last executing test programs: 4m31.166954237s ago: executing program 4 (id=2221): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x4, 0x0, 0xfffff010}, {0x20, 0x0, 0x0, 0xfff7f024}, {0x6, 0x0, 0x4, 0x3}]}, 0x10) sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840) 4m30.546693038s ago: executing program 4 (id=2227): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0x1b0, 0x21, 0x1, 0x0, 0xfffffffe, {{@in6=@private2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x134, 0x11, [{@in6=@dev={0xfe, 0x80, '\x00', 0x11}, @in=@rand_addr=0x64010102, @in=@local, @in6=@remote, 0x3c, 0x0, 0x0, 0x0, 0xa, 0xa}, {@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2b, 0x3, 0x0, 0x3504, 0xa, 0x2}, {@in=@private=0xa010102, @in6=@private0, @in6=@remote, @in=@broadcast, 0x6c, 0x1, 0x0, 0x0, 0xa, 0xa}, {@in=@local, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@local, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6c, 0x2, 0x0, 0x3507, 0x0, 0xa}]}, @user_kmaddress={0x2c, 0x13, {@in6=@private1, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x2}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x800}, 0x0) 4m30.261553226s ago: executing program 4 (id=2230): socket$kcm(0x11, 0x200000000000002, 0x300) r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000500)=@hci={0x1f, 0x0, 0x4}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000580)="02042700ea0e0000000000001eafbcf706e105000000000000001104ee1606d4b8bf4a828bda305775c43824cee8440000", 0x31}, {&(0x7f0000000100)="126873159fca3fa38fb198e9a6b363ceb3e6d803ab766b7a38e451d14e0b3457474fe6a51671e4124fcea96a873b10996816e100ed8a93b0a9053db57d60973369f58551c3091cb88d3b", 0x4a}, {&(0x7f0000000080)="088d85d1f4f8220aee8de7932b326f8a3164ae439862807a1589836c736d2341f7", 0x21}, {&(0x7f0000000040)="df3b46a1330000000000000000000000000000f1", 0x14}, {&(0x7f00000005c0)="b72abab9439ca41f5cf14d6435575ba774ee5f5c23ff2f5176f5773d08a15668ec280cfe4ea416cf769dbf978a8191bbe006e0da50029176c0f24e3ff4d3e895a2afbf52cef2fe1ca31edd842b126ec4be67e6e3624b9ddf806fc146c645ec1d37fe7e3b025c156d5d520104b53f7fb2af436201cfd5dca170edea5a190e4786bfaac544b60f514d7ef420526c467f14790dcfa5ab915d7dbcdf2765bbcad014c991f8b829c79f53586de79f0b987ad796f9de4a6e53136a07a39ab1f5a2ce30aded70a9b72d1beff7e8b6405fd6331e5635ee71e809be2d58f412dcd7b2e856d692dbfed19045ff13244acce351b6e450395568063569c71ea80a04f83fbe6ad1d0862fb97f816576c4844da65d751ee1fdc522ae1158670de297cdb2117bc0adc1486e016a6bcc922a162fce6a9ecc8c42b0c44c566004eda037864e5f339bbb0998cdaf2b8e49ae003659bc033668f7c8e550197ed95c420461254ba1883dbd9403672d579cee85c37f103ee9a350a768286017158784baeb063c8c684b91b022b0db2238b679092a1f6909f0cd9228500e088f5cc7bac4c0dc56e80fedac93554aec79715ce02e8bf3fcbd70382f619bfe3dcf06890d8542022ee58bdfb075d319c9fc8474cadc8de5c3dd3f682d3f68324d0af7a727064053ad84c94643eef190783c616467628f84620044c084b80e3e57bfcdf293c9c36b4474a52398b35e49e2ad4a4ac090bffc5cd27d3c69b4ae5f841d5b0766ccd36d25eb58d8f01621a05744b79ede39019ab9d7a1946353d8f3b7f833ce1a102a8c97a9e3f32138ffafd305448f2518ccdb7eef594a890eaeaff3f876f742fec22669a97085ed93b18228ecbe9e354e8f69967ca749fd2b1cf026665ca912e3fc0188b294519078b46676052de4fe22798290bd1e232c9791fc01ddb4ae776b5769143df2867042e8a3ddfa8e786bd8a244076956d4ab137939ad381650dd4fefd2b942a98d6f2edfd7019ae473e7608647b86d643e8ff3d7d4e89ed826e4b8c6e8fed224c528d805ade85c5b45261b2692c0f403dec050bd973b0999df214689f4402dd1598a16b0c7671e5e204a00b06376ddee7cb99292a8b835c0b451642b71f2ffa1aeea56255817b2384bfe4f8213ccfc1f762f250592896102e5f6d34cdd726bc0f86af52fd7c4483d32e23e5af770e960c7445b8e67b6086f0cadcd22d0d4bdadc31b5a94dd687379dc6e078210ccc71f8e67eb58d330394425ab17e55d1ca8f868f6bf738af291d2293c3dfa2ccff25061ded22878b3cc6532d19e5a00d1f0f1b9de35305fac2c6cfd5d77a2b02618735b7d392738bd5cd3eabb7039c790a9f193913f16e06605d405d6a0cf0011a2e5f935d8563fef1722692dd266c3d320b9f5eeb2a4b2f72155522f0ed72ff1efa0b6ee78e70d3d45241609e7f87d7bcfe1af71159baa11ad667a0ead3986b2b06500ba2615ee966ea86ca68d02de4802bd9ef18dac5ba53ca98b90df49ef4e3268ceee538973620e5a60513ea330989642626420b67dceebc569478657aedeb62c45b079348796923ad1fba5a99e6b150cf97ba2a570150053309c6dca7fa352fa1678c9b919fbc47ae0a84175a7fc25a00fa5888cb017e8d8225fadb29e34bd3c5bbccfb22a83255fec3967c991d5b3e6719ade82fb7ef85c8a4b9e7ad8ef2a3a7bc78de424572224affb1f9e0c5a969e61ee2ebb4f247bfa09384bdad04438f2efbfae303d47c3afe7e8d3a157b2a6f37572ea3ecc441dfb208ba755f781f144e58d80aea590abcfccbe8678ec6de47511f9d61cc408cbbe90eeab2cffe6d1a48dc3eb4e48e228fd43cafd7ff2c85c3ed52e99fe16887be28fcd2cd4ba4cac414c92c96294fa7d628e4356c748c173f790a7f30071d0bd53817c78d163249c7402b222b8f28668cae7afd17b97dbaf10b75b61409ca6f5b285d1ab09207c5a91c68b0d4b5da6d6b5a495c8debd7f4400e56d9e22d1cc330f782f2b5441a31b9ccf35aa1a151219cdcff5ab8b240af5b5a751eca67773c057412a935e3a7a367b2bcd28463904ee040a586d6f4f969cee56d55b6b4d97d1fe93b67e2f6bd47925054c4702ec8969a1a6211ea8f6783ca0e8ae333922ce19eceb24e2ff714a0208d2489a62f299aa50cdbfe5a826e872ab231bbddf5bd2fca92d4460379e05e13ff34a200fd921dcb67a002873bda8d86536cddaccb54eb72dd4e399fe9195ad5574ad85d9ed2eaae4106234f0a8db05a230ff377b59b54fd0919d1b86b938622ae6098f003db7f4d45d6874f54c33064ce6184dccc99fece2d994e9572d4840b0cbdd704fd70b4f625912d48a512339f883533768f09a4f614583dfb72defe713ee38f61184df279461b7d35becd8e67d01f0ec27e901d88215554d5a69db373a662085733d09ad9153e7d432c94f872ff7cd72995b3a581ea17722ed13a191b366208f75661112b1a7d42c252c907488ca8dd8f819d4618b0053d4bcddb3b5975cb8615ebc472e052552ee74d5253174a2b0cb96e1eaf6349b6c39be975123ee72b0ffe1367df7aba54de26c9135a3422d21067034551be5efc5daf8b8f59bc725e4fd171378fd9f16a785f1b0378823c85eec521e0b2aca70b7b72b719a20eb2fb0addc0b05851c8e181607f49dad7323bc255309097584c2099574db1ed7940fd16796aef19d30acd714dc1f898716df64db87d852eddf2f86e78fd7fd64868b4cb6cc626efcdea49c4a2779a0e777bbe23968e14233a810d9883680894de93023a8deae51ccbf32e6d1e53618ebee95c761221a33bc3263fff0f5ae23e14dba0418cf3f31effcb36956e06c57a17620044260419a208ae1d2296ec9472d44be74a8ed0a33a23181acdef8c7d2695ce9485ed8d17d9f6f30b9b128ee0ba15c42cbf6059bcfef008c09db8855343f79c3ce1c4d79077c8a62237d4e400a5aa88e7424f2f99df6c2070d6ed071f4968376581e20e52d64e9c4f8a6f73bb33f5b6b62c1deecc85bf789565fde14e4454306ed8f09af08afb360ee4fb40dd5dca0be43ccff75e5c0ef85ea7c521cb4840d61e99e1ce4661e721446d5a571cddffbc3643ec9b58237fd416376906bdca09485c2c80f82b23e8e7bbf22035fdbcacd804ae3771fd616901184ced46987d533017eef717e9b34a5531c3efe2d77c9b6cb0617382d69951545378a4118e71c64a1f16d096a8f933580922083d0536b90ae1715c63f682e8241b42e1646b0c52e34aa9c91efe2b6b787ce0747d4ff0dd07d6ebc9ce27e0ef35705eb7b78763a9829b464523ff3ed9078aff6ee29e6e7a59a5243825e8bb9235f8e49a9dfb5932536666c3dc75b29e515dbca4c84268cf23cd7b6da6814328a3cb26d7b1d6c28e20b36f9a2c9e2fcf663c314f72f37d2b8f405cfc686a6b35400435be0eab01709c2c4b3005491cbb0b560e33547b77ba9f25f01b194e20534199a3786ddfaf0a75aafb65cd4df4da7b5f98fe72a8bc7d045339fd41508cecca791c717a10d4fed8aa69eec80955bd899a6f8aaf3411be40568149e631ccbe17c68f85e87b58da81ba78def8b1a48c49b2dc7613f7d6ea8b158bed077666d37d1caba9a23b7cb2772e780f70872113e5bcaebaf9f9499f651dc894be3bba1e99d58b33d60c0eda397df91d7cf9fb072f247fa9a9f59c4f59c4284a3832ff0a1f9ce8f6346cb5c08a9dcb2851c7f169af688fc13f00cf9519ade547671698caaa3f4d4921fee83753b9ab0875707836343eddb5b87bec86aae023c9571b8e389ff3f4c692b6fb19686105249ce033116777d919ceb4559a67ee6b6ad9d4b53d2be24315429de3bf201107fe7dff9cbc92dbf9173391d555b0a1b8ea3252fd7d7fd15d8a3cc70cecdbdd43c4edcc4bb2fbbf646d5ec7dad0d3156a513d14184e0c316f8155e774f7dcea485f904828edf28510d692b66b1500c5a704371c2188a2812bd323de012f36a79674082b5f5e9f7f4ce1a75ed854b71555e9fcd1f0322c22a9e543674c79a74404e08e61860f505dc56e1b52977b9a9af18be4064b5f6aa7c891382bbbe65e70a4cee33176570341a525fb6b25c0b20bfa3f2ee4a01584f259f43c3b63a2dfc376f435827211379ab3ca8912cbe01e4f837920666fbda682f6954d1c156f21e12547b885f485c38f62e765013144be8ca92b1d4872790a5c02671517f6a8f0ceb247e08c64268ad8970b57bb6d077c9b8ebe7fb1183087c9a3baee06100609204be588621253b9b120c08db9f28c2d38c9bc3f59018bb7216d73186048770d1e556faa49df23a40a64b40cdda2041dccf5619db09b7a7795fd7eb631c0e0bffc3b64422bf6acd84b7fae8bd05b057260a4d7c4851829c7bbf0b6f27c5db0ff10f42df3528f79dc9bbd591965259cd0389deb124b1fadc5dfd3ade9742d29261379ea3d98929512371dec991f0636fbda5dac355a04e363beeb4751781d9cef3a0b6ac6500895d223ad43ed75cac8b0a868253fffa10bf6c2de99c687fd056e075cf0632b6d8ed2263ca08ad95b6f335a3b6d8ab7801422ac8597441ac1bbe289b50af31eb221d19a2d3177d4ad1056d616295e89471e65d811b8fa4fe2c0c12793f43ef7e75c7f657f6c26ca9cbae63ce99301069ab257ae77c38778d35afd326d569c626a68f3904b2c376dfaa05568892f346f86fb05e71fb751e09cd22525cb63512a7d2e4670bd31109b87818278e66dc73fa9667e35c5bc6588cd36d2b62592a4103803d93c194f8edd5d20c6597231321b909bbb3c1d13408e5cf27728883e333b391222e6b6665454892dfedd17a1066f1145163e1a31ba9a3e3cee925e55d794b89462a0a092a639ccd4a24514083cb68224c87c18f0bb39ff721cc598e686b5fef169bc30f9ec6df397905f8340f6ae7ad826aac774cc46bfb9dfe8192e9ef10e8355d7c2810269eb73c7ecb8d3ffa33437142b8e596cdb778cd3cdda5bbbd09a8ea919929adbc63ff1004490c45a9ea59def65fabc884c39beac1b74a218f59c5e31ba85dcc4b8bd81d7a66d8aaf0edb64b505f760442e16fb7f07a069aba88601c3ace27762cef8196da3d44b14796b04e7fa3bab37209190a1de6e6ecfd99353279ef643766814fa7fac7254eba59bff3546bf21afc7445a4f1bc92c7b013f34962ff029e0f2926acf6c8a25fecea5b0b810656c981535492a2a4159dcfd0bf98085dc9612159fa0ad837a22eaffce80405367931ef3eacbf5a663175acc306eb075c52265d0c6dfaab", 0xe8f}, {&(0x7f00000033c0)="d6d038091fcf458c47fa6bd5a8edbf8f968178124964b4b012f8047c9716eb31", 0x20}], 0x6}, 0x40000) 4m29.863684243s ago: executing program 4 (id=2234): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x5}}, @TCA_HTB_DIRECT_QLEN={0xfffffffffffffcf5}]}}]}, 0x50}}, 0x0) 4m29.480238578s ago: executing program 4 (id=2238): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4m29.300872595s ago: executing program 4 (id=2240): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='b 75:*\trmr'], 0xa) 4m14.0021732s ago: executing program 32 (id=2240): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) r1 = openat$cgroup_devices(r0, &(0x7f0000000380)='devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='b 75:*\trmr'], 0xa) 2m45.624065667s ago: executing program 3 (id=2705): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) fallocate(r1, 0x3, 0x1000000acdd, 0xfffffffb) 2m45.102297761s ago: executing program 3 (id=2707): r0 = socket$packet(0x11, 0x3, 0x300) bind$packet(r0, &(0x7f0000000100)={0x11, 0x4, 0x0, 0x1, 0x2}, 0x14) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 2m44.174430708s ago: executing program 2 (id=2710): r0 = syz_io_uring_setup(0xbc3, &(0x7f0000000b00)={0x0, 0x382e, 0x800, 0x4, 0x224}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_SENDMSG={0x9, 0x10, 0x0, r0, 0x0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000180)=[{0x0}, {0x0}], 0x2, 0x0, 0x538}, 0x0, 0x1000}) io_uring_enter(r0, 0x47f8, 0x0, 0x0, 0x0, 0x0) 2m42.887521759s ago: executing program 1 (id=2715): r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$TIOCSSOFTCAR(r0, 0x5412, &(0x7f00000001c0)=0x11) 2m42.40018596s ago: executing program 1 (id=2716): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000140)='fib_table_lookup\x00', r0, 0x0, 0x417}, 0x18) r1 = socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(r1, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000001780)=[{&(0x7f0000000240)="15", 0x1}], 0x1}, 0x4000080) 2m42.310191644s ago: executing program 5 (id=2717): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7fff}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f00000001c0)=0x10) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="020000000d80ffff", 0x8) 2m41.737993076s ago: executing program 1 (id=2718): openat$nullb(0xffffffffffffff9c, 0x0, 0x4a2000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)) unshare(0x8000000) shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil) 2m41.690089955s ago: executing program 5 (id=2719): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dd", 0xe, 0x801, &(0x7f0000000140)={0x11, 0x1, r2, 0x1, 0x0, 0x6, @random="ad446050e878"}, 0x14) 2m41.439791256s ago: executing program 1 (id=2720): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000690200000000000004000010"]) 2m41.230791166s ago: executing program 3 (id=2721): r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x180862) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82801, 0xf) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x9, 0x4000000000000ffd, 0x0, 0x0, 0x0, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0xa]}}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000480)=""/4096, 0x1000}], 0x1) 2m41.034143914s ago: executing program 2 (id=2722): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'wg2\x00'}]}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000) 2m40.761431286s ago: executing program 5 (id=2723): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r0, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000300) 2m40.061444651s ago: executing program 3 (id=2726): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000cf8bed20d90f250040290000000109021200010000e7000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="201101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000003c0)={0x1, 0x29, 0x1, &(0x7f0000000380)={0x12, "a0acac25062cff010000000000000014e1539402bb225c00"}}) 2m39.810512593s ago: executing program 1 (id=2727): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) fstat(0xffffffffffffffff, 0x0) 2m39.638169379s ago: executing program 0 (id=2728): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000033c0)=@base={0x6, 0x4, 0xfff, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000004000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) rseq(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0) 2m39.24222468s ago: executing program 0 (id=2729): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000a80)={r1, 0x0, "132bf2b2631e4a669e5ab545f4df3af85ad7e43ec2b129366fe8ac9c1291a08c84ed3776ca81ad429d1e191a9da28672a0c89918f82b3644e9a664401d7ec9e25042e90414c4f943f35b4c60700c72b70000000000000003505b51bb8eeb1449cf9d99e7b3adbe3558ce2d6936970000000000000033bb5d6df9ccad91e68ef25fc13090e1d4fc2762b409ab624c2226c25046ec660f62e30273f0f80710a31a7e77320f2f4a668a4d04c2660c33d55c1a614dc7f7b661388c206c2866c471a6c8041154dda81b53b0e76e36baf7291a4b3a4fbaa730a40c37ccfeb40bbf81ce072c2f4babe8b3d02bf7acf1bc1a895954b126b13c2de9a82827b16cd7113a09dc75a66e9ae1818fcb99c0cdeda4aa33885c6cb93acf9df129e8e9fa70b45e564aa876eba6ff8a5cfbe113bc6a36953e928ab7df3e8729f2d823ccd4926d416ee924fc230371f8931349a964a27ec40ffd703e08754d8f7ec57c3373de88"}, &(0x7f0000000180)=0xfebd) 2m38.695487692s ago: executing program 0 (id=2730): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x3b85, &(0x7f0000010400)={0x0, 0xad84, 0x1, 0x2, 0x338}, &(0x7f0000000180), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r1, 0x10, &(0x7f0000000100)={0xffffffff, 0x0, &(0x7f0000000540)=[{0x0}], 0x0, 0x1}, 0x20) 2m37.969781517s ago: executing program 3 (id=2731): syz_usb_connect(0x2, 0x36, &(0x7f0000000600)=ANY=[@ANYBLOB="12011001bbe22620f0100220dd58010203010902240001000010000904e307020a0000000905060200020d00060905820f00"], 0x0) socket$unix(0x1, 0x1, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes-aesni)\x00'}, 0x58) 2m37.818132898s ago: executing program 0 (id=2732): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x32, 0x1, 0x70bd2a, 0x25dbdbfe, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x4000000) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x1, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0x7, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x3, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x350bae1a, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x7, 0xf2, 0x10, 0x5, 0x8, 0x10001, 0x401, 0x80000000, 0x2401, 0x2, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x3, 0xa, 0x0, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x1, 0xb6, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x311, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffe, 0x401, 0xedf4, 0x4, 0x93de, 0x6, 0xfffffffe, 0x8001, 0x0, 0x3, 0x8, 0x1, 0x32, 0x98, 0x7f, 0x2, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000002, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1ff, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0xf7a, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x1, 0x5, 0x3, 0x9a3f, 0x400000, 0xfffffffe, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x8001, 0x10, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x401, 0x400, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x8, 0x6688, 0x81, 0x5, 0x7, 0x1, 0x5, 0x3, 0x0, 0x1, 0x2, 