last executing test programs: 7m43.712931158s ago: executing program 3 (id=470): unshare(0x28000600) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$netlink(r0, 0x10e, 0x5, &(0x7f0000000300)=""/210, &(0x7f0000000180)=0xffffffffffffff28) 7m43.389927016s ago: executing program 3 (id=473): r0 = socket(0x10, 0x3, 0x9) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f0000000b00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14}}, 0x28}}, 0x0) 7m43.064589442s ago: executing program 3 (id=477): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x6, 0x21, &(0x7f0000000000)={@private2}, 0x20) getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, 0x0, &(0x7f00000000c0)) 7m42.881984107s ago: executing program 3 (id=479): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20) 7m42.654522007s ago: executing program 3 (id=480): r0 = socket(0x2, 0x80805, 0x0) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000000080)={0x2, 0x4, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}, {{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, &(0x7f0000000200)=[{&(0x7f0000001040)='l', 0x1}], 0x1}}], 0x2, 0x0) 7m41.321365841s ago: executing program 3 (id=488): r0 = syz_open_dev$video4linux(&(0x7f0000000280), 0x2ea, 0x2382) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0085666, &(0x7f0000000100)={0x4b8c76c522e9be76, 0x0, {0xaca2a353, 0x0, 0x1016, 0x2, 0x0, 0x6, 0x1, 0x4}}) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000040)={0x0, {0xd214, 0x719}}) 7m40.445679567s ago: executing program 32 (id=488): r0 = syz_open_dev$video4linux(&(0x7f0000000280), 0x2ea, 0x2382) ioctl$VIDIOC_SUBDEV_G_FMT(r0, 0xc0085666, &(0x7f0000000100)={0x4b8c76c522e9be76, 0x0, {0xaca2a353, 0x0, 0x1016, 0x2, 0x0, 0x6, 0x1, 0x4}}) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000040)={0x0, {0xd214, 0x719}}) 7m30.533464962s ago: executing program 0 (id=560): socket(0x22, 0x2, 0x2) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r0, 0xffffffffffffffff, 0x0) 7m30.242216415s ago: executing program 0 (id=561): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f000023d000/0x4000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x0, &(0x7f00000021c0), 0x4f, 0x3}) 7m29.843754363s ago: executing program 0 (id=563): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000040)=""/196, 0xc4}], 0x1, 0x8, 0xffffffff) 7m29.641001931s ago: executing program 0 (id=566): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$L2TP_CMD_NOOP(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)={0x14, r1, 0x121, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x11}, 0x400c884) 7m29.283866777s ago: executing program 0 (id=569): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) 7m28.999531298s ago: executing program 0 (id=572): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) wait4(r0, 0x0, 0x4000000a, 0x0) 7m13.578091572s ago: executing program 33 (id=572): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) rseq(&(0x7f00000004c0)={0x0, 0x0, 0x0, 0x6}, 0x20, 0x0, 0x0) wait4(r0, 0x0, 0x4000000a, 0x0) 6m20.955595038s ago: executing program 2 (id=950): r0 = socket$inet6(0xa, 0x1, 0x0) capset(&(0x7f00000020c0)={0x19980330}, &(0x7f00000001c0)) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, &(0x7f0000000200)) 6m20.613870256s ago: executing program 2 (id=955): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r0, 0x0, 0x200000000003}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 6m20.19341132s ago: executing program 2 (id=961): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) close(r1) 6m19.077382591s ago: executing program 2 (id=966): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x14, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 6m18.723854572s ago: executing program 2 (id=970): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) 6m18.375799688s ago: executing program 2 (id=975): r0 = socket(0x15, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) getsockname$tipc(r0, 0x0, &(0x7f0000000080)) 6m3.188875795s ago: executing program 34 (id=975): r0 = socket(0x15, 0x5, 0x0) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) getsockname$tipc(r0, 0x0, &(0x7f0000000080)) 2m16.718766973s ago: executing program 1 (id=3388): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) ppoll(&(0x7f00000000c0)=[{r0, 0x747}, {r0, 0x6160}], 0x2, 0x0, 0x0, 0x0) syz_io_uring_setup(0x3b46, 0x0, 0x0, 0x0) 2m15.691087451s ago: executing program 1 (id=3401): openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x101800, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 2m15.044143781s ago: executing program 1 (id=3406): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0) 2m14.469338779s ago: executing program 1 (id=3408): mkdir(&(0x7f0000000100)='./control\x00', 0x184) open(&(0x7f00000000c0)='./control\x00', 0x573382, 0x113) rmdir(&(0x7f0000000280)='./control\x00') 2m14.380487948s ago: executing program 1 (id=3409): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10) symlink(&(0x7f0000000440)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2m14.20539701s ago: executing program 1 (id=3411): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00', 0x4}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000004c40)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x14) 1m59.086818651s ago: executing program 35 (id=3411): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00', 0x4}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000004c40)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x14) 34.440153495s ago: executing program 4 (id=4206): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) sendfile(r0, r0, 0x0, 0x7) 34.122010898s ago: executing program 4 (id=4207): creat(&(0x7f0000000080)='./file0\x00', 0x6) mount(&(0x7f0000001340)=@sg0, &(0x7f0000001380)='./file0\x00', 0x0, 0x45802, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa80, 0x30) 33.849601223s ago: executing program 4 (id=4208): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) 33.260066348s ago: executing program 6 (id=4209): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000040)=0x10, 0x4) 32.69513203s ago: executing program 6 (id=4211): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000840)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0x3, [{{0x2, 0x0, @empty}}, {{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}, {{0x2, 0x4e21, @empty}}]}, 0x1fffc) 32.076959345s ago: executing program 6 (id=4215): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ftruncate(r0, 0x8) 30.300310078s ago: executing program 6 (id=4218): r0 = io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0xfffffffe, 0x0, 0x0, 0x2b4}) close_range(r0, 0xffffffffffffffff, 0x0) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2) 28.293361008s ago: executing program 6 (id=4223): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000680)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0xb, 0x3}]}) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000780)) 27.142258917s ago: executing program 6 (id=4230): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001ec0)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0xfffffffc, {0x60, 0x0, 0x0, r1, {0x0, 0x7}, {0xffff, 0xffff}, {0x8, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x300}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040010}, 0x3000c88c) 26.919915486s ago: executing program 7 (id=4232): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x2000000}) 26.165477359s ago: executing program 7 (id=4234): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) capset(&(0x7f0000000c00)={0x20071026}, &(0x7f0000000140)) ioctl$sock_bt_hci(r0, 0x400448de, 0x0) 25.947008844s ago: executing program 7 (id=4235): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$bt_hci(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="0e0001"], 0x8) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0) 25.0749022s ago: executing program 5 (id=4238): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000006800)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="15060000000002000000010000003000018014000400fc0100000000000000000000000000010600050000000000060001000a"], 0x44}, 0x5}, 0x0) 24.745175324s ago: executing program 5 (id=4239): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = memfd_create(&(0x7f0000000140)='%\x00K\x03\xd7\xac\x02MQ\xb1\x0e\xa9\x9c\x87\xe5^4QU+\xe2', 0x4) preadv2(r0, 0x0, 0x0, 0x20, 0x0, 0x10) 24.498086838s ago: executing program 5 (id=4240): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000080)={0xc, {"a2e3ad21ed0d52f91b5d520987f70e06d038e7ff7fc6e5539b3247298b089b0708356d090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db871953330271c4aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd55acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 23.539884186s ago: executing program 5 (id=4241): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = openat$pidfd(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) pidfd_send_signal(r0, 0x0, &(0x7f00000000c0)={0x5, 0x0, 0x7}, 0x0) 23.310307011s ago: executing program 5 (id=4242): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={0x34, r1, 0x1, 0x0, 0x0, {0x23}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x1}]}, 0x34}}, 0x0) 23.079660608s ago: executing program 5 (id=4243): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}}, 0x0) 21.705995332s ago: executing program 4 (id=4244): r0 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000300)={0x0, 0x1}, 0x8) sendto$inet6(r0, &(0x7f00000000c0)="00d8", 0x1a000, 0x4044005, &(0x7f0000000040)={0xa, 0x4e24, 0xb, @loopback, 0x9}, 0x1c) 21.50926261s ago: executing program 4 (id=4245): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000004c0), 0xf02, 0xf0, 0x0) 20.366742745s ago: executing program 4 (id=4246): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x50, r1, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 17.609173682s ago: executing program 7 (id=4248): capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd}) r0 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newqdisc={0x68, 0x14, 0xf0b, 0x70bd2b, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd, 0x3}, {0xc, 0xe}, {0x8, 0xa}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x210, 0x400000a, 0x1, 0x0, 0xb}}, {0x4}}, {{0x1c, 0x1, {0x1, 0x5, 0x1c, 0x3, 0x0, 0x7, 0x100000b}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000c0}, 0x0) 17.047011797s ago: executing program 7 (id=4249): setuid(0xee01) r0 = semget(0x2, 0x4, 0x200) semop(r0, &(0x7f0000000080)=[{0x3, 0x4, 0x1000}], 0x1) 16.536859675s ago: executing program 7 (id=4251): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r1, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004) 16.524868955s ago: executing program 8 (id=4252): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r0, &(0x7f0000000780)}, 0x20) 16.214545952s ago: executing program 8 (id=4253): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = semget$private(0x0, 0x6, 0x0) semctl$SEM_STAT(r0, 0x0, 0x12, 0x0) 15.90450803s ago: executing program 8 (id=4254): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x40000000, 0x0, 0x0, 0x1}) r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_adj\x00') writev(r0, &(0x7f0000000140)=[{&(0x7f0000000280)='0', 0x1}], 0x1) 15.678099195s ago: executing program 8 (id=4255): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000040)={0x1f, @fixed}, 0x8) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, 0x0) 15.422012646s ago: executing program 8 (id=4256): mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10) 15.191441085s ago: executing program 8 (id=4257): syz_usb_connect(0x0, 0x24, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfc, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000820}, 0x0) 11.894937302s ago: executing program 36 (id=4230): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001ec0)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2d, 0xfffffffc, {0x60, 0x0, 0x0, r1, {0x0, 0x7}, {0xffff, 0xffff}, {0x8, 0x1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_AUTORATE={0x8}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x300}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040010}, 0x3000c88c) 7.1586769s ago: executing program 37 (id=4243): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}}, 0x0) 5.020141119s ago: executing program 38 (id=4246): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x50, r1, 0x1, 0x4, 0x1, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_batadv\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast2}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x48c1}, 0x0) 1.043951329s ago: executing program 39 (id=4251): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x30, r1, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x2000000}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x1004) 0s ago: executing program 40 (id=4257): syz_usb_connect(0x0, 0x24, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfc, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000820}, 0x0) kernel console output (not intermixed with test programs): : config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 364.104977][ T5929] usb 6-1: New USB device found, idVendor=28bd, idProduct=1903, bcdDevice= 0.00 [ 364.105002][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 364.152620][ T5929] usb 6-1: config 0 descriptor?? [ 364.639581][ T5929] input: HID 28bd:1903 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:28BD:1903.0033/input/input20 [ 364.921416][ T5929] uclogic 0003:28BD:1903.0033: input,hidraw0: USB HID v0.05 Mouse [HID 28bd:1903] on usb-dummy_hcd.5-1/input0 [ 365.009840][ T5929] usb 6-1: USB disconnect, device number 21 [ 365.297241][T10905] fido_id[10905]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 365.313050][T10912] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 365.364151][T10914] trusted_key: encrypted_key: key trusted:syz not found [ 366.115278][T10933] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2072'. [ 366.280584][ T994] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 366.318150][T10941] Invalid source name [ 366.430504][ T994] usb 6-1: Using ep0 maxpacket: 32 [ 366.433267][ T994] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 366.433298][ T994] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.467303][ T994] usb 6-1: config 0 descriptor?? [ 366.483587][ T994] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 367.115279][ T994] usb 6-1: USB disconnect, device number 22 [ 368.348817][T10981] netlink: 'syz.5.2093': attribute type 12 has an invalid length. [ 368.348844][T10981] netlink: 9472 bytes leftover after parsing attributes in process `syz.5.2093'. [ 368.829164][ T37] kauditd_printk_skb: 105 callbacks suppressed [ 368.829187][ T37] audit: type=1400 audit(1758283466.122:215): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10993 comm="syz.7.2100" src=1 dest=20000 netif=wpan0 [ 369.349963][T11010] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2110'. [ 370.312679][T11041] netlink: 'syz.5.2122': attribute type 1 has an invalid length. [ 370.312703][T11041] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2122'. [ 370.700683][ T5845] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 370.862403][ T5929] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 370.867447][ T5845] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 370.867475][ T5845] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 370.867533][ T5845] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 370.867557][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.932459][ T5845] usb 5-1: config 0 descriptor?? [ 370.955749][ T5845] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 370.955808][ T5845] dvb-usb: bulk message failed: -22 (3/0) [ 370.982269][ T5845] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 370.983508][ T5845] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 370.983575][ T5845] usb 5-1: media controller created [ 370.986620][ T5845] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 371.010570][ T5929] usb 6-1: Using ep0 maxpacket: 8 [ 371.019584][ T5929] usb 6-1: unable to get BOS descriptor or descriptor too short [ 371.024435][ T5929] usb 6-1: config 4 interface 0 has no altsetting 0 [ 371.039812][ T5929] usb 6-1: string descriptor 0 read error: -22 [ 371.040000][ T5929] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 371.040025][ T5929] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.160018][ T5845] dvb-usb: bulk message failed: -22 (6/0) [ 371.160120][ T5845] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 371.172701][ T5929] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 371.187809][ T5845] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input21 [ 371.196127][T11045] dvb-usb: bulk message failed: -22 (2/0) [ 371.196301][T11045] dvb-usb: bulk message failed: -22 (4/0) [ 371.217351][ T5845] dvb-usb: schedule remote query interval to 150 msecs. [ 371.217375][ T5845] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 371.237885][ T5845] usb 5-1: USB disconnect, device number 23 [ 371.238064][ T5929] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 371.238537][ T5929] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 371.238593][ T5929] usb 6-1: media controller created [ 371.438124][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 371.602490][ T5929] zl10353_read_register: readreg error (reg=127, ret==0) [ 371.630291][ T5845] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 371.679292][T11062] random: crng reseeded on system resumption [ 371.904378][ T5929] usb 6-1: USB disconnect, device number 23 [ 371.908007][T11065] binder: 11064:11065 ioctl 400c620e 200000000000 returned -22 [ 371.908909][T11067] Bluetooth: MGMT ver 1.23 [ 374.080087][T11124] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2161'. [ 374.086763][T11123] delete_channel: no stack [ 374.723058][ T37] audit: type=1326 audit(1758283472.052:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11136 comm="syz.4.