ T31] usb 7-1: Manufacturer: syz [ 456.966112][ T31] usb 7-1: SerialNumber: syz [ 456.999815][ T31] ftdi_sio 7-1:5.3: FTDI USB Serial Device converter detected [ 457.008869][ T31] ftdi_sio ttyUSB0: unknown device type: 0xfd36 [ 457.237853][ T31] usb 7-1: USB disconnect, device number 13 [ 457.239977][ T31] ftdi_sio 7-1:5.3: device disconnected [ 458.044994][ T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 458.053135][T14955] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3741'. [ 458.235604][ T5848] Bluetooth: hci2: command tx timeout [ 458.250629][ T10] usb 5-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 458.250660][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.250680][ T10] usb 5-1: Product: syz [ 458.250694][ T10] usb 5-1: Manufacturer: syz [ 458.250708][ T10] usb 5-1: SerialNumber: syz [ 458.257623][ T10] usb 5-1: config 0 descriptor?? [ 458.495064][ T10] usb 5-1: ignoring: probably an ADSL modem [ 458.897399][ T10] cxacru 5-1:0.0: usbatm_usb_probe: bind failed: -19! [ 459.111621][ T5856] usb 5-1: USB disconnect, device number 26 [ 459.744644][ T31] IPVS: starting estimator thread 0... [ 459.825252][T14975] IPVS: using max 7 ests per chain, 16800 per kthread [ 459.851577][T14978] netlink: 'syz.4.3750': attribute type 83 has an invalid length. [ 460.035171][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 460.120046][ T1537] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 460.187678][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 460.191994][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 460.192026][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 460.192051][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 460.192104][ T10] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 460.192125][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.254768][ T1537] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 460.267077][ T10] usb 1-1: config 0 descriptor?? [ 460.268222][T14976] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 460.307161][ T10] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input39 [ 460.315562][ T5848] Bluetooth: hci2: command tx timeout [ 460.328344][ T1537] bond0 (unregistering): Released all slaves [ 460.398601][ T1537] bond1 (unregistering): Released all slaves [ 460.493264][ T10] usb 1-1: USB disconnect, device number 37 [ 460.804526][T14861] chnl_net:caif_netlink_parms(): no params data found [ 461.091409][T14998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3759'. [ 461.497276][T15002] netlink: 'syz.6.3761': attribute type 1 has an invalid length. [ 462.015150][ T31] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 462.195084][ T31] usb 7-1: Using ep0 maxpacket: 8 [ 462.202172][ T31] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 462.202220][ T31] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 462.202243][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.207326][ T31] usb 7-1: config 0 descriptor?? [ 462.355316][T14779] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 462.481410][ T31] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 462.496370][T14861] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.496600][T14861] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.496828][T14861] bridge_slave_0: entered allmulticast mode [ 462.499707][T14861] bridge_slave_0: entered promiscuous mode [ 462.523066][T14779] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 462.688413][ T10] usb 7-1: USB disconnect, device number 14 [ 462.829849][ T1537] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 462.829890][ T1537] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 462.868438][ T1537] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 462.868470][ T1537] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 462.925238][ T1537] batman_adv: batadv0: Interface deactivated: macsec1 [ 462.925270][ T1537] batman_adv: batadv0: Removing interface: macsec1 [ 463.193542][ T1537] hsr0: left allmulticast mode [ 463.196333][ T1537] batadv_slave_1: left promiscuous mode [ 463.196792][ T1537] veth1_macvtap: left promiscuous mode [ 463.196903][ T1537] veth0_macvtap: left promiscuous mode [ 463.197087][ T1537] veth1_vlan: left promiscuous mode [ 463.197184][ T1537] veth0_vlan: left promiscuous mode [ 463.504984][ T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 463.678054][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 463.681053][ T9] usb 1-1: config 1 has an invalid interface number: 220 but max is 1 [ 463.681078][ T9] usb 1-1: config 1 has an invalid interface number: 76 but max is 1 [ 463.681098][ T9] usb 1-1: config 1 has no interface number 0 [ 463.681113][ T9] usb 1-1: config 1 has no interface number 1 [ 463.681168][ T9] usb 1-1: config 1 interface 220 has no altsetting 0 [ 463.681186][ T9] usb 1-1: config 1 interface 76 has no altsetting 0 [ 463.732272][ T9] usb 1-1: New USB device found, idVendor=1bc7, idProduct=0023, bcdDevice=b2.a4 [ 463.732300][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.732320][ T9] usb 1-1: Product: syz [ 463.732334][ T9] usb 1-1: Manufacturer: syz [ 463.732348][ T9] usb 1-1: SerialNumber: syz [ 463.997965][ T9] usb 1-1: USB disconnect, device number 38 [ 465.675400][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 474.838226][ T1537] team0 (unregistering): Port device team_slave_1 removed [ 475.125843][ T1537] team0 (unregistering): Port device team_slave_0 removed [ 477.706342][T14861] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.706435][T14861] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.706630][T14861] bridge_slave_1: entered allmulticast mode [ 477.708303][T14861] bridge_slave_1: entered promiscuous mode [ 477.710636][T14779] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 477.960698][T14779] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 478.113988][T14861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.188504][T14861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.611560][T14861] team0: Port device team_slave_0 added [ 478.657633][T14861] team0: Port device team_slave_1 added [ 478.882296][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 478.902213][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 478.903866][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 478.953871][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 478.954702][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 479.571867][T14861] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.571885][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.571911][T14861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.574704][T15092] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 479.678922][T14861] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.678945][T14861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.678968][T14861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.770635][ T1537] IPVS: stop unused estimator thread 0... [ 480.013299][T14861] hsr_slave_0: entered promiscuous mode [ 480.014651][T14861] hsr_slave_1: entered promiscuous mode [ 480.047956][T14861] debugfs: 'hsr0' already exists in 'hsr' [ 480.047982][T14861] Cannot create hsr debugfs directory [ 480.346104][T15106] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3803'. [ 481.035090][ T5848] Bluetooth: hci3: command tx timeout [ 481.348602][T14779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 481.349669][T15081] chnl_net:caif_netlink_parms(): no params data found [ 481.870227][T14779] 8021q: adding VLAN 0 to HW filter on device team0 [ 481.931559][ T5856] kernel read not supported for file /usbmon9 (pid: 5856 comm: kworker/1:4) [ 482.105743][ T1537] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.105957][ T1537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 482.455210][T15081] bridge0: port 1(bridge_slave_0) entered blocking state [ 482.455369][T15081] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.455637][T15081] bridge_slave_0: entered allmulticast mode [ 482.463877][T15081] bridge_slave_0: entered promiscuous mode [ 482.512540][T15081] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.512757][T15081] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.512958][T15081] bridge_slave_1: entered allmulticast mode [ 482.526454][T15081] bridge_slave_1: entered promiscuous mode [ 482.540070][ T7549] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.540212][ T7549] bridge0: port 2(bridge_slave_1) entered forwarding state [ 482.685109][ T9] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 482.858301][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.858333][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.858425][ T9] usb 7-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00 [ 482.858449][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.867002][ T9] usb 7-1: config 0 descriptor?? [ 483.017701][T15081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 483.082759][T15081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 483.116015][ T5851] Bluetooth: hci3: command tx timeout [ 483.305512][ T9] elecom 0003:056E:010C.002A: hidraw0: USB HID v77.96 Device [HID 056e:010c] on usb-dummy_hcd.6-1/input0 [ 483.503239][ T9] usb 7-1: USB disconnect, device number 15 [ 483.509114][T15081] team0: Port device team_slave_0 added [ 483.585656][T15081] team0: Port device team_slave_1 added [ 483.864118][T15081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 483.864134][T15081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 483.864157][T15081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.918015][T14861] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 484.019048][T15081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 484.019064][T15081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 484.019088][T15081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 484.035069][T14861] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 484.151871][T14861] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 484.224991][T14861] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 484.627997][T15081] hsr_slave_0: entered promiscuous mode [ 484.635919][T15081] hsr_slave_1: entered promiscuous mode [ 484.636811][T15081] debugfs: 'hsr0' already exists in 'hsr' [ 484.636834][T15081] Cannot create hsr debugfs directory [ 485.195678][ T5851] Bluetooth: hci3: command tx timeout [ 485.748879][T14779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 486.358640][T15081] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 486.398223][T15081] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 486.464839][T15081] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 486.552233][T14861] 8021q: adding VLAN 0 to HW filter on device bond0 [ 486.556856][T15081] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 486.638284][T15211] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 486.640534][T15211] team0: Port device batadv1 added [ 486.809916][T14861] 8021q: adding VLAN 0 to HW filter on device team0 [ 486.866605][ T7538] bridge0: port 1(bridge_slave_0) entered blocking state [ 486.867751][ T7538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 486.943105][T15221] I/O error, dev loop13, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 486.943331][T15221] SQUASHFS error: Failed to read block 0x0: -5 [ 486.960835][ T7538] bridge0: port 2(bridge_slave_1) entered blocking state [ 486.961104][ T7538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 486.992917][ T37] kauditd_printk_skb: 106 callbacks suppressed [ 486.992933][ T37] audit: type=1326 audit(486.820:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15205 comm="syz.0.3838" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x0 [ 487.101272][T14779] veth0_vlan: entered promiscuous mode [ 487.212882][T14779] veth1_vlan: entered promiscuous mode [ 487.275294][ T5851] Bluetooth: hci3: command tx timeout [ 487.419114][ T5682] Process accounting resumed [ 487.583830][T14779] veth0_macvtap: entered promiscuous mode [ 487.616064][T15081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 487.662175][T14779] veth1_macvtap: entered promiscuous mode [ 487.788010][T15081] 8021q: adding VLAN 0 to HW filter on device team0 [ 487.832663][T14779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.868919][ T7532] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.869178][ T7532] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.938844][T14779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.963798][ T7532] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.964030][ T7532] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.055470][ T7527] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.092158][ T1537] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.110228][ T1537] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.164218][ T1537] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.792219][T14861] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 488.829920][ T7549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.829940][ T7549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.015176][ T7561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.015197][ T7561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.280250][T14861] veth0_vlan: entered promiscuous mode [ 489.321634][T14861] veth1_vlan: entered promiscuous mode [ 489.517055][T14861] veth0_macvtap: entered promiscuous mode [ 489.545790][T14861] veth1_macvtap: entered promiscuous mode [ 489.604575][T14861] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 489.630043][T14861] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 489.711697][ T7549] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.728263][ T7549] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.732333][ T7549] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.755703][ T7549] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 489.858637][T15081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 489.896016][T15269] overlay: filesystem on ./file0 is read-only [ 490.391482][ T7549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 490.391503][ T7549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 490.570736][ T7526] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 490.570756][ T7526] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 490.865407][T15288] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3864'. [ 491.207148][T15081] veth0_vlan: entered promiscuous mode [ 491.260267][T15081] veth1_vlan: entered promiscuous mode [ 491.325401][ T6051] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 491.430543][T15081] veth0_macvtap: entered promiscuous mode [ 491.463610][T15081] veth1_macvtap: entered promiscuous mode [ 491.479269][ T6051] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 491.479300][ T6051] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.504387][ T6051] usb 1-1: config 0 descriptor?? [ 491.512631][ T6051] cp210x 1-1:0.0: cp210x converter detected [ 