0x3, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0xc, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x3, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0xc, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x0, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x1, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x2, 0x80000004, 0x29, 0x9, 0x0, 0x4, 0x4, 0x101, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x0, 0x937, 0xa, 0x6, 0x3, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x4fe, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xc, 0x6, 0x7, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x101, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x6, 0x80000000, 0x5, 0x1, 0xa9c, 0x9, 0x9, 0x1, 0x2, 0x5, 0x1000, 0x5, 0x1ff, 0x9, 0x3, 0x3, 0x10001, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0x8, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc90, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x5, 0x4, 0x100fff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x3, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0x100, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x0, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x6, 0x4b15, 0x10000, 0x1, 0x9, 0x1, 0xd, 0x9, 0x8, 0xfffffe01, 0x1, 0x6, 0x0, 0x7, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x8, 0xe, 0x0, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x8, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x80000001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x9, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x8, 0x20000a4, 0xe0, 0xfffffffb, 0x5, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x1, 0x2, 0x4000009, 0x3, 0x7, 0x8, 0x8, 0x4000, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x6, 0x26bc, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xf90, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x2, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbf8, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x9, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x2, 0x6, 0x80000000, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x5, 0x6, 0x1, 0xb, 0x1000000e, 0x40000005, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xa2ab, 0xf28c, 0x30, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0x0, 0x924, 0x6, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x1, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x2, 0x7, 0x3, 0x9, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x5, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x5, 0x6330, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x2ec, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x99, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x2, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x2005, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x6, 0x10, 0x5, 0x200, 0x7fff, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x8, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x51, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x3, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 2m36.764436491s ago: executing program 2 (id=2733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0x28, 0x13, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x28}}, 0x24004050) 2m36.336775382s ago: executing program 5 (id=2734): r0 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x20) 2m36.002823389s ago: executing program 0 (id=2735): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) mlock2(&(0x7f00005bb000/0x1000)=nil, 0x1000, 0x1) 2m35.995501554s ago: executing program 5 (id=2736): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0x10}}}, 0x24}}, 0x0) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001200000008000800000000000800090000000100180001801400020076657468305f746f5f626f6e640000000800090000000000080006"], 0x4c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0) 2m35.643117051s ago: executing program 5 (id=2737): io_setup(0x222, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) io_submit(r0, 0x2, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3, r1, &(0x7f0000000400)="a96617", 0x3, 0x6ed}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, &(0x7f0000000000), 0x0, 0x3}]) 2m35.614687866s ago: executing program 1 (id=2738): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x80, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) 2m34.587541479s ago: executing program 2 (id=2739): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x3, 0x6, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 2m34.382274234s ago: executing program 3 (id=2740): chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000300)="0300f198aaae5a98ca00008586dd", 0x5ea, 0x44000, &(0x7f0000000200)={0x11, 0xf6, r1, 0x1, 0xfe, 0x6, @random="7483ccb17b06"}, 0x14) 2m34.155028407s ago: executing program 2 (id=2741): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1f, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000005000000000000008000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000018010000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000a600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x11}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0xffffffffffffffff, 0x10}, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2m33.8270759s ago: executing program 2 (id=2742): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) 1m37.29638515s ago: executing program 0 (id=2743): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x1000000, 0x0) 1m35.383972745s ago: executing program 33 (id=2738): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x80, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000) 1m16.427979556s ago: executing program 34 (id=2742): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) 30.18140472s ago: executing program 35 (id=2740): chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000300)="0300f198aaae5a98ca00008586dd", 0x5ea, 0x44000, &(0x7f0000000200)={0x11, 0xf6, r1, 0x1, 0xfe, 0x6, @random="7483ccb17b06"}, 0x14) 0s ago: executing program 36 (id=2737): io_setup(0x222, &(0x7f0000000180)=0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) io_submit(r0, 0x2, &(0x7f00000003c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3, r1, &(0x7f0000000400)="a96617", 0x3, 0x6ed}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, &(0x7f0000000000), 0x0, 0x3}]) kernel console output (not intermixed with test programs): parsing attributes in process `syz.4.921'. [ 199.747658][ T5916] dragonrise 0003:0079:0006.000E: hidraw0: USB HID v1.02 Device [HID 0079:0006] on usb-dummy_hcd.2-1/input0 [ 199.747694][ T5916] dragonrise 0003:0079:0006.000E: no inputs found [ 199.747708][ T5916] dragonrise 0003:0079:0006.000E: force feedback init failed [ 199.810076][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.811327][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.959143][ T5916] usb 3-1: USB disconnect, device number 9 [ 200.179395][ T8079] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 200.299612][ C1] vkms_vblank_simulate: vblank timer overrun [ 200.352055][ T5916] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 200.505509][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.505545][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.505586][ T5916] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 200.505611][ T5916] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.572509][ T5916] usb 1-1: config 0 descriptor?? [ 200.701682][ T50] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 200.782993][ T8093] program syz.2.937 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 200.867855][ T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.867951][ T50] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.867992][ T50] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 200.868016][ T50] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.929470][ T50] usb 5-1: config 0 descriptor?? [ 201.004912][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.004948][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.004970][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.004994][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.005079][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.005102][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.005128][ T5916] pyra 0003:1E7D:2CF6.000F: unknown main item tag 0x0 [ 201.069139][ T5916] pyra 0003:1E7D:2CF6.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0 [ 201.377621][ T50] playstation 0003:054C:0DF2.0010: unknown main item tag 0x0 [ 201.377670][ T50] playstation 0003:054C:0DF2.0010: unknown main item tag 0x0 [ 201.377698][ T50] playstation 0003:054C:0DF2.0010: unknown main item tag 0x0 [ 201.405533][ T5916] pyra 0003:1E7D:2CF6.000F: couldn't init struct pyra_device [ 201.405591][ T5916] pyra 0003:1E7D:2CF6.000F: couldn't install mouse [ 201.408379][ T5916] pyra 0003:1E7D:2CF6.000F: probe with driver pyra failed with error -71 [ 201.455575][ T50] playstation 0003:054C:0DF2.0010: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 201.456643][ T5916] usb 1-1: USB disconnect, device number 7 [ 201.748869][ T50] playstation 0003:054C:0DF2.0010: Failed to retrieve feature with reportID 32: -71 [ 201.748899][ T50] playstation 0003:054C:0DF2.0010: Failed to retrieve DualSense firmware info: -71 [ 201.748953][ T50] playstation 0003:054C:0DF2.0010: Failed to get firmware info from DualSense [ 201.748970][ T50] playstation 0003:054C:0DF2.0010: Failed to create dualsense. [ 201.788622][ T50] playstation 0003:054C:0DF2.0010: probe with driver playstation failed with error -71 [ 201.822862][ T50] usb 5-1: USB disconnect, device number 12 [ 202.201870][ T5916] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 202.261725][ T6025] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 202.301757][ T10] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 202.351638][ T5916] usb 3-1: Using ep0 maxpacket: 32 [ 202.354189][ T5916] usb 3-1: config 0 has an invalid interface number: 196 but max is 0 [ 202.354220][ T5916] usb 3-1: config 0 has no interface number 0 [ 202.354270][ T5916] usb 3-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 202.354298][ T5916] usb 3-1: config 0 interface 196 has no altsetting 0 [ 202.357958][ T5916] usb 3-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 202.357989][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.358009][ T5916] usb 3-1: Product: syz [ 202.358024][ T5916] usb 3-1: Manufacturer: syz [ 202.358039][ T5916] usb 3-1: SerialNumber: syz [ 202.431757][ T6025] usb 4-1: Using ep0 maxpacket: 8 [ 202.438736][ T6025] usb 4-1: config 0 has no interfaces? [ 202.443096][ T6025] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 202.443131][ T6025] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.443154][ T6025] usb 4-1: Product: syz [ 202.443171][ T6025] usb 4-1: Manufacturer: syz [ 202.443189][ T6025] usb 4-1: SerialNumber: syz [ 202.495514][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.495596][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 202.495621][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.532932][ T5916] usb 3-1: config 0 descriptor?? [ 202.535354][ T8112] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 202.565322][ T6025] usb 4-1: config 0 descriptor?? [ 202.580015][ T10] usb 2-1: config 0 descriptor?? [ 202.593548][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 202.836944][ T6025] usb 4-1: USB disconnect, device number 11 [ 202.998724][ T5916] ipheth 3-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes [ 202.999056][ T5916] ipheth 3-1:0.196: probe with driver ipheth failed with error -22 [ 203.213553][ T5916] usb 3-1: USB disconnect, device number 10 [ 203.243376][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 203.243775][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.244055][ T10] pwc: recv_control_msg error -32 req 02 val 2c00 [ 203.245398][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.251879][ T10] pwc: recv_control_msg error -32 req 04 val 1000 [ 203.252324][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.252507][ T10] pwc: recv_control_msg error -32 req 04 val 1300 [ 203.253075][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.253542][ T10] pwc: recv_control_msg error -32 req 04 val 1400 [ 203.253948][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.255412][ T10] pwc: recv_control_msg error -32 req 02 val 2000 [ 203.255855][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.256149][ T10] pwc: recv_control_msg error -32 req 02 val 2100 [ 203.259370][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.259669][ T10] pwc: recv_control_msg error -32 req 04 val 1500 [ 203.260128][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.260288][ T10] pwc: recv_control_msg error -32 req 02 val 2500 [ 203.260688][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.260856][ T10] pwc: recv_control_msg error -32 req 02 val 2400 [ 203.261259][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.261414][ T10] pwc: recv_control_msg error -32 req 02 val 2600 [ 203.262056][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.262229][ T10] pwc: recv_control_msg error -32 req 02 val 2900 [ 203.262646][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.263026][ T10] pwc: recv_control_msg error -32 req 02 val 2800 [ 203.263680][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.265701][ T10] pwc: recv_control_msg error -32 req 04 val 1100 [ 203.268886][ C0] raw-gadget.2 gadget.1: ignoring, device is not running [ 203.269363][ T10] pwc: recv_control_msg error -32 req 04 val 1200 [ 203.484622][ T10] pwc: Registered as video103. [ 203.489924][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input13 [ 203.547842][ T10] usb 2-1: USB disconnect, device number 13 [ 203.795759][ T8135] lo speed is unknown, defaulting to 1000 [ 204.402037][ T5929] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 204.584945][ T5929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.584978][ T5929] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 204.585025][ T5929] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 204.585049][ T5929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.713693][ T5929] usb 3-1: config 0 descriptor?? [ 205.190254][ T5929] kovaplus 0003:1E7D:2D50.