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 374.723124][ T37] audit: type=1326 audit(1758283472.052:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11136 comm="syz.4.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 374.792958][ T37] audit: type=1326 audit(1758283472.122:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11136 comm="syz.4.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 374.793020][ T37] audit: type=1326 audit(1758283472.122:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11136 comm="syz.4.2168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 375.203503][T11148] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 375.620697][ T5845] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 375.783158][ T5845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 375.783210][ T5845] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 375.783232][ T5845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.824926][ T5845] usb 2-1: config 0 descriptor?? [ 376.276958][ T5845] lenovo 0003:17EF:6047.0034: unknown main item tag 0x0 [ 376.276994][ T5845] lenovo 0003:17EF:6047.0034: unknown main item tag 0x0 [ 376.277020][ T5845] lenovo 0003:17EF:6047.0034: unknown main item tag 0x0 [ 376.277044][ T5845] lenovo 0003:17EF:6047.0034: unknown main item tag 0x0 [ 376.277069][ T5845] lenovo 0003:17EF:6047.0034: unknown main item tag 0x0 [ 376.337630][ T5845] lenovo 0003:17EF:6047.0034: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0 [ 376.464160][ T5845] lenovo 0003:17EF:6047.0034: Failed to switch F7/9/11 mode: -71 [ 376.466593][ T5845] lenovo 0003:17EF:6047.0034: Failed to switch middle button: -71 [ 376.468231][ T5845] lenovo 0003:17EF:6047.0034: Fn-lock setting failed: -71 [ 376.469940][ T5845] lenovo 0003:17EF:6047.0034: Sensitivity setting failed: -71 [ 376.530780][ T5845] usb 2-1: USB disconnect, device number 19 [ 376.877665][T11185] fido_id[11185]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 378.399293][T11230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2209'. [ 378.931943][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.932053][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.393175][T11258] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma? [ 380.092996][T11277] kAFS: unable to lookup cell 'sէKyy [ 380.092996][T11277] [ 380.092996][T11277] =6%*;eܲ5;Z*d{iElZSjUF/k!btF\_vfVnDPPB1%A)X\YT"8ώdJ_.5d#ۜhGp6"5ͺ*,ImI-(WA?WZ)n[qG jnڇ%(J-%ؘccʵ{|6ZA5k@a+oST;]5 !G3{K,' [ 381.016105][T11301] netlink: 'syz.4.2245': attribute type 1 has an invalid length. [ 381.176849][T11308] vlan3: entered allmulticast mode [ 381.176872][T11308] bond0: entered allmulticast mode [ 381.176885][T11308] bond_slave_0: entered allmulticast mode [ 381.176907][T11308] bond_slave_1: entered allmulticast mode [ 381.452141][T11314] tmpfs: User quota inode hardlimit too large. [ 382.440617][ T5961] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 382.603136][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.603186][ T5961] usb 5-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 382.603209][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.624819][ T5961] usb 5-1: config 0 descriptor?? [ 383.088906][ T5961] logitech-djreceiver 0003:046D:C71F.0035: item fetching failed at offset 3/7 [ 383.089817][ T5961] logitech-djreceiver 0003:046D:C71F.0035: logi_dj_probe: parse failed [ 383.089900][ T5961] logitech-djreceiver 0003:046D:C71F.0035: probe with driver logitech-djreceiver failed with error -22 [ 383.273329][ T994] usb 5-1: USB disconnect, device number 24 [ 383.660585][ T5845] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 383.813036][ T5845] usb 6-1: Using ep0 maxpacket: 16 [ 383.819382][ T5845] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 383.819414][ T5845] usb 6-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 383.819439][ T5845] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 383.819464][ T5845] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 383.819487][ T5845] usb 6-1: config 0 interface 0 has no altsetting 0 [ 383.882091][ T5845] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 383.882123][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.882143][ T5845] usb 6-1: Product: syz [ 383.882157][ T5845] usb 6-1: Manufacturer: syz [ 383.882172][ T5845] usb 6-1: SerialNumber: syz [ 383.936938][ T5845] usb 6-1: config 0 descriptor?? [ 384.236717][ T5845] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input22 [ 384.239956][ T5190] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 384.401197][ T5190] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 384.512436][T11366] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 384.584808][ T5190] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 384.741250][ T5190] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 384.744149][ T5961] usb 6-1: USB disconnect, device number 24 [ 384.901266][ T994] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 385.053811][ T994] usb 2-1: Using ep0 maxpacket: 32 [ 385.057035][ T994] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 385.057062][ T994] usb 2-1: config 0 has no interface number 0 [ 385.080243][ T994] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 385.080275][ T994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.080294][ T994] usb 2-1: Product: syz [ 385.080308][ T994] usb 2-1: Manufacturer: syz [ 385.080322][ T994] usb 2-1: SerialNumber: syz [ 385.132467][ T994] usb 2-1: config 0 descriptor?? [ 385.149576][ T994] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 385.149605][ T994] usb 2-1: selecting invalid altsetting 1 [ 385.149621][ T994] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 385.192201][ T994] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 385.192647][ T994] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 385.192702][ T994] usb 2-1: media controller created [ 385.254446][ T994] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 386.341077][ T994] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 386.341165][ T994] zl10353_read_register: readreg error (reg=127, ret==-110) [ 386.471314][ T994] usb 2-1: USB disconnect, device number 20 [ 386.631443][T11427] delete_channel: no stack [ 388.501491][T11470] program syz.7.2323 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 388.961142][T11484] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 392.221935][T11566] xt_l2tp: invalid flags combination: 8 [ 393.223945][T11588] netlink: 'syz.6.2380': attribute type 29 has an invalid length. [ 393.227227][T11588] netlink: 'syz.6.2380': attribute type 29 has an invalid length. [ 394.230564][ T5845] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 394.380499][ T5845] usb 6-1: Using ep0 maxpacket: 16 [ 394.384030][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.384063][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.384086][ T5845] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 394.384131][ T5845] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 394.384154][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.406230][ T5845] usb 6-1: config 0 descriptor?? [ 394.720607][ T994] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 394.889689][ T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.889725][ T994] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.889748][ T994] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 394.889794][ T994] usb 5-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 394.889817][ T994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.914696][ T994] usb 5-1: config 0 descriptor?? [ 394.919576][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.919606][ T5845] microsoft 0003:045E:07DA.0036: ignoring exceeding usage max [ 394.941831][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941867][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941893][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941918][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941942][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941967][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.941992][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.942028][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.942053][ T5845] microsoft 0003:045E:07DA.0036: unknown main item tag 0x0 [ 394.942090][ T5845] microsoft 0003:045E:07DA.0036: unsupported Resolution Multiplier 0 [ 395.252320][ T5845] microsoft 0003:045E:07DA.0036: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 395.252358][ T5845] microsoft 0003:045E:07DA.0036: no inputs found [ 395.252371][ T5845] microsoft 0003:045E:07DA.0036: could not initialize ff, continuing anyway [ 395.285370][ T5845] usb 6-1: USB disconnect, device number 25 [ 395.474767][ T994] elo 0003:04E7:0030.0037: reserved main item tag 0xe [ 395.474812][ T994] elo 0003:04E7:0030.0037: item fetching failed at offset 8/9 [ 395.475737][ T994] elo 0003:04E7:0030.0037: parse failed [ 395.475865][ T994] elo 0003:04E7:0030.0037: probe with driver elo failed with error -22 [ 395.660867][T11634] fido_id[11634]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 395.694266][ T5961] usb 5-1: USB disconnect, device number 25 [ 396.400614][ T9] usb 7-1: new full-speed USB device number 18 using dummy_hcd [ 396.553673][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 396.553731][ T9] usb 7-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 396.553756][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.625603][ T9] usb 7-1: config 0 descriptor?? [ 397.021371][T11673] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2421'. [ 397.141191][ T9] greenasia 0003:0E8F:0012.0038: hidraw0: USB HID v0.00 Device [HID 0e8f:0012] on usb-dummy_hcd.6-1/input0 [ 397.141227][ T9] greenasia 0003:0E8F:0012.0038: no inputs found [ 397.281767][ T5961] usb 7-1: USB disconnect, device number 18 [ 397.365130][T11682] netlink: 'syz.7.2425': attribute type 10 has an invalid length. [ 397.365167][T11682] netlink: 152 bytes leftover after parsing attributes in process `syz.7.2425'. [ 397.545093][T11677] fido_id[11677]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 398.398270][T11707] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2438'. [ 398.752463][T11718] netlink: 72 bytes leftover after parsing attributes in process `syz.6.2443'. [ 398.752486][T11718] tc_dump_action: action bad kind [ 398.906526][T11722] overlayfs: failed to resolve './file1': -2 [ 400.811394][T11781] netlink: 'syz.1.2474': attribute type 29 has an invalid length. [ 400.822092][T11781] netlink: 'syz.1.2474': attribute type 29 has an invalid length. [ 400.904949][T11783] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2477'. [ 401.182802][T11793] netlink: 47 bytes leftover after parsing attributes in process `syz.1.2479'. [ 401.480555][ T9] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 401.637415][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 401.650290][ T9] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 401.650828][ T9] usb 7-1: config 0 has no interface number 0 [ 401.650892][ T9] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 401.650916][ T9] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 401.664645][ T9] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 401.664672][ T9] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 401.664697][ T9] usb 7-1: Product: syz [ 401.664710][ T9] usb 7-1: SerialNumber: syz [ 401.700064][ T9] usb 7-1: config 0 descriptor?? [ 401.721228][ T9] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 401.725320][ T9] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input24 [ 402.070407][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.073529][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.073864][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.074122][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.075542][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.075802][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.076063][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.076313][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.077938][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.078365][ C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 402.079898][ T9] usb 7-1: USB disconnect, device number 19 [ 402.079994][ C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 402.191628][ T9] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 402.933314][T11834] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2499'. [ 404.435968][ T31] kernel write not supported for file /sg0 (pid: 31 comm: kworker/1:0) [ 404.747539][T11871] netlink: 'syz.7.2515': attribute type 3 has an invalid length. [ 404.747564][T11871] netlink: 944 bytes leftover after parsing attributes in process `syz.7.2515'. [ 405.096330][T11878] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2519'. [ 405.496799][T11889] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2524'. [ 405.634342][T11889] bridge1: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 405.710287][T11894] netlink: 'syz.7.2526': attribute type 10 has an invalid length. [ 406.143666][T11902] tc_dump_action: action bad kind [ 406.290454][ T5893] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 406.448539][ T5893] usb 6-1: Using ep0 maxpacket: 16 [ 406.507551][ T5893] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 406.507616][ T5893] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 406.507643][ T5893] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 406.507663][ T5893] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 406.507686][ T5893] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 406.519881][ T5893] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 406.519911][ T5893] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 406.519929][ T5893] usb 6-1: Manufacturer: syz [ 406.526108][ T5893] usb 6-1: config 0 descriptor?? [ 407.040584][ T5893] rc_core: IR keymap rc-hauppauge not found [ 407.040608][ T5893] Registered IR keymap rc-empty [ 407.040796][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.060801][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.082570][ T5893] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 407.095906][ T5893] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input25 [ 407.127808][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.146141][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.161526][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.183989][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.200646][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.220968][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.241024][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.264072][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.280934][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.329481][ T5893] mceusb 6-1:0.0: Error: mce write submit urb error = -90 [ 407.389988][ T5893] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 407.390853][ T5893] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 407.507961][ T5893] usb 6-1: USB disconnect, device number 26 [ 407.631452][T11932] netlink: 209836 bytes leftover after parsing attributes in process `syz.7.2543'. [ 408.201379][T11944] netlink: 108 bytes leftover after parsing attributes in process `syz.7.2548'. [ 408.201407][T11944] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2548'. [ 410.335924][T12006] xt_l2tp: v2 tid > 0xffff: 1114244 [ 410.500600][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 410.659848][ T9] usb 2-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 410.659883][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.659904][ T9] usb 2-1: Product: syz [ 410.659918][ T9] usb 2-1: Manufacturer: syz [ 410.659932][ T9] usb 2-1: SerialNumber: syz [ 410.699224][ T9] usb 2-1: config 0 descriptor?? [ 410.736056][ T9] usb 2-1: Waiting for MOTU Microbook II to boot up... [ 410.736082][ T9] usb 2-1: failed setting the sample rate for Motu MicroBook II: -22 [ 410.736160][ T9] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 410.939211][ T9] usb 2-1: USB disconnect, device number 21 [ 411.117798][T12023] ubi31: attaching mtd0 [ 411.117834][T12023] ubi31 error: ubi_attach_mtd_dev: bad VID header (536940548) or data offsets (536940612) [ 411.500552][ T31] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 411.653817][ T31] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 411.653869][ T31] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 411.653912][ T31] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 411.653936][ T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.701138][ T59] Bluetooth: hci5: command 0x0406 tx timeout [ 411.705678][T12027] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 411.726547][ T31] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 412.751290][ T31] usb 7-1: USB disconnect, device number 20 [ 413.281366][T12059] iso9660: Bad value for 'gid' [ 413.281387][T12059] iso9660: Bad value for 'gid' [ 413.620126][T12069] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 413.707839][T12071] netlink: 240 bytes leftover after parsing attributes in process `syz.4.2607'. [ 413.707875][T12071] NCSI netlink: No device for ifindex 29216 [ 413.824773][T12076] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 414.078054][T12085] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2614'. [ 414.962582][T12106] netlink: 260 bytes leftover after parsing attributes in process `syz.6.2633'. [ 415.740503][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 415.905915][ T9] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 415.905975][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 415.906033][ T9] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 415.906057][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.960532][ T5893] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 415.975769][ T9] usb 5-1: config 0 descriptor?? [ 416.110671][ T5893] usb 7-1: Using ep0 