491.559545][T15081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 491.627984][T15081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 491.678119][ T7561] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.678396][ T7561] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.678848][ T7561] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.678883][ T7561] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 491.725995][T15300] openvswitch: netlink: IP tunnel TTL not specified. [ 491.947936][ T6051] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 491.967474][ T6051] usb 1-1: cp210x converter now attached to ttyUSB0 [ 492.168859][ T7549] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.168880][ T7549] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.222144][ T10] usb 1-1: USB disconnect, device number 39 [ 492.292873][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 492.399584][T12313] IPVS: starting estimator thread 0... [ 492.425495][ T10] cp210x 1-1:0.0: device disconnected [ 492.461270][ T7538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 492.461289][ T7538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 492.576425][T15309] IPVS: using max 6 ests per chain, 14400 per kthread [ 492.885674][ T5969] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 492.915166][T15325] vxcan1: entered allmulticast mode [ 492.915511][T15325] vxcan1: left allmulticast mode [ 493.051016][ T5969] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 493.051041][ T5969] usb 7-1: config 0 has no interface number 0 [ 493.070337][ T5969] usb 7-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 493.070365][ T5969] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.070384][ T5969] usb 7-1: Product: syz [ 493.070396][ T5969] usb 7-1: Manufacturer: syz [ 493.070493][ T5969] usb 7-1: SerialNumber: syz [ 493.108925][ T5969] usb 7-1: config 0 descriptor?? [ 493.147533][T15328] comedi comedi0: 8255: I/O port conflict (0xee,4) [ 493.147670][T15328] comedi comedi0: 8255: I/O port conflict (0x7,4) [ 493.150525][T15328] comedi comedi0: 8255: I/O port conflict (0xa,4) [ 493.336875][ T5969] usb 7-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 493.354475][ T5969] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 493.365452][ T5969] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 493.365517][ T5969] usb 7-1: media controller created [ 493.406915][ T5969] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 493.548471][ T5969] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 493.583035][T15336] loop9: detected capacity change from 0 to 8 [ 493.605471][T15336] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 493.605765][T15336] loop9: partition table partially beyond EOD, truncated [ 493.605906][T15336] loop9: p1 size 81768186 extends beyond EOD, truncated [ 493.645321][ T5969] usb 7-1: USB disconnect, device number 16 [ 493.897500][ T5969] kernel write not supported for file /sequencer (pid: 5969 comm: kworker/1:5) [ 494.975159][ T6051] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 495.125096][ T6051] usb 4-1: Using ep0 maxpacket: 8 [ 495.132397][ T6051] usb 4-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config [ 495.132456][ T6051] usb 4-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 495.132479][ T6051] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.190926][ T6051] hub 4-1:32.0: bad descriptor, ignoring hub [ 495.190966][ T6051] hub 4-1:32.0: probe with driver hub failed with error -5 [ 495.890974][ T6051] usb 4-1: reset high-speed USB device number 33 using dummy_hcd [ 497.065163][ T6051] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 497.081784][T15434] program syz.3.3927 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 497.092447][ T5682] usb 4-1: USB disconnect, device number 33 [ 497.192631][T15438] program syz.7.3930 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 497.217325][ T6051] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.217358][ T6051] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.217396][ T6051] usb 7-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 497.217419][ T6051] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 497.222756][ T6051] usb 7-1: config 0 descriptor?? [ 497.650528][ T6051] hid_parser_main: 5 callbacks suppressed [ 497.650553][ T6051] prodikeys 0003:041E:2801.002B: unknown main item tag 0x0 [ 497.650585][ T6051] prodikeys 0003:041E:2801.002B: unknown main item tag 0x0 [ 497.650613][ T6051] prodikeys 0003:041E:2801.002B: item fetching failed at offset 2/7 [ 497.651399][ T6051] prodikeys 0003:041E:2801.002B: hid parse failed [ 497.651549][ T6051] prodikeys 0003:041E:2801.002B: probe with driver prodikeys failed with error -22 [ 497.865682][ T995] usb 7-1: USB disconnect, device number 17 [ 498.211311][T15463] overlay: filesystem on ./file0 not supported as upperdir [ 499.967168][T15502] input: syz1 as /devices/virtual/input/input40 [ 500.336227][T15511] smc: net device bond0 applied user defined pnetid SYZ0 [ 500.337301][T15511] smc: net device bond0 erased user defined pnetid SYZ0 [ 501.095142][T15530] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3971'. [ 501.095179][T15530] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3971'. [ 501.489345][T15537] netlink: 'syz.6.3974': attribute type 25 has an invalid length. [ 501.489366][T15537] netlink: 'syz.6.3974': attribute type 8 has an invalid length. [ 501.520762][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.520839][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.986881][T15547] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3978'. [ 502.867454][T15573] netlink: 312 bytes leftover after parsing attributes in process `syz.5.3993'. [ 503.867382][T15606] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4007'. [ 504.109905][T15610] tun0: tun_chr_ioctl cmd 1074025680 [ 504.452173][T15623] openvswitch: netlink: VXLAN extension message has 8 unknown bytes. [ 506.045506][T15675] CIFS: VFS: Malformed UNC in devname [ 506.475455][ T5848] Bluetooth: hci3: command 0x0405 tx timeout [ 506.827188][T15700] netlink: 'syz.3.4050': attribute type 15 has an invalid length. [ 508.225095][ T9] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 508.397673][ T9] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 508.397702][ T9] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 508.397726][ T9] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 508.397746][ T9] usb 7-1: config 220 has no interface number 2 [ 508.397824][ T9] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 508.397852][ T9] usb 7-1: config 220 interface 0 has no altsetting 0 [ 508.397869][ T9] usb 7-1: config 220 interface 76 has no altsetting 0 [ 508.397887][ T9] usb 7-1: config 220 interface 1 has no altsetting 0 [ 508.466121][ T9] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 508.466151][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.466169][ T9] usb 7-1: Product: syz [ 508.466183][ T9] usb 7-1: Manufacturer: syz [ 508.466197][ T9] usb 7-1: SerialNumber: syz [ 508.723566][ T9] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 508.723604][ T9] usb 7-1: No valid video chain found. [ 508.723665][ T9] usb 7-1: selecting invalid altsetting 0 [ 508.783082][ T9] usb 7-1: selecting invalid altsetting 0 [ 508.783122][ T9] usbtest 7-1:220.1: probe with driver usbtest failed with error -22 [ 508.811348][ T9] usb 7-1: USB disconnect, device number 18 [ 509.033969][T15750] netlink: 96 bytes leftover after parsing attributes in process `syz.3.4072'. [ 509.156293][ T5969] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 509.332704][ T5969] usb 1-1: config 0 has no interfaces? [ 509.344213][ T5969] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 509.344245][ T5969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.344265][ T5969] usb 1-1: Product: syz [ 509.344279][ T5969] usb 1-1: Manufacturer: syz [ 509.344292][ T5969] usb 1-1: SerialNumber: syz [ 509.386626][ T5969] usb 1-1: config 0 descriptor?? [ 509.641708][ T6051] usb 1-1: USB disconnect, device number 40 [ 510.806206][T15794] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4090'. [ 510.806229][T15794] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4090'. [ 510.965835][T15800] netlink: 92 bytes leftover after parsing attributes in process `syz.6.4093'. [ 511.073406][T15808] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.4097'. [ 512.512613][ T37] audit: type=1326 audit(512.320:3599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15828 comm="syz.6.4107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98e70eba9 code=0x7ffc0000 [ 512.512662][ T37] audit: type=1326 audit(512.320:3600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15828 comm="syz.6.4107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc98e70eba9 code=0x7ffc0000 [ 513.269754][T15870] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4125'. [ 513.376354][T15874] netlink: 'syz.5.4129': attribute type 2 has an invalid length. [ 513.742588][T15892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.281418][ T9] kernel write not supported for file /sg0 (pid: 9 comm: kworker/0:0) [ 514.534659][T15922] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4151'. [ 514.534694][T15922] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4151'. [ 514.618393][ T1537] netdevsim netdevsim6 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 514.618963][ T7549] netdevsim netdevsim6 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 514.619011][ T7549] netdevsim netdevsim6 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 514.619045][ T7549] netdevsim netdevsim6 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 514.805002][ T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 514.970920][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 514.970947][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 514.972598][ T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 514.972624][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 514.972644][ T9] usb 1-1: SerialNumber: syz [ 515.232948][ T9] usb 1-1: 0:2 : does not exist [ 515.293363][ T9] usb 1-1: USB disconnect, device number 41 [ 516.350272][T15966] IPv6: Can't replace route, no match found [ 516.484999][ T5969] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 516.635010][ T5969] usb 1-1: Using ep0 maxpacket: 8 [ 516.637779][ T5969] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 516.637806][ T5969] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 516.637829][ T5969] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 516.637851][ T5969] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 516.637891][ T5969] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 516.637913][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.904095][ T5969] usb 1-1: GET_CAPABILITIES returned 0 [ 516.904142][ T5969] usbtmc 1-1:16.0: can't read capabilities [ 517.105276][ T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 517.107676][ T6051] usb 1-1: USB disconnect, device number 42 [ 517.265269][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 517.272512][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 517.272567][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 517.272594][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 517.272614][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 517.272636][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 517.281067][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 517.281096][ T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 517.281115][ T9] usb 4-1: Manufacturer: syz [ 517.293942][ T9] usb 4-1: config 0 descriptor?? [ 517.701121][ T9] rc_core: IR keymap rc-hauppauge not found [ 517.701144][ T9] Registered IR keymap rc-empty [ 517.701307][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.715334][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.737947][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 517.748382][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input41 [ 517.761122][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.785400][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.805355][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.825748][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.845267][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.865218][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.885841][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.905180][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.925289][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.945372][ T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 517.973745][ T9] mceusb 4-1:0.0: Registered Ѕ with mce emulator interface version 1 [ 517.973780][ T9] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 518.024253][ T9] usb 4-1: USB disconnect, device number 34 [ 518.088638][ T5682] hid-generic 0000:0000:0000.002C: unknown main item tag 0x0 [ 518.104061][ T5682] hid-generic 0000:0000:0000.002C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 518.161645][T16001] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 518.348928][ T37] audit: type=1326 audit(774.187:3601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16005 comm="syz.0.4189" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x0 [ 520.421827][T16554] loop7: detected capacity change from 0 to 7 [ 520.443361][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 521.092773][T16586] bridge0: port 1(bridge_slave_0) entered disabled state [ 521.184125][ T8221] bridge0: port 1(bridge_slave_0) entered blocking state [ 521.184342][ T8221] bridge0: port 1(bridge_slave_0) entered forwarding state [ 521.263326][ T6051] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 521.413209][ T6051] usb 4-1: Using ep0 maxpacket: 8 [ 521.420758][ T6051] usb 4-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a [ 521.420787][ T6051] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.420805][ T6051] usb 4-1: Product: syz [ 521.420818][ T6051] usb 4-1: Manufacturer: syz [ 521.420831][ T6051] usb 4-1: SerialNumber: syz [ 521.479815][ T6051] usb 4-1: config 0 descriptor?? [ 521.496221][ T6051] gspca_main: sn9c2028-2.14.0 probing 0458:7003 [ 521.724380][ T6051] gspca_sn9c2028: read1 error -32 [ 521.725571][ T6051] gspca_sn9c2028: read1 error -32 [ 521.936374][ T9] usb 4-1: USB disconnect, device number 35 [ 522.558751][T16629] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 523.052364][ T37] audit: type=1326 audit(778.889:3602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16620 comm="syz.7.4233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa447b6eba9 code=0x7fc00000 [ 523.160830][T16649] input: syz1 as /devices/virtual/input/input42 [ 523.375285][T16659] program syz.6.4250 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 523.652174][ T6051] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 523.802023][ T6051] usb 4-1: Using ep0 maxpacket: 32 [ 523.805084][ T6051] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 