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0 [ 205.564390][ T5929] kovaplus 0003:1E7D:2D50.0011: couldn't init struct kovaplus_device [ 205.564450][ T5929] kovaplus 0003:1E7D:2D50.0011: couldn't install mouse [ 205.569369][ T5929] kovaplus 0003:1E7D:2D50.0011: probe with driver kovaplus failed with error -71 [ 205.612271][ T5929] usb 3-1: USB disconnect, device number 11 [ 205.959637][ T8191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.981'. [ 206.248976][ T8200] netlink: 12 bytes leftover after parsing attributes in process `syz.1.985'. [ 206.261077][ T8201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.987'. [ 206.340254][ T8201] netlink: 4 bytes leftover after parsing attributes in process `syz.4.987'. [ 206.653714][ T8212] kvm_intel: kvm [8211]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x5 [ 206.728336][ T8214] input: syz1 as /devices/virtual/input/input14 [ 206.836077][ T8223] netlink: 844 bytes leftover after parsing attributes in process `syz.1.996'. [ 207.001702][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 207.151676][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 207.154464][ T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 207.154495][ T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 207.154517][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 207.154539][ T10] usb 3-1: config 1 has no interface number 0 [ 207.154593][ T10] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 207.154622][ T10] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 207.154667][ T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 207.154803][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.219866][ T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 207.435079][ T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 207.865350][ T5916] usb 3-1: USB disconnect, device number 12 [ 207.868558][ T5916] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 207.952123][ T10] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 208.128069][ T10] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 208.128101][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.141364][ T10] usb 5-1: config 0 descriptor?? [ 208.372761][ T10] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 208.582420][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 208.629809][ T10] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 208.629852][ T10] [drm] Initialized udl on minor 2 [ 208.664332][ T10] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 208.667100][ T10] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 208.691671][ T5893] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 208.695168][ T10] usb 5-1: USB disconnect, device number 13 [ 208.696510][ T5893] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 208.696698][ T5893] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 208.812425][ T8255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1011'. [ 210.859944][ T8296] netlink: 'syz.2.1031': attribute type 11 has an invalid length. [ 210.859972][ T8296] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1031'. [ 211.018732][ T8298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1034'. [ 211.571585][ T8313] netlink: 'syz.1.1039': attribute type 9 has an invalid length. [ 211.571619][ T8313] netlink: 155628 bytes leftover after parsing attributes in process `syz.1.1039'. [ 212.351632][ T10] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 212.514097][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 212.520296][ T10] usb 2-1: config 4 has an invalid interface number: 9 but max is 0 [ 212.520325][ T10] usb 2-1: config 4 has no interface number 0 [ 212.520360][ T10] usb 2-1: config 4 interface 9 has no altsetting 0 [ 212.545888][ T10] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe [ 212.545919][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.545940][ T10] usb 2-1: Product: syz [ 212.545955][ T10] usb 2-1: Manufacturer: syz [ 212.545970][ T10] usb 2-1: SerialNumber: syz [ 212.655700][ T10] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 212.705723][ T8336] CIFS: VFS: Malformed UNC in devname [ 212.830967][ T10] usb 2-1: USB disconnect, device number 14 [ 212.839548][ T13] usb 2-1: Failed to submit usb control message: -71 [ 212.839589][ T13] usb 2-1: unable to send the bmi data to the device: -71 [ 212.839609][ T13] usb 2-1: unable to get target info from device [ 212.839638][ T13] usb 2-1: could not get target info (-71) [ 212.839666][ T13] usb 2-1: could not probe fw (-71) [ 213.505197][ T5916] kernel write not supported for file /snd/seq (pid: 5916 comm: kworker/1:4) [ 214.761675][ T6000] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 214.836993][ T8374] loop8: detected capacity change from 0 to 1 [ 214.863467][ T8374] Dev loop8: unable to read RDB block 1 [ 214.863511][ T8374] loop8: unable to read partition table [ 214.863718][ T8374] loop8: partition table beyond EOD, truncated [ 214.863738][ T8374] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 214.919861][ T6000] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 214.919891][ T6000] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 214.919910][ T6000] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 214.919930][ T6000] usb 3-1: config 220 has no interface number 2 [ 214.920010][ T6000] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 214.920039][ T6000] usb 3-1: config 220 interface 0 has no altsetting 0 [ 214.920058][ T6000] usb 3-1: config 220 interface 76 has no altsetting 0 [ 214.920076][ T6000] usb 3-1: config 220 interface 1 has no altsetting 0 [ 214.929058][ T6000] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 214.929093][ T6000] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.929119][ T6000] usb 3-1: Product: syz [ 214.929136][ T6000] usb 3-1: Manufacturer: syz [ 214.929153][ T6000] usb 3-1: SerialNumber: syz [ 215.250863][ T6000] usb 3-1: selecting invalid altsetting 0 [ 215.274312][ T6000] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 215.274355][ T6000] usb 3-1: No valid video chain found. [ 215.355530][ T6000] usb 3-1: selecting invalid altsetting 0 [ 215.355573][ T6000] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 215.388799][ T6000] usb 3-1: USB disconnect, device number 13 [ 215.766453][ T37] audit: type=1326 audit(1758187279.399:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.766516][ T37] audit: type=1326 audit(1758187279.399:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.768755][ T37] audit: type=1326 audit(1758187279.399:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.768810][ T37] audit: type=1326 audit(1758187279.399:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.768858][ T37] audit: type=1326 audit(1758187279.399:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.774429][ T37] audit: type=1326 audit(1758187279.409:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.775219][ T37] audit: type=1326 audit(1758187279.409:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.776004][ T37] audit: type=1326 audit(1758187279.409:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=163 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.776309][ T37] audit: type=1326 audit(1758187279.409:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 215.795300][ T8388] erspan0: entered promiscuous mode [ 215.805060][ T37] audit: type=1326 audit(1758187279.409:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8389 comm="syz.1.1072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 216.140284][ T8398] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1076'. [ 216.461995][ T5848] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 218.031712][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 218.191613][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 218.194074][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 218.194106][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.231199][ T10] pvrusb2: Hardware description: Terratec Grabster AV400 [ 218.231224][ T10] pvrusb2: ********** [ 218.231231][ T10] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 218.231243][ T10] pvrusb2: Important functionality might not be entirely working. [ 218.231253][ T10] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 218.231264][ T10] pvrusb2: ********** [ 218.422177][ T2372] pvrusb2: Invalid write control endpoint [ 218.565812][ T2372] pvrusb2: Invalid write control endpoint [ 218.565829][ T2372] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 218.565839][ T2372] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 218.565848][ T2372] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 218.565859][ T2372] pvrusb2: Device being rendered inoperable [ 218.628738][ T8442] pvrusb2: Attempted to execute control transfer when device not ok [ 218.630719][ T50] usb 1-1: USB disconnect, device number 8 [ 218.642881][ T2372] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 218.642978][ T2372] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 218.684780][ T2372] pvrusb2: Attached sub-driver cx25840 [ 218.684807][ T2372] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 218.684818][ T2372] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 220.711638][ T5980] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 220.871649][ T5980] usb 5-1: Using ep0 maxpacket: 8 [ 220.875448][ T5980] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 220.880632][ T5980] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 220.880662][ T5980] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 220.880683][ T5980] usb 5-1: Product: syz [ 220.880698][ T5980] usb 5-1: Manufacturer: syz [ 220.880713][ T5980] usb 5-1: SerialNumber: syz [ 221.168081][ T5980] usb 5-1: Handspring Visor / Palm OS: No valid connect info available [ 221.168107][ T5980] usb 5-1: Handspring Visor / Palm OS: port 79, is for unknown use [ 221.168126][ T5980] usb 5-1: Handspring Visor / Palm OS: port 0, is for Debugger use [ 221.168145][ T5980] usb 5-1: Handspring Visor / Palm OS: Number of ports: 2 [ 221.324420][ T8511] macvlan0: entered promiscuous mode [ 221.354638][ T5980] usb 5-1: palm_os_3_probe - error -71 getting bytes available request [ 221.354733][ T5980] visor 5-1:1.0: Handspring Visor / Palm OS converter detected [ 221.378306][ T5980] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 221.382243][ T8511] netlink: 'syz.2.1124': attribute type 1 has an invalid length. [ 221.382813][ T8511] netlink: 'syz.2.1124': attribute type 2 has an invalid length. [ 221.410420][ T5980] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 221.432162][ T5980] usb 5-1: USB disconnect, device number 14 [ 221.438983][ T5980] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 221.462287][ T5980] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 221.462846][ T5980] visor 5-1:1.0: device disconnected [ 221.614539][ T13] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.623444][ T13] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.623506][ T13] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 221.623554][ T13] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 222.034813][ T8535] tmpfs: Cannot enable swap on remount if it was disabled on first mount [ 222.225390][ T8539] team_slave_0: entered promiscuous mode [ 222.225455][ T8539] team_slave_1: entered promiscuous mode [ 222.236760][ T8539] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 222.895840][ T8551] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1143'. [ 222.896096][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1145'. [ 224.610842][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.105230][ T8589] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 225.110235][ T8589] macsec2: entered promiscuous mode [ 225.110525][ T8589] macsec2: entered allmulticast mode [ 225.110544][ T8589] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 225.371583][ T50] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 225.532005][ T50] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 225.532035][ T50] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.532053][ T50] usb 4-1: Product: syz [ 225.532066][ T50] usb 4-1: Manufacturer: syz [ 225.532079][ T50] usb 4-1: SerialNumber: syz [ 225.603246][ T50] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 225.778512][ C0] vkms_vblank_simulate: vblank timer overrun [ 225.780938][ T5916] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 225.850124][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.596842][ T8618] program syz.0.1173 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.607477][ T8614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 226.608023][ T8614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.922140][ T5916] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 226.927637][ T5916] ath9k_htc: Failed to initialize the device [ 227.011103][ T5916] usb 4-1: ath9k_htc: USB layer deinitialized [ 227.078085][ T5980] usb 4-1: USB disconnect, device number 12 [ 228.782073][ T5916] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 228.934713][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 228.934768][ T5916] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 228.934792][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.940582][ T5916] usb 2-1: config 0 descriptor?? [ 228.976644][ T8654] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 229.293846][ T8669] netlink: 'syz.4.1196': attribute type 1 has an invalid length. [ 229.293872][ T8669] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1196'. [ 229.464355][ T5916] elan 0003:04F3:0755.0012: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 229.522795][ T8676] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1200'. [ 229.636232][ T5893] usb 2-1: USB disconnect, device number 15 [ 230.730840][ T8702] can0: slcan on ttyS3. [ 230.750930][ T8708] program syz.4.1215 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 230.931736][ T5980] kernel write not supported for file /media1 (pid: 5980 comm: kworker/0:6) [ 231.034576][ T8702] can0 (unregistered): slcan off ttyS3. [ 231.262061][ T8725] netlink: 'syz.0.1223': attribute type 2 has an invalid length. [ 232.142062][ T50] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 232.295107][ T50] usb 2-1: config 0 has an invalid interface number: 209 but max is 0 [ 232.295138][ T50] usb 2-1: config 0 has no interface number 0 [ 232.295189][ T50] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=53.a6 [ 232.295214][ T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.337936][ T50] usb 2-1: config 0 descriptor?? [ 232.353833][ T50] ftdi_sio 2-1:0.209: FTDI USB Serial Device converter detected [ 232.358399][ T50] ftdi_sio ttyUSB0: unknown device type: 0x53a6 [ 232.572749][ T5929] usb 2-1: USB disconnect, device number 16 [ 232.575267][ T5929] ftdi_sio 2-1:0.209: device disconnected [ 233.500647][ T8773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1244'. [ 233.655010][ T8776] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 233.655466][ T8776] macvtap1: entered allmulticast mode [ 233.656137][ T8776] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 233.764112][ T8776] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 233.764293][ T8776] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 234.048331][ T8788] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1251'. [ 234.481922][ T5893] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 234.631806][ T5893] usb 3-1: Using ep0 maxpacket: 32 [ 234.634401][ T5893] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 234.634432][ T5893] usb 3-1: config 0 has no interface number 0 [ 234.634480][ T5893] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 234.634510][ T5893] usb 3-1: config 0 interface 85 has no altsetting 0 [ 234.683788][ T5893] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 234.683822][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.683845][ T5893] usb 3-1: Product: syz [ 234.683860][ T5893] usb 3-1: Manufacturer: syz [ 234.683886][ T5893] usb 3-1: SerialNumber: syz [ 234.725019][ T5893] usb 3-1: config 0 descriptor?? [ 235.514516][ T5893] appletouch 3-1:0.85: Geyser mode initialized. [ 235.518071][ T5893] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input15 [ 235.578582][ C1] appletouch 3-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 235.782480][ T50] usb 3-1: USB disconnect, device number 14 [ 235.927766][ T50] appletouch 3-1:0.85: input: appletouch disconnected [ 236.148315][ T8841] openvswitch: netlink: IP tunnel dst address not specified [ 236.292090][ T37] kauditd_printk_skb: 11 callbacks suppressed [ 236.292110][ T37] audit: type=1326 audit(1758187305.922:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8844 comm="syz.0.1278" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c5d9eeba9 code=0x0 [ 236.482903][ T8852] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1281'. [ 237.164312][ T8871] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1290'. [ 237.164334][ T8871] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1290'. [ 237.164355][ T8871] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1290'. [ 237.411715][ T5929] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 237.493939][ T37] audit: type=1326 audit(1758187307.112:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8887 comm="syz.0.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5d9eeba9 code=0x7ffc0000 [ 237.494453][ T37] audit: type=1326 audit(1758187307.122:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8887 comm="syz.0.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f8c5d9eeba9 code=0x7ffc0000 [ 237.565238][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 237.565273][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 237.565300][ T5929] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 237.570444][ T5929] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 237.570478][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.570541][ T5929] usb 4-1: Product: syz [ 237.570556][ T5929] usb 4-1: Manufacturer: syz [ 237.570571][ T5929] usb 4-1: SerialNumber: syz [ 237.609289][ T5929] usb 4-1: config 0 descriptor?? [ 237.610790][ T8876] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 237.611114][ T8876] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 237.625381][ T5929] usb 4-1: ucan: probing device on interface #0 [ 237.809513][ T37] audit: type=1326 audit(1758187307.432:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8887 comm="syz.0.