maxpacket: 32 [ 416.118359][ T5893] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.118463][ T5893] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.118508][ T5893] usb 7-1: New USB device found, idVendor=0079, idProduct=1801, bcdDevice= 0.00 [ 416.118531][ T5893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.176657][ T5893] usb 7-1: config 0 descriptor?? [ 416.332792][T12142] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 416.474065][ T9] kye 0003:0458:0138.0039: hidraw0: USB HID v0.00 Device [HID 0458:0138] on usb-dummy_hcd.4-1/input0 [ 416.640600][ T31] usb 5-1: USB disconnect, device number 26 [ 416.641140][ T5893] hid_mf 0003:0079:1801.003A: item fetching failed at offset 0/2 [ 416.642041][ T5893] hid_mf 0003:0079:1801.003A: HID parse failed. [ 416.642121][ T5893] hid_mf 0003:0079:1801.003A: probe with driver hid_mf failed with error -22 [ 416.787034][T12147] fido_id[12147]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 416.893772][ T994] usb 7-1: USB disconnect, device number 21 [ 417.277490][ T31] kernel write not supported for file /vcs (pid: 31 comm: kworker/1:0) [ 419.170738][T12208] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2671'. [ 419.444701][T12213] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 419.539219][T12213] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 419.541060][ T5961] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 419.761100][ T5961] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 419.761134][ T5961] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.761153][ T5961] usb 2-1: Product: syz [ 419.761165][ T5961] usb 2-1: Manufacturer: syz [ 419.761179][ T5961] usb 2-1: SerialNumber: syz [ 419.856907][ T5961] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 420.061162][ T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 420.224024][T12228] program syz.6.2681 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 420.772025][ T5845] usb 2-1: USB disconnect, device number 22 [ 421.092763][T12246] netlink: 'syz.6.2688': attribute type 3 has an invalid length. [ 421.092788][T12246] netlink: 944 bytes leftover after parsing attributes in process `syz.6.2688'. [ 421.393562][ T9] usb 2-1: Service connection timeout for: 256 [ 421.393590][ T9] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 421.396222][ T9] ath9k_htc: Failed to initialize the device [ 421.399502][ T5845] usb 2-1: ath9k_htc: USB layer deinitialized [ 421.880787][T12265] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2698'. [ 421.976522][T12269] sp0: Synchronizing with TNC [ 421.978981][T12269] sp0: Found TNC [ 422.378106][T12280] netlink: 140 bytes leftover after parsing attributes in process `syz.4.2705'. [ 422.624110][T12286] program syz.6.2708 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 423.280610][ T5845] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 423.434594][ T5845] usb 7-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 423.434696][ T5845] usb 7-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.434724][ T5845] usb 7-1: config 0 interface 0 has no altsetting 0 [ 423.434760][ T5845] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 423.434784][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 423.504054][ T5845] usb 7-1: config 0 descriptor?? [ 423.989260][ T5845] holtek 0003:1241:5015.003B: hidraw0: USB HID v0.00 Device [HID 1241:5015] on usb-dummy_hcd.6-1/input0 [ 423.989295][ T5845] holtek 0003:1241:5015.003B: no inputs found [ 424.141442][ T5845] usb 7-1: USB disconnect, device number 22 [ 424.191440][T12316] fido_id[12316]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 424.659821][T12333] netlink: 'syz.1.2728': attribute type 10 has an invalid length. [ 425.181345][T12333] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 425.233312][T12332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 425.812242][T12357] [U] v3f"S/4:XTzWtlW= [ 426.130543][ T31] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 426.283527][ T31] usb 5-1: config 0 interface 0 has no altsetting 0 [ 426.283574][ T31] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00 [ 426.283609][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.327700][ T31] usb 5-1: config 0 descriptor?? [ 426.549167][T12376] netlink: 'syz.7.2749': attribute type 9 has an invalid length. [ 426.836623][ T31] hid_parser_main: 1 callbacks suppressed [ 426.836648][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836677][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836701][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836725][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836748][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836772][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.836797][ T31] isku 0003:1E7D:3264.003C: unknown main item tag 0x0 [ 426.911243][ T31] isku 0003:1E7D:3264.003C: hidraw0: USB HID vf.fe Device [HID 1e7d:3264] on usb-dummy_hcd.4-1/input0 [ 427.030772][ T5845] usb 6-1: new full-speed USB device number 27 using dummy_hcd [ 427.091672][ T5929] usb 5-1: USB disconnect, device number 27 [ 427.204529][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 427.204568][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2031, setting to 64 [ 427.204610][ T5845] usb 6-1: New USB device found, idVendor=17ef, idProduct=60fe, bcdDevice= 0.00 [ 427.204634][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.281845][ T5845] usb 6-1: config 0 descriptor?? [ 427.285022][T12380] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 427.777181][ T5845] lenovo 0003:17EF:60FE.003D: unknown main item tag 0x0 [ 427.811770][ T5845] lenovo 0003:17EF:60FE.003D: hidraw0: USB HID v0.00 Device [HID 17ef:60fe] on usb-dummy_hcd.5-1/input0 [ 427.998740][ T5845] usb 6-1: USB disconnect, device number 27 [ 428.160648][T12398] fido_id[12398]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 428.546714][T12408] netlink: 'syz.1.2764': attribute type 66 has an invalid length. [ 428.660790][T12412] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 4, id = 0 [ 428.993088][ T37] audit: type=1326 audit(1758283526.322:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12416 comm="syz.1.2767" exe="/root/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f2943425b67 code=0x0 [ 429.473688][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2777'. [ 429.560524][ T5961] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 429.720532][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 429.730247][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.730283][ T5961] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.730305][ T5961] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 429.731191][ T5961] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 429.731215][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.753086][ T5961] usb 5-1: config 0 descriptor?? [ 429.966427][ T994] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 430.123657][ T994] usb 7-1: Using ep0 maxpacket: 32 [ 430.142203][ T994] usb 7-1: config 0 has an invalid interface number: 35 but max is 0 [ 430.142242][ T994] usb 7-1: config 0 has no interface number 0 [ 430.146022][ T994] usb 7-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 430.146051][ T994] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.146070][ T994] usb 7-1: Product: syz [ 430.146084][ T994] usb 7-1: Manufacturer: syz [ 430.146098][ T994] usb 7-1: SerialNumber: syz [ 430.217076][ T994] usb 7-1: config 0 descriptor?? [ 430.222183][ T5961] hid-multitouch 0003:0457:07DA.003E: unknown main item tag 0x0 [ 430.222215][ T5961] hid-multitouch 0003:0457:07DA.003E: unknown main item tag 0x0 [ 430.241606][ T5961] hid-multitouch 0003:0457:07DA.003E: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.4-1/input0 [ 430.449984][ T5961] usb 5-1: USB disconnect, device number 28 [ 430.644201][ T994] radio-si470x 7-1:0.35: DeviceID=0x9242 ChipID=0x0000 [ 430.644228][ T994] radio-si470x 7-1:0.35: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 430.741621][T12451] fido_id[12451]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 430.852659][ T994] radio-si470x 7-1:0.35: si470x_get_report: usb_control_msg returned -71 [ 430.852686][ T994] radio-si470x 7-1:0.35: si470x_get_scratch: si470x_get_report returned -71 [ 430.853098][ T994] radio-si470x 7-1:0.35: probe with driver radio-si470x failed with error -5 [ 430.887341][ T994] radio-raremono 7-1:0.35: this is not Thanko's Raremono. [ 430.952071][ T994] usb 7-1: USB disconnect, device number 23 [ 431.743716][T12476] option changes via remount are deprecated (pid=12474 comm=syz.7.2795) [ 432.525183][T12503] overlayfs: missing 'lowerdir' [ 432.601064][ T994] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 432.779194][ T994] usb 7-1: Using ep0 maxpacket: 16 [ 432.791876][ T994] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 432.791930][ T994] usb 7-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00 [ 432.791955][ T994] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.851026][ T994] usb 7-1: config 0 descriptor?? [ 432.950619][ T5929] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 433.106781][ T5929] usb 5-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00 [ 433.106814][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.125206][ T5929] usb 5-1: config 0 descriptor?? [ 433.322699][ T994] hid_parser_main: 25 callbacks suppressed [ 433.322727][ T994] waltop 0003:172F:0501.003F: unknown main item tag 0x0 [ 433.322758][ T994] waltop 0003:172F:0501.003F: unknown main item tag 0x0 [ 433.322782][ T994] waltop 0003:172F:0501.003F: unknown main item tag 0x0 [ 433.322806][ T994] waltop 0003:172F:0501.003F: unknown main item tag 0x0 [ 433.322831][ T994] waltop 0003:172F:0501.003F: unknown main item tag 0x0 [ 433.392116][ T994] waltop 0003:172F:0501.003F: hidraw0: USB HID v0.08 Device [HID 172f:0501] on usb-dummy_hcd.6-1/input0 [ 433.602700][ T994] usb 7-1: USB disconnect, device number 24 [ 433.647814][T12520] fido_id[12520]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory [ 433.675434][ T5929] pantherlord 0003:0F30:0111.0040: item fetching failed at offset 0/4 [ 433.676358][ T5929] pantherlord 0003:0F30:0111.0040: parse failed [ 433.676436][ T5929] pantherlord 0003:0F30:0111.0040: probe with driver pantherlord failed with error -22 [ 433.888766][ T5929] usb 5-1: USB disconnect, device number 29 [ 433.912905][T12528] fuse: Invalid rootmode [ 434.187444][T12533] tipc: Enabling of bearer rejected, failed to enable media [ 434.787362][T12548] netlink: 'syz.5.2829': attribute type 10 has an invalid length. [ 434.890831][T12548] team0: Port device syz_tun added [ 435.211101][ T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 435.374754][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 435.374794][ T9] usb 2-1: config 0 has no interfaces? [ 435.377185][ T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 435.377212][ T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 435.377232][ T9] usb 2-1: Product: syz [ 435.377246][ T9] usb 2-1: Manufacturer: syz [ 435.443295][ T9] usb 2-1: config 0 descriptor?? [ 435.525681][T12564] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2836'. [ 435.737765][ T994] usb 2-1: USB disconnect, device number 23 [ 436.096007][T12580] mmap: syz.6.2845 (12580): VmData 37474304 exceed data ulimit 5. Update limits or use boot option ignore_rlimit_data. [ 437.210925][T12612] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2860'. [ 438.146857][T12639] netlink: 'syz.1.2873': attribute type 3 has an invalid length. [ 438.670820][T12653] tipc: Enabling of bearer rejected, failed to enable media [ 439.694319][ T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 439.844621][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 439.844687][ T9] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 439.844713][ T9] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 439.844735][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 439.844782][ T9] usb 5-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00 [ 439.844807][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.855513][ T9] usb 5-1: config 0 descriptor?? [ 440.349688][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.351397][ T1325] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.368551][ T9] kye 0003:0458:5015.0041: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 440.369664][ T9] kye 0003:0458:5015.0041: unknown main item tag 0x1 [ 440.444581][ T9] kye 0003:0458:5015.0041: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.4-1/input0 [ 440.444617][ T9] kye 0003:0458:5015.0041: tablet-enabling feature report not found [ 440.444633][ T9] kye 0003:0458:5015.0041: tablet enabling failed [ 440.621479][ T9] usb 5-1: USB disconnect, device number 30 [ 440.977858][T12707] fido_id[12707]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 441.125123][T12714] syz.7.2909 uses old SIOCAX25GETINFO [ 441.366022][T12720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2910'. [ 441.366207][T12720] openvswitch: netlink: nsh attribute has unmatched MD type 0. [ 441.366237][T12720] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 442.310571][ T9] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 442.488682][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.488726][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.488748][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 442.488793][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 442.488816][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.496460][ T9] usb 5-1: config 0 descriptor?? [ 442.607168][T12752] sctp: [Deprecated]: syz.1.2927 (pid 12752) Use of struct sctp_assoc_value in delayed_ack socket option. [ 442.607168][T12752] Use struct sctp_sack_info instead [ 442.937579][ T9] plantronics 0003:047F:FFFF.0042: item 0 4 0 11 parsing failed [ 442.938599][ T9] plantronics 0003:047F:FFFF.0042: parse failed [ 442.938709][ T9] plantronics 0003:047F:FFFF.0042: probe with driver plantronics failed with error -22 [ 443.012204][T12758] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2929'. [ 443.176881][ T5893] usb 5-1: USB disconnect, device number 31 [ 443.809170][T12774] tipc: Enabled bearer , priority 10 [ 443.846326][ T37] audit: type=1326 audit(1758283541.162:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.846388][ T37] audit: type=1326 audit(1758283541.162:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.846460][ T37] audit: type=1326 audit(1758283541.162:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.846504][ T37] audit: type=1326 audit(1758283541.172:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.846549][ T37] audit: type=1326 audit(1758283541.172:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.851614][ T37] audit: type=1326 audit(1758283541.172:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.851666][ T37] audit: type=1326 audit(1758283541.172:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 443.851707][ T37] audit: type=1326 audit(1758283541.172:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12778 comm="syz.1.2939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f294342eba9 code=0x7ffc0000 [ 444.410459][T12792] ucma_write: process 630 (syz.7.2945) changed security contexts after opening file descriptor, this is not allowed. [ 444.681555][T12800] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2947'. [ 445.402398][ T5893] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 445.560542][ T5893] usb 7-1: Using ep0 maxpacket: 32 [ 445.563145][ T5893] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 445.563174][ T5893] usb 7-1: config 0 has no interface number 0 [ 445.569631][ T5893] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 445.569671][ T5893] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.569690][ T5893] usb 7-1: Product: syz [ 445.569703][ T5893] usb 7-1: Manufacturer: syz [ 445.569717][ T5893] usb 7-1: SerialNumber: syz [ 445.649379][ T5893] usb 7-1: config 0 descriptor?? [ 445.672737][ T5893] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 445.672767][ T5893] usb 7-1: selecting invalid altsetting 1 [ 445.672783][ T5893] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 445.732809][ T5893] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 445.733442][ T5893] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 445.733511][ T5893] usb 7-1: media controller created [ 445.921603][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 446.022986][ T5893] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71 [ 446.023053][ T5893] zl10353_read_register: readreg error (reg=127, ret==-71) [ 446.028490][ T5893] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 446.253690][ T5893] usb 7-1: USB disconnect, device number 25 [ 446.801414][ T5849] Bluetooth: hci1: link tx timeout [ 446.802480][ T5849] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 446.810022][ T5849] Bluetooth: hci1: link tx timeout [ 446.810043][ T5849] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 448.255618][T12900] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2996'. [ 448.822861][ T5849] Bluetooth: hci1: command 0x0406 tx timeout [ 448.945327][T12918] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3003'. [ 448.945359][T12918] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3003'. [ 448.945375][T12918] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3003'. [ 451.491261][T12997] netlink: 504 bytes leftover after parsing attributes in process `syz.6.3039'. [ 451.540980][ T44] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 451.690837][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 451.693838][ T44] usb 2-1: config 0 has an invalid interface number: 63 but max is 0 [ 451.693867][ T44] usb 2-1: config 0 has no interface number 0 [ 451.693923][ T44] usb 2-1: config 0 interface 63 altsetting 150 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 451.693950][ T44] usb 2-1: config 0 interface 63 altsetting 150 endpoint 0x81 has invalid wMaxPacketSize 0 [ 451.693974][ T44] usb 2-1: config 0 interface 63 altsetting 150 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 451.694001][ T44] usb 2-1: config 0 interface 63 has no altsetting 0 [ 451.694038][ T44] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 451.694060][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.785931][ T44] usb 2-1: config 0 descriptor?? [ 451.825581][T13006] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3043'. [ 452.209403][ T44] uclogic 0003:28BD:0909.0043: interface is invalid, ignoring [ 452.333743][T13017] wireguard: wg2: Could not create IPv4 socket [ 452.417105][ T5893] usb 2-1: USB disconnect, device number 24 [ 452.667393][T13025] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 452.690465][ T5845] IPVS: starting estimator thread 0... [ 452.780678][T13028] IPVS: using max 6 ests per chain, 14400 per kthread [ 453.684788][T13052] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3063'. [ 454.120508][ T5961] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 454.280534][ T5961] usb 7-1: Using ep0 maxpacket: 8 [ 454.283128][ T5961] usb 7-1: config 2 has an invalid interface number: 31 but max is 0 [ 454.283157][ T5961] usb 7-1: config 2 has no interface number 0 [ 454.283209][ T5961] usb 7-1: config 2 interface 31 has no altsetting 0 [ 454.286440][ T5961] usb 7-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 454.286469][ T5961] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.286490][ T5961] usb 7-1: Product: syz [ 454.286504][ T5961] usb 7-1: Manufacturer: syz [ 454.286519][ T5961] usb 7-1: SerialNumber: syz [ 455.044607][ T5961] ch9200 7-1:2.31: probe with driver ch9200 failed with error -22 [ 455.076490][ T5961] usb 7-1: USB disconnect, device number 26 [ 457.352337][T13114] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 457.352337][T13114] The task syz.5.3090 (13114) triggered the difference, watch for misbehavior. [ 458.346409][T13136] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3103'. [ 459.078314][T13151] netlink: 'syz.5.3110': attribute type 1 has an invalid length. [ 460.843712][T13197] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3132'. [ 460.843801][T13197] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3132'. [ 461.207033][ T59] Bluetooth: Wrong link type (-71) [ 461.818534][T13212] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 461.913296][T13228] RDS: rds_bind could not find a transport for ::4000:0:20:0, load rds_tcp or rds_rdma? [ 462.305746][T13212] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 462.799342][T13212] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.424396][T13212] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 463.475351][ T9] hid-generic 0000:0000:0000.0044: unknown main item tag 0x0 [ 463.500647][ T9] hid-generic 0000:0000:0000.0044: hidraw0: HID v0.00 Device [syz0] on syz0 [ 463.898273][T13275] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3169'. [ 464.135463][ T1127] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.256484][ T12] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.442260][T13270] fido_id[13270]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 464.575590][ T1167] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.746553][ T57] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 464.921476][ T37] audit: type=1326 audit(1758283562.212:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13299 comm="syz.1.3181" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f294342eba9 code=0x0 [ 465.818116][ T994] kernel write not supported for file /amidi2 (pid: 994 comm: kworker/1:2) [ 466.480556][T13350] sock: sock_set_timeout: `syz.6.3204' (pid 13350) tries to set negative timeout [ 466.619492][T13352] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3205'. [ 466.788156][T13362] veth1_macvtap: left promiscuous mode [ 466.788188][T13362] macsec0: entered promiscuous mode [ 466.788209][T13362] macsec0: entered allmulticast mode [ 466.934068][T13362] veth1_macvtap: entered promiscuous mode [ 466.934136][T13362] veth1_macvtap: entered allmulticast mode [ 466.934571][T13362] macsec0: left promiscuous mode [ 466.934814][T13362] macsec0: left allmulticast mode [ 466.934829][T13362] veth1_macvtap: left allmulticast mode [ 467.316534][T13371] netlink: 'syz.4.3213': attribute type 5 has an invalid length. [ 467.374772][T13374] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3214'. [ 468.046647][T13395] netlink: 'syz.7.3224': attribute type 2 has an invalid length. [ 468.840496][ T9] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 468.997733][ T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 468.997791][ T9] usb 7-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 468.997814][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.053675][ T9] usb 7-1: config 0 descriptor?? [ 469.272286][ T37] audit: type=1326 audit(1758283566.572:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.272349][ T37] audit: type=1326 audit(1758283566.602:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.349810][ T37] audit: type=1326 audit(1758283566.672:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.371360][ T37] audit: type=1326 audit(1758283566.672:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.372577][ T37] audit: type=1326 audit(1758283566.702:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.372631][ T37] audit: type=1326 audit(1758283566.702:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.372675][ T37] audit: type=1326 audit(1758283566.702:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13425 comm="syz.4.3239" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 469.546191][ T9] elecom 0003:056E:00FC.0045: unknown main item tag 0x0 [ 469.546231][ T9] elecom 0003:056E:00FC.0045: unknown main item tag 0x0 [ 469.546256][ T9] elecom 0003:056E:00FC.0045: unknown main item tag 0x0 [ 469.546281][ T9] elecom 0003:056E:00FC.0045: unknown main item tag 0x0 [ 469.546303][ T9] elecom 0003:056E:00FC.0045: unknown main item tag 0x0 [ 469.594192][ T9] elecom 0003:056E:00FC.0045: hidraw0: USB HID vff.fe Device [HID 056e:00fc] on usb-dummy_hcd.6-1/input0 [ 469.749060][ T994] usb 7-1: USB disconnect, device number 27 [ 470.056822][T13434] fido_id[13434]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 470.359850][T13447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3249'. [ 470.609820][ T37] audit: type=1326 audit(1758283567.932:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.632407][ T37] audit: type=1326 audit(1758283567.962:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.632466][ T37] audit: type=1326 audit(1758283567.962:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.632511][ T37] audit: type=1326 audit(1758283567.962:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.640109][ T37] audit: type=1326 audit(1758283567.962:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.640169][ T37] audit: type=1326 audit(1758283567.962:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.640227][ T37] audit: type=1326 audit(1758283567.962:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13453 comm="syz.6.3252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4dd865eba9 code=0x7ffc0000 [ 470.821225][ T5845] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 470.970454][ T5845] usb 6-1: Using ep0 maxpacket: 8 [ 470.972988][ T5845] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 470.973015][ T5845] usb 6-1: config 179 has no interface number 0 [ 470.973089][ T5845] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 470.973117][ T5845] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 470.973144][ T5845] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 470.973171][ T5845] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 470.973198][ T5845] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 470.973243][ T5845] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 470.973266][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.024370][T13466] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3258'. [ 471.072850][T13454] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 471.151713][T13469] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3258'. [ 471.366792][T13454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 471.369469][T13454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 471.659701][ T9] usb 6-1: USB disconnect, device number 28 [ 471.659713][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 471.659789][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 472.602360][T13502] xt_socket: unknown flags 0xd0 [ 475.736936][T13587] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3311'. [ 475.736967][T13587] netlink: 'syz.1.3311': attribute type 6 has an invalid length. [ 475.736981][T13587] netlink: 'syz.1.3311': attribute type 5 has an invalid length. [ 475.736993][T13587] netlink: 'syz.1.3311': attribute type 4 has an invalid length. [ 477.180556][ T44] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 477.300645][ T59] Bluetooth: hci1: command 0x0406 tx timeout [ 477.369487][ T44] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 477.369519][ T44] usb 7-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 477.369537][ T44] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 477.369556][ T44] usb 7-1: config 220 has no interface number 2 [ 477.369683][ T44] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 477.369712][ T44] usb 7-1: config 220 interface 0 has no altsetting 0 [ 477.369730][ T44] usb 7-1: config 220 interface 76 has no altsetting 0 [ 477.369749][ T44] usb 7-1: config 220 interface 1 has no altsetting 0 [ 477.377661][ T44] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 477.377691][ T44] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.377709][ T44] usb 7-1: Product: syz [ 477.377721][ T44] usb 7-1: Manufacturer: syz [ 477.377734][ T44] usb 7-1: SerialNumber: syz [ 477.681133][ T44] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 477.681171][ T44] usb 7-1: No valid video chain found. [ 477.681236][ T44] usb 7-1: selecting invalid altsetting 0 [ 477.723449][ T44] usb 7-1: selecting invalid altsetting 0 [ 477.723488][ T44] usbtest 7-1:220.1: probe with driver usbtest failed with error -22 [ 477.802245][ T44] usb 7-1: USB disconnect, device number 28 [ 478.341343][ T31] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 478.446180][T13643] IPv6: NLM_F_CREATE should be specified when creating new route [ 478.446707][T13643] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 478.446721][T13643] IPv6: NLM_F_CREATE should be set when creating new route [ 478.446802][T13643] IPv6: NLM_F_CREATE should be set when creating new route [ 478.446837][T13643] IPv6: NLM_F_CREATE should be set when creating new route [ 478.448683][T13643] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 478.510815][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 478.532788][ T31] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 478.532821][ T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.532841][ T31] usb 2-1: Product: syz [ 478.532855][ T31] usb 2-1: Manufacturer: syz [ 478.532870][ T31] usb 2-1: SerialNumber: syz [ 478.578739][ T31] usb 2-1: config 0 descriptor?? [ 478.599380][ T31] gspca_main: sq905-2.14.0 probing 2770:9120 [ 479.195705][ T31] gspca_sq905: sq905_command: usb_control_msg failed (-71) [ 479.195815][ T31] sq905 2-1:0.0: probe with driver sq905 failed with error -71 [ 479.240801][ T31] usb 2-1: USB disconnect, device number 25 [ 479.584099][T13660] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3345'. [ 479.734596][T13662] : entered promiscuous mode [ 480.059060][ T37] audit: type=1800 audit(1758283577.302:244): pid=13668 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.3347" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 480.930636][T13690] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3359'. [ 480.930661][T13690] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3359'. [ 480.930686][T13690] netlink: 'syz.5.3359': attribute type 6 has an invalid length. [ 481.501130][T13705] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3365'. [ 481.811704][ T37] audit: type=1326 audit(1758283579.132:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.811766][ T37] audit: type=1326 audit(1758283579.142:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.812100][ T37] audit: type=1326 audit(1758283579.142:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847420][ T37] audit: type=1326 audit(1758283579.142:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847481][ T37] audit: type=1326 audit(1758283579.152:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847530][ T37] audit: type=1326 audit(1758283579.152:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847577][ T37] audit: type=1326 audit(1758283579.152:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847623][ T37] audit: type=1326 audit(1758283579.152:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.847669][ T37] audit: type=1326 audit(1758283579.152:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13715 comm="syz.4.3372" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 481.870779][ T5929] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 482.123663][ T5929] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.123716][ T5929] usb 2-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 482.123740][ T5929] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.171123][ T5929] usb 2-1: config 0 descriptor?? [ 482.283004][T13721] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.283940][T13721] bridge0: port 1(bridge_slave_0) entered disabled state [ 482.344890][T13723] program syz.4.3375 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 482.837207][ T5845] usb 2-1: USB disconnect, device number 26 [ 483.574592][T13754] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3389'. [ 483.574711][T13754] netlink: 7 bytes leftover after parsing attributes in process `syz.6.3389'. [ 484.605908][ T44] kernel write not supported for file /adsp1 (pid: 44 comm: kworker/1:1) [ 484.640815][ T5845] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 484.796270][ T5845] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 484.796320][ T5845] usb 7-1: New USB device found, idVendor=0458, idProduct=5017, bcdDevice= 0.00 [ 484.796344][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.822362][ T5845] usb 7-1: config 0 descriptor?? [ 485.261367][ T5845] kye 0003:0458:5017.0047: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 485.262714][ T5845] kye 0003:0458:5017.0047: unknown main item tag 0x0 [ 485.262745][ T5845] kye 0003:0458:5017.0047: unknown main item tag 0x0 [ 485.262770][ T5845] kye 0003:0458:5017.0047: unknown main item tag 0x0 [ 485.262795][ T5845] kye 0003:0458:5017.0047: unknown main item tag 0x0 [ 485.262820][ T5845] kye 0003:0458:5017.0047: unknown main item tag 0x0 [ 485.323984][ T5845] kye 0003:0458:5017.0047: hidraw0: USB HID v0.2f Device [HID 0458:5017] on usb-dummy_hcd.6-1/input0 [ 485.324022][ T5845] kye 0003:0458:5017.0047: tablet-enabling feature report not found [ 485.324037][ T5845] kye 0003:0458:5017.0047: tablet enabling failed [ 485.456183][ T9] usb 7-1: USB disconnect, device number 29 [ 485.547774][T13791] fido_id[13791]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 486.133674][T13803] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3412'. [ 486.133699][T13803] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3412'. [ 486.133723][T13803] netlink: 'syz.6.3412': attribute type 12 has an invalid length. [ 486.378543][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 486.378563][ T37] audit: type=1326 audit(1758283583.702:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13793 comm="syz.5.3407" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7fc00000 [ 486.530669][T13811] netlink: 36 bytes leftover after parsing attributes in process `syz.7.3417'. [ 487.610886][ T5845] usb 6-1: new full-speed USB device number 29 using dummy_hcd [ 487.704771][ T37] audit: type=1326 audit(1758283585.032:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.706565][ T37] audit: type=1326 audit(1758283585.032:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.769619][ T37] audit: type=1326 audit(1758283585.092:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.774170][ T37] audit: type=1326 audit(1758283585.102:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.774836][ T5845] usb 6-1: config 8 has an invalid interface number: 223 but max is 0 [ 487.775037][ T5845] usb 6-1: config 8 contains an unexpected descriptor of type 0x1, skipping [ 487.775057][ T5845] usb 6-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 487.775075][ T5845] usb 6-1: config 8 has no interface number 0 [ 487.775130][ T5845] usb 6-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64 [ 487.775157][ T5845] usb 6-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 487.794714][ T37] audit: type=1326 audit(1758283585.102:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.795327][ T37] audit: type=1326 audit(1758283585.122:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.795373][ T37] audit: type=1326 audit(1758283585.122:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.795416][ T37] audit: type=1326 audit(1758283585.122:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.804520][ T37] audit: type=1326 audit(1758283585.132:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13831 comm="syz.7.3426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f8671eba9 code=0x7ffc0000 [ 487.848782][ T5845] usb 6-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 487.848814][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 487.848834][ T5845] usb 6-1: Product: syz [ 487.848849][ T5845] usb 6-1: Manufacturer: syz [ 487.848863][ T5845] usb 6-1: SerialNumber: syz [ 488.179705][T13836] netlink: 'syz.6.3428': attribute type 3 has an invalid length. [ 488.280816][ T5845] usb 6-1: USB disconnect, device number 