523.805108][ T6051] usb 4-1: config 0 has no interface number 0 [ 523.805155][ T6051] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 523.805182][ T6051] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 523.805220][ T6051] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 523.805242][ T6051] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.816224][ T6051] usb 4-1: config 0 descriptor?? [ 524.475640][ T6051] uclogic 0003:28BD:0094.002D: pen parameters not found [ 524.475689][ T6051] uclogic 0003:28BD:0094.002D: interface is invalid, ignoring [ 524.663835][ T5969] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 524.697447][ T6051] usb 4-1: USB disconnect, device number 36 [ 524.819293][ T5969] usb 1-1: Using ep0 maxpacket: 8 [ 524.825610][ T5969] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 524.825635][ T5969] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 524.825688][ T5969] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 524.825711][ T5969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.861986][ T5969] hub 1-1:1.0: bad descriptor, ignoring hub [ 524.862024][ T5969] hub 1-1:1.0: probe with driver hub failed with error -5 [ 524.966781][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 525.066755][T16679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.067182][T16679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.082051][T16679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.082469][T16679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 525.087327][ T5848] Bluetooth: hci0: Unknown advertising packet type: 0x5f [ 525.131381][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 525.135232][ T9] usb 7-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 525.135260][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.178784][ T9] usb 7-1: config 0 descriptor?? [ 525.189866][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 525.204488][ T6051] usb 1-1: USB disconnect, device number 43 [ 525.825585][T16700] input: syz1 as /devices/virtual/input/input43 [ 526.007313][ T9] gspca_vc032x: reg_w err -71 [ 526.007330][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007340][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007348][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007356][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007364][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007373][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007382][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007390][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007399][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007407][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007416][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007424][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007432][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007441][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007449][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007458][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007466][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007474][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 526.007483][ T9] gspca_vc032x: Unknown sensor... [ 526.007566][ T9] vc032x 7-1:0.0: probe with driver vc032x failed with error -22 [ 526.133520][ T9] usb 7-1: USB disconnect, device number 19 [ 527.294570][T16742] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4291'. [ 527.297810][T16742] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4291'. [ 527.360212][ T5969] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 527.510167][ T5969] usb 4-1: Using ep0 maxpacket: 32 [ 527.513197][ T5969] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 527.513223][ T5969] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 527.513252][ T5969] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 527.513272][ T5969] usb 4-1: config 1 has no interface number 0 [ 527.513317][ T5969] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 527.513343][ T5969] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 527.513386][ T5969] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 527.513408][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.538999][ T5969] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 527.823003][ T5969] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 528.201913][T16760] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 528.267921][ T5969] usb 4-1: USB disconnect, device number 37 [ 528.291308][ T5969] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 528.307406][T16760] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 529.478466][T16788] sp0: Synchronizing with TNC [ 529.499757][T16788] sp0: Found TNC [ 529.504009][T16792] program syz.3.4313 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 531.658352][ T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 531.825556][ T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 531.825588][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.848189][ T9] usb 1-1: config 0 descriptor?? [ 531.853228][ T9] cp210x 1-1:0.0: cp210x converter detected [ 532.487936][ T9] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 532.487994][ T9] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 532.508991][T16869] program syz.7.4351 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 532.528879][ T9] usb 1-1: cp210x converter now attached to ttyUSB0 [ 532.532027][ T9] usb 1-1: USB disconnect, device number 44 [ 532.541595][T16867] dvmrp1: tun_chr_ioctl cmd 2148553947 [ 532.557263][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 532.567424][ T9] cp210x 1-1:0.0: device disconnected [ 533.321640][T16896] netlink: 'syz.0.4364': attribute type 10 has an invalid length. [ 533.368829][ T5682] IPVS: starting estimator thread 0... [ 533.461961][T16899] IPVS: using max 6 ests per chain, 14400 per kthread [ 533.494304][T16896] team0: Port device netdevsim0 added [ 533.657720][T16907] sock: sock_set_timeout: `syz.5.4368' (pid 16907) tries to set negative timeout [ 533.843152][ T37] audit: type=1326 audit(789.685:3603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16915 comm="syz.7.4370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa447b6eba9 code=0x0 [ 534.452131][T16938] input: syz0 as /devices/virtual/input/input44 [ 535.253411][T16959] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4391'. [ 535.608732][T16966] input: syz0 as /devices/virtual/input/input45 [ 536.395840][ T5682] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 536.548191][ T5682] usb 4-1: Using ep0 maxpacket: 16 [ 536.551515][ T5682] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 536.551546][ T5682] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 536.551567][ T5682] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 536.551610][ T5682] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 536.551631][ T5682] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.576858][ T5682] usb 4-1: config 0 descriptor?? [ 537.044690][ T5682] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0 [ 537.044727][ T5682] microsoft 0003:045E:07DA.002E: ignoring exceeding usage max [ 537.255822][ T5682] microsoft 0003:045E:07DA.002E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 537.255856][ T5682] microsoft 0003:045E:07DA.002E: no inputs found [ 537.255870][ T5682] microsoft 0003:045E:07DA.002E: could not initialize ff, continuing anyway [ 537.498471][ T6051] usb 4-1: USB disconnect, device number 38 [ 537.895016][ T5682] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 538.046105][ T5682] usb 7-1: Using ep0 maxpacket: 32 [ 538.074164][ T5682] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 538.074193][ T5682] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.152778][ T5682] usb 7-1: config 0 descriptor?? [ 538.396431][ T5682] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 538.412735][ T5682] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 538.413844][ T5682] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 538.413898][ T5682] usb 7-1: media controller created [ 538.469031][ T5682] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 538.509212][T17027] program syz.5.4423 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 538.600999][ T5682] az6027: usb out operation failed. (-71) [ 538.601422][ T5682] az6027: usb out operation failed. (-71) [ 538.601435][ T5682] stb0899_attach: Driver disabled by Kconfig [ 538.601444][ T5682] az6027: no front-end attached [ 538.601444][ T5682] [ 538.601842][ T5682] az6027: usb out operation failed. (-71) [ 538.601856][ T5682] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 538.647325][ T5682] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input46 [ 538.653998][ T5682] dvb-usb: schedule remote query interval to 400 msecs. [ 538.654018][ T5682] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 538.685102][ T5682] usb 7-1: USB disconnect, device number 20 [ 538.896351][ T5682] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 539.584450][T17065] loop7: detected capacity change from 0 to 7 [ 539.590285][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 539.704238][ T6050] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 539.853980][ T6050] usb 4-1: Using ep0 maxpacket: 32 [ 539.858832][ T6050] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 539.858862][ T6050] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.894210][ T6050] usb 4-1: config 0 descriptor?? [ 539.978489][T17077] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4456'. [ 540.108049][ T6050] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 540.124856][ T6050] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 540.126219][ T6050] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 540.126273][ T6050] usb 4-1: media controller created [ 540.172144][ T6050] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 540.203814][T12313] usb 1-1: new low-speed USB device number 45 using dummy_hcd [ 540.309629][ T6050] az6027: usb out operation failed. (-71) [ 540.310088][ T6050] az6027: usb out operation failed. (-71) [ 540.310100][ T6050] stb0899_attach: Driver disabled by Kconfig [ 540.310110][ T6050] az6027: no front-end attached [ 540.310110][ T6050] [ 540.310599][ T6050] az6027: usb out operation failed. (-71) [ 540.310611][ T6050] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 540.352809][ T6050] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input47 [ 540.358555][T17082] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4448'. [ 540.378821][T12313] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 540.378851][T12313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 540.379513][ T6050] dvb-usb: schedule remote query interval to 400 msecs. [ 540.379531][ T6050] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 540.382938][ T6050] usb 4-1: USB disconnect, device number 39 [ 540.459898][T12313] usb 1-1: config 0 descriptor?? [ 540.567100][ T6050] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 541.100247][T17099] binder: 17098:17099 ioctl 40046205 0 returned -22 [ 541.276251][T12313] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 541.276279][T12313] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9 [ 541.293657][T12313] asix 1-1:0.0: probe with driver asix failed with error -71 [ 541.308129][T12313] usb 1-1: USB disconnect, device number 45 [ 541.559649][T17114] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4463'. [ 544.148059][T17180] input: syz1 as /devices/virtual/input/input48 [ 544.702232][T17197] netlink: 16402 bytes leftover after parsing attributes in process `syz.7.4503'. [ 545.001760][T12313] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 545.164486][T12313] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 545.164514][T12313] usb 6-1: config 0 has no interface number 0 [ 545.167427][T12313] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 545.167569][T12313] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.167590][T12313] usb 6-1: Product: syz [ 545.167604][T12313] usb 6-1: Manufacturer: syz [ 545.167617][T12313] usb 6-1: SerialNumber: syz [ 545.181293][T12313] usb 6-1: config 0 descriptor?? [ 545.278196][T17219] input: syz1 as /devices/virtual/input/input49 [ 545.419704][T12313] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 545.432783][T12313] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 545.433371][T12313] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 545.433427][T12313] usb 6-1: media controller created [ 545.464093][T12313] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 545.623075][T12313] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 545.690858][T12313] usb 6-1: USB disconnect, device number 10 [ 545.885056][T17227] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 545.885056][T17227] The task syz.6.4512 (17227) triggered the difference, watch for misbehavior. [ 546.068638][T17234] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 546.251280][T17236] veth0_to_team: entered promiscuous mode [ 546.564948][T17249] input: syz1 as /devices/virtual/input/input50 [ 546.854873][T17251] cgroup: fork rejected by pids controller in /syz5 [ 548.044413][T17820] sock: sock_set_timeout: `syz.7.4534' (pid 17820) tries to set negative timeout [ 548.372397][T17827] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4539'. [ 548.788229][T17839] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4545'. [ 549.693421][T17868] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4558'. [ 550.095423][T17878] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4563'. [ 550.599391][ T5969] kernel write not supported for file /snd/seq (pid: 5969 comm: kworker/1:5) [ 552.097928][ T10] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 552.251006][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 552.255547][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 552.255572][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 552.262713][ T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 552.262740][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.262759][ T10] usb 6-1: Product: syz [ 552.262773][ T10] usb 6-1: Manufacturer: syz [ 552.262786][ T10] usb 6-1: SerialNumber: syz [ 552.509624][ T10] usb 6-1: 0:2 : does not exist [ 552.514437][ T10] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 552.568175][ T10] usb 6-1: USB disconnect, device number 11 [ 552.986546][T17941] sch_tbf: burst 3298 is lower than device lo mtu (65550) ! [ 553.228021][ T37] audit: type=1326 audit(809.074:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.228398][ T37] audit: type=1326 audit(809.084:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.229955][ T37] audit: type=1326 audit(809.084:3606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.230814][ T37] audit: type=1326 audit(809.084:3607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.231509][ T37] audit: type=1326 audit(809.084:3608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.231909][ T37] audit: type=1326 audit(809.084:3609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.232291][ T37] audit: type=1326 audit(809.084:3610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 553.234013][ T37] audit: type=1326 audit(809.084:3611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 553.235596][ T37] audit: type=1326 audit(809.084:3612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 553.238066][ T37] audit: type=1326 audit(809.084:3613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17948 comm="syz.0.4597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 553.587361][ T5851] Bluetooth: hci3: command 0x0405 tx timeout [ 555.195487][T17984] vlan2: entered allmulticast mode [ 555.263272][T17986] genirq: Flags mismatch irq 31. 