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5d9eeba9 code=0x7ffc0000 [ 237.810149][ T37] audit: type=1326 audit(1758187307.432:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8887 comm="syz.0.1297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8c5d9eeba9 code=0x7ffc0000 [ 238.347918][ T5929] ucan 4-1:0.0 can0: registered device [ 238.509038][ T5929] ucan 4-1:0.0 can0: firmware string: unknown [ 238.561590][ T5929] usb 4-1: USB disconnect, device number 13 [ 238.836645][ T8912] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 239.181669][ T5916] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 239.341651][ T5916] usb 3-1: Using ep0 maxpacket: 32 [ 239.346061][ T5916] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 239.346097][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.374617][ T5916] usb 3-1: config 0 descriptor?? [ 239.426324][ T5916] gspca_main: sunplus-2.14.0 probing 041e:400b [ 239.532030][ T5929] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 239.691604][ T5929] usb 4-1: Using ep0 maxpacket: 16 [ 239.695751][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 239.702767][ T5929] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 239.703246][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.703275][ T5929] usb 4-1: Product: syz [ 239.703710][ T5929] usb 4-1: Manufacturer: syz [ 239.703732][ T5929] usb 4-1: SerialNumber: syz [ 239.755429][ T5929] usb 4-1: config 0 descriptor?? [ 239.775166][ T5929] hub 4-1:0.0: bad descriptor, ignoring hub [ 239.775212][ T5929] hub 4-1:0.0: probe with driver hub failed with error -5 [ 239.830621][ T5929] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 240.262706][ T5916] gspca_sunplus: reg_r err -71 [ 240.262826][ T5916] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 240.284751][ T5916] usb 3-1: USB disconnect, device number 15 [ 240.322629][ T5929] usb 4-1: USB disconnect, device number 14 [ 240.704599][ T6025] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 240.884804][ T6025] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 240.884839][ T6025] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.890633][ T6025] usb 5-1: config 0 descriptor?? [ 241.574408][ T6025] ath6kl: mismatched byte count 0 vs. expected 12 [ 241.575694][ T6025] ath6kl: Failed to init ath6kl core: -22 [ 241.576304][ T6025] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 241.765802][ T5893] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 241.822948][ T31] usb 5-1: USB disconnect, device number 15 [ 241.981722][ T5893] usb 4-1: Using ep0 maxpacket: 8 [ 241.984313][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short [ 241.986445][ T5893] usb 4-1: config 4 interface 0 has no altsetting 0 [ 241.989972][ T5893] usb 4-1: string descriptor 0 read error: -22 [ 241.990136][ T5893] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 241.990161][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.080611][ T5893] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 242.096605][ T5893] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 242.097071][ T5893] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 242.097124][ T5893] usb 4-1: media controller created [ 242.152986][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 243.451637][ T5893] usb 4-1: USB disconnect, device number 15 [ 243.567171][ T9004] loop6: detected capacity change from 0 to 524288000 [ 244.102109][ T9010] program syz.1.1352 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 244.103133][ T9004] loop6: detected capacity change from 524288000 to 0 [ 244.567747][ T9027] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1360'. [ 244.703214][ T5980] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 244.862016][ T5980] usb 3-1: Using ep0 maxpacket: 8 [ 244.872685][ T5980] usb 3-1: config 0 has no interfaces? [ 244.882483][ T5980] usb 3-1: New USB device found, idVendor=0471, idProduct=0313, bcdDevice=81.d5 [ 244.882513][ T5980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.882534][ T5980] usb 3-1: Product: syz [ 244.882548][ T5980] usb 3-1: Manufacturer: syz [ 244.882562][ T5980] usb 3-1: SerialNumber: syz [ 244.911955][ T5980] usb 3-1: config 0 descriptor?? [ 245.073674][ T9041] ALSA: mixer_oss: invalid OSS volume '' [ 245.201785][ T31] usb 3-1: USB disconnect, device number 16 [ 245.568973][ T9049] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 246.371793][ T9066] use of bytesused == 0 is deprecated and will be removed in the future, [ 246.371811][ T9066] use the actual size instead. [ 247.089236][ T9105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1395'. [ 247.376635][ T9112] netlink: 'syz.2.1399': attribute type 1 has an invalid length. [ 249.280426][ T9167] netlink: 'syz.0.1424': attribute type 2 has an invalid length. [ 249.333810][ T9169] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1425'. [ 249.732957][ T9181] sctp: [Deprecated]: syz.2.1431 (pid 9181) Use of int in maxseg socket option. [ 249.732957][ T9181] Use struct sctp_assoc_value instead [ 250.173317][ T31] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 250.330803][ T31] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 250.330837][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.330859][ T31] usb 4-1: Product: syz [ 250.330874][ T31] usb 4-1: Manufacturer: syz [ 250.330889][ T31] usb 4-1: SerialNumber: syz [ 250.749271][ T9202] netlink: 'syz.4.1441': attribute type 1 has an invalid length. [ 250.749302][ T9202] NCSI netlink: No device for ifindex 0 [ 250.851685][ T5980] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 251.007880][ T5980] usb 3-1: Using ep0 maxpacket: 8 [ 251.010334][ T5980] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 251.010366][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.061399][ T5980] pvrusb2: Hardware description: Terratec Grabster AV400 [ 251.061422][ T5980] pvrusb2: ********** [ 251.072883][ T5980] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 251.072901][ T5980] pvrusb2: Important functionality might not be entirely working. [ 251.072910][ T5980] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 251.072920][ T5980] pvrusb2: ********** [ 251.261365][ T2372] pvrusb2: Invalid write control endpoint [ 251.277606][ T31] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 251.277663][ T31] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 251.352079][ T31] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 251.390835][ T2372] pvrusb2: Invalid write control endpoint [ 251.390852][ T2372] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 251.390869][ T2372] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 251.390878][ T2372] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 251.390889][ T2372] pvrusb2: Device being rendered inoperable [ 251.399503][ T2372] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 251.399575][ T2372] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 251.420250][ T2372] pvrusb2: Attached sub-driver cx25840 [ 251.420270][ T2372] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 251.420283][ T2372] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 251.483056][ T9200] pvrusb2: Attempted to execute control transfer when device not ok [ 251.485395][ T5980] usb 3-1: USB disconnect, device number 17 [ 251.540554][ T31] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71 [ 251.630846][ T31] usb 4-1: USB disconnect, device number 16 [ 252.138751][ T9230] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 252.138751][ T9230] The task syz.4.1448 (9230) triggered the difference, watch for misbehavior. [ 252.471794][ T5980] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 252.641956][ T5980] usb 2-1: Using ep0 maxpacket: 16 [ 252.645069][ T5980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.645200][ T5980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.645245][ T5980] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 252.645269][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.707084][ T5980] usb 2-1: config 0 descriptor?? [ 252.953643][ T9233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 252.954243][ T9233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 253.196588][ T5980] hid (null): unknown global tag 0xc [ 253.196635][ T5980] hid (null): invalid report_count 47589 [ 253.389933][ T9261] input: syz0 as /devices/virtual/input/input17 [ 253.408507][ T5980] usb 2-1: string descriptor 0 read error: -71 [ 253.440337][ T5980] usb 2-1: Max retries (5) exceeded reading string descriptor 200 [ 253.440429][ T5980] letsketch 0003:6161:4D15.0013: probe with driver letsketch failed with error -32 [ 253.467540][ T5980] usb 2-1: USB disconnect, device number 17 [ 253.756717][ T9273] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1471'. [ 254.280959][ T9281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1474'. [ 254.422014][ T9283] program syz.2.1475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 254.773065][ T9291] program syz.1.1479 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 255.433261][ T9313] misc userio: Invalid payload size [ 255.538022][ T9317] netlink: 'syz.4.1490': attribute type 1 has an invalid length. [ 255.538049][ T9317] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1490'. [ 255.538068][ T9317] netlink: 97 bytes leftover after parsing attributes in process `syz.4.1490'. [ 255.944120][ T31] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 256.010949][ T9338] input: syz1 as /devices/virtual/input/input18 [ 256.022182][ T9339] 9pnet_fd: p9_fd_create_unix (9339): problem connecting socket: ./file0: -30 [ 256.093328][ T31] usb 4-1: Using ep0 maxpacket: 32 [ 256.096114][ T31] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 256.096144][ T31] usb 4-1: config 0 has no interface number 0 [ 256.096200][ T31] usb 4-1: config 0 interface 184 has no altsetting 0 [ 256.099371][ T31] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 256.099404][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.099427][ T31] usb 4-1: Product: syz [ 256.099443][ T31] usb 4-1: Manufacturer: syz [ 256.099459][ T31] usb 4-1: SerialNumber: syz [ 256.136031][ T31] usb 4-1: config 0 descriptor?? [ 256.177294][ T31] smsc75xx v1.0.0 [ 256.401682][ T9348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'. [ 256.401712][ T9348] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1504'. [ 256.814877][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 256.814919][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 256.814940][ T31] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 256.815555][ T31] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71 [ 256.822641][ T31] usb 4-1: USB disconnect, device number 17 [ 257.680996][ T37] audit: type=1326 audit(1758187327.302:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9385 comm="syz.1.1517" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd572bceba9 code=0x0 [ 257.904122][ T9396] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1521'. [ 259.128314][ T37] audit: type=1326 audit(1758187328.752:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.128371][ T37] audit: type=1326 audit(1758187328.752:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.190836][ T37] audit: type=1326 audit(1758187328.802:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.190900][ T37] audit: type=1326 audit(1758187328.812:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.190997][ T37] audit: type=1326 audit(1758187328.812:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=209 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.191044][ T37] audit: type=1326 audit(1758187328.812:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9436 comm="syz.2.1539" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 259.812010][ T31] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 259.962668][ T31] usb 5-1: Using ep0 maxpacket: 16 [ 259.966456][ T31] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.966484][ T31] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.970881][ T31] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 259.970913][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.970936][ T31] usb 5-1: Product: syz [ 259.970952][ T31] usb 5-1: Manufacturer: syz [ 259.970969][ T31] usb 5-1: SerialNumber: syz [ 260.051726][ T6025] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 260.218620][ T6025] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 260.218672][ T6025] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 260.218718][ T6025] usb 2-1: New USB device found, idVendor=1b96, idProduct=000f, bcdDevice= 0.00 [ 260.218743][ T6025] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.267085][ T31] usb 5-1: 0:2 : does not exist [ 260.269420][ T6025] usb 2-1: config 0 descriptor?? [ 260.290114][ T31] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 260.429895][ T31] usb 5-1: USB disconnect, device number 16 [ 260.730229][ T6025] hid_parser_main: 7 callbacks suppressed [ 260.737728][ T6025] ntrig 0003:1B96:000F.0014: unknown main item tag 0x0 [ 260.759335][ T6025] ntrig 0003:1B96:000F.0014: hidraw0: USB HID v0.00 Device [HID 1b96:000f] on usb-dummy_hcd.1-1/input0 [ 260.977999][ T6025] ntrig 0003:1B96:000F.0014: Firmware version: 7.15.12.55.4 (3dbf fc9e) [ 261.267618][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.267703][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.279674][ T5916] usb 2-1: USB disconnect, device number 18 [ 262.411141][ T9495] netlink: 'syz.2.1565': attribute type 1 has an invalid length. [ 262.411370][ T9495] netlink: 160 bytes leftover after parsing attributes in process `syz.2.1565'. [ 263.411909][ T37] audit: type=1326 audit(1758187333.022:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.415541][ T37] audit: type=1326 audit(1758187333.042:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.417512][ T37] audit: type=1326 audit(1758187333.042:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.512221][ T37] audit: type=1326 audit(1758187333.042:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.512282][ T37] audit: type=1326 audit(1758187333.142:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.512998][ T37] audit: type=1326 audit(1758187333.142:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.513284][ T37] audit: type=1326 audit(1758187333.142:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.513580][ T37] audit: type=1326 audit(1758187333.142:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.513901][ T37] audit: type=1326 audit(1758187333.142:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.514186][ T37] audit: type=1326 audit(1758187333.142:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9509 comm="syz.4.