29 [ 488.290735][ T9108] udevd[9108]: setting owner of /dev/bus/usb/006/029 to uid=0, gid=0 failed: No such file or directory [ 489.942655][T13864] vxcan1: entered allmulticast mode [ 490.274753][T13871] Bluetooth: MGMT ver 1.23 [ 491.317354][T13893] tipc: Enabled bearer , priority 0 [ 491.825632][T13905] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3462'. [ 491.825658][T13905] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3462'. [ 491.825683][T13905] netlink: 'syz.6.3462': attribute type 11 has an invalid length. [ 491.825698][T13905] netlink: 'syz.6.3462': attribute type 13 has an invalid length. [ 492.686615][T13925] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3471'. [ 492.686644][T13925] nbd: must specify at least one socket [ 492.800573][ T31] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 492.953486][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.953522][ T31] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 492.953561][ T31] usb 6-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 492.953584][ T31] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 493.005921][ T31] usb 6-1: config 0 descriptor?? [ 493.066737][T13931] netlink: 'syz.6.3474': attribute type 3 has an invalid length. [ 493.066762][T13931] netlink: 'syz.6.3474': attribute type 1 has an invalid length. [ 493.066776][T13931] netlink: 193500 bytes leftover after parsing attributes in process `syz.6.3474'. [ 493.466095][ T31] cypress 0003:04B4:DE61.0048: item fetching failed at offset 5/7 [ 493.467053][ T31] cypress 0003:04B4:DE61.0048: parse failed [ 493.467139][ T31] cypress 0003:04B4:DE61.0048: probe with driver cypress failed with error -22 [ 493.662832][ T31] usb 6-1: USB disconnect, device number 30 [ 495.190587][ T37] audit: type=1400 audit(1758283592.522:265): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=13956 comm="syz.6.3485" src=1 dest=20000 netif=wpan0 [ 495.564000][T13968] netlink: 248 bytes leftover after parsing attributes in process `syz.6.3490'. [ 495.564030][T13968] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3490'. [ 496.140613][ T5893] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 496.293035][ T5893] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 496.293072][ T5893] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 496.293112][ T5893] usb 7-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 496.293136][ T5893] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.360696][ T5893] usb 7-1: config 0 descriptor?? [ 496.916218][T13991] netlink: 16 bytes leftover after parsing attributes in process `syz.7.3502'. [ 497.024429][ T5893] hid-led 0003:27B8:01ED.0049: probe with driver hid-led failed with error -71 [ 497.050942][ T5893] usb 7-1: USB disconnect, device number 30 [ 499.957055][T14040] netlink: 'syz.5.3526': attribute type 1 has an invalid length. [ 500.799432][T14053] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3532'. [ 501.789120][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 503.009044][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 503.041886][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 503.048374][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 503.051125][ T37] audit: type=1326 audit(1758283600.372:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.051964][ T37] audit: type=1326 audit(1758283600.382:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.054640][ T37] audit: type=1326 audit(1758283600.382:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.058514][ T37] audit: type=1326 audit(1758283600.382:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.059681][ T37] audit: type=1326 audit(1758283600.382:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.059726][ T37] audit: type=1326 audit(1758283600.382:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.059767][ T37] audit: type=1326 audit(1758283600.382:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14094 comm="syz.5.3550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 503.065789][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 503.066587][ T5849] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 503.640552][ T44] usb 7-1: new low-speed USB device number 31 using dummy_hcd [ 503.794007][ T44] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 503.794038][ T44] usb 7-1: config 0 has no interface number 0 [ 503.794096][ T44] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 503.794119][ T44] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 503.794144][ T44] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 503.794169][ T44] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 503.794195][ T44] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 503.794222][ T44] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 503.794268][ T44] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 503.794292][ T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.811286][ T44] usb 7-1: config 0 descriptor?? [ 503.812799][T14100] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 503.813089][T14100] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 503.841792][ T44] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 503.877068][T14107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3554'. [ 503.877092][T14107] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 503.890545][T14110] netlink: 'syz.5.3557': attribute type 29 has an invalid length. [ 504.114128][ T5845] usb 7-1: USB disconnect, device number 31 [ 504.143534][ T5845] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 504.372878][ T150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.505187][T14112] netlink: 'syz.5.3557': attribute type 29 has an invalid length. [ 504.895616][ T150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.142198][ T5849] Bluetooth: hci3: command tx timeout [ 505.483271][ T150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.576472][T14141] netlink: 'syz.5.3571': attribute type 2 has an invalid length. [ 505.576561][T14144] netlink: 'syz.6.3572': attribute type 30 has an invalid length. [ 506.046634][ T150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.166765][T14093] chnl_net:caif_netlink_parms(): no params data found [ 507.220796][ T5849] Bluetooth: hci3: command tx timeout [ 507.709993][ T150] bridge_slave_1: left allmulticast mode [ 507.710042][ T150] bridge_slave_1: left promiscuous mode [ 507.712872][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.770500][ T5845] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 507.854433][ T150] bridge_slave_0: left allmulticast mode [ 507.854470][ T150] bridge_slave_0: left promiscuous mode [ 507.854762][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.920450][ T5845] usb 7-1: Using ep0 maxpacket: 32 [ 507.923244][ T5845] usb 7-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 507.923279][ T5845] usb 7-1: config 0 interface 0 has no altsetting 0 [ 507.923315][ T5845] usb 7-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00 [ 507.923339][ T5845] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 507.932602][ T5845] usb 7-1: config 0 descriptor?? [ 508.399159][ T5845] apple 0003:05AC:026C.004A: hidraw0: USB HID v0.02 Device [HID 05ac:026c] on usb-dummy_hcd.6-1/input0 [ 508.559016][ T5929] usb 7-1: USB disconnect, device number 32 [ 509.304414][ T5849] Bluetooth: hci3: command tx timeout [ 509.852353][T14226] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3607'. [ 511.382264][ T5849] Bluetooth: hci3: command tx timeout [ 511.457761][ T9] hid-generic 0000:0004:0000.004B: unknown main item tag 0x0 [ 511.457811][ T9] hid-generic 0000:0004:0000.004B: unknown main item tag 0x0 [ 511.457835][ T9] hid-generic 0000:0004:0000.004B: unknown main item tag 0x0 [ 511.525193][ T9] hid-generic 0000:0004:0000.004B: hidraw0: HID v0.00 Device [syz0] on syz0 [ 511.678047][T14246] fido_id[14246]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 512.101849][ T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 512.161690][ T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 512.223087][ T150] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 512.333448][ T150] bond0 (unregistering): Released all slaves [ 512.425032][T14219] hsr0: entered promiscuous mode [ 512.495764][T14226] vlan2: entered promiscuous mode [ 512.495781][T14226] syz_tun: entered promiscuous mode [ 512.889977][T14219] hsr0: left promiscuous mode [ 512.898355][ T150] bridge: left promiscuous mode [ 513.257847][ T150] tipc: Disabling bearer [ 513.463342][ T150] tipc: Left network mode [ 513.551015][T14266] syz.6.3626 (14266) used greatest stack depth: 17840 bytes left [ 513.975977][T14093] bridge0: port 1(bridge_slave_0) entered blocking state [ 513.976149][T14093] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.976403][T14093] bridge_slave_0: entered allmulticast mode [ 513.992414][T14093] bridge_slave_0: entered promiscuous mode [ 514.070734][T14093] bridge0: port 2(bridge_slave_1) entered blocking state [ 514.070907][T14093] bridge0: port 2(bridge_slave_1) entered disabled state [ 514.071173][T14093] bridge_slave_1: entered allmulticast mode [ 514.097094][T14093] bridge_slave_1: entered promiscuous mode [ 514.581153][ T5929] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 514.743346][ T5929] usb 6-1: too many endpoints for config 0 interface 0 altsetting 255: 33, using maximum allowed: 30 [ 514.743406][ T5929] usb 6-1: config 0 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 33 [ 514.743436][ T5929] usb 6-1: config 0 interface 0 has no altsetting 0 [ 514.743470][ T5929] usb 6-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00 [ 514.743494][ T5929] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.749490][ T5929] usb 6-1: config 0 descriptor?? [ 515.218824][T14093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 515.276307][ T5929] kye 0003:0458:501B.004C: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 515.295079][ T5929] kye 0003:0458:501B.004C: hidraw0: USB HID v8.00 Device [HID 0458:501b] on usb-dummy_hcd.5-1/input0 [ 515.295115][ T5929] kye 0003:0458:501B.004C: tablet-enabling feature report not found [ 515.295130][ T5929] kye 0003:0458:501B.004C: tablet enabling failed [ 515.424073][ T150] hsr_slave_0: left promiscuous mode [ 515.475904][ T44] usb 6-1: USB disconnect, device number 31 [ 515.482651][ T150] hsr_slave_1: left promiscuous mode [ 515.501744][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 515.501778][ T150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 515.544660][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 515.544696][ T150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 515.578152][T14300] fido_id[14300]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 515.688116][ T150] veth1_macvtap: left promiscuous mode [ 515.688356][ T150] veth0_macvtap: left promiscuous mode [ 515.688708][ T150] veth1_vlan: left promiscuous mode [ 515.688949][ T150] veth0_vlan: left promiscuous mode [ 515.799294][T14304] netlink: 72 bytes leftover after parsing attributes in process `syz.6.3643'. [ 516.921127][ T5849] Bluetooth: hci3: command tx timeout [ 517.050715][ T5961] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 517.234814][ T5961] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 517.234851][ T5961] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 8192, setting to 1024 [ 517.234895][ T5961] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 517.234918][ T5961] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.255903][ T5961] usb 7-1: config 0 descriptor?? [ 517.478982][ T44] usb 7-1: USB disconnect, device number 33 [ 519.404715][ T150] team0 (unregistering): Port device team_slave_1 removed [ 519.665552][ T150] team0 (unregistering): Port device team_slave_0 removed [ 522.456641][T14093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 522.943203][T14093] team0: Port device team_slave_0 added [ 522.947688][T14093] team0: Port device team_slave_1 added [ 523.108802][T14348] netlink: 'syz.7.3663': attribute type 2 has an invalid length. [ 523.249737][ T5845] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 523.411668][ T5845] usb 6-1: Using ep0 maxpacket: 32 [ 523.415605][ T5845] usb 6-1: config 0 interface 0 has no altsetting 0 [ 523.420184][ T5845] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 523.423163][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.423191][ T5845] usb 6-1: Product: syz [ 523.423205][ T5845] usb 6-1: Manufacturer: syz [ 523.423220][ T5845] usb 6-1: SerialNumber: syz [ 523.454853][ T5845] usb 6-1: config 0 descriptor?? [ 523.461654][T14348] k*]: entered promiscuous mode [ 523.894961][ T5845] gs_usb 6-1:0.0: Configuring for 16 interfaces [ 523.894989][ T5845] gs_usb 6-1:0.0: Driver cannot handle more that 3 CAN interfaces [ 523.895029][ T5845] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -22 [ 523.981059][T14093] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 523.981078][T14093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 523.981103][T14093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 524.049441][T14093] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 524.049460][T14093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 524.049493][T14093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 524.115818][ T5961] usb 6-1: USB disconnect, device number 32 [ 524.383922][ T37] audit: type=1326 audit(1758283621.682:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.384178][ T37] audit: type=1326 audit(1758283621.712:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.449869][ T37] audit: type=1326 audit(1758283621.762:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.449924][ T37] audit: type=1326 audit(1758283621.762:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.453131][ T37] audit: type=1326 audit(1758283621.772:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.457320][ T37] audit: type=1326 audit(1758283621.782:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 524.457372][ T37] audit: type=1326 audit(1758283621.782:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14358 comm="syz.4.3666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f009da9eba9 code=0x7ffc0000 [ 525.047890][T14093] hsr_slave_0: entered promiscuous mode [ 525.049394][T14093] hsr_slave_1: entered promiscuous mode [ 525.069368][T14093] debugfs: 'hsr0' already exists in 'hsr' [ 525.069398][T14093] Cannot create hsr debugfs directory [ 525.200492][ T5961] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 525.353223][ T5961] usb 6-1: config 0 has an invalid interface number: 32 but max is 0 [ 525.353254][ T5961] usb 6-1: config 0 has no interface number 0 [ 525.353306][ T5961] usb 6-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 525.353334][ T5961] usb 6-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 525.353374][ T5961] usb 6-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00 [ 525.353495][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 525.482887][ T5961] usb 6-1: config 0 descriptor?? [ 525.839587][ T150] IPVS: stop unused estimator thread 0... [ 525.942367][ T5961] uclogic 0003:256C:006E.004D: interface is invalid, ignoring [ 526.156764][ T5845] usb 6-1: USB disconnect, device number 33 [ 526.460164][T14395] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3677'. [ 526.460248][T14395] netlink: 'syz.6.3677': attribute type 2 has an invalid length. [ 526.460264][T14395] netlink: 'syz.6.3677': attribute type 1 has an invalid length. [ 526.466961][T14395] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3677'. [ 527.038737][T14409] random: crng reseeded on system resumption [ 527.443986][T14416] Bluetooth: MGMT ver 1.23 [ 527.674477][T14093] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 527.783620][T14093] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 527.937785][T14093] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 528.062766][T14093] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 528.916971][T14093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 529.067584][T14093] 8021q: adding VLAN 0 to HW filter on device team0 [ 529.080554][ T44] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 529.132853][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 529.133032][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 529.188853][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 529.190633][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 529.240536][ T44] usb 6-1: Using ep0 maxpacket: 8 [ 529.245404][ T44] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 529.245460][ T44] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 529.245484][ T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.289429][ T44] usb 6-1: config 0 descriptor?? [ 529.365648][ T994] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 529.512379][ T994] usb 7-1: Using ep0 maxpacket: 32 [ 529.522984][ T994] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 529.523013][ T994] usb 7-1: config 0 has no interface number 0 [ 529.533164][ T994] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 529.533428][ T994] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 529.533448][ T994] usb 7-1: Product: syz [ 529.533460][ T994] usb 7-1: Manufacturer: syz [ 529.533472][ T994] usb 7-1: SerialNumber: syz [ 529.548857][ T994] usb 7-1: config 0 descriptor?? [ 529.652374][ T994] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 529.836061][ T44] corsair 0003:1B1C:1B09.004E: unbalanced collection at end of report description [ 529.837035][ T44] corsair 0003:1B1C:1B09.004E: parse failed [ 529.837152][ T44] corsair 0003:1B1C:1B09.004E: probe with driver corsair failed with error -22 [ 529.918642][ T994] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 530.036383][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 530.120681][ T994] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 530.150710][T14466] sch_fq: defrate 4294967295 ignored. [ 530.167856][ T5961] usb 6-1: USB disconnect, device number 