00200000 (pcmmio) vs. 00200000 (virtio1-input.0) [ 555.606528][ T10] usb 6-1: new full-speed USB device number 12 using dummy_hcd [ 555.626553][ T5682] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 555.788444][ T5682] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 555.788498][ T5682] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 555.790028][ T5682] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 555.790052][ T5682] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 555.790068][ T5682] usb 4-1: Manufacturer: syz [ 555.796062][ T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 555.796124][ T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 555.796147][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 555.796168][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 555.796188][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 555.799715][ T10] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 555.799741][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 555.799760][ T10] usb 6-1: Product: syz [ 555.799773][ T10] usb 6-1: Manufacturer: syz [ 555.799787][ T10] usb 6-1: SerialNumber: syz [ 555.811729][ T10] usb 6-1: config 0 descriptor?? [ 555.929581][ T5682] usb 4-1: config 0 descriptor?? [ 556.057389][ T10] radio-si470x 6-1:0.0: DeviceID=0xc8c8 ChipID=0xc500 [ 556.253335][ T10] radio-si470x 6-1:0.0: software version 200, hardware version 200 [ 556.335735][ T5682] rc_core: IR keymap rc-hauppauge not found [ 556.335757][ T5682] Registered IR keymap rc-empty [ 556.337345][ T5682] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 556.344653][ T5682] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input52 [ 556.396469][ T5682] usb 4-1: USB disconnect, device number 40 [ 556.454653][ T10] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 556.454786][ T10] radio-si470x 6-1:0.0: submitting int urb failed (-90) [ 556.455246][ T10] radio-si470x 6-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 556.455726][ T10] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -22 [ 556.482984][ T10] usb 6-1: USB disconnect, device number 12 [ 556.743971][T18015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4623'. [ 557.145065][T18025] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4630'. [ 557.256354][ T5682] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 557.338367][T18032] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 557.338424][T18032] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 557.338524][T18032] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 557.413644][ T5682] usb 1-1: Using ep0 maxpacket: 32 [ 557.425662][ T5682] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 557.425689][ T5682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.453071][ T5682] usb 1-1: config 0 descriptor?? [ 557.748545][ T5682] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 557.766214][ T5682] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 557.773898][ T5682] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 557.773956][ T5682] usb 1-1: media controller created [ 557.856907][ T5682] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 557.963401][ T5682] az6027: usb out operation failed. (-71) [ 557.963840][ T5682] az6027: usb out operation failed. (-71) [ 557.963852][ T5682] stb0899_attach: Driver disabled by Kconfig [ 557.963862][ T5682] az6027: no front-end attached [ 557.963862][ T5682] [ 557.964244][ T5682] az6027: usb out operation failed. (-71) [ 557.964257][ T5682] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 558.005975][ T5682] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input53 [ 558.007940][ T5682] dvb-usb: schedule remote query interval to 400 msecs. [ 558.007958][ T5682] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 558.010806][ T5682] usb 1-1: USB disconnect, device number 46 [ 558.207230][ T5682] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 558.371295][T18039] cgroup: fork rejected by pids controller in /syz6 [ 558.654318][ T31] hid-generic 0005:0B57:0002.002F: item fetching failed at offset 0/1 [ 558.666475][ T31] hid-generic 0005:0B57:0002.002F: probe with driver hid-generic failed with error -22 [ 560.320574][T18140] syzkaller1: tun_chr_ioctl cmd 35108 [ 561.061131][T18174] program syz.7.4684 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 561.480090][T18194] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4692'. [ 561.673103][T18197] sp0: Synchronizing with TNC [ 562.314542][T18216] netlink: 32 bytes leftover after parsing attributes in process `syz.7.4701'. [ 562.947179][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.947243][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.057578][T18237] input: syz0 as /devices/virtual/input/input55 [ 564.119040][T18257] 9pnet: Could not find request transport:  [ 565.924573][T18307] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4742'. [ 568.295284][T18391] netlink: 'syz.7.4780': attribute type 2 has an invalid length. [ 568.895714][T18413] input: syz0 as /devices/virtual/input/input56 [ 568.912176][T18412] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4791'. [ 569.005373][ T37] kauditd_printk_skb: 387 callbacks suppressed [ 569.005389][ T37] audit: type=1326 audit(824.862:4001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.018311][ T37] audit: type=1326 audit(824.872:4002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.019313][ T37] audit: type=1326 audit(824.872:4003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.050724][ T37] audit: type=1326 audit(824.882:4004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.050782][ T37] audit: type=1326 audit(824.912:4005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.054413][ T37] audit: type=1326 audit(824.912:4006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.054464][ T37] audit: type=1326 audit(824.912:4007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9ecb4e5b67 code=0x7ffc0000 [ 569.054507][ T37] audit: type=1326 audit(824.912:4008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9ecb48ada9 code=0x7ffc0000 [ 569.054545][ T37] audit: type=1326 audit(824.912:4009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 569.054584][ T37] audit: type=1326 audit(824.912:4010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18414 comm="syz.0.4793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9ecb4eeba9 code=0x7ffc0000 [ 570.128958][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 570.502820][T18451] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4808'. [ 570.816858][T12313] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 570.988829][T12313] usb 7-1: Using ep0 maxpacket: 16 [ 570.991416][T12313] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 570.991447][T12313] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 570.994540][T12313] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 570.994567][T12313] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.994585][T12313] usb 7-1: Product: syz [ 570.994599][T12313] usb 7-1: Manufacturer: syz [ 570.994612][T12313] usb 7-1: SerialNumber: syz [ 571.064835][T12313] usb 7-1: config 0 descriptor?? [ 571.077935][T12313] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 571.077967][T12313] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class) [ 571.704938][T12313] em28xx 7-1:0.0: chip ID is em28178 [ 571.933445][T12313] usb 7-1: USB disconnect, device number 21 [ 571.935771][T12313] em28xx 7-1:0.0: Disconnecting em28xx [ 572.002036][T12313] em28xx 7-1:0.0: Freeing device [ 573.184993][T18525] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4840'. [ 573.629809][T18535] openvswitch: netlink: VXLAN extension message has 3 unknown bytes. [ 575.246928][ T5851] Bluetooth: hci2: command 0x0406 tx timeout [ 575.334291][T18587] ipvlan2: entered promiscuous mode [ 575.334359][T18587] ipvlan2: entered allmulticast mode [ 575.334371][T18587] hsr0: entered allmulticast mode [ 575.334381][T18587] hsr_slave_0: entered allmulticast mode [ 575.334399][T18587] hsr_slave_1: entered allmulticast mode [ 576.006343][T18603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4875'. [ 576.438086][T18624] netlink: 'syz.0.4884': attribute type 10 has an invalid length. [ 576.632562][T18624] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 577.095379][ T5682] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 577.293033][ T5682] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 577.293064][ T5682] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.293084][ T5682] usb 1-1: Product: syz [ 577.293097][ T5682] usb 1-1: Manufacturer: syz [ 577.293110][ T5682] usb 1-1: SerialNumber: syz [ 577.369679][ T5682] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 577.414542][ T5969] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 579.002261][ T5969] usb 1-1: Service connection timeout for: 256 [ 579.002284][ T5969] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 579.179068][T18661] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4901'. [ 579.574906][ T6043] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 579.725058][ T6043] usb 7-1: Using ep0 maxpacket: 8 [ 579.730922][ T6043] usb 7-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 579.730952][ T6043] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.730971][ T6043] usb 7-1: Product: syz [ 579.730985][ T6043] usb 7-1: Manufacturer: syz [ 579.730998][ T6043] usb 7-1: SerialNumber: syz [ 579.790801][ T6043] usb 7-1: config 0 descriptor?? [ 580.051836][ T6043] usb 7-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 580.664433][ T6043] usb write operation failed. (-71) [ 580.695495][ T6043] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 580.696343][ T6043] dvbdev: DVB: registering new adapter (Terratec H7) [ 580.696393][ T6043] usb 7-1: media controller created [ 580.703335][ T6043] usb read operation failed. (-71) [ 580.738436][ T6043] usb write operation failed. (-71) [ 580.763140][ T6043] dvb_usb_az6007 7-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 580.817549][ T6043] usb 7-1: USB disconnect, device number 22 [ 584.054778][ T5682] usb 1-1: USB disconnect, device number 47 [ 584.082725][ T5969] ath9k_htc: Failed to initialize the device [ 584.083696][ T5682] usb 1-1: ath9k_htc: USB layer deinitialized [ 584.371776][ T5682] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 584.415969][T18715] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4924'. [ 584.416001][T18715] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4924'. [ 584.521710][ T5682] usb 1-1: Using ep0 maxpacket: 32 [ 584.524690][ T5682] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 584.524723][ T5682] usb 1-1: config 0 has no interface number 0 [ 584.529252][ T5682] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 584.529281][ T5682] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.529389][ T5682] usb 1-1: Product: syz [ 584.529404][ T5682] usb 1-1: Manufacturer: syz [ 584.529417][ T5682] usb 1-1: SerialNumber: syz [ 584.546217][ T5682] usb 1-1: config 0 descriptor?? [ 584.575613][ T5682] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 584.875169][ T5682] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 584.925766][ T5682] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 585.333984][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 585.357169][T12313] usb 1-1: USB disconnect, device number 48 [ 585.393282][T12313] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 585.410117][T12313] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 585.410772][T12313] quatech2 1-1:0.51: device disconnected [ 585.820786][T18743] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.4936'. [ 587.408747][T18779] input: syz1 as /devices/virtual/input/input57 [ 588.055364][T18795] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4959'. [ 588.356739][T18806] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 588.530057][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 588.923062][T18827] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4976'. [ 591.428511][T18898] veth0_to_bridge: entered promiscuous mode [ 591.431304][T18897] veth0_to_bridge: left promiscuous mode [ 592.087912][ T6050] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 592.237925][ T6050] usb 7-1: Using ep0 maxpacket: 8 [ 592.240389][ T6050] usb 7-1: config 0 interface 0 has no altsetting 0 [ 592.244251][ T6050] usb 7-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 592.244276][ T6050] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.244294][ T6050] usb 7-1: Product: syz [ 592.244307][ T6050] usb 7-1: Manufacturer: syz [ 592.244320][ T6050] usb 7-1: SerialNumber: syz [ 592.302731][ T6050] usb 7-1: config 0 descriptor?? [ 592.320758][ T6050] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 found [ 592.517846][ T6050] snd_usb_toneport 7-1:0.0: set_interface failed [ 592.520901][ T6050] snd_usb_toneport 7-1:0.0: Line 6 TonePort UX2 now disconnected [ 592.521113][ T6050] snd_usb_toneport 7-1:0.0: probe with driver snd_usb_toneport failed with error -71 [ 592.523628][ T6050] usb 7-1: USB disconnect, device number 23 [ 592.881992][ T5848] Bluetooth: hci3: link tx timeout [ 592.882886][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.906919][ T5848] Bluetooth: hci3: link tx timeout [ 592.906936][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.920500][ T5848] Bluetooth: hci3: link tx timeout [ 592.920518][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.920534][ T5848] Bluetooth: hci3: link tx timeout [ 592.920544][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.920671][ T5848] Bluetooth: hci3: link tx timeout [ 592.920682][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.920695][ T5848] Bluetooth: hci3: link tx timeout [ 592.920705][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.920824][ T5848] Bluetooth: hci3: link tx timeout [ 592.920835][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.920847][ T5848] Bluetooth: hci3: link tx timeout [ 592.920857][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.920978][ T5848] Bluetooth: hci3: link tx timeout [ 592.920988][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921000][ T5848] Bluetooth: hci3: link tx timeout [ 592.921010][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921171][ T5848] Bluetooth: hci3: link tx timeout [ 592.921182][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921194][ T5848] Bluetooth: hci3: link tx timeout [ 592.921203][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921321][ T5848] Bluetooth: hci3: link tx timeout [ 592.921331][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921350][ T5848] Bluetooth: hci3: link tx timeout [ 592.921359][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921476][ T5848] Bluetooth: hci3: link tx timeout [ 592.921486][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921499][ T5848] Bluetooth: hci3: link tx timeout [ 592.921508][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921628][ T5848] Bluetooth: hci3: link tx timeout [ 592.921638][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921650][ T5848] Bluetooth: hci3: link tx timeout [ 592.921660][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921783][ T5848] Bluetooth: hci3: link tx timeout [ 592.921793][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921805][ T5848] Bluetooth: hci3: link tx timeout [ 592.921814][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.921954][ T5848] Bluetooth: hci3: link tx timeout [ 592.921964][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.921976][ T5848] Bluetooth: hci3: link tx timeout [ 592.921986][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 592.922104][ T5848] Bluetooth: hci3: link tx timeout [ 592.922114][ T5848] Bluetooth: hci3: killing stalled connection 10:aa:aa:aa:aa:aa [ 592.922127][ T5848] Bluetooth: hci3: link tx timeout [ 592.922136][ T5848] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa [ 593.116253][ T6050] usb 1-1: new full-speed USB device number 49 using dummy_hcd [ 593.301280][ T6050] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 593.301307][ T6050] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 593.301366][ T6050] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 593.301389][ T6050] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 593.359465][ T6050] usb 1-1: config 0 descriptor?? [ 593.366809][ T6050] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 593.366859][ T6050] dvb-usb: bulk message failed: -22 (3/0) [ 593.367261][T12313] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 593.414323][ T6050] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 593.415241][ T6050] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 593.415294][ T6050] usb 1-1: media controller created [ 593.438559][T18965] netlink: 64 bytes leftover after parsing attributes in process `syz.7.5041'. [ 593.459038][ T6050] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 593.488168][ T6050] dvb-usb: bulk message failed: -22 (6/0) [ 593.488269][ T6050] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 593.492495][ T6050] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input58 [ 593.495529][ T6050] dvb-usb: schedule remote query interval to 150 msecs. [ 593.495548][ T6050] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 593.534356][T12313] usb 4-1: Using ep0 maxpacket: 16 [ 593.543465][T12313] usb 4-1: config 0 has an invalid interface number: 236 but max is 1 [ 593.543492][T12313] usb 4-1: config 0 has an invalid interface number: 129 but max is 1 [ 593.543510][T12313] usb 4-1: config 0 has no interface number 0 [ 593.543525][T12313] usb 4-1: config 0 has no interface number 1 [ 593.543584][T12313] usb 4-1: config 0 interface 236 altsetting 6 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 593.543611][T12313] usb 4-1: config 0 interface 236 altsetting 6 endpoint 0xD has invalid wMaxPacketSize 0 [ 593.543635][T12313] usb 4-1: config 0 interface 236 has no altsetting 0 [ 593.543652][T12313] usb 4-1: config 0 interface 129 has no altsetting 0 [ 593.546151][T12313] usb 4-1: New USB device found, idVendor=1ace, idProduct=e9b2, bcdDevice=5c.3d [ 593.546178][T12313] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.546197][T12313] usb 4-1: Product: syz [ 593.546211][T12313] usb 4-1: Manufacturer: syz [ 593.546224][T12313] usb 4-1: SerialNumber: syz [ 593.563092][T12313] usb 4-1: config 0 descriptor?? [ 593.649320][ T5682] dvb-usb: bulk message failed: -22 (1/0) [ 593.649350][ T5682] dvb-usb: error while querying for an remote control event. [ 593.653776][ T6043] usb 1-1: USB disconnect, device number 49 [ 593.786775][T18973] netlink: 24 bytes leftover after parsing attributes in process `syz.6.5044'. [ 593.786796][T18973] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5044'. [ 593.829696][T12313] ir_usb 4-1:0.236: required endpoints missing [ 593.988571][ T6043] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 594.039971][T12313] usb 4-1: selecting invalid altsetting 0 [ 594.090192][T12313] usb 4-1: selecting invalid altsetting 0 [ 594.091035][T12313] usb 4-1: Found UVC 2.26 device syz (1ace:e9b2) [ 594.091064][T12313] usb 4-1: No valid video chain found. [ 594.099961][T12313] usb 4-1: USB disconnect, device number 41 [ 594.115993][T18978] tap0: tun_chr_ioctl cmd 2147767506 [ 594.116077][T18979] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5046'. [ 594.116273][T18979] netlink: 'syz.6.5046': attribute type 5 has an invalid length. [ 594.437155][T18982] netlink: 33 bytes leftover after parsing attributes in process `syz.0.5047'. [ 594.716584][ T5682] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 594.869111][ T5682] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 594.869143][ T5682] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.895726][ T5682] usb 4-1: config 0 descriptor?? [ 594.907830][ T5682] cp210x 4-1:0.0: cp210x converter detected [ 594.916794][ T5848] Bluetooth: hci3: command 0x0405 tx timeout [ 595.401305][ T5682] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 595.430083][ T5682] usb 4-1: cp210x converter now attached to ttyUSB0 [ 595.638693][ T6043] usb 4-1: USB disconnect, device number 42 [ 595.698051][ T6043] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 595.826522][ T6043] cp210x 4-1:0.0: device disconnected [ 596.647957][T19043] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5075'. [ 597.075518][ T5848] Bluetooth: hci3: command 0x0405 tx timeout [ 597.185327][ T37] kauditd_printk_skb: 8 callbacks suppressed [ 597.185346][ T37] audit: type=1326 audit(1109.053:4019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19057 comm="syz.5.5082" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x0 [ 597.871157][T19079] netlink: 'syz.0.5092': attribute type 1 has an invalid length. [ 598.152641][T19092] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5097'. [ 598.152676][T19092] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5097'. [ 598.298788][T19095] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5098'. [ 598.476851][T19098] netlink: 'syz.5.5100': attribute type 10 has an invalid length. [ 598.548418][T19098] bond0: (slave bond_slave_0): Releasing backup interface [ 598.744752][T19106] tun0: tun_chr_ioctl cmd 3223385353 [ 598.971445][T19110] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5105'. [ 598.971474][T19110] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5105'. [ 598.971492][T19110] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5105'. [ 598.971735][T19110] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5105'. [ 598.971750][T19110] netlink: 'syz.5.5105': attribute type 6 has an invalid length. [ 599.565865][ T10] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 599.730288][ T10] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 599.730319][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.730338][ T10] usb 1-1: Product: syz [ 599.730351][ T10] usb 1-1: Manufacturer: syz [ 599.730364][ T10] usb 1-1: SerialNumber: syz [ 599.766452][ T10] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 599.827799][ T6043] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 601.674718][ T6043] usb 1-1: Service connection timeout for: 257 [ 601.674739][ T6043] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services [ 601.744370][ T31] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 601.895925][ T31] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 601.895957][ T31] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 601.895982][ T31] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 601.899692][ T31] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 601.899720][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 601.899740][ T31] usb 4-1: Product: syz [ 601.899753][ T31] usb 4-1: Manufacturer: syz [ 601.899767][ T31] usb 4-1: SerialNumber: syz [ 601.989517][ T31] usb 4-1: config 0 descriptor?? [ 602.000146][T19174] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 602.000603][T19174] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 602.046524][ T31] usb 4-1: ucan: probing device on interface #0 [ 603.675047][ T5682] usb 1-1: USB disconnect, device number 50 [ 603.690634][ T6043] ath9k_htc: Failed to initialize the device [ 603.845765][ T5682] usb 1-1: ath9k_htc: USB layer deinitialized [ 603.858306][ T31] ucan 4-1:0.0 can0: registered device [ 603.858826][ T31] ucan 4-1:0.0 can0: firmware string: unknown [ 603.888657][ T31] usb 4-1: USB disconnect, device number 43 [ 604.167560][T19191] Invalid ELF header magic: != ELF [ 605.022033][T19229] vcan0: tx drop: invalid da for name 0x00000000000000c7 [ 606.098245][T19262] tap0: tun_chr_ioctl cmd 1074025677 [ 606.098506][T19262] tap0: linktype set to 823 [ 607.725003][T19330] bond0: entered promiscuous mode [ 607.725025][T19330] bond_slave_0: entered promiscuous mode [ 607.729547][T19330] bond_slave_1: entered promiscuous mode [ 607.789527][T19330] bond0: left promiscuous mode [ 607.789549][T19330] bond_slave_0: left promiscuous mode [ 607.793474][T19330] bond_slave_1: left promiscuous mode [ 609.479227][ T5682] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 609.632262][ T5682] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 609.632322][ T5682] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 609.633964][ T5682] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 609.633991][ T5682] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 609.634009][ T5682] usb 6-1: Manufacturer: syz [ 609.681580][ T5682] usb 6-1: config 0 descriptor?? [ 609.785917][ T5682] rc_core: IR keymap rc-hauppauge not found [ 609.785937][ T5682] Registered IR keymap rc-empty [ 609.787412][ T5682] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 609.812658][ T5682] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input59 [ 609.906536][ C1] igorplugusb 6-1:0.0: Error: urb status = -32 [ 609.917639][ T5682] usb 6-1: USB disconnect, device number 13 [ 610.044936][T19404] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 610.045919][T19404] batadv_slave_0: entered promiscuous mode [ 610.285983][ T5682] kernel write not supported for file /784/attr/exec (pid: 5682 comm: kworker/1:3) [ 610.698611][ T5682] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 610.718582][ T31] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 610.861143][ T5682] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 610.861174][ T5682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.868559][ T31] usb 4-1: Using ep0 maxpacket: 8 [ 610.879269][ T31] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 610.879296][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.915683][ T5682] usb 1-1: config 0 descriptor?? [ 610.930743][ T5682] cp210x 1-1:0.0: cp210x converter detected [ 610.937537][ T31] pvrusb2: Hardware description: Terratec Grabster AV400 [ 610.937553][ T31] pvrusb2: ********** [ 610.937560][ T31] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 610.937571][ T31] pvrusb2: Important functionality might not be entirely working. [ 610.937580][ T31] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 610.937813][ T31] pvrusb2: ********** [ 611.126320][ T2370] pvrusb2: Invalid write control endpoint [ 611.242794][ T2370] pvrusb2: Invalid write control endpoint [ 611.242809][ T2370] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 611.242817][ T2370] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 611.242824][ T2370] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 611.242834][ T2370] pvrusb2: Device being rendered inoperable [ 611.244960][ T2370] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 611.245019][ T2370] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 611.265418][ T2370] pvrusb2: Attached sub-driver cx25840 [ 611.265433][ T2370] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 611.265442][ T2370] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 611.337934][ T6043] usb 4-1: USB disconnect, device number 44 [ 611.567307][ T5682] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 611.567361][ T5682] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 611.587743][ T5682] usb 1-1: cp210x converter now attached to ttyUSB0 [ 611.597564][ T5682] usb 1-1: USB disconnect, device number 51 [ 611.612267][ T5682] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 611.612556][ T5682] cp210x 1-1:0.0: device disconnected [ 611.718482][ T10] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 611.868564][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 611.871794][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 611.871840][ T10] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 611.871863][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.880615][ T10] usb 6-1: config 0 descriptor?? [ 611.973587][T19452] batadv_slave_1: entered promiscuous mode [ 611.974426][T19451] batadv_slave_1: left promiscuous mode [ 612.105960][ T10] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 612.451361][ T10] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 612.503248][ T5682] usb 6-1: USB disconnect, device number 14 [ 612.614522][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 612.614548][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 612.637886][ T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 612.637915][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 612.637932][ T10] usb 1-1: SerialNumber: syz [ 612.708367][T19473] syzkaller1: entered promiscuous mode [ 612.708396][T19473] syzkaller1: entered allmulticast mode [ 612.880578][ T10] usb 1-1: 0:2 : does not exist [ 612.909352][ T10] usb 1-1: USB disconnect, device number 52 [ 613.728721][T19500] vivid-000: disconnect [ 613.732789][T19498] vivid-000: reconnect [ 615.256558][ T10] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 615.411983][ T10] usb 4-1: config 0 has an invalid interface number: 128 but max is 0 [ 615.412010][ T10] usb 4-1: config 0 has no interface number 0 [ 615.433080][ T10] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 615.433109][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.433126][ T10] usb 4-1: Product: syz [ 615.433138][ T10] usb 4-1: Manufacturer: syz [ 615.433150][ T10] usb 4-1: SerialNumber: syz [ 615.482302][ T10] usb 4-1: config 0 descriptor?? [ 615.911181][ T10] usb 4-1: Firmware: major: 0, minor: 11, hardware type: UNKNOWN (170) [ 616.119511][ T10] usb 4-1: failed to fetch extended address, random address set [ 616.119541][ T10] usb 4-1: atusb_probe: initialization failed, error = -524 [ 616.119795][ T10] atusb 4-1:0.128: probe with driver atusb failed with error -524 [ 616.161557][ T10] usb 4-1: USB disconnect, device number 45 [ 617.197568][T19607] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5325'. [ 617.265934][T19607] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5325'. [ 618.140962][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.198449][T19626] 9pnet: p9_errstr2errno: server reported unknown error @0x0000000000000004 [ 619.780517][T19669] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.5351'. [ 620.973680][ T6043] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 621.126265][ T6043] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.126299][ T6043] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 621.126321][ T6043] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 621.126486][ T6043] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 621.126511][ T6043] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.192714][ T6043] usb 4-1: config 0 descriptor?? [ 621.648959][ T6043] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 621.860334][ T31] usb 4-1: USB disconnect, device number 46 [ 622.305299][ T37] audit: type=1326 audit(1134.186:4020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.305597][ T37] audit: type=1326 audit(1134.196:4021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.306196][ T37] audit: type=1326 audit(1134.196:4022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.306850][ T37] audit: type=1326 audit(1134.196:4023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.307459][ T37] audit: type=1326 audit(1134.196:4024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.314750][ T37] audit: type=1326 audit(1134.206:4025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.314801][ T37] audit: type=1326 audit(1134.206:4026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.314843][ T37] audit: type=1326 audit(1134.206:4027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.314882][ T37] audit: type=1326 audit(1134.206:4028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.314923][ T37] audit: type=1326 audit(1134.206:4029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19744 comm="syz.5.5385" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f591c57eba9 code=0x7ffc0000 [ 622.352743][ T9] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 622.565257][ T9] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 622.565310][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 622.565337][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 622.565358][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 622.566877][ T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 622.566904][ T9] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 622.566923][ T9] usb 1-1: Manufacturer: syz [ 622.643768][ T9] usb 1-1: config 0 descriptor?? [ 623.093852][ T9] appleir 0003:05AC:8243.0031: unknown main item tag 0x0 [ 623.144101][ T9] appleir 0003:05AC:8243.0031: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 623.185446][T19760] loop9: detected capacity change from 0 to 7 [ 623.199380][T19760] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 623.199419][T19760] loop9: partition table partially beyond EOD, truncated [ 623.199528][T19760] loop9: p1 size 2433217042 extends beyond EOD, truncated [ 623.354505][ T6050] usb 1-1: USB disconnect, device number 53 [ 623.663843][T19772] 9pnet: p9_errstr2errno: server reported unknown error 0x0000000000000003 [ 623.913124][T19776] sctp: [Deprecated]: syz.7.5400 (pid 19776) Use of struct sctp_assoc_value in delayed_ack socket option. [ 623.913124][T19776] Use struct sctp_sack_info instead [ 623.962352][T19778] could not open pipe file descriptor [ 624.090498][T19788] sctp: [Deprecated]: syz.5.5404 (pid 19788) Use of int in max_burst socket option deprecated. [ 624.090498][T19788] Use struct sctp_assoc_value instead [ 624.355092][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.355160][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.389115][T19799] 9pnet: p9_errstr2errno: server reported unknown error @΂ [ 624.522500][T19797] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 624.753649][ T5851] block nbd4: Receive control failed (result -32) [ 625.615171][T19842] loop8: detected capacity change from 0 to 7 [ 625.649533][T19842] Dev loop8: unable to read RDB block 7 [ 625.649597][T19842] loop8: unable to read partition table [ 625.649835][T19842] loop8: partition table beyond EOD, truncated [ 625.649853][T19842] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 625.965409][T19855] use of bytesused == 0 is deprecated and will be removed in the future, [ 625.965424][T19855] use the actual size instead. [ 626.823148][T19881] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5445'. [ 627.193272][T19888] syzkaller1: entered promiscuous mode [ 627.193302][T19888] syzkaller1: entered allmulticast mode [ 627.899997][ T31] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 628.049973][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 628.052311][ T31] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 628.052338][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.057301][ T31] usb 4-1: config 0 descriptor?? [ 628.095269][ T31] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 629.071342][ T31] gspca_vc032x: reg_w err -71 [ 629.071363][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071374][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071383][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071392][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071400][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071409][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071417][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071426][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071434][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071442][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071450][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071458][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071466][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071473][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071481][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071489][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071498][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071506][ T31] gspca_vc032x: I2c Bus Busy Wait 00 [ 629.071514][ T31] gspca_vc032x: Unknown sensor... [ 629.071596][ T31] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 629.079031][ T31] usb 4-1: USB disconnect, device number 47 [ 630.248810][ T6043] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 630.408804][ T6043] usb 6-1: Using ep0 maxpacket: 8 [ 630.412295][ T6043] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 630.412363][ T6043] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF [ 630.412389][ T6043] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 630.416331][ T6043] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 630.416358][ T6043] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.416377][ T6043] usb 6-1: Product: syz [ 630.416390][ T6043] usb 6-1: Manufacturer: syz [ 630.416404][ T6043] usb 6-1: SerialNumber: syz [ 631.584271][ T6043] cdc_ncm 6-1:1.0: bind() failure [ 631.632324][ T6043] usbtest 6-1:1.1: probe with driver usbtest failed with error -71 [ 631.668874][ T6043] usb 6-1: USB disconnect, device number 15 [ 632.425036][T19967] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 638.175401][T20022] loop7: detected capacity change from 0 to 7 [ 638.177812][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.177893][ C1] buffer_io_error: 5 callbacks suppressed [ 638.177906][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 638.178344][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.178370][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 638.183917][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.183948][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 638.269457][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.269493][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 638.283597][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.283635][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 638.350926][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 638.350959][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 639.763096][T20041] loop8: detected capacity change from 0 to 8 [ 639.764649][T20041] Dev loop8: unable to read RDB block 8 [ 639.764693][T20041] loop8: unable to read partition table [ 639.764939][T20041] loop8: partition table beyond EOD, truncated [ 639.764957][T20041] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 641.096069][T20049] batadv0: entered promiscuous mode [ 641.096246][T20049] macsec1: entered promiscuous mode [ 641.096467][T20049] macsec1: entered allmulticast mode [ 641.096634][T20049] batadv0: entered allmulticast mode [ 641.613114][ T5848] Bluetooth: hci3: command 0x0405 tx timeout [ 643.779098][T20023] Invalid logical block size (6) [ 643.790730][T20022] ldm_validate_partition_table(): Disk read failed. [ 643.790984][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.791015][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.797041][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.797077][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.797368][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.797393][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.797641][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.797667][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.797846][T20022] Dev loop7: unable to read RDB block 0 [ 643.797926][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.797950][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.798194][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.798219][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.798477][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.798502][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.798788][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.798813][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.799192][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 643.799218][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 643.799306][T20022] loop7: unable to read partition table [ 643.799554][T20022] loop7: partition table beyond EOD, truncated [ 643.799595][T20022] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 644.062477][T20049] batadv0: left allmulticast mode [ 644.062881][T20049] batadv0: left promiscuous mode [ 655.869639][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 655.896426][ T5851] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 655.924730][ T5851] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 655.934949][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 655.943252][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 656.956767][ T5851] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 656.964509][ T5851] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 656.988088][ T5851] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 656.989293][ T5851] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 656.990155][ T5851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 658.008165][ T5851] Bluetooth: hci4: command tx timeout [ 659.044566][ T5851] Bluetooth: hci6: command tx timeout [ 660.084044][ T5851] Bluetooth: hci4: command tx timeout [ 661.123822][ T5851] Bluetooth: hci6: command tx timeout [ 662.163198][ T5851] Bluetooth: hci4: command tx timeout [ 663.060734][ T5848] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 663.093008][ T5848] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 663.094945][ T5848] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 663.096753][ T5848] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 663.102095][ T5848] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 663.202804][ T5851] Bluetooth: hci6: command tx timeout [ 663.588138][ T5848] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 663.617535][ T5848] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 663.622353][ T5848] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 663.649494][ T5848] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 663.663088][ T5848] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 664.241950][ T5851] Bluetooth: hci4: command tx timeout [ 665.201581][ T5851] Bluetooth: hci7: command tx timeout [ 665.284869][ T5851] Bluetooth: hci6: command tx timeout [ 667.350320][ T5851] Bluetooth: hci7: command tx timeout [ 669.359963][ T5848] Bluetooth: hci7: command tx timeout [ 669.522146][ T5848] Bluetooth: hci8: command tx timeout [ 671.511272][ T5848] Bluetooth: hci7: command tx timeout [ 671.598170][ T5848] Bluetooth: hci8: command tx timeout [ 673.677156][ T5848] Bluetooth: hci8: command tx timeout [ 675.756128][ T5848] Bluetooth: hci8: command tx timeout [ 685.762012][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.762099][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.865947][ T59] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 692.893238][ T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 692.895325][ T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 692.896666][ T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 692.920943][ T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 695.026725][ T59] Bluetooth: hci0: command tx timeout [ 697.105494][ T5848] Bluetooth: hci0: command tx timeout [ 699.184479][ T5848] Bluetooth: hci0: command tx timeout [ 701.263352][ T5848] Bluetooth: hci0: command tx timeout [ 716.407928][ T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 716.413250][ T59] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 716.414835][ T59] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 716.471289][ T59] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 716.472107][ T59] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 717.382211][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 717.411105][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 717.412711][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 717.447207][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 717.448069][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 718.535626][ T59] Bluetooth: hci1: command tx timeout [ 719.514114][ T59] Bluetooth: hci2: command tx timeout [ 720.613593][ T59] Bluetooth: hci1: command tx timeout [ 721.578086][ T59] Bluetooth: hci2: command tx timeout [ 722.162156][ T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 