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f81cb34eba9 code=0x7ffc0000 [ 263.953853][ T9526] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1577'. [ 264.844661][ T5893] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 264.994610][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 264.994647][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 264.994676][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 264.994701][ T5893] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 264.994749][ T5893] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 264.994773][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.015071][ T5893] usb 3-1: config 0 descriptor?? [ 265.212812][ T9562] netlink: 'syz.4.1596': attribute type 1 has an invalid length. [ 265.212838][ T9562] netlink: 'syz.4.1596': attribute type 1 has an invalid length. [ 265.212853][ T9562] netlink: 160 bytes leftover after parsing attributes in process `syz.4.1596'. [ 265.213734][ T9562] netlink: 'syz.4.1596': attribute type 1 has an invalid length. [ 265.213752][ T9562] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1596'. [ 265.535809][ T5893] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 265.758211][ T5893] usb 3-1: USB disconnect, device number 18 [ 266.069997][ T9573] bridge_slave_1: left allmulticast mode [ 266.070032][ T9573] bridge_slave_1: left promiscuous mode [ 266.070412][ T9573] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.179452][ T9573] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 266.728855][ T9590] netlink: 'syz.4.1607': attribute type 9 has an invalid length. [ 266.751706][ T31] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 266.781661][ T5916] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 266.918092][ T9594] netlink: 14593 bytes leftover after parsing attributes in process `syz.3.1609'. [ 266.924795][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 266.924833][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 266.924878][ T31] usb 3-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00 [ 266.924904][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 266.933776][ T31] usb 3-1: config 0 descriptor?? [ 267.012646][ T5916] usb 1-1: Using ep0 maxpacket: 16 [ 267.019322][ T5916] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 267.019352][ T5916] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 267.019373][ T5916] usb 1-1: config 0 has no interface number 0 [ 267.040237][ T5916] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 267.040275][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.040297][ T5916] usb 1-1: Product: syz [ 267.040313][ T5916] usb 1-1: Manufacturer: syz [ 267.040326][ T5916] usb 1-1: SerialNumber: syz [ 267.053867][ T6025] kernel write not supported for file /amidi2 (pid: 6025 comm: kworker/0:7) [ 267.120615][ T5916] usb 1-1: config 0 descriptor?? [ 267.152801][ T5916] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 267.152841][ T5916] usb 1-1: No valid video chain found. [ 267.355919][ T6025] usb 1-1: USB disconnect, device number 9 [ 267.395689][ T31] lg-g15 0003:046D:C22E.0016: item fetching failed at offset 4/5 [ 267.396752][ T31] lg-g15 0003:046D:C22E.0016: probe with driver lg-g15 failed with error -22 [ 267.621534][ T6025] usb 3-1: USB disconnect, device number 19 [ 267.961844][ T5893] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 267.986496][ T9621] /dev/nullb0: Can't open blockdev [ 268.128541][ T9625] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1625'. [ 268.168417][ T5893] usb 4-1: unable to get BOS descriptor or descriptor too short [ 268.169540][ T5893] usb 4-1: no configurations [ 268.169555][ T5893] usb 4-1: can't read configurations, error -22 [ 268.461153][ T9633] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1628'. [ 268.463473][ T9631] hub 1-0:1.0: USB hub found [ 268.463936][ T9631] hub 1-0:1.0: 1 port detected [ 268.774024][ T9637] block device autoloading is deprecated and will be removed. [ 269.608130][ T9670] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1646'. [ 269.874077][ T9676] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1650'. [ 270.821916][ T6000] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 270.974523][ T6000] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 270.974559][ T6000] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 270.974587][ T6000] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 270.979492][ T6000] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 270.979528][ T6000] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.979551][ T6000] usb 4-1: Product: syz [ 270.979586][ T6000] usb 4-1: Manufacturer: syz [ 270.979603][ T6000] usb 4-1: SerialNumber: syz [ 271.021429][ T6000] usb 4-1: config 0 descriptor?? [ 271.086134][ T6000] iguanair 4-1:0.0: probe with driver iguanair failed with error -12 [ 271.268167][ T6000] usb 4-1: USB disconnect, device number 20 [ 272.099445][ T9749] lo speed is unknown, defaulting to 1000 [ 273.251802][ T9783] netlink: 'syz.1.1698': attribute type 7 has an invalid length. [ 273.251829][ T9783] netlink: 'syz.1.1698': attribute type 8 has an invalid length. [ 273.251844][ T9783] netlink: 'syz.1.1698': attribute type 4 has an invalid length. [ 273.251859][ T9783] netlink: 212 bytes leftover after parsing attributes in process `syz.1.1698'. [ 274.181660][ T5916] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 274.331614][ T5916] usb 2-1: Using ep0 maxpacket: 32 [ 274.334309][ T5916] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 274.334337][ T5916] usb 2-1: config 0 has no interface number 0 [ 274.334488][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.334517][ T5916] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.334558][ T5916] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 274.334582][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.413343][ T5916] usb 2-1: config 0 descriptor?? [ 275.138637][ T5916] input: HID 28bd:0094 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0094.0017/input/input21 [ 275.213530][ T5916] uclogic 0003:28BD:0094.0017: input,hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.1-1/input1 [ 275.324600][ T5980] usb 2-1: USB disconnect, device number 19 [ 276.952715][ T9847] program syz.1.1727 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 277.520482][ T9860] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 277.634573][ T37] kauditd_printk_skb: 1 callbacks suppressed [ 277.634593][ T37] audit: type=1326 audit(1758187347.262:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9863 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 277.634920][ T37] audit: type=1326 audit(1758187347.262:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9863 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 277.635658][ T37] audit: type=1326 audit(1758187347.262:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9863 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 277.636024][ T37] audit: type=1326 audit(1758187347.262:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9863 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 277.636322][ T37] audit: type=1326 audit(1758187347.262:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9863 comm="syz.1.1735" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd572bceba9 code=0x7ffc0000 [ 277.852216][ T9870] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1737'. [ 278.016230][ T6000] kernel write not supported for file /766/attr/prev (pid: 6000 comm: kworker/1:6) [ 278.081683][ T5916] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 278.171669][ T5980] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 278.253159][ T5916] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 278.253193][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.266341][ T5916] usb 5-1: config 0 descriptor?? [ 278.286489][ T5916] gspca_main: spca508-2.14.0 probing 8086:0110 [ 278.331583][ T5980] usb 2-1: Using ep0 maxpacket: 16 [ 278.334221][ T5980] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 278.334275][ T5980] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 278.334301][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.338824][ T9889] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1746'. [ 278.338859][ T9889] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1746'. [ 278.403974][ T5980] usb 2-1: config 0 descriptor?? [ 278.423422][ T5980] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input22 [ 278.550730][ T5916] gspca_spca508: reg_read err -32 [ 278.591673][ T5916] gspca_spca508: reg_read err -32 [ 278.674703][ T5980] bcm5974 2-1:0.0: could not read from device [ 278.742092][ T5980] input: failed to attach handler mousedev to device input22, error: -5 [ 278.780562][ T5980] usb 2-1: USB disconnect, device number 20 [ 278.800708][ T5916] gspca_spca508: reg_read err -71 [ 278.801135][ T5916] gspca_spca508: reg_read err -71 [ 278.801770][ T5916] gspca_spca508: reg write: error -71 [ 278.801875][ T5916] spca508 5-1:0.0: probe with driver spca508 failed with error -71 [ 278.829332][ T5916] usb 5-1: USB disconnect, device number 17 [ 281.191702][ T5893] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 281.211682][ T5980] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 281.351845][ T5893] usb 5-1: Using ep0 maxpacket: 16 [ 281.357309][ T5893] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 281.357390][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 281.357421][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 281.357445][ T5893] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 281.357471][ T5893] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 281.361881][ T5893] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 281.361914][ T5893] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 281.361935][ T5893] usb 5-1: Manufacturer: syz [ 281.371607][ T5980] usb 4-1: Using ep0 maxpacket: 32 [ 281.374842][ T5980] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 281.374874][ T5980] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.482598][ T5893] usb 5-1: config 0 descriptor?? [ 281.493759][ T5980] usb 4-1: config 0 descriptor?? [ 281.761723][ T5980] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 281.781142][ T5980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 281.792361][ T5980] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 281.792428][ T5980] usb 4-1: media controller created [ 281.831114][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 281.954255][ T5893] rc_core: IR keymap rc-hauppauge not found [ 281.954290][ T5893] Registered IR keymap rc-empty [ 281.954638][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 281.954834][ T5980] az6027: usb out operation failed. (-71) [ 281.955247][ T5980] az6027: usb out operation failed. (-71) [ 281.955259][ T5980] stb0899_attach: Driver disabled by Kconfig [ 281.955277][ T5980] az6027: no front-end attached [ 281.955277][ T5980] [ 281.992108][ T31] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 282.016169][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.016365][ T5980] az6027: usb out operation failed. (-71) [ 282.016379][ T5980] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 282.019932][ T5980] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input24 [ 282.043363][ T5893] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 282.046768][ T5893] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input23 [ 282.113552][ T5980] dvb-usb: schedule remote query interval to 400 msecs. [ 282.113582][ T5980] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 282.137972][ T5980] usb 4-1: USB disconnect, device number 21 [ 282.139534][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.141801][ C0] mceusb 5-1:0.0: long-range (0x1) receiver active [ 282.141952][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 282.144845][ T31] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 282.144874][ T31] usb 1-1: config 0 has no interface number 0 [ 282.152078][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.177346][ T31] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 282.177380][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.177402][ T31] usb 1-1: Product: syz [ 282.177417][ T31] usb 1-1: Manufacturer: syz [ 282.177432][ T31] usb 1-1: SerialNumber: syz [ 282.214144][ T31] usb 1-1: config 0 descriptor?? [ 282.241321][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.244294][ T31] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 282.259482][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.282903][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.301718][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.324141][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.351638][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.372642][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.401656][ T5893] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 282.429954][ T5893] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 282.429983][ T5893] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x1 active) [ 282.472019][ T5893] usb 5-1: USB disconnect, device number 18 [ 282.503888][ T5980] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 282.564777][ T31] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 282.748580][ T31] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 282.899406][ T9972] syz.1.1781 (9972) used greatest stack depth: 16696 bytes left [ 282.943510][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 282.960117][ T31] usb 1-1: USB disconnect, device number 10 [ 283.112316][ T31] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 283.144873][ T31] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 283.145651][ T31] quatech2 1-1:0.51: device disconnected [ 283.212210][ T9979] Bluetooth: MGMT ver 1.23 [ 283.955282][ T37] audit: type=1107 audit(1758187353.542:77): pid=9990 uid=0 auid=0 ses=1 subj=_ msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 284.462029][ T6000] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 284.471651][ T31] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 284.623296][ T6000] usb 5-1: unable to get BOS descriptor or descriptor too short [ 284.624085][ T6000] usb 5-1: not running at top speed; connect to a high speed hub [ 284.626505][ T6000] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 284.626531][ T6000] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 284.632810][ T31] usb 4-1: Using ep0 maxpacket: 16 [ 284.643714][ T31] usb 4-1: config 0 has an invalid interface number: 251 but max is 0 [ 284.643750][ T31] usb 4-1: config 0 has no interface number 0 [ 284.643876][ T31] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 284.643907][ T31] usb 4-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 284.662468][ T31] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 284.662506][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.662531][ T31] usb 4-1: Product: syz [ 284.662547][ T31] usb 4-1: Manufacturer: syz [ 284.662632][ T31] usb 4-1: SerialNumber: syz [ 284.679126][ T6000] usb 5-1: string descriptor 0 read error: -22 [ 284.679299][ T6000] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 284.679324][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.745009][ T31] usb 4-1: config 0 descriptor?? [ 284.761085][T10000] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 284.766605][T10000] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 284.859417][ T6000] usb 5-1: 0:2 : does not exist [ 285.025199][T10000] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 285.025347][T10000] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 285.436082][ T31] asix 4-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 285.440267][ T31] asix 4-1:0.251: probe with driver asix failed with error -524 [ 285.645513][ T5893] usb 4-1: USB disconnect, device number 22 [ 285.668347][ T6000] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 285.695489][ T6000] usb 5-1: 5:0: failed to get current value for ch 1 (-22) [ 285.857467][ T6000] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 285.878794][ T6000] usb 5-1: USB disconnect, device number 19 [ 286.221842][ T31] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 286.373217][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 286.376333][ T31] usb 1-1: config 4 has an invalid interface number: 8 but max is 0 [ 286.376362][ T31] usb 1-1: config 4 has no interface number 0 [ 286.377348][ T31] usb 1-1: config 4 interface 8 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 286.377376][ T31] usb 1-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 0 [ 286.377403][ T31] usb 1-1: config 4 interface 8 has no altsetting 0 [ 286.388006][ T31] usb 1-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65 [ 286.388040][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.388065][ T31] usb 1-1: Product: syz [ 286.388083][ T31] usb 1-1: Manufacturer: syz [ 286.388099][ T31] usb 1-1: SerialNumber: syz [ 286.707254][ T31] opticon 1-1:4.8: opticon converter detected [ 286.714339][ T31] usb 1-1: opticon converter now attached to ttyUSB0 [ 286.729590][ T31] usb 1-1: USB disconnect, device number 11 [ 286.799872][ T31] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0 [ 286.813351][ T31] opticon 1-1:4.8: device disconnected [ 287.080082][ T37] audit: type=1400 audit(1758187356.702:78): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=10044 comm="syz.4.1813" dest=20002 netif=wpan0 [ 289.184467][T10101] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 289.873596][ T37] audit: type=1326 audit(1758187359.502:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.912032][ T37] audit: type=1326 audit(1758187359.502:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.912098][ T37] audit: type=1326 audit(1758187359.532:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.912151][ T37] audit: type=1326 audit(1758187359.542:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.912203][ T37] audit: type=1326 audit(1758187359.542:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.913037][ T37] audit: type=1326 audit(1758187359.542:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.942695][ T37] audit: type=1326 audit(1758187359.572:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 289.943155][ T37] audit: type=1326 audit(1758187359.572:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfeb34ada9 code=0x7ffc0000 [ 289.943651][ T37] audit: type=1326 audit(1758187359.572:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfeb34ada9 code=0x7ffc0000 [ 289.943978][ T37] audit: type=1326 audit(1758187359.572:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10120 comm="syz.3.1849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fdfeb34ada9 code=0x7ffc0000 [ 