34 [ 530.268159][ C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 530.360991][ T994] usb 7-1: USB disconnect, device number 34 [ 530.453730][ T994] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 530.531568][ T994] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 530.532746][ T994] quatech2 7-1:0.51: device disconnected [ 530.824954][T14093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 532.270962][T14514] delete_channel: no stack [ 532.271438][T14513] delete_channel: no stack [ 533.164868][T14093] veth0_vlan: entered promiscuous mode [ 533.194101][T14530] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 0, id = 0 [ 533.300134][T14093] veth1_vlan: entered promiscuous mode [ 533.507035][T14093] veth0_macvtap: entered promiscuous mode [ 533.543834][T14093] veth1_macvtap: entered promiscuous mode [ 533.668381][T14093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 533.745765][T14093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 533.797645][ T1167] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.797948][ T1167] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.798337][ T1167] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 533.798990][ T1167] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 534.245757][ T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.245779][ T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 534.596404][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 534.596428][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 535.997374][T14583] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.3735'. [ 536.010938][T14580] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.3735'. [ 537.982462][T14627] netlink: 277 bytes leftover after parsing attributes in process `syz.6.3756'. [ 538.101029][T14622] syz.5.3753 (14622) used greatest stack depth: 17328 bytes left [ 538.159890][T14631] sp0: Synchronizing with TNC [ 539.186604][T14662] netlink: 'syz.6.3771': attribute type 1 has an invalid length. [ 539.337155][T14664] nbd: must specify a size in bytes for the device [ 540.525452][ T37] audit: type=1326 audit(1758283637.852:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.525513][ T37] audit: type=1326 audit(1758283637.852:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.561104][ T37] audit: type=1326 audit(1758283637.892:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.582493][ T37] audit: type=1326 audit(1758283637.912:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.634834][ T37] audit: type=1326 audit(1758283637.962:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.634894][ T37] audit: type=1326 audit(1758283637.962:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.634952][ T37] audit: type=1326 audit(1758283637.962:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14700 comm="syz.5.3791" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f979d02eba9 code=0x7ffc0000 [ 540.710793][T14705] netlink: 'syz.4.3794': attribute type 83 has an invalid length. [ 541.031420][T14715] CIFS mount error: No usable UNC path provided in device string! [ 541.031420][T14715] [ 541.031446][T14715] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 541.367118][T14726] netlink: 'syz.4.3801': attribute type 18 has an invalid length. [ 541.498585][ T3630] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.498633][ T3630] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.498665][ T3630] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 541.498704][ T3630] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 543.229878][T14771] Bluetooth: MGMT ver 1.23 [ 543.652817][T14780] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3826'. [ 543.953835][ T5893] kernel write not supported for file /input/mouse0 (pid: 5893 comm: kworker/0:3) [ 544.183315][ T37] audit: type=1326 audit(1758283641.512:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14794 comm="syz.5.3834" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f979d02eba9 code=0x0 [ 544.814313][T14806] netlink: 'syz.8.3839': attribute type 1 has an invalid length. [ 544.814359][T14806] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 546.270580][ T5845] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 546.370671][ T5930] usb 7-1: new low-speed USB device number 35 using dummy_hcd [ 546.449679][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 546.449715][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.449758][ T5845] usb 6-1: New USB device found, idVendor=258a, idProduct=6a80, bcdDevice= 0.00 [ 546.449782][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.473825][ T5845] usb 6-1: config 0 descriptor?? [ 546.545219][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 546.545322][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.545365][ T5930] usb 7-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00 [ 546.545397][ T5930] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.571844][ T5930] usb 7-1: config 0 descriptor?? [ 547.036263][ T5845] hid-generic 0003:258A:6A80.004F: hidraw0: USB HID v0.00 Device [HID 258a:6a80] on usb-dummy_hcd.5-1/input0 [ 547.114878][ T5929] usb 6-1: USB disconnect, device number 35 [ 547.274234][ T5845] usb 7-1: USB disconnect, device number 35 [ 547.560875][T14843] fido_id[14843]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 547.632272][ T5929] IPVS: starting estimator thread 0... [ 547.751086][T14850] IPVS: using max 6 ests per chain, 14400 per kthread [ 548.450663][T14864] netlink: 8 bytes leftover after parsing attributes in process `syz.8.3864'. [ 548.450865][T14864] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 548.450895][T14864] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 548.738884][ T37] audit: type=1326 audit(1758283646.062:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14875 comm="syz.8.3868" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc80868eba9 code=0x0 [ 549.949694][T14904] netlink: 'syz.6.3884': attribute type 8 has an invalid length. [ 550.184936][T14912] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3887'. [ 550.840864][T14926] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 552.023424][T14956] gretap0: entered promiscuous mode [ 554.865299][T15028] ALSA: mixer_oss: invalid OSS volume 'ިc">#a6\9/[\' [ 554.865434][T15028] ALSA: mixer_oss: invalid OSS volume 'F4|׃|t@' [ 554.865495][T15028] ALSA: mixer_oss: invalid OSS volume 'GJJ³ 1 [ 609.606410][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 609.609114][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 609.624943][ T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 609.627881][ T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 611.700558][T15680] Bluetooth: hci4: command tx timeout [ 613.616891][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 613.649481][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 613.659613][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 613.668688][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 613.682877][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 613.782543][T15680] Bluetooth: hci4: command tx timeout [ 615.786869][ T59] Bluetooth: hci6: command tx timeout [ 615.860860][ T59] Bluetooth: hci4: command tx timeout [ 616.336792][T15680] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 616.367799][T15680] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 616.390744][T15680] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 616.393158][T15680] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 616.394718][T15680] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 617.860695][ T59] Bluetooth: hci6: command tx timeout [ 617.940579][ T59] Bluetooth: hci4: command tx timeout [ 618.500607][ T59] Bluetooth: hci7: command tx timeout [ 619.950573][ T59] Bluetooth: hci6: command tx timeout [ 620.582490][ T59] Bluetooth: hci7: command tx timeout [ 620.676208][T15680] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 620.719559][T15680] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 620.730598][T15680] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 620.733715][T15680] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 620.734676][T15680] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 621.977788][ T59] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 622.000941][ T59] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 622.018101][ T59] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 622.021227][ T59] Bluetooth: hci6: command tx timeout [ 622.040682][ T59] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 622.041723][ T59] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 622.660798][ T59] Bluetooth: hci7: command tx timeout [ 622.820591][ T59] Bluetooth: hci8: command tx timeout [ 623.120926][T15733] IPVS: sync thread started: state = MASTER, mcast_ifn = veth1_to_batadv, syncid = 0, id = 0 [ 623.258187][T15707] bridge_slave_0: left allmulticast mode [ 623.258228][T15707] bridge_slave_0: left promiscuous mode [ 623.258520][T15707] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.180756][ T5849] Bluetooth: hci9: command tx timeout [ 624.681046][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.740915][ T5849] Bluetooth: hci7: command tx timeout [ 624.900464][ T5849] Bluetooth: hci8: command tx timeout [ 626.309787][ T5849] Bluetooth: hci9: command tx timeout [ 627.006189][ T5849] Bluetooth: hci8: command tx timeout [ 628.348175][ T5849] Bluetooth: hci9: command tx timeout [ 629.084825][ T5849] Bluetooth: hci8: command tx timeout [ 630.474529][ T59] Bluetooth: hci9: command tx timeout [ 651.460261][ C1] sched: DL replenish lagged too much [ 681.350280][T15680] Bluetooth: hci3: command 0x0406 tx timeout [ 690.280853][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 708.642043][T15680] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 708.648553][T15680] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 709.089726][T15680] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 709.101017][T15680] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 709.101943][T15680] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 712.128549][T15710] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 713.100600][T15777] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 713.103536][T15777] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 713.111599][T15777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 713.112496][T15777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 714.092947][T15777] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 714.128839][T15777] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 714.135699][T15777] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 715.120678][T15777] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 717.111760][T15776] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 718.131658][T15776] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 719.101929][T15776] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 720.130838][T15784] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 721.107359][T15710] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 721.132444][T15710] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 721.141255][T15784] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 721.155786][T15784] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 721.156542][T15784] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 723.158475][T15680] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 726.143508][T15680] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 735.011697][T15771] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 735.021493][T15680] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 735.044303][T15680] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 737.258539][T15710] Bluetooth: hci12: command 0x1003 tx timeout [ 737.291606][T15781] Bluetooth: hci12: Opcode 0x1003 failed: -110 [ 738.414360][T15767] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 739.263414][T15778] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 739.278314][T15784] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 739.285947][T15784] Bluetooth: hci4: command 0x0406 tx timeout [ 740.945345][T15784] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 741.625698][T15784] Bluetooth: hci6: command 0x0406 tx timeout [ 741.625746][T15784] Bluetooth: hci7: command 0x0406 tx timeout [ 748.245035][T15786] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 748.390086][T15786] Bluetooth: hci8: command 0x0406 tx timeout [ 748.390133][T15786] Bluetooth: hci9: command tx timeout [ 749.237516][T15784] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 749.262280][T15784] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 749.264689][T15784] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 749.265622][T15784] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 770.224020][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 773.607915][T15786] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 773.673425][T15786] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 773.679012][T15786] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 773.697484][T15786] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 773.698441][T15786] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 774.945276][T15801] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 774.986767][T15801] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 775.006972][T15801] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 775.008594][T15801] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 775.010133][T15801] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 775.781352][T15798] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 775.810850][T15798] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 775.812603][T15798] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 775.814253][T15808] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 775.855929][ T38] INFO: task syz-executor:15709 blocked for more than 153 seconds. [ 775.855956][ T38] Not tainted syzkaller #0 [ 775.855967][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 775.855977][ T38] task:syz-executor state:D stack:26952 pid:15709 tgid:15709 ppid:1 task_flags:0x400140 flags:0x00004004 [ 775.856044][ T38] Call Trace: [ 775.856052][ T38] [ 775.856067][ T38] __schedule+0x16f3/0x4c20 [ 775.856145][ T38] ? __pfx___schedule+0x10/0x10 [ 775.856196][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 775.856227][ T38] rt_mutex_schedule+0x77/0xf0 [ 775.856249][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 775.856274][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 775.856319][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 775.856347][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 775.856374][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 775.856396][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.856437][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.856470][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 775.856504][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.856524][ T38] mutex_lock_nested+0x16a/0x1d0 [ 775.856556][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 775.856591][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.856637][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.856660][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 775.856688][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.856718][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 775.856746][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.856795][ T38] netlink_rcv_skb+0x205/0x470 [ 775.856823][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.856848][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.856878][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 775.856921][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 775.856960][ T38] netlink_unicast+0x843/0xa10 [ 775.856998][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 775.857027][ T38] ? netlink_sendmsg+0x642/0xb30 [ 775.857054][ T38] ? skb_put+0x11b/0x210 [ 775.857097][ T38] netlink_sendmsg+0x805/0xb30 [ 775.857138][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.857177][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 775.857198][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.857228][ T38] __sock_sendmsg+0x21c/0x270 [ 775.857259][ T38] __sys_sendto+0x3c7/0x520 [ 775.990889][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 775.990958][ T38] ? exc_page_fault+0x76/0xf0 [ 775.990996][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 775.991029][ T38] __x64_sys_sendto+0xde/0x100 [ 775.991064][ T38] do_syscall_64+0xfa/0x3b0 [ 775.991084][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 775.991114][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.991144][ T38] ? clear_bhb_loop+0x60/0xb0 [ 775.991170][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.991191][ T38] RIP: 0033:0x7f74475d0a3c [ 775.991210][ T38] RSP: 002b:00007ffe1ad082d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 775.991234][ T38] RAX: ffffffffffffffda RBX: 00007f7448344620 RCX: 00007f74475d0a3c [ 775.991251][ T38] RDX: 0000000000000028 RSI: 00007f7448344670 RDI: 0000000000000003 [ 775.991264][ T38] RBP: 0000000000000000 R08: 00007ffe1ad08324 R09: 000000000000000c [ 775.991278][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 775.991291][ T38] R13: 0000000000000000 R14: 00007f7448344670 R15: 0000000000000000 [ 775.991327][ T38] [ 775.991342][ T38] INFO: task syz-executor:15716 blocked for more than 153 seconds. [ 775.991358][ T38] Not tainted syzkaller #0 [ 775.991368][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 775.991379][ T38] task:syz-executor state:D stack:25928 pid:15716 tgid:15716 ppid:1 task_flags:0x400140 flags:0x00004004 [ 775.991443][ T38] Call Trace: [ 775.991451][ T38] [ 775.991464][ T38] __schedule+0x16f3/0x4c20 [ 775.991527][ T38] ? __pfx___schedule+0x10/0x10 [ 775.991578][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 775.991613][ T38] rt_mutex_schedule+0x77/0xf0 [ 775.991634][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 775.991661][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 775.991708][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 775.991738][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 775.991765][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 775.991789][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.991831][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.991863][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 775.991895][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.991915][ T38] mutex_lock_nested+0x16a/0x1d0 [ 775.991948][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 775.991983][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.992028][ T38] ? __pfx_[ 775.992028][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.992051][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 775.992079][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.992109][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 775.992163][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.992214][ T38] netlink_rcv_skb+0x205/0x470 [ 775.992242][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.992269][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.992301][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 775.992345][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 775.992383][ T38] netlink_unicast+0x843/0xa10 [ 775.992421][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 775.992450][ T38] ? netlink_sendmsg+0x642/0xb30 [ 775.992476][ T38] ? skb_put+0x11b/0x210 [ 775.992513][ T38] netlink_sendmsg+0x805/0xb30 [ 775.992569][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.992609][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 775.992631][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.992661][ T38] __sock_sendmsg+0x21c/0x270 [ 775.992691][ T38] __sys_sendto+0x3c7/0x520 [ 775.992725][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 775.992788][ T38] ? exc_page_fault+0x76/0xf0 [ 775.992823][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 775.992855][ T38] __x64_sys_sendto+0xde/0x100 [ 775.992889][ T38] do_syscall_64+0xfa/0x3b0 [ 775.992908][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 775.992939][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.992959][ T38] ? clear_bhb_loop+0x60/0xb0 [ 775.992986][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.993006][ T38] RIP: 0033:0x7f9bd37d0a3c [ 775.993023][ T38] RSP: 002b:00007ffd1df9e480 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 775.993044][ T38] RAX: ffffffffffffffda RBX: 00007f9bd4544620 RCX: 00007f9bd37d0a3c [ 775.993059][ T38] RDX: 0000000000000028 RSI: 00007f9bd4544670 RDI: 0000000000000003 [ 775.993072][ T38] RBP: 0000000000000000 R08: 00007ffd1df9e4d4 R09: 000000000000000c [ 775.993085][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 775.993099][ T38] R13: 0000000000000000 R14: 00007f9bd4544670 R15: 0000000000000000 [ 775.993146][ T38] [ 775.993155][ T38] INFO: task syz-executor:15721 blocked for more than 153 seconds. [ 775.993170][ T38] Not tainted syzkaller #0 [ 775.993180][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 775.993189][ T38] task:syz-executor state:D stack:26888 pid:15721 tgid:15721 ppid:1 task_flags:0x400140 flags:0x00004004 [ 775.993251][ T38] Call Trace: [ 775.993258][ T38] [ 775.993271][ T38] __schedule+0x16f3/0x4c20 [ 775.993332][ T38] ? __pfx___schedule+0x10/0x10 [ 775.993383][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 775.993417][ T38] rt_mutex_schedule+0x77/0xf0 [ 775.993437][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 775.993462][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 775.993508][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 775.993537][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 775.993563][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 775.993586][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.993625][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.993657][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 775.993689][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.993709][ T38] mutex_lock_nested+0x16a/0x1d0 [ 775.993740][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 775.993775][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.993820][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.993843][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 775.993870][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.993898][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 775.993925][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.993974][ T38] netlink_rcv_skb+0x205/0x470 [ 775.993999][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.994026][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.994056][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 775.994100][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 775.994148][ T38] netlink_unicast+0x843/0xa10 [ 775.994185][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 775.994214][ T38] ? netlink_sendmsg+0x642/0xb30 [ 775.994240][ T38] ? skb_put+0x11b/0x210 [ 775.994275][ T38] netlink_sendmsg+0x805/0xb30 [ 775.994316][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.994354][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 775.994375][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.994406][ T38] __sock_sendmsg+0x21c/0x270 [ 775.994436][ T38] __sys_sendto+0x3c7/0x520 [ 775.994468][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 775.994531][ T38] ? exc_page_fault+0x76/0xf0 [ 775.994565][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 775.994596][ T38] __x64_sys_sendto+0xde/0x100 [ 775.994631][ T38] do_syscall_64+0xfa/0x3b0 [ 775.994650][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 775.994680][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.994700][ T38] ? clear_bhb_loop+0x60/0xb0 [ 775.994726][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.994746][ T38] RIP: 0033:0x7fa5852c0a3c [ 775.994762][ T38] RSP: 002b:00007ffc55432780 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 775.994781][ T38] RAX: ffffffffffffffda RBX: 00007fa586034620 RCX: 00007fa5852c0a3c [ 775.994796][ T38] RDX: 0000000000000028 RSI: 00007fa586034670 RDI: 0000000000000003 [ 775.994809][ T38] RBP: 0000000000000000 R08: 00007ffc554327d4 R09: 000000000000000c [ 775.994822][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 775.994834][ T38] R13: 0000000000000000 R14: 00007fa586034670 R15: 0000000000000000 [ 775.994874][ T38] [ 775.994883][ T38] INFO: task syz-executor:15726 blocked for more than 153 seconds. [ 775.994895][ T38] Not tainted syzkaller #0 [ 775.994906][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 775.994914][ T38] task:syz-executor state:D stack:26952 pid:15726 tgid:15726 ppid:1 task_flags:0x400140 flags:0x00004004 [ 775.994976][ T38] Call Trace: [ 775.994982][ T38] [ 775.994996][ T38] __schedule+0x16f3/0x4c20 [ 775.995056][ T38] ? __pfx___schedule+0x10/0x10 [ 775.995108][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 775.995150][ T38] rt_mutex_schedule+0x77/0xf0 [ 775.995170][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 775.995195][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 775.995242][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 775.995271][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 775.995299][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 775.995322][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.995363][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.995394][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 775.995427][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 775.995447][ T38] mutex_lock_nested+0x16a/0x1d0 [ 775.995479][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 775.995514][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.995560][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 775.995583][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 775.995609][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.995639][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 775.995666][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.995715][ T38] netlink_rcv_skb+0x205/0x470 [ 775.995740][ T38] ? __lock_acquire+0xab9/0xd20 [ 775.995768][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 775.995798][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 775.995841][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 775.995880][ T38] netlink_unicast+0x843/0xa10 [ 775.995916][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 775.995945][ T38] ? netlink_sendmsg+0x642/0xb30 [ 775.995971][ T38] ? skb_put+0x11b/0x210 [ 775.996006][ T38] netlink_sendmsg+0x805/0xb30 [ 775.996047][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.996086][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 775.996106][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 775.996144][ T38] __sock_sendmsg+0x21c/0x270 [ 775.996175][ T38] __sys_sendto+0x3c7/0x520 [ 775.996207][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 775.996271][ T38] ? exc_page_fault+0x76/0xf0 [ 775.996306][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 775.996337][ T38] __x64_sys_sendto+0xde/0x100 [ 775.996372][ T38] do_syscall_64+0xfa/0x3b0 [ 775.996390][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 775.996420][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.996440][ T38] ? clear_bhb_loop+0x60/0xb0 [ 775.996466][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.996486][ T38] RIP: 0033:0x7f8bc2530a3c [ 775.996502][ T38] RSP: 002b:00007fffb93c3df0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 775.996522][ T38] RAX: ffffffffffffffda RBX: 00007f8bc32a4620 RCX: 00007f8bc2530a3c [ 775.996537][ T38] RDX: 0000000000000028 RSI: 00007f8bc32a4670 RDI: 0000000000000003 [ 775.996550][ T38] RBP: 0000000000000000 R08: 00007fffb93c3e44 R09: 000000000000000c [ 775.996563][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 775.996576][ T38] R13: 0000000000000000 R14: 00007f8bc32a4670 R15: 0000000000000000 [ 775.996610][ T38] [ 775.996644][ T38] [ 775.996644][ T38] Showing all locks held in the system: [ 775.996653][ T38] 4 locks held by kworker/R-rcu_g/4: [ 775.996665][ T38] #0: ffff88801989a938 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.996721][ T38] #1: ffffc90000097ba0 ((work_completion)(&sdp->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.996773][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.996825][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.996879][ T38] 3 locks held by kworker/0:0/9: [ 775.996888][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.996939][ T38] #1: ffffc900000e7bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.996991][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 775.997041][ T38] 4 locks held by kworker/0:1/10: [ 775.997052][ T38] #0: ffff88805d5bf538 ((wq_completion)wg-crypt-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.997109][ T38] #1: ffffc900000f7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.997186][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.997237][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.997290][ T38] 2 locks held by ksoftirqd/0/15: [ 775.997301][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.997352][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.997404][ T38] 4 locks held by pr/legacy/17: [ 775.997417][ T38] 2 locks held by rcuc/0/20: [ 775.997428][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.997479][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.997532][ T38] 1 lock held by khungtaskd/38: [ 775.997544][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 775.997594][ T38] 17 locks held by kworker/u8:3/57: [ 775.997607][ T38] 4 locks held by kworker/u9:0/59: [ 775.997619][ T38] #0: ffff88805ca1f138 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.997670][ T38] #1: ffffc9000125fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.997723][ T38] #2: ffff888032be8e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 775.997772][ T38] #3: ffff888032be80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 775.997837][ T38] 7 locks held by kworker/u8:9/1167: [ 775.997849][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.997898][ T38] #1: ffffc90004e07bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.997952][ T38] #2: ffff8880234f0300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 775.998014][ T38] #3: ffff8880382bb520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 775.998072][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 775.998122][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.998181][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.998245][ T38] 5 locks held by kworker/u8:11/3630: [ 775.998259][ T38] 1 lock held by udevd/5205: [ 775.998270][ T38] #0: ffff888036591218 (&ep->lock){++++}-{3:3}, at: do_epoll_wait+0x84d/0xbb0 [ 775.998326][ T38] 2 locks held by getty/5597: [ 775.998336][ T38] #0: ffff88823bf5e8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 775.998393][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 775.998445][ T38] 2 locks held by syz-executor/5823: [ 775.998457][ T38] 4 locks held by kworker/u9:5/5849: [ 775.998469][ T38] #0: ffff888027cdf138 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.998524][ T38] #1: ffffc90004c17bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.998576][ T38] #2: ffff88807df300a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 775.998627][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 775.998678][ T38] 4 locks held by kworker/R-wg-cr/5882: [ 775.998690][ T38] #0: ffff88805af7f538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.998747][ T38] #1: ffffc90004e67ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.998815][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.998866][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.998916][ T38] 4 locks held by kworker/R-wg-cr/5887: [ 775.998928][ T38] #0: ffff88805b332538 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.998985][ T38] #1: ffffc90004ec7ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.999053][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.999103][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.999164][ T38] 4 locks held by kworker/R-wg-cr/5889: [ 775.999175][ T38] #0: ffff88805b378538 ((wq_completion)wg-crypt-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.999230][ T38] #1: ffffc90004ed7ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.999299][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.999349][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.999401][ T38] 4 locks held by kworker/0:3/5893: [ 775.999413][ T38] #0: ffff88805e061138 ((wq_completion)wg-crypt-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.999469][ T38] #1: ffffc90004f17bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.999536][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.999587][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.999639][ T38] 4 locks held by kworker/0:5/5929: [ 775.999650][ T38] #0: ffff88805e061138 ((wq_completion)wg-crypt-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.999706][ T38] #1: ffffc900051f7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.999758][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 775.999808][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 775.999861][ T38] 4 locks held by kworker/0:6/5961: [ 775.999872][ T38] #0: ffff88805af7f538 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 775.999926][ T38] #1: ffffc900052f7bc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 775.999978][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.000029][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.000081][ T38] 4 locks held by kworker/R-wg-cr/7221: [ 776.000093][ T38] #0: ffff88805c38e538 ((wq_completion)wg-crypt-wg0#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.000158][ T38] #1: [ 776.114018][T15808] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 776.385937][ T38] ffffc9000d3bfba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.386019][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.386069][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.386119][ T38] 4 locks held by kworker/R-wg-cr/7265: [ 776.386131][ T38] #0: ffff88805fd8d138 ((wq_completion)wg-crypt-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.386196][ T38] #1: ffffc9000d34fba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.386260][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.386309][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.386364][ T38] 4 locks held by kworker/R-wg-cr/8855: [ 776.386376][ T38] #0: ffff88805e061138 ((wq_completion)wg-crypt-wg0#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.386430][ T38] #1: ffffc90005017ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.386497][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.386546][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.386592][ T38] 4 locks held by kworker/R-wg-cr/8862: [ 776.386603][ T38] #0: ffff888036b3e138 ((wq_completion)wg-crypt-wg2#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.386660][ T38] #1: ffffc90004c77ba0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.386727][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.386776][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.386830][ T38] 4 locks held by kworker/R-wg-cr/14193: [ 776.386841][ T38] #0: ffff88805d5bf538 ((wq_completion)wg-crypt-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.386898][ T38] #1: ffffc9000f52fba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.386949][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.387000][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.387053][ T38] 4 locks held by kworker/R-wg-cr/14253: [ 776.387064][ T38] #0: ffff88805fd9e138 ((wq_completion)wg-crypt-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.387121][ T38] #1: ffffc9000d3efba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.387172][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.387230][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.387281][ T38] 4 locks held by kworker/R-wg-cr/14256: [ 776.387293][ T38] #0: ffff88805c875d38 ((wq_completion)wg-crypt-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.387349][ T38] #1: ffffc9000de87ba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.387402][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.387452][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.387504][ T38] 5 locks held by kworker/u8:13/15637: [ 776.387515][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.387567][ T38] #1: ffffc90005a5fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.387618][ T38] #2: ffff8880329b0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 776.387674][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.387744][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.387796][ T38] 4 locks held by syz.6.4230/15647: [ 776.387807][ T38] #0: ffff888051e80e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 776.387859][ T38] #1: ffff888051e800a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 776.387913][ T38] #2: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 776.387960][ T38] #3: ffff88805baf2358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 776.388010][ T38] 1 lock held by syz.5.4243/15675: [ 776.388022][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 776.388078][ T38] 5 locks held by kworker/u9:1/15680: [ 776.388089][ T38] #0: ffff8880315d7938 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.388142][ T38] #1: ffffc90005867bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.388203][ T38] #2: ffff88805efe4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 776.388252][ T38] #3: ffff88805efe40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 776.388307][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 776.388362][ T38] 3 locks held by syz.4.4246/15682: [ 776.388373][ T38] #0: ffff88803960ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 776.388423][ T38] #1: ffff88803960c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 776.388477][ T38] #2: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 776.388525][ T38] 1 lock held by syz.7.4251/15695: [ 776.388536][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 776.388591][ T38] 3 locks held by syz.8.4257/15707: [ 776.388602][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 776.388656][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.388707][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.388758][ T38] 1 lock held by syz-executor/15709: [ 776.388770][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.388820][ T38] 5 locks held by kworker/u9:2/15710: [ 776.388831][ T38] #0: ffff88804cf85938 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.388884][ T38] #1: ffffc90004e27bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.388936][ T38] #2: ffff88803dff4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 776.388983][ T38] #3: ffff88803dff40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 776.389037][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 776.389093][ T38] 1 lock held by syz-executor/15716: [ 776.389104][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.389152][ T38] 1 lock held by syz-executor/15721: [ 776.389163][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.389219][ T38] 1 lock held by syz-executor/15726: [ 776.389230][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.389278][ T38] 1 lock held by syz-executor/15730: [ 776.389290][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.389339][ T38] 4 locks held by kworker/u8:15/15736: [ 776.389350][ T38] #0: ffff88814d336138 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.389402][ T38] #1: ffffc90003f87bc0 ((work_completion)(&(&bat_priv->tt.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.389455][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.389506][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.389558][ T38] 7 locks held by kworker/u8:20/15741: [ 776.389570][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.389622][ T38] #1: ffffc900042f7bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.389677][ T38] #2: ffff88802fb9e300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 776.389740][ T38] #3: ffff88805d982120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 776.389797][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 776.389848][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.389899][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.389951][ T38] 7 locks held by kworker/u8:27/15748: [ 776.389962][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.390013][ T38] #1: ffffc90004167bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.390068][ T38] #2: ffff88805c77d300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 776.390124][ T38] #3: ffff88805dab1520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 776.540876][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 776.540942][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.540995][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.541050][ T38] 3 locks held by kworker/u8:29/15750: [ 776.541063][ T38] #0: ffff888030074138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.541116][ T38] #1: ffffc90005a7fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.541169][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 776.541249][ T38] 7 locks held by kworker/u8:39/15774: [ 776.541261][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.541312][ T38] #1: ffffc90004207bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.541382][ T38] #2: ffff888036901300 (&devlink->lock_key#8){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 776.541445][ T38] #3: ffff88805cae2520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 776.541502][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 776.541552][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.541604][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.541663][ T38] 5 locks held by kworker/u9:3/15776: [ 776.541675][ T38] #0: ffff8880396a7938 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.541727][ T38] #1: ffffc90004077bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.541779][ T38] #2: ffff8880660b4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 776.541828][ T38] #3: ffff8880660b40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 776.541891][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 776.541962][ T38] 5 locks held by kworker/u9:4/15777: [ 776.541973][ T38] #0: ffff88803b935138 ((wq_completion)hci4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.542026][ T38] #1: ffffc900058d7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.542079][ T38] #2: ffff8880565a0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 776.542126][ T38] #3: ffff8880565a00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 776.542189][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 776.542245][ T38] 1 lock held by syz-executor/15780: [ 776.542256][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.542307][ T38] 4 locks held by kworker/u9:6/15784: [ 776.542318][ T38] #0: ffff88805ca1a138 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.542375][ T38] #1: ffffc900053a7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.542426][ T38] #2: ffff8880325c80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 776.542476][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 776.542529][ T38] 5 locks held by kworker/u9:7/15785: [ 776.542540][ T38] #0: ffff8880396a5938 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.542591][ T38] #1: ffffc9000d187bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.542643][ T38] #2: ffff888023494e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 776.542692][ T38] #3: ffff8880234940a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 776.542742][ T38] #4: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 776.542792][ T38] 4 locks held by kworker/u9:8/15786: [ 776.542803][ T38] #0: ffff8880504e3138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.542857][ T38] #1: ffffc90005887bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.542906][ T38] #2: ffff8880432540a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 776.542955][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 776.543002][ T38] 1 lock held by syz-executor/15795: [ 776.543013][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.543061][ T38] 1 lock held by syz-executor/15799: [ 776.543073][ T38] 1 lock held by syz-executor/15800: [ 776.543085][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.543132][ T38] 4 locks held by kworker/u9:10/15801: [ 776.543143][ T38] #0: ffff88806ede6938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.543208][ T38] #1: ffffc90004b07bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.543260][ T38] #2: ffff88807bdd00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 776.543311][ T38] #3: ffffffff8ee3b198 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 776.543361][ T38] 4 locks held by kworker/0:7/15802: [ 776.543372][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 776.543419][ T38] #1: ffffc90004ad7bc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 776.543469][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 776.543520][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 776.543570][ T38] 1 lock held by syz-executor/15804: [ 776.543582][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 776.543628][ T38] 2 locks held by syz-executor/15807: [ 776.543643][ T38] [ 776.543648][ T38] ============================================= [ 776.543648][ T38] [ 776.543657][ T38] NMI backtrace for cpu 1 [ 776.543672][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 776.543695][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 776.543706][ T38] Call Trace: [ 776.543714][ T38] [ 776.543724][ T38] dump_stack_lvl+0x189/0x250 [ 776.543757][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 776.543785][ T38] ? __pfx__printk+0x10/0x10 [ 776.543820][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 776.543847][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 776.543874][ T38] ? __pfx__printk+0x10/0x10 [ 776.543899][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 776.543926][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 776.543952][ T38] watchdog+0xf93/0xfe0 [ 776.543979][ T38] ? watchdog+0x1de/0xfe0 [ 776.544009][ T38] kthread+0x70e/0x8a0 [ 776.544043][ T38] ? __pfx_watchdog+0x10/0x10 [ 776.544068][ T38] ? __pfx_kthread+0x10/0x10 [ 776.544101][ T38] ? __pfx_kthread+0x10/0x10 [ 776.544132][ T38] ret_from_fork+0x436/0x7d0 [ 776.544161][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 776.544204][ T38] ? __switch_to_asm+0x39/0x70 [ 776.544223][ T38] ? __switch_to_asm+0x33/0x70 [ 776.544241][ T38] ? __pfx_kthread+0x10/0x10 [ 776.544271][ T38] ret_from_fork_asm+0x1a/0x30 [ 776.544308][ T38] [ 776.544316][ T38] Sending NMI from CPU 1 to CPUs 0: [ 776.544346][ C0] NMI backtrace for cpu 0 [ 776.544362][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 776.544381][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 776.544389][ C0] RIP: 0010:__rcu_read_unlock+0x0/0xe0 [ 776.544411][ C0] Code: 89 d9 80 e1 07 80 c1 03 38 c1 7c dc 48 89 df e8 46 e2 77 00 eb d2 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1e fa 41 57 41 56 41 55 41 54 53 49 bf 00 00 00 00 00 fc ff [ 776.544425][ C0] RSP: 0018:ffffc90000156930 EFLAGS: 00000286 [ 776.544441][ C0] RAX: 94f14e3970aea000 RBX: ffffffff8fb38a01 RCX: 94f14e3970aea000 [ 776.544453][ C0] RDX: 0000000000000007 RSI: ffffffff8d21ae96 RDI: ffffffff8b621680 [ 776.544464][ C0] RBP: dffffc0000000000 R08: ffffc90000156d68 R09: 0000000000000000 [ 776.544475][ C0] R10: ffffc90000156a58 R11: fffff5200002ad4d R12: ffffc90000156d78 [ 776.544487][ C0] R13: ffffc90000150000 R14: ffffc90000156a08 R15: ffffffff8172c165 [ 776.544498][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 776.544512][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 776.544523][ C0] CR2: 00007fc17b5d7d60 CR3: 00000000339f6000 CR4: 00000000003526f0 [ 776.544540][ C0] Call Trace: [ 776.544546][ C0] [ 776.544552][ C0] unwind_next_frame+0x19ae/0x2390 [ 776.544578][ C0] ? unwind_next_frame+0xa5/0x2390 [ 776.544599][ C0] ? kasan_save_track+0x3e/0x80 [ 776.544620][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 776.544638][ C0] arch_stack_walk+0x11c/0x150 [ 776.544663][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 776.544684][ C0] stack_trace_save+0x9c/0xe0 [ 776.544700][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 776.544722][ C0] kasan_save_track+0x3e/0x80 [ 776.544738][ C0] ? kasan_save_track+0x3e/0x80 [ 776.544781][ C0] __kasan_slab_alloc+0x6c/0x80 [ 776.544799][ C0] ? __alloc_skb+0x112/0x2d0 [ 776.544820][ C0] kmem_cache_alloc_node_noprof+0x14e/0x330 [ 776.544845][ C0] __alloc_skb+0x112/0x2d0 [ 776.544867][ C0] synproxy_send_client_synack_ipv6+0x169/0xca0 [ 776.544897][ C0] ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10 [ 776.544920][ C0] ? nft_synproxy_eval_v6+0x550/0x560 [ 776.544946][ C0] ? synproxy_pernet+0x45/0x270 [ 776.544965][ C0] nft_synproxy_eval_v6+0x36e/0x560 [ 776.544985][ C0] ? __pfx_nft_synproxy_eval_v6+0x10/0x10 [ 776.545003][ C0] ? nf_ip_checksum+0x13c/0x510 [ 776.545022][ C0] nft_synproxy_do_eval+0x3d7/0x570 [ 776.545042][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 776.545067][ C0] nft_do_chain+0x40c/0x1920 [ 776.545087][ C0] ? __pfx_ip_list_rcv+0x10/0x10 [ 776.545110][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 776.545125][ C0] ? ipv6_find_hdr+0xc78/0x1050 [ 776.545160][ C0] ? netif_receive_skb_list_internal+0x4fd/0xcc0 [ 776.545179][ C0] ? netif_receive_skb_list_internal+0xa4f/0xcc0 [ 776.545199][ C0] nft_do_chain_inet+0x25d/0x340 [ 776.545216][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 776.545232][ C0] ? __lock_acquire+0xab9/0xd20 [ 776.545257][ C0] ? NF_HOOK+0x9a/0x3a0 [ 776.545277][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 776.545294][ C0] nf_hook_slow+0xc2/0x220 [ 776.545318][ C0] NF_HOOK+0x206/0x3a0 [ 776.545339][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 776.545359][ C0] ? NF_HOOK+0x9a/0x3a0 [ 776.545377][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 776.545398][ C0] ? __pfx_ip6_input_finish+0x10/0x10 [ 776.545424][ C0] ip6_input+0x16a/0x270 [ 776.545443][ C0] ? ip6_input+0x23/0x270 [ 776.545463][ C0] NF_HOOK+0x309/0x3a0 [ 776.545483][ C0] ? skb_orphan+0xaf/0xd0 [ 776.545502][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 776.545521][ C0] ? NF_HOOK+0x9a/0x3a0 [ 776.545539][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 776.545560][ C0] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 776.545585][ C0] __netif_receive_skb+0xd3/0x380 [ 776.545603][ C0] ? rt_spin_unlock+0x65/0x80 [ 776.545624][ C0] ? process_backlog+0x27b/0x900 [ 776.545643][ C0] process_backlog+0x31e/0x900 [ 776.545668][ C0] __napi_poll+0xb3/0x540 [ 776.545689][ C0] net_rx_action+0x707/0xe00 [ 776.545709][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 776.545739][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 776.545776][ C0] handle_softirqs+0x22f/0x710 [ 776.545799][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 776.545824][ C0] run_ktimerd+0xcf/0x190 [ 776.545844][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 776.545865][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 776.545884][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 776.545903][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 776.545921][ C0] smpboot_thread_fn+0x53f/0xa60 [ 776.545946][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 776.545968][ C0] kthread+0x70e/0x8a0 [ 776.545991][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 776.546009][ C0] ? __pfx_kthread+0x10/0x10 [ 776.546033][ C0] ? __pfx_kthread+0x10/0x10 [ 776.546055][ C0] ret_from_fork+0x436/0x7d0 [ 776.546075][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 776.546096][ C0] ? __switch_to_asm+0x39/0x70 [ 776.546110][ C0] ? __switch_to_asm+0x33/0x70 [ 776.546124][ C0] ? __pfx_kthread+0x10/0x10 [ 776.546146][ C0] ret_from_fork_asm+0x1a/0x30 [ 776.546169][ C0] [ 776.546342][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 776.546358][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 776.546380][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 776.546391][ T38] Call Trace: [ 776.546399][ T38] [ 776.546408][ T38] dump_stack_lvl+0x99/0x250 [ 776.546437][ T38] ? __asan_memcpy+0x40/0x70 [ 776.546459][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 776.546488][ T38] ? __pfx__printk+0x10/0x10 [ 776.546525][ T38] vpanic+0x281/0x750 [ 776.546557][ T38] ? __pfx_vpanic+0x10/0x10 [ 776.546583][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 776.546605][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 776.546647][ T38] panic+0xb9/0xc0 [ 776.546675][ T38] ? __pfx_panic+0x10/0x10 [ 776.546707][ T38] ? irq_work_queue+0xc3/0x140 [ 776.546737][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 776.546766][ T38] watchdog+0xfd2/0xfe0 [ 776.546797][ T38] ? watchdog+0x1de/0xfe0 [ 776.546830][ T38] kthread+0x70e/0x8a0 [ 776.546863][ T38] ? __pfx_watchdog+0x10/0x10 [ 776.546887][ T38] ? __pfx_kthread+0x10/0x10 [ 776.546923][ T38] ? __pfx_kthread+0x10/0x10 [ 776.546951][ T38] ret_from_fork+0x436/0x7d0 [ 776.546980][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 776.547013][ T38] ? __switch_to_asm+0x39/0x70 [ 776.547031][ T38] ? __switch_to_asm+0x33/0x70 [ 776.547049][ T38] ? __pfx_kthread+0x10/0x10 [ 776.547080][ T38] ret_from_fork_asm+0x1a/0x30 [ 776.547116][ T38] [ 776.547405][ T38] Kernel Offset: disabled