722.192484][ T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 722.195568][ T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 722.196876][ T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 722.197735][ T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 722.614838][ T59] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 722.650338][ T59] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 722.651983][ T59] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 722.672235][ T59] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 722.684850][ T59] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 722.715331][ T59] Bluetooth: hci1: command tx timeout [ 723.670489][ T5848] Bluetooth: hci2: command tx timeout [ 724.311326][ T5848] Bluetooth: hci5: command tx timeout [ 724.772899][ T5851] Bluetooth: hci1: command tx timeout [ 724.772978][ T5848] Bluetooth: hci9: command tx timeout [ 725.731011][ T5848] Bluetooth: hci2: command tx timeout [ 726.375516][ T5848] Bluetooth: hci5: command tx timeout [ 726.850793][ T5848] Bluetooth: hci9: command tx timeout [ 728.450940][ T5848] Bluetooth: hci5: command tx timeout [ 728.929423][ T5848] Bluetooth: hci9: command tx timeout [ 730.598577][ T5851] Bluetooth: hci5: command tx timeout [ 731.008605][ T5848] Bluetooth: hci9: command tx timeout [ 747.180823][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.180913][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.972242][ T5851] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 753.026722][ T5851] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 753.035891][ T5851] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 753.061685][ T5851] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 753.063508][ T5851] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 755.177939][ T5851] Bluetooth: hci10: command tx timeout [ 757.305771][ T5851] Bluetooth: hci10: command tx timeout [ 759.374199][ T5851] Bluetooth: hci10: command tx timeout [ 761.395573][ T5848] Bluetooth: hci10: command tx timeout [ 776.468253][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 776.473332][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 776.474920][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 777.080729][ T59] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 777.094276][ T59] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 777.104807][ T59] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 777.113650][ T59] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 777.114467][ T59] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 777.173755][ T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 777.174574][ T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 779.955251][T20092] Bluetooth: hci4: command 0x0406 tx timeout [ 779.955293][T20092] Bluetooth: hci6: command 0x0406 tx timeout [ 781.555931][T20092] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 781.562488][T20092] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 781.581563][T20092] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 781.582797][T20092] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 781.639656][T20092] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 782.161719][T20125] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 782.193414][T20125] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 782.195205][T20125] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 782.196696][T20125] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 782.197985][T20125] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 808.590312][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.590389][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.928009][ T5851] Bluetooth: hci3: command tx timeout [ 812.487895][ T5851] Bluetooth: hci11: command tx timeout [ 813.133228][ T59] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 813.168579][ T59] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 813.171787][ T59] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 813.172994][ T59] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 813.174779][ T59] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 814.006894][ T5848] Bluetooth: hci3: command tx timeout [ 814.566829][ T5848] Bluetooth: hci11: command tx timeout [ 816.086105][ T5848] Bluetooth: hci3: command tx timeout [ 816.648330][ T5848] Bluetooth: hci11: command tx timeout [ 818.164929][ T5848] Bluetooth: hci3: command tx timeout [ 818.725347][ T5848] Bluetooth: hci11: command tx timeout [ 821.675501][T20119] Bluetooth: hci12: command tx timeout [ 821.680457][T20092] Bluetooth: hci13: command tx timeout [ 823.711993][T20092] Bluetooth: hci13: command tx timeout [ 823.712648][T20092] Bluetooth: hci12: command tx timeout [ 825.762900][T20119] Bluetooth: hci12: command tx timeout [ 825.762936][T20119] Bluetooth: hci13: command tx timeout [ 827.839955][T20092] Bluetooth: hci13: command tx timeout [ 827.839989][T20092] Bluetooth: hci12: command tx timeout [ 829.039410][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 836.828563][T20092] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 836.859926][T20092] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 836.861621][T20092] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 836.862871][T20092] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 836.892100][T20092] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 837.723847][ T5848] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 837.764219][ T5848] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 837.773288][ T5848] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 837.774702][ T5848] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 837.794639][ T5848] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 842.078492][ T59] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 842.107970][ T59] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 842.140212][ T59] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 842.156439][ T59] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 842.158644][ T59] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 843.335663][T20117] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 843.461853][T20117] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 843.487624][T20117] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 843.488923][T20117] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 843.489757][T20117] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 846.471653][T20145] Bluetooth: hci5: command 0x0406 tx timeout [ 846.472004][T20145] Bluetooth: hci9: command 0x0406 tx timeout [ 855.106582][T20146] Bluetooth: hci8: command tx timeout [ 857.185583][T20146] Bluetooth: hci8: command tx timeout [ 859.293637][T20146] Bluetooth: hci8: command tx timeout [ 861.353108][T20146] Bluetooth: hci8: command tx timeout [ 870.028236][ T1307] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.028315][ T1307] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.538139][ T38] INFO: task syz-executor:20103 blocked for more than 143 seconds. [ 872.538169][ T38] Not tainted syzkaller #0 [ 872.538178][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 872.538190][ T38] task:syz-executor state:D stack:26952 pid:20103 tgid:20103 ppid:1 task_flags:0x400140 flags:0x00004004 [ 872.538242][ T38] Call Trace: [ 872.538249][ T38] [ 872.538262][ T38] __schedule+0x16f3/0x4c20 [ 872.538322][ T38] ? __pfx___schedule+0x10/0x10 [ 872.538367][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 872.538395][ T38] rt_mutex_schedule+0x77/0xf0 [ 872.538414][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 872.538436][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 872.538477][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 872.538500][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 872.538522][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 872.538541][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.538576][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 872.538603][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 872.538632][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 872.538649][ T38] mutex_lock_nested+0x16a/0x1d0 [ 872.538677][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 872.538707][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 872.538747][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 872.538766][ T38] rtnetlink_rcv_msg+0x7cc/0xb70 [ 872.538789][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.538813][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 872.538835][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 872.538878][ T38] netlink_rcv_skb+0x208/0x470 [ 872.538900][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.538923][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 872.538958][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 872.538995][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 872.539028][ T38] netlink_unicast+0x846/0xa10 [ 872.539061][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 872.539085][ T38] ? netlink_sendmsg+0x642/0xb30 [ 872.539106][ T38] ? skb_put+0x11b/0x210 [ 872.539135][ T38] netlink_sendmsg+0x805/0xb30 [ 872.539169][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 872.539202][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 872.539221][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 872.539246][ T38] __sock_sendmsg+0x21c/0x270 [ 872.539284][ T38] __sys_sendto+0x3c7/0x520 [ 872.539313][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 872.539367][ T38] ? exc_page_fault+0x76/0xf0 [ 872.539396][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 872.539424][ T38] __x64_sys_sendto+0xde/0x100 [ 872.539453][ T38] do_syscall_64+0xfa/0x3b0 [ 872.539469][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 872.539493][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.539493][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.539512][ T38] ? clear_bhb_loop+0x60/0xb0 [ 872.539534][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.539557][ T38] RIP: 0033:0x7fa5aa520a3c [ 872.539577][ T38] RSP: 002b:00007ffcffc97a90 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 872.539596][ T38] RAX: ffffffffffffffda RBX: 00007fa5ab294620 RCX: 00007fa5aa520a3c [ 872.539610][ T38] RDX: 0000000000000028 RSI: 00007fa5ab294670 RDI: 0000000000000003 [ 872.539622][ T38] RBP: 0000000000000000 R08: 00007ffcffc97ae4 R09: 000000000000000c [ 872.539634][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 872.539646][ T38] R13: 0000000000000000 R14: 00007fa5ab294670 R15: 0000000000000000 [ 872.539676][ T38] [ 872.539685][ T38] INFO: task syz-executor:20105 blocked for more than 143 seconds. [ 872.539698][ T38] Not tainted syzkaller #0 [ 872.539707][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 872.539716][ T38] task:syz-executor state:D stack:26816 pid:20105 tgid:20105 ppid:1 task_flags:0x400140 flags:0x00004004 [ 872.539760][ T38] Call Trace: [ 872.539766][ T38] [ 872.539778][ T38] __schedule+0x16f3/0x4c20 [ 872.539829][ T38] ? __pfx___schedule+0x10/0x10 [ 872.539873][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 872.539901][ T38] rt_mutex_schedule+0x77/0xf0 [ 872.539919][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 872.539948][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 872.539989][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 872.540012][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 872.540034][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 872.540053][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.540087][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 872.540115][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 872.540143][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 872.540159][ T38] mutex_lock_nested+0x16a/0x1d0 [ 872.540186][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 872.540216][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 872.540256][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 872.540275][ T38] rtnetlink_rcv_msg+0x7cc/0xb70 [ 872.540297][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.540321][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 872.540344][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 872.540387][ T38] netlink_rcv_skb+0x208/0x470 [ 872.540408][ T38] ? __lock_acquire+0xab9/0xd20 [ 872.540431][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 872.540456][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 872.540493][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 872.540525][ T38] netlink_unicast+0x846/0xa10 [ 872.540557][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 872.540581][ T38] ? netlink_sendmsg+0x642/0xb30 [ 872.540602][ T38] ? skb_put+0x11b/0x210 [ 872.540631][ T38] netlink_sendmsg+0x805/0xb30 [ 872.540665][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 872.540698][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 872.540716][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 872.540741][ T38] __sock_sendmsg+0x21c/0x270 [ 872.540767][ T38] __sys_sendto+0x3c7/0x520 [ 872.540794][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 872.540848][ T38] ? exc_page_fault+0x76/0xf0 [ 872.540877][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 872.540904][ T38] __x64_sys_sendto+0xde/0x100 [ 872.540939][ T38] do_syscall_64+0xfa/0x3b0 [ 872.540955][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 872.540979][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.540997][ T38] ? clear_bhb_loop+0x60/0xb0 [ 872.541019][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 872.541037][ T38] RIP: 0033:0x7f44e4d60a3c [ 872.541052][ T38] RSP: 002b:00007fffe0a25960 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 872.541071][ T38] RAX: ffffffffffffffda RBX: 00007f44e5ad4620 RCX: 00007f44e4d60a3c [ 872.541084][ T38] RDX: 0000000000000028 RSI: 00007f44e5ad4670 RDI: 0000000000000003 [ 872.541097][ T38] RBP: 0000000000000000 R08: 00007fffe0a259b4 R09: 000000000000000c [ 872.541109][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 872.541120][ T38] R13: 0000000000000000 R14: 00007f44e5ad4670 R15: 0000000000000000 [ 872.541151][ T38] [ 872.541176][ T38] [ 872.541176][ T38] Showing all locks held in the system: [ 872.541187][ T38] 2 locks held by rcuc/1/28: [ 872.541197][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 872.541244][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 872.541290][ T38] 7 locks held by ktimers/1/29: [ 872.541302][ T38] 1 lock held by khungtaskd/38: [ 872.541312][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 872.541356][ T38] 4 locks held by kworker/u9:0/59: [ 872.541366][ T38] #0: ffff88803dd44938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.541416][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.541462][ T38] #2: ffff88806ea280a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 [ 872.541509][ T38] #3: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 872.541584][ T38] 2 locks held by getty/5600: [ 872.541595][ T38] #0: ffff88823bf320a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 872.541644][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 872.541689][ T38] 4 locks held by kworker/u9:3/5848: [ 872.541699][ T38] #0: ffff8880366ab138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.541749][ T38] #1: ffffc90004cbfbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.541794][ T38] #2: ffff8880679040a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 [ 872.541841][ T38] #3: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 872.541889][ T38] 3 locks held by kworker/u8:25/7526: [ 872.541899][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.541950][ T38] #1: ffffc90003ee7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.541995][ T38] #2: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 872.542037][ T38] 5 locks held by kworker/u8:34/7538: [ 872.542048][ T38] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.542093][ T38] #1: ffffc90004077bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.542137][ T38] #2: ffffffff8ecc6680 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 872.542183][ T38] #3: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 872.542226][ T38] #4: ffff8880368bd7b8 (&wg->device_update_lock){+.