291.054372][T10131] netlink: 'syz.1.1853': attribute type 2 has an invalid length. [ 291.054395][T10131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1853'. [ 291.389632][T10140] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1856'. [ 292.211641][ T5916] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 292.375147][ T5916] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 292.375181][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 292.375202][ T5916] usb 5-1: Product: syz [ 292.375217][ T5916] usb 5-1: Manufacturer: syz [ 292.375232][ T5916] usb 5-1: SerialNumber: syz [ 292.458802][ T5916] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 292.499062][ T6000] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 294.190127][ T6000] usb 5-1: Service connection timeout for: 256 [ 294.190154][ T6000] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 294.401688][ T6025] IPVS: starting estimator thread 0... [ 294.502178][T10187] IPVS: using max 9 ests per chain, 21600 per kthread [ 297.242202][ T5911] usb 5-1: USB disconnect, device number 20 [ 297.276161][ T6000] ath9k_htc: Failed to initialize the device [ 297.280278][ T5911] usb 5-1: ath9k_htc: USB layer deinitialized [ 298.204115][ T5980] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 298.365125][ T5980] usb 1-1: Using ep0 maxpacket: 16 [ 298.377053][ T5980] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.377108][ T5980] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 298.377133][ T5980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.434590][ T5980] usb 1-1: config 0 descriptor?? [ 298.880390][ T5980] mcp2221 0003:04D8:00DD.0018: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 298.972710][ T6000] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 298.984430][T10270] netlink: 'syz.1.1915': attribute type 1 has an invalid length. [ 298.984456][T10270] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1915'. [ 299.004788][ T59] Bluetooth: hci4: command 0x0406 tx timeout [ 299.134203][ T6000] usb 3-1: Using ep0 maxpacket: 32 [ 299.138795][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.138830][ T6000] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.138872][ T6000] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 299.138898][ T6000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.150745][ T6000] usb 3-1: config 0 descriptor?? [ 299.171167][ T6000] hub 3-1:0.0: USB hub found [ 299.280616][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1917'. [ 299.280642][T10276] netlink: 26 bytes leftover after parsing attributes in process `syz.1.1917'. [ 299.297944][ T5911] usb 1-1: USB disconnect, device number 12 [ 299.412668][ T6000] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 299.781609][ T6025] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 299.890547][ T6000] hid-generic 0003:046D:C31C.0019: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.2-1/input0 [ 299.941786][ T6025] usb 4-1: Using ep0 maxpacket: 32 [ 299.944334][ T6025] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 299.944365][ T6025] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.976037][ T6025] usb 4-1: config 0 descriptor?? [ 299.998956][ T6025] gspca_main: sq930x-2.14.0 probing 041e:403c [ 300.142303][ T5980] usb 3-1: USB disconnect, device number 20 [ 300.802374][T10304] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1930'. [ 300.802417][T10304] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1930'. [ 300.821605][ T6025] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 300.881795][ T6025] sq930x 4-1:0.0: probe with driver sq930x failed with error -71 [ 300.885382][ T6025] usb 4-1: USB disconnect, device number 23 [ 301.781989][T10326] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1938'. [ 302.908391][T10355] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 303.621844][T10378] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1963'. [ 303.798275][T10383] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 303.798305][T10383] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 305.336403][T10428] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1986'. [ 305.865203][T10451] macvlan0: left promiscuous mode [ 305.865473][T10451] netlink: 'syz.2.1997': attribute type 1 has an invalid length. [ 305.865491][T10451] netlink: 'syz.2.1997': attribute type 2 has an invalid length. [ 305.977785][T10453] veth0_to_bridge: entered promiscuous mode [ 305.978411][T10452] veth0_to_bridge: left promiscuous mode [ 306.501998][ T6000] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 306.652601][ T6000] usb 1-1: Using ep0 maxpacket: 32 [ 306.661403][ T6000] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.661905][ T6000] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.661959][ T6000] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 306.661988][ T6000] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.674205][ T6000] usb 1-1: config 0 descriptor?? [ 306.705891][ T6000] hub 1-1:0.0: USB hub found [ 306.896963][ T6000] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 307.341640][ T5893] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 307.360203][ T6000] hid-generic 0003:046D:C31C.001A: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0 [ 307.491555][ T5893] usb 4-1: Using ep0 maxpacket: 16 [ 307.494014][ T5893] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 307.494049][ T5893] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 307.494074][ T5893] usb 4-1: config 0 interface 0 has no altsetting 0 [ 307.494112][ T5893] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 307.494137][ T5893] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.499649][ T5893] usb 4-1: config 0 descriptor?? [ 307.632084][ T6000] usb 1-1: USB disconnect, device number 13 [ 307.973383][ T5893] cougar 0003:060B:500A.001B: unexpected long global item [ 307.974227][ T5893] cougar 0003:060B:500A.001B: parse failed [ 307.974333][ T5893] cougar 0003:060B:500A.001B: probe with driver cougar failed with error -22 [ 308.148112][ T5893] usb 4-1: USB disconnect, device number 24 [ 308.832834][T10519] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2029'. [ 308.848355][T10519] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.850866][T10519] bridge0: port 1(bridge_slave_0) entered disabled state [ 309.102771][T10522] nbd1: detected capacity change from 0 to 127 [ 309.103915][ T59] block nbd1: Receive control failed (result -32) [ 309.220354][T10528] bpf: Bad value for 'uid' [ 309.306061][T10534] bond0: entered promiscuous mode [ 309.306086][T10534] bond_slave_0: entered promiscuous mode [ 309.306663][T10534] bond_slave_1: entered promiscuous mode [ 309.309659][T10534] bond0: left promiscuous mode [ 309.309682][T10534] bond_slave_0: left promiscuous mode [ 309.309941][T10534] bond_slave_1: left promiscuous mode [ 310.275485][T10565] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2049'. [ 310.418508][T10569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2052'. [ 310.418539][T10569] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2052'. [ 310.801877][ T5980] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 310.971572][ T5980] usb 3-1: Using ep0 maxpacket: 32 [ 310.977900][ T5980] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 310.977931][ T5980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.006069][ T5980] usb 3-1: config 0 descriptor?? [ 311.232371][ T5980] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 311.249536][ T5980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 311.265537][T10581] mkiss: ax0: crc mode is auto. [ 311.265560][ T5980] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 311.265614][ T5980] usb 3-1: media controller created [ 311.332339][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 311.435019][ T5980] az6027: usb out operation failed. (-71) [ 311.441311][ T5980] az6027: usb out operation failed. (-71) [ 311.441333][ T5980] stb0899_attach: Driver disabled by Kconfig [ 311.441344][ T5980] az6027: no front-end attached [ 311.441344][ T5980] [ 311.467686][ T5980] az6027: usb out operation failed. (-71) [ 311.467705][ T5980] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 311.470995][ T5980] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input25 [ 311.497412][ T5980] dvb-usb: schedule remote query interval to 400 msecs. [ 311.497437][ T5980] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 311.500452][ T5980] usb 3-1: USB disconnect, device number 21 [ 311.532076][ T5916] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 311.643442][ T5980] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 311.685047][ T5916] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 311.685077][ T5916] usb 1-1: config 0 has no interface number 0 [ 311.688643][ T5916] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 311.688674][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.688695][ T5916] usb 1-1: Product: syz [ 311.688710][ T5916] usb 1-1: Manufacturer: syz [ 311.688726][ T5916] usb 1-1: SerialNumber: syz [ 311.714453][ T5916] usb 1-1: config 0 descriptor?? [ 311.954003][ T5916] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 311.966658][ T5916] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 311.967158][ T5916] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 311.967218][ T5916] usb 1-1: media controller created [ 312.030572][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 312.159488][ T5916] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 312.280439][ T5916] usb 1-1: USB disconnect, device number 14 [ 314.401753][ T5980] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 314.554291][ T5980] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 314.554324][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.560044][ T5980] usb 2-1: config 0 descriptor?? [ 314.622684][ T5980] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 315.020011][T10693] loop7: detected capacity change from 0 to 7 [ 315.097925][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 315.334574][T10701] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2114'. [ 315.334614][T10701] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2114'. [ 315.421665][ T5980] usb 2-1: USB disconnect, device number 21 [ 316.222840][ T37] kauditd_printk_skb: 1265 callbacks suppressed [ 316.222861][ T37] audit: type=1326 audit(1758187385.852:1354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.222914][ T37] audit: type=1326 audit(1758187385.852:1355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.273794][ T37] audit: type=1326 audit(1758187385.892:1356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.273865][ T37] audit: type=1326 audit(1758187385.892:1357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.273919][ T37] audit: type=1326 audit(1758187385.892:1358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.273973][ T37] audit: type=1326 audit(1758187385.892:1359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.274025][ T37] audit: type=1326 audit(1758187385.892:1360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 316.274079][ T37] audit: type=1326 audit(1758187385.892:1361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10722 comm="syz.3.2124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x7ffc0000 [ 317.801838][ T37] audit: type=1326 audit(1758187387.422:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10756 comm="syz.3.2139" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdfeb3aeba9 code=0x0 [ 318.151804][ T5911] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 318.307391][ T5911] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 318.307425][ T5911] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.317466][ T5911] usb 3-1: config 0 descriptor?? [ 318.328564][ T5911] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 318.431743][ T5980] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 318.581726][ T5980] usb 1-1: Using ep0 maxpacket: 8 [ 318.585818][ T5980] usb 1-1: config index 0 descriptor too short (expected 30, got 18) [ 318.590435][ T5980] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 318.590468][ T5980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 318.590489][ T5980] usb 1-1: Product: syz [ 318.590504][ T5980] usb 1-1: Manufacturer: syz [ 318.590518][ T5980] usb 1-1: SerialNumber: syz [ 318.650357][ T5980] usb 1-1: config 0 descriptor?? [ 318.670799][ T5980] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 318.670859][ T5980] usb 1-1: setting power ON [ 318.670881][ T5980] dvb-usb: bulk message failed: -22 (2/0) [ 318.702790][ T5980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 318.703685][ T5980] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 318.703759][ T5980] usb 1-1: media controller created [ 318.769409][ T5980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 318.796578][ T5980] usb 1-1: selecting invalid altsetting 6 [ 318.796604][ T5980] usb 1-1: digital interface selection failed (-22) [ 318.796621][ T5980] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 318.797504][ T5980] usb 1-1: setting power OFF [ 318.797526][ T5980] dvb-usb: bulk message failed: -22 (2/0) [ 318.797544][ T5980] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 318.797557][ T5980] (NULL device *): no alternate interface [ 318.905845][ T5980] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 318.942455][ T5911] gspca_stv06xx: vv6410 sensor detected [ 318.964131][ T6000] usb 1-1: USB disconnect, device number 15 [ 319.210732][ T5911] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71 [ 319.215088][ T5911] usb 3-1: USB disconnect, device number 22 [ 320.563108][T10828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2170'. [ 320.563149][T10828] netlink: 'syz.1.2170': attribute type 30 has an invalid length. [ 320.563167][T10828] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2170'. [ 320.938730][ T1127] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.960335][ T1127] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.960390][ T1127] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 320.960431][ T1127] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 321.512098][ T5980] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 321.671948][ T5980] usb 2-1: Using ep0 maxpacket: 16 [ 321.674386][ T5980] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 321.674439][ T5980] usb 2-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 321.674465][ T5980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.722450][ T5980] usb 2-1: config 0 descriptor?? [ 321.741220][ T5980] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input26 [ 321.772979][T10857] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2182'. [ 321.776427][T10857] netem: unknown loss type 12 [ 321.776541][T10857] netem: change failed [ 321.936359][ T5980] bcm5974 2-1:0.0: could not read from device [ 322.014019][ T5980] input: failed to attach handler mousedev to device input26, error: -5 [ 322.032763][ T5980] usb 2-1: USB disconnect, device number 22 [ 322.706027][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.706107][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.191965][ T5911] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 324.346534][ T5911] usb 4-1: Using ep0 maxpacket: 16 [ 324.349173][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.349208][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 324.349264][ T5911] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 324.349289][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.371045][ T5911] usb 4-1: config 0 descriptor?? [ 324.593924][ T5911] usbhid 4-1:0.0: can't add hid device: -71 [ 324.594065][ T5911] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 324.616365][ T5911] usb 4-1: USB disconnect, device number 25 [ 325.032046][ T6025] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 325.192115][ T6025] usb 1-1: Using ep0 maxpacket: 32 [ 325.194792][ T6025] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 325.194823][ T6025] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 325.194846][ T6025] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 325.194869][ T6025] usb 1-1: config 1 has no interface number 0 [ 325.194923][ T6025] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 325.194950][ T6025] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 325.194995][ T6025] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 325.195022][ T6025] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.299425][ T6025] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 325.520858][ T6025] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached [ 325.966721][ T6025] usb 1-1: USB disconnect, device number 16 [ 325.969601][ T6025] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 326.467326][T10966] loop9: detected capacity change from 0 to 524288000 [ 326.999371][T10982] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2234'. [ 327.258716][T10987] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2236'. [ 328.163020][ T5929] kernel read not supported for file /dsp (pid: 5929 comm: kworker/1:5) [ 328.419038][T11012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2250'. [ 328.908779][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2255'. [ 330.801620][ T6025] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 330.952106][T11067] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2273'. [ 330.962227][ T6025] usb 1-1: Using ep0 maxpacket: 16 [ 330.965111][ T6025] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 330.965143][ T6025] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 330.968503][ T6025] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 330.968535][ T6025] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.968559][ T6025] usb 1-1: Product: syz [ 330.968577][ T6025] usb 1-1: Manufacturer: syz [ 330.968593][ T6025] usb 1-1: SerialNumber: syz [ 331.252673][ T6025] usb 1-1: 0:2 : does not exist [ 331.258342][ T6025] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 331.328027][ T6025] usb 1-1: USB disconnect, device number 17 [ 331.879501][T11083] pimreg: entered allmulticast mode [ 331.923224][T11083] pimreg: left allmulticast mode [ 333.578538][T11116] lo speed is unknown, defaulting to 1000 [ 334.264595][T11134] netlink: 'syz.2.2301': attribute type 15 has an invalid length. [ 334.839370][T11146] vivid-000: ================= START STATUS ================= [ 334.839408][T11146] vivid-000: Test Pattern: 75% Colorbar [ 334.839439][T11146] vivid-000: Fill Percentage of Frame: 100 [ 334.839462][T11146] vivid-000: Horizontal Movement: No Movement [ 334.839482][T11146] vivid-000: Vertical Movement: No Movement [ 334.839502][T11146] vivid-000: OSD Text Mode: All [ 334.839521][T11146] vivid-000: Show Border: false [ 334.839541][T11146] vivid-000: Show Square: false [ 334.839559][T11146] vivid-000: Sensor Flipped Horizontally: false [ 334.839579][T11146] vivid-000: Sensor Flipped Vertically: false [ 334.839599][T11146] vivid-000: Insert SAV Code in Image: false [ 334.839619][T11146] vivid-000: Insert EAV Code in Image: false [ 334.839639][T11146] vivid-000: Insert Video Guard Band: false [ 334.839659][T11146] vivid-000: Reduced Framerate: false [ 334.839678][T11146] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator [ 334.839699][T11146] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator [ 334.839721][T11146] vivid-000: Enable Capture Cropping: true grabbed [ 334.839746][T11146] vivid-000: Enable Capture Composing: true grabbed [ 334.839770][T11146] vivid-000: Enable Capture Scaler: true grabbed [ 334.839794][T11146] vivid-000: Timestamp Source: End of Frame [ 334.839814][T11146] vivid-000: Colorspace: sRGB [ 334.839832][T11146] vivid-000: Transfer Function: Default [ 334.839852][T11146] vivid-000: Y'CbCr Encoding: Default [ 334.839872][T11146] vivid-000: HSV Encoding: Hue 0-179 [ 334.839891][T11146] vivid-000: Quantization: Default [ 334.839911][T11146] vivid-000: Apply Alpha To Red Only: false [ 334.839930][T11146] vivid-000: Standard Aspect Ratio: 4x3 [ 334.839950][T11146] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 334.839975][T11146] vivid-000: DV Timings: 640x480p59 inactive [ 334.839999][T11146] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 334.840020][T11146] vivid-000: Maximum EDID Blocks: 2 [ 334.840040][T11146] vivid-000: Limited RGB Range (16-235): false [ 334.840060][T11146] vivid-000: Rx RGB Quantization Range: Automatic [ 334.840081][T11146] vivid-000: Power Present: 0x00000001 [ 334.840103][T11146] tpg source WxH: 320x240 (Y'CbCr) [ 334.840115][T11146] tpg field: 1 [ 334.840123][T11146] tpg crop: (0,0)/320x240 [ 334.840135][T11146] tpg compose: (0,0)/320x240 [ 334.840149][T11146] tpg colorspace: 8 [ 334.840157][T11146] tpg transfer function: 0/2 [ 334.840167][T11146] tpg Y'CbCr encoding: 0/1 [ 334.840179][T11146] tpg quantization: 0/2 [ 334.840189][T11146] tpg RGB range: 0/2 [ 334.840199][T11146] vivid-000: ================== END STATUS ================== [ 336.096124][T11168] lo speed is unknown, defaulting to 1000 [ 336.961566][ T6025] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 337.132636][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.143325][ T6025] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 337.143363][ T6025] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 337.143391][ T6025] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 337.168225][ T6025] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 337.168262][ T6025] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.168285][ T6025] usb 1-1: Product: syz [ 337.168303][ T6025] usb 1-1: Manufacturer: syz [ 337.168321][ T6025] usb 1-1: SerialNumber: syz [ 337.184055][ T6025] usb 1-1: config 0 descriptor?? [ 337.184972][T11182] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 337.185107][T11182] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 337.196387][ T6025] usb 1-1: ucan: probing device on interface #0 [ 337.329992][T11192] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2326'. [ 337.909025][ T6025] ucan 1-1:0.0: probe with driver ucan failed with error -22 [ 338.135538][ T6025] usb 1-1: USB disconnect, device number 18 [ 338.496006][T11212] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 338.656642][ T37] audit: type=1326 audit(1758187408.282:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.700318][ T37] audit: type=1326 audit(1758187408.322:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.700377][ T37] audit: type=1326 audit(1758187408.322:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.700426][ T37] audit: type=1326 audit(1758187408.322:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 338.700475][ T37] audit: type=1326 audit(1758187408.322:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f02df8ceba9 code=0x7ffc0000 [ 338.700886][ T37] audit: type=1326 audit(1758187408.322:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.709522][ T37] audit: type=1326 audit(1758187408.332:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.710999][ T37] audit: type=1326 audit(1758187408.332:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.714648][ T37] audit: type=1326 audit(1758187408.342:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 338.734248][ T37] audit: type=1326 audit(1758187408.352:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11213 comm="syz.2.2337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f02df86ada9 code=0x7ffc0000 [ 339.341634][ T6000] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 339.491638][ T6000] usb 4-1: Using ep0 maxpacket: 8 [ 339.499069][ T6000] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.499190][ T6000] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 339.499238][ T6000] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 339.499263][ T6000] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.554706][ T6000] usb 4-1: config 0 descriptor?? [ 340.023128][ T6000] hid-rmi 0003:06CB:81A7.001C: unknown main item tag 0x4 [ 340.023165][ T6000] hid-rmi 0003:06CB:81A7.001C: unknown main item tag 0x0 [ 340.023194][ T6000] hid-rmi 0003:06CB:81A7.001C: unknown main item tag 0x0 [ 340.023221][ T6000] hid-rmi 0003:06CB:81A7.001C: unknown main item tag 0x0 [ 340.023249][ T6000] hid-rmi 0003:06CB:81A7.001C: unbalanced collection at end of report description [ 340.024149][ T6000] hid-rmi 0003:06CB:81A7.001C: parse failed [ 340.024265][ T6000] hid-rmi 0003:06CB:81A7.001C: probe with driver hid-rmi failed with error -22 [ 340.186611][ T50] usb 4-1: USB disconnect, device number 26 [ 340.949546][T11240] tipc: Started in network mode [ 340.949572][T11240] tipc: Node identity , cluster identity 4711 [ 340.949588][T11240] tipc: Failed to set node id, please configure manually [ 340.949638][T11240] tipc: Enabling of bearer rejected, failed to enable media [ 341.161990][ T6025] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 341.323310][ T6025] usb 4-1: Using ep0 maxpacket: 32 [ 341.326099][ T6025] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 341.326136][ T6025] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.328617][ T6025] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 341.328651][ T6025] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 341.328674][ T6025] usb 4-1: Product: syz [ 341.328689][ T6025] usb 4-1: Manufacturer: syz [ 341.402870][ T6025] hub 4-1:4.0: USB hub found [ 341.623380][ T6025] hub 4-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 341.962491][ T6025] usb 4-1: USB disconnect, device number 27 [ 343.663424][ T37] kauditd_printk_skb: 253 callbacks suppressed [ 343.663445][ T37] audit: type=1326 audit(1758187413.292:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11244 comm="syz.1.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd572b6ada9 code=0x7ffc0000 [ 343.663893][ T37] audit: type=1326 audit(1758187413.292:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11244 comm="syz.1.2351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd572b6ada9 code=0x7ffc0000 [ 344.355002][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 344.377529][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 344.379607][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 344.388858][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 344.390031][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 344.471698][T11280] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2367'. [ 346.522008][ T59] Bluetooth: hci5: command tx timeout [ 347.112238][T11276] lo speed is unknown, defaulting to 1000 [ 347.113855][T11306] tap0: tun_chr_ioctl cmd 1074025677 [ 347.114091][T11306] tap0: linktype set to 774 [ 347.655157][ T3589] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 347.979173][T11322] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 348.178952][ T3589] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.560998][ T3589] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.601620][ T59] Bluetooth: hci5: command tx timeout [ 349.043219][ T3589] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.331201][T11276] chnl_net:caif_netlink_parms(): no params data found [ 350.441987][ T3589] bridge_slave_1: left allmulticast mode [ 350.442186][ T3589] bridge_slave_1: left promiscuous mode [ 350.446271][ T3589] bridge0: port 2(bridge_slave_1) entered disabled state [ 350.605313][ T3589] bridge_slave_0: left allmulticast mode [ 350.605352][ T3589] bridge_slave_0: left promiscuous mode [ 350.605757][ T3589] bridge0: port 1(bridge_slave_0) entered disabled state [ 350.643330][T11388] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2415'. [ 350.681600][ T59] Bluetooth: hci5: command tx timeout [ 352.761737][ T59] Bluetooth: hci5: command tx timeout [ 353.922936][ T3589] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 353.983783][ T3589] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 354.034482][ T3589] bond0 (unregistering): Released all slaves [ 355.462107][T11276] bridge0: port 1(bridge_slave_0) entered blocking state [ 355.462245][T11276] bridge0: port 1(bridge_slave_0) entered disabled state [ 355.462493][T11276] bridge_slave_0: entered allmulticast mode [ 355.465867][T11276] bridge_slave_0: entered promiscuous mode [ 355.507316][T11276] bridge0: port 2(bridge_slave_1) entered blocking state [ 355.507483][T11276] bridge0: port 2(bridge_slave_1) entered disabled state [ 355.507781][T11276] bridge_slave_1: entered allmulticast mode [ 355.510972][T11276] bridge_slave_1: entered promiscuous mode [ 356.159627][T11451] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2442'. [ 356.159749][T11451] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2442'. [ 356.426836][T11459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2446'. [ 356.426950][T11459] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2446'. [ 356.546248][T11276] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 356.578897][T11276] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 356.749310][ T3589] hsr_slave_0: left promiscuous mode [ 356.787479][ T3589] hsr_slave_1: left promiscuous mode [ 356.790147][ T3589] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 356.790249][ T3589] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 356.839618][ T3589] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 356.839656][ T3589] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.015721][ T3589] veth1_macvtap: left promiscuous mode [ 357.016007][ T3589] veth0_macvtap: left promiscuous mode [ 357.016313][ T3589] veth1_vlan: left promiscuous mode [ 357.016701][ T3589] veth0_vlan: left promiscuous mode [ 359.011621][ C0] vkms_vblank_simulate: vblank timer overrun [ 359.229690][ C0] vkms_vblank_simulate: vblank timer overrun [ 359.255917][T11526] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2477'. [ 359.498200][T11530] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 359.542066][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.791998][ C0] vkms_vblank_simulate: vblank timer overrun [ 360.879092][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.044230][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.192996][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.375792][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.445464][ T3589] team0 (unregistering): Port device team_slave_1 removed [ 361.543847][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.595187][ C0] vkms_vblank_simulate: vblank timer overrun [ 361.734817][ T3589] team0 (unregistering): Port device team_slave_0 removed [ 362.292947][ C0] vkms_vblank_simulate: vblank timer overrun [ 362.695589][ C0] vkms_vblank_simulate: vblank timer overrun [ 363.179413][ C0] vkms_vblank_simulate: vblank timer overrun [ 363.791140][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.980787][T11276] team0: Port device team_slave_0 added [ 364.994988][T11276] team0: Port device team_slave_1 added [ 365.440815][T11276] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 365.440835][T11276] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.440865][T11276] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 365.488831][T11276] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 365.488850][T11276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 365.488878][T11276] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 366.098120][T11584] vlan3: entered allmulticast mode [ 366.652262][T11600] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2509'. [ 366.706624][T11276] hsr_slave_0: entered promiscuous mode [ 366.713878][T11276] hsr_slave_1: entered promiscuous mode [ 366.719612][T11276] debugfs: 'hsr0' already exists in 'hsr' [ 366.719649][T11276] Cannot create hsr debugfs directory [ 367.615747][T11617] macvtap1: entered allmulticast mode [ 367.615772][T11617] bridge0: entered allmulticast mode [ 367.617357][T11617] bridge0: port 3(macvtap1) entered blocking state [ 367.617522][T11617] bridge0: port 3(macvtap1) entered disabled state [ 367.708840][T11617] bridge0: left allmulticast mode [ 368.988793][T11276] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 369.136149][T11276] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 369.205536][ T50] kernel write not supported for file /1141/clear_refs (pid: 50 comm: kworker/1:1) [ 369.205660][T11276] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 369.309975][T11276] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 369.314724][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2538'. [ 370.712082][ T50] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 370.866702][ T50] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 370.866735][ T50] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 370.866762][ T50] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 370.866786][ T50] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 370.866836][ T50] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 370.866861][ T50] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.955365][ T50] usb 4-1: config 0 descriptor?? [ 371.239898][ T50] hdpvr 4-1:0.0: firmware version 0x0 dated [ 371.239922][ T50] hdpvr 4-1:0.0: untested firmware, the driver might not