+.}-{4:4}, at: wg_netns_pre_exit+0xb0/0x1d0 [ 872.542270][ T38] 3 locks held by kworker/u8:55/8217: [ 872.542283][ T38] 3 locks held by kworker/0:8/12313: [ 872.542293][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.542338][ T38] #1: ffffc9000478fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.542383][ T38] #2: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 872.542430][ T38] 4 locks held by kworker/1:1/18703: [ 872.542441][ T38] 3 locks held by kworker/u8:3/20004: [ 872.542451][ T38] #0: ffff88814cb6c938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.542497][ T38] #1: ffffc90004727bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.542543][ T38] #2: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 872.542587][ T38] 2 locks held by syz-executor/20070: [ 872.542598][ T38] #0: ffffffff8ecc6680 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 872.542643][ T38] #1: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x2a4/0x990 [ 872.542689][ T38] 2 locks held by syz-executor/20073: [ 872.542700][ T38] #0: ffffffff8ecc6680 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 872.542745][ T38] #1: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 872.542792][ T38] 1 lock held by syz.7.5529/20089: [ 872.542801][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 872.542849][ T38] 4 locks held by syz-executor/20091: [ 872.542859][ T38] #0: ffff88804b9cce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 872.542903][ T38] #1: ffff88804b9cc0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 872.542956][ T38] #2: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 872.542997][ T38] #3: ffff8880329bd358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 872.543049][ T38] 4 locks held by kworker/u9:1/20092: [ 872.543060][ T38] #0: ffff888038b88938 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.543109][ T38] #1: ffffc90004c5fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.543154][ T38] #2: ffff88806562c0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 [ 872.543201][ T38] #3: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 872.543247][ T38] 3 locks held by syz-executor/20096: [ 872.543258][ T38] #0: ffff8880611c8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 872.543301][ T38] #1: ffff8880611c80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 872.543347][ T38] #2: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 872.543389][ T38] 1 lock held by syz-executor/20103: [ 872.543399][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.543442][ T38] 1 lock held by syz-executor/20105: [ 872.543452][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.543494][ T38] 1 lock held by syz-executor/20109: [ 872.543504][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.543545][ T38] 1 lock held by syz-executor/20112: [ 872.543555][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.543597][ T38] 1 lock held by syz-executor/20115: [ 872.543607][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.543649][ T38] 4 locks held by kworker/u9:2/20117: [ 872.543659][ T38] #0: ffff88802ad5d138 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.543704][ T38] #1: ffffc90005ebfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.543749][ T38] #2: ffff888063ed4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 872.543792][ T38] #3: ffff888063ed40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 872.543840][ T38] 4 locks held by kworker/u9:6/20119: [ 872.543850][ T38] #0: ffff88803b2cc938 ((wq_completion)hci7#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 872.543899][ T38] #1: ffffc90003c67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 872.543952][ T38] #2: ffff88805959c0a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220 [ 872.543998][ T38] #3: ffffffff8ee3b058 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140 [ 872.544043][ T38] 1 lock held by syz-executor/20121: [ 872.544054][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544095][ T38] 1 lock held by syz-executor/20124: [ 872.544105][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544148][ T38] 1 lock held by syz-executor/20129: [ 872.544159][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544201][ T38] 1 lock held by syz-executor/20133: [ 872.544211][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544253][ T38] 1 lock held by syz-executor/20135: [ 872.544263][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544305][ T38] 1 lock held by syz-executor/20140: [ 872.544315][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544357][ T38] 1 lock held by syz-executor/20143: [ 872.544368][ T38] #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 872.544410][ T38] 1 lock held by syz-executor/20147: [ 872.544421][ T38] [ 872.544425][ T38] ============================================= [ 872.544425][ T38] [ 872.544442][ T38] NMI backtrace for cpu 0 [ 872.544466][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 872.544486][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 872.544496][ T38] Call Trace: [ 872.544503][ T38] [ 872.544510][ T38] dump_stack_lvl+0x189/0x250 [ 872.544538][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 872.544562][ T38] ? __pfx__printk+0x10/0x10 [ 872.544595][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 872.544619][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 872.544645][ T38] ? __pfx__printk+0x10/0x10 [ 872.544668][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 872.544692][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 872.544716][ T38] watchdog+0xf93/0xfe0 [ 872.544744][ T38] ? watchdog+0x1de/0xfe0 [ 872.544772][ T38] kthread+0x70e/0x8a0 [ 872.544800][ T38] ? __pfx_watchdog+0x10/0x10 [ 872.544821][ T38] ? __pfx_kthread+0x10/0x10 [ 872.544850][ T38] ? __pfx_kthread+0x10/0x10 [ 872.544876][ T38] ret_from_fork+0x439/0x7d0 [ 872.544900][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 872.544934][ T38] ? __switch_to_asm+0x39/0x70 [ 872.544949][ T38] ? __switch_to_asm+0x33/0x70 [ 872.544965][ T38] ? __pfx_kthread+0x10/0x10 [ 872.544990][ T38] ret_from_fork_asm+0x1a/0x30 [ 872.545023][ T38] [ 872.545030][ T38] Sending NMI from CPU 0 to CPUs 1: [ 872.545059][ C1] NMI backtrace for cpu 1 [ 872.545072][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 872.545090][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 872.545098][ C1] RIP: 0010:get_random_u32+0x8f/0x590 [ 872.545118][ C1] Code: ed 03 43 c7 44 25 00 f1 f1 f1 f1 48 b8 f2 f2 f2 f2 04 f3 f3 f3 4b 89 44 25 0c e8 fc 4c 7c fc c7 84 24 a0 00 00 00 00 00 00 00 <0f> 1f 44 00 00 e8 e7 4c 7c fc e8 b2 06 4e fc e8 fd e7 b4 05 41 89 [ 872.545131][ C1] RSP: 0018:ffffc90000a3e4a0 EFLAGS: 00000246 [ 872.545145][ C1] RAX: ffffffff854222c4 RBX: ffffc90000a3e4e0 RCX: ffff88801cac1dc0 [ 872.545157][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 872.545167][ C1] RBP: ffffc90000a3e5b0 R08: 0000000000000000 R09: 0000000000000100 [ 872.545182][ C1] R10: dffffc0000000000 R11: ffffffff8167a910 R12: dffffc0000000000 [ 872.545194][ C1] R13: 1ffff92000147c98 R14: ffffc90000a3e540 R15: dffffc0000000000 [ 872.545206][ C1] FS: 0000000000000000(0000) GS:ffff8881269bd000(0000) knlGS:0000000000000000 [ 872.545219][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 872.545230][ C1] CR2: 00007f6815b79b4a CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 872.545244][ C1] Call Trace: [ 872.545250][ C1] [ 872.545257][ C1] ? ktime_get+0x3e/0x1f0 [ 872.545272][ C1] ? seqcount_lockdep_reader_access+0x175/0x1c0 [ 872.545288][ C1] ? __pfx_get_random_u32+0x10/0x10 [ 872.545306][ C1] ? ktime_get+0x3e/0x1f0 [ 872.545324][ C1] ? read_tsc+0x9/0x20 [ 872.545338][ C1] ? ktime_get+0x1cb/0x1f0 [ 872.545354][ C1] netem_dequeue+0x6bd/0x1430 [ 872.545385][ C1] ? __pfx_netem_dequeue+0x10/0x10 [ 872.545402][ C1] ? __lock_acquire+0xab9/0xd20 [ 872.545425][ C1] __qdisc_run+0x23d/0x15c0 [ 872.545453][ C1] __dev_queue_xmit+0x11ff/0x3b70 [ 872.545474][ C1] ? __dev_queue_xmit+0x26f/0x3b70 [ 872.545489][ C1] ? synproxy_pernet+0x23/0x240 [ 872.545514][ C1] ? synproxy_pernet+0x23/0x240 [ 872.545532][ C1] ? synproxy_pernet+0x23/0x240 [ 872.545550][ C1] ? synproxy_pernet+0x23/0x240 [ 872.545569][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 872.545584][ C1] ? __asan_memset+0x22/0x50 [ 872.545599][ C1] ? ipv6_synproxy_hook+0x297/0xda0 [ 872.545626][ C1] ? __lock_acquire+0xab9/0xd20 [ 872.545649][ C1] ? synproxy_send_tcp_ipv6+0x4c1/0x680 [ 872.545672][ C1] ? ip6_finish_output2+0x1079/0x1720 [ 872.545693][ C1] ? ip6_finish_output2+0x710/0x1720 [ 872.545710][ C1] ip6_finish_output2+0x122a/0x1720 [ 872.545731][ C1] ? ip6_finish_output2+0x710/0x1720 [ 872.545753][ C1] ? __pfx_ip6_finish_output2+0x10/0x10 [ 872.545771][ C1] ? ip6_mtu+0x7d/0x3f0 [ 872.545788][ C1] ? ip6_finish_output+0x2ef/0x4e0 [ 872.545806][ C1] synproxy_send_tcp_ipv6+0x4c1/0x680 [ 872.545829][ C1] ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10 [ 872.545849][ C1] ? rcu_is_watching+0x15/0xb0 [ 872.545875][ C1] ? __build_skb_around+0x257/0x3e0 [ 872.545897][ C1] ? synproxy_send_client_synack_ipv6+0x34f/0xca0 [ 872.545916][ C1] ? skb_put+0x11b/0x210 [ 872.545936][ C1] synproxy_send_client_synack_ipv6+0x80e/0xca0 [ 872.545964][ C1] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 872.545985][ C1] ? nft_log_init+0x54/0x9a0 [ 872.546003][ C1] ? synproxy_pernet+0x45/0x270 [ 872.546022][ C1] nft_synproxy_eval_v6+0x36e/0x560 [ 872.546040][ C1] ? __pfx_nft_synproxy_eval_v6+0x10/0x10 [ 872.546057][ C1] ? nf_ip_checksum+0x13c/0x510 [ 872.546075][ C1] nft_synproxy_do_eval+0x3d7/0x570 [ 872.546094][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 872.546118][ C1] nft_do_chain+0x409/0x1920 [ 872.546131][ C1] ? __lock_acquire+0xab9/0xd20 [ 872.546157][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 872.546170][ C1] ? ipv6_find_hdr+0xc78/0x1050 [ 872.546211][ C1] ? do_raw_spin_lock+0x121/0x290 [ 872.546230][ C1] nft_do_chain_inet+0x25d/0x340 [ 872.546245][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 872.546259][ C1] ? __lock_acquire+0xab9/0xd20 [ 872.546282][ C1] ? NF_HOOK+0x9a/0x3a0 [ 872.546300][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 872.546316][ C1] nf_hook_slow+0xc2/0x220 [ 872.546337][ C1] NF_HOOK+0x206/0x3a0 [ 872.546356][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 872.546373][ C1] ? NF_HOOK+0x9a/0x3a0 [ 872.546390][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 872.546409][ C1] ? __pfx_ip6_input_finish+0x10/0x10 [ 872.546433][ C1] ip6_input+0x16a/0x270 [ 872.546450][ C1] ? ip6_input+0x23/0x270 [ 872.546469][ C1] NF_HOOK+0x309/0x3a0 [ 872.546486][ C1] ? skb_orphan+0xaf/0xd0 [ 872.546503][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 872.546520][ C1] ? NF_HOOK+0x9a/0x3a0 [ 872.546537][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 872.546555][ C1] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 872.546579][ C1] __netif_receive_skb+0xd3/0x380 [ 872.546596][ C1] ? rt_spin_unlock+0x65/0x80 [ 872.546616][ C1] ? process_backlog+0x27b/0x900 [ 872.546633][ C1] process_backlog+0x31e/0x900 [ 872.546658][ C1] __napi_poll+0xb3/0x540 [ 872.546678][ C1] net_rx_action+0x707/0xe00 [ 872.546705][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 872.546731][ C1] ? __pfx_migrate_enable+0x10/0x10 [ 872.546758][ C1] handle_softirqs+0x22f/0x710 [ 872.546781][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 872.546804][ C1] run_ktimerd+0xcf/0x190 [ 872.546822][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 872.546845][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 872.546861][ C1] smpboot_thread_fn+0x53f/0xa60 [ 872.546880][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 872.546901][ C1] kthread+0x70e/0x8a0 [ 872.546922][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 872.546939][ C1] ? __pfx_kthread+0x10/0x10 [ 872.546961][ C1] ? __pfx_kthread+0x10/0x10 [ 872.546981][ C1] ret_from_fork+0x439/0x7d0 [ 872.547000][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 872.547020][ C1] ? __switch_to_asm+0x39/0x70 [ 872.547033][ C1] ? __switch_to_asm+0x33/0x70 [ 872.547046][ C1] ? __pfx_kthread+0x10/0x10 [ 872.547066][ C1] ret_from_fork_asm+0x1a/0x30 [ 872.547088][ C1] [ 872.857340][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 872.857361][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 872.857384][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 872.857395][ T38] Call Trace: [ 872.857402][ T38] [ 872.857412][ T38] dump_stack_lvl+0x99/0x250 [ 872.857441][ T38] ? __asan_memcpy+0x40/0x70 [ 872.857462][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 872.857486][ T38] ? __pfx__printk+0x10/0x10 [ 872.857517][ T38] vpanic+0x281/0x750 [ 872.857543][ T38] ? __pfx_vpanic+0x10/0x10 [ 872.857564][ T38] ? irqentry_exit+0x74/0x90 [ 872.857585][ T38] ? preempt_schedule+0xae/0xc0 [ 872.857611][ T38] ? preempt_schedule_common+0x83/0xd0 [ 872.857638][ T38] panic+0xb9/0xc0 [ 872.857659][ T38] ? __pfx_panic+0x10/0x10 [ 872.857684][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 872.857710][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 872.857736][ T38] watchdog+0xfd2/0xfe0 [ 872.857764][ T38] ? watchdog+0x1de/0xfe0 [ 872.857791][ T38] kthread+0x70e/0x8a0 [ 872.857820][ T38] ? __pfx_watchdog+0x10/0x10 [ 872.857841][ T38] ? __pfx_kthread+0x10/0x10 [ 872.857871][ T38] ? __pfx_kthread+0x10/0x10 [ 872.857896][ T38] ret_from_fork+0x439/0x7d0 [ 872.857920][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 872.857948][ T38] ? __switch_to_asm+0x39/0x70 [ 872.857965][ T38] ? __switch_to_asm+0x33/0x70 [ 872.857980][ T38] ? __pfx_kthread+0x10/0x10 [ 872.858006][ T38] ret_from_fork_asm+0x1a/0x30 [ 872.858040][ T38] [ 872.858285][ T38] Kernel Offset: disabled