work. [ 372.031253][ T50] hdpvr 4-1:0.0: Could not setup controls [ 372.052648][ T50] hdpvr 4-1:0.0: registering videodev failed [ 372.137397][ T50] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -71 [ 372.203002][ T50] usb 4-1: USB disconnect, device number 28 [ 375.691726][ T37] audit: type=1326 audit(375.295:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11721 comm="syz.0.2560" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8c5d9eeba9 code=0x0 [ 381.878749][T11276] 8021q: adding VLAN 0 to HW filter on device bond0 [ 382.137142][T11728] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 382.181671][T11729] Falling back ldisc for ptm0. [ 382.879164][ C1] sched: DL replenish lagged too much [ 384.515901][T11746] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2570'. [ 384.515933][T11746] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2570'. [ 384.802791][T11276] 8021q: adding VLAN 0 to HW filter on device team0 [ 384.908965][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.909140][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 385.023722][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.023890][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 385.142702][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.146111][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 388.056242][T11276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 389.814513][T11792] netlink: 71 bytes leftover after parsing attributes in process `syz.2.2582'. [ 390.320362][T11276] veth0_vlan: entered promiscuous mode [ 390.400176][T11276] veth1_vlan: entered promiscuous mode [ 390.653063][T11276] veth0_macvtap: entered promiscuous mode [ 390.699005][T11276] veth1_macvtap: entered promiscuous mode [ 390.920341][T11276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 391.068640][T11276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 391.170975][ T3589] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.189217][ T3589] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.189899][ T3589] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 391.214694][ T3589] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 393.596841][T11805] vcan0: tx drop: invalid sa for name 0x0000000000000003 [ 395.162500][ T5911] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 395.312289][ T5911] usb 2-1: Using ep0 maxpacket: 8 [ 395.315394][ T5911] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 395.315425][ T5911] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 395.315451][ T5911] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 395.315478][ T5911] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 395.315526][ T5911] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 395.315551][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.764633][ T6960] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.764658][ T6960] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.956799][ T5911] usb 2-1: GET_CAPABILITIES returned 0 [ 395.956842][ T5911] usbtmc 2-1:16.0: can't read capabilities [ 396.302323][ T50] usb 2-1: USB disconnect, device number 23 [ 396.468826][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 396.468850][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.138796][T11832] netlink: 'syz.1.2600': attribute type 2 has an invalid length. [ 397.666574][T11837] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2602'. [ 400.421838][ T50] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 400.591748][ T50] usb 1-1: Using ep0 maxpacket: 16 [ 400.610156][ T50] usb 1-1: config 0 has an invalid interface number: 203 but max is 0 [ 400.610187][ T50] usb 1-1: config 0 has no interface number 0 [ 400.610238][ T50] usb 1-1: config 0 interface 203 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 400.650357][ T50] usb 1-1: New USB device found, idVendor=0499, idProduct=1026, bcdDevice=e8.af [ 400.650389][ T50] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.650411][ T50] usb 1-1: Product: syz [ 400.650427][ T50] usb 1-1: Manufacturer: syz [ 400.650442][ T50] usb 1-1: SerialNumber: syz [ 400.705444][ T50] usb 1-1: config 0 descriptor?? [ 400.706734][T11873] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 400.748234][ T50] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 402.983768][ T6000] usb 1-1: USB disconnect, device number 19 [ 405.341594][ T5929] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 405.496647][ T5929] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 405.496676][ T5929] usb 3-1: config 0 has no interface number 0 [ 405.499907][ T5929] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 405.499938][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.499960][ T5929] usb 3-1: Product: syz [ 405.499975][ T5929] usb 3-1: Manufacturer: syz [ 405.499991][ T5929] usb 3-1: SerialNumber: syz [ 405.577428][ T5929] usb 3-1: config 0 descriptor?? [ 405.843211][ T5929] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 405.849837][ T5929] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 405.850263][ T5929] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 405.850319][ T5929] usb 3-1: media controller created [ 406.030438][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 406.197487][ T5929] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 406.880767][ T5929] usb 3-1: USB disconnect, device number 23 [ 407.549485][T11928] block nbd3: NBD_DISCONNECT [ 411.319919][T11945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2649'. [ 411.890562][T11953] team0: Device macvlan3 is already an upper device of the team interface [ 414.080083][ C1] vcan0: j1939_tp_rxtimer: 0xffff888021761800: rx timeout, send abort [ 414.084731][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888021761800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 415.091267][T11989] /dev/nullb0: Can't open blockdev [ 415.320989][T11978] bond0: entered promiscuous mode [ 415.321015][T11978] bond_slave_0: entered promiscuous mode [ 415.321919][T11978] bond_slave_1: entered promiscuous mode [ 415.346790][T11978] batadv0: entered promiscuous mode [ 415.367420][T11978] hsr1: entered promiscuous mode [ 415.379544][T11978] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 419.268877][T11987] netlink: 136 bytes leftover after parsing attributes in process `syz.0.2665'. [ 419.268904][T11987] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 420.196658][T12014] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2676'. [ 420.211545][ T6000] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 420.371714][ T6000] usb 3-1: Using ep0 maxpacket: 8 [ 420.374724][ T6000] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 420.374754][ T6000] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 420.374775][ T6000] usb 3-1: config 0 has no interface number 0 [ 420.374829][ T6000] usb 3-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 420.374857][ T6000] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 420.374886][ T6000] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 420.378032][ T6000] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 420.378062][ T6000] usb 3-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 420.378084][ T6000] usb 3-1: Product: syz [ 420.493884][ T6000] usb 3-1: config 0 descriptor?? [ 420.497440][T12010] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 421.200570][ T6000] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input27 [ 421.660929][ T5929] usb 3-1: USB disconnect, device number 24 [ 421.661030][ C1] keyspan_remote 3-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19 [ 424.752672][T12053] overlay: filesystem on ./file0 not supported as upperdir [ 431.616929][T12089] 2g,{: renamed from lo (while UP) [ 432.683234][T12094] netlink: 'syz.1.2708': attribute type 6 has an invalid length. [ 433.643397][T12108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2714'. [ 436.081164][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 436.133685][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.133942][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 436.134029][ C1] I/O error, dev loop7, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.134057][ C1] Buffer I/O error on dev loop7, logical block 1, async page read [ 436.134313][ C1] I/O error, dev loop7, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.134342][ C1] Buffer I/O error on dev loop7, logical block 2, async page read [ 436.134475][ C1] I/O error, dev loop7, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.134503][ C1] Buffer I/O error on dev loop7, logical block 3, async page read [ 436.134625][ C1] I/O error, dev loop7, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.134651][ C1] Buffer I/O error on dev loop7, logical block 4, async page read [ 436.135060][ C1] I/O error, dev loop7, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.135102][ C1] Buffer I/O error on dev loop7, logical block 5, async page read [ 436.135171][ C1] I/O error, dev loop7, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 436.135197][ C1] Buffer I/O error on dev loop7, logical block 6, async page read [ 437.105614][ T6000] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 437.257594][ T6000] usb 4-1: Using ep0 maxpacket: 32 [ 437.267755][ T6000] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 437.267786][ T6000] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.353952][ T6000] usb 4-1: config 0 descriptor?? [ 437.663126][ T6000] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 437.688245][ T6000] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 437.701105][ T6000] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 437.701169][ T6000] usb 4-1: media controller created [ 437.966160][ T6000] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 438.106003][ T6000] az6027: usb out operation failed. (-71) [ 438.106569][ T6000] az6027: usb out operation failed. (-71) [ 438.106584][ T6000] stb0899_attach: Driver disabled by Kconfig [ 438.106595][ T6000] az6027: no front-end attached [ 438.106595][ T6000] [ 438.107025][ T6000] az6027: usb out operation failed. (-71) [ 438.107040][ T6000] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 438.110314][ T6000] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input28 [ 438.196073][ T6000] dvb-usb: schedule remote query interval to 400 msecs. [ 438.196097][ T6000] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 438.242472][ T6000] usb 4-1: USB disconnect, device number 29 [ 439.020664][ T6000] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 439.424365][ T6000] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 439.697652][ T6000] usb 4-1: config 0 has an invalid interface number: 227 but max is 0 [ 439.697682][ T6000] usb 4-1: config 0 has no interface number 0 [ 439.697737][ T6000] usb 4-1: config 0 interface 227 altsetting 7 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 439.697767][ T6000] usb 4-1: config 0 interface 227 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 439.697796][ T6000] usb 4-1: config 0 interface 227 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 439.697821][ T6000] usb 4-1: config 0 interface 227 has no altsetting 0 [ 439.814209][ T6000] usb 4-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=58.dd [ 439.814242][ T6000] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.814264][ T6000] usb 4-1: Product: syz [ 439.814279][ T6000] usb 4-1: Manufacturer: syz [ 439.814294][ T6000] usb 4-1: SerialNumber: syz [ 439.862792][ T6000] usb 4-1: config 0 descriptor?? [ 439.866456][T12147] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 439.907043][ T6000] usbtouchscreen 4-1:0.227: probe with driver usbtouchscreen failed with error -90 [ 440.027946][T12153] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2733'. [ 442.200948][ T5911] usb 4-1: USB disconnect, device number 30 [ 460.068748][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 460.079628][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 469.507793][ T5848] Bluetooth: hci5: command 0x0406 tx timeout [ 523.385042][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 523.396156][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 529.885352][ T59] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 543.129563][T12211] Bluetooth: hci3: Opcode 0x0c03 failed: -4 [ 568.240164][T12214] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 574.491000][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 574.501935][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 591.496950][T12214] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 594.430247][T12224] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 602.445366][ T38] INFO: task kworker/u8:41:6982 blocked for more than 144 seconds. [ 602.445397][ T38] Not tainted syzkaller #0 [ 602.445410][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.445421][ T38] task:kworker/u8:41 state:D stack:20584 pid:6982 tgid:6982 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 602.445483][ T38] Workqueue: events_unbound linkwatch_event [ 602.445519][ T38] Call Trace: [ 602.445527][ T38] [ 602.445543][ T38] __schedule+0x16f3/0x4c20 [ 602.445597][ T38] ? ret_from_fork_asm+0x1a/0x30 [ 602.445639][ T38] ? __pfx___schedule+0x10/0x10 [ 602.445699][ T38] rt_mutex_schedule+0x77/0xf0 [ 602.445723][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 602.445766][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 602.445799][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 602.445830][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 602.445860][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 602.445901][ T38] ? linkwatch_event+0xe/0x60 [ 602.445932][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 602.445966][ T38] ? linkwatch_event+0xe/0x60 [ 602.445988][ T38] mutex_lock_nested+0x16a/0x1d0 [ 602.446013][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 602.446047][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 602.446078][ T38] linkwatch_event+0xe/0x60 [ 602.446100][ T38] process_scheduled_works+0xade/0x17b0 [ 602.446163][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 602.446214][ T38] worker_thread+0x8a0/0xda0 [ 602.446248][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 602.446292][ T38] ? __kthread_parkme+0x7b/0x200 [ 602.446335][ T38] kthread+0x70e/0x8a0 [ 602.446374][ T38] ? __pfx_worker_thread+0x10/0x10 [ 602.446403][ T38] ? __pfx_kthread+0x10/0x10 [ 602.446444][ T38] ? __pfx_kthread+0x10/0x10 [ 602.446479][ T38] ret_from_fork+0x439/0x7d0 [ 602.446514][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 602.446551][ T38] ? __switch_to_asm+0x39/0x70 [ 602.446586][ T38] ? __switch_to_asm+0x33/0x70 [ 602.446606][ T38] ? __pfx_kthread+0x10/0x10 [ 602.446643][ T38] ret_from_fork_asm+0x1a/0x30 [ 602.446684][ T38] [ 602.446703][ T38] INFO: task syz.5.2737:12166 blocked for more than 144 seconds. [ 602.446719][ T38] Not tainted syzkaller #0 [ 602.446731][ T38] Blocked by coredump. [ 602.446738][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 602.446748][ T38] task:syz.5.2737 state:D stack:25128 pid:12166 tgid:12166 ppid:11276 task_flags:0x40004c flags:0x00004000 [ 602.446811][ T38] Call Trace: [ 602.446818][ T38] [ 602.446832][ T38] __schedule+0x16f3/0x4c20 [ 602.446891][ T38] ? __lock_acquire+0xab9/0xd20 [ 602.446922][ T38] ? __pfx___schedule+0x10/0x10 [ 602.446975][ T38] ? schedule+0x91/0x360 [ 602.447011][ T38] schedule+0x165/0x360 [ 602.447046][ T38] schedule_timeout+0x9a/0x270 [ 602.447077][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 602.447124][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 602.447157][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 602.447189][ T38] ? wait_for_completion+0x267/0x5d0 [ 602.447225][ T38] wait_for_completion+0x2bf/0x5d0 [ 602.447281][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 602.447330][ T38] exit_aio+0x2f1/0x3b0 [ 602.447365][ T38] ? __pfx_exit_aio+0x10/0x10 [ 602.447406][ T38] ? uprobe_clear_state+0x280/0x2a0 [ 602.447429][ T38] ? mm_update_next_owner+0xa7/0x870 [ 602.447456][ T38] __mmput+0x68/0x3d0 [ 602.447486][ T38] exit_mm+0x1da/0x2c0 [ 602.447511][ T38] ? __pfx_exit_mm+0x10/0x10 [ 602.447534][ T38] ? rcu_is_watching+0x15/0xb0 [ 602.447580][ T38] do_exit+0x648/0x2300 [ 602.447600][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 602.447635][ T38] ? rt_mutex_slowunlock+0x668/0x8a0 [ 602.447667][ T38] ? __pfx_do_exit+0x10/0x10 [ 602.447688][ T38] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 602.447727][ T38] ? __rcu_read_unlock+0x84/0xe0 [ 602.447759][ T38] do_group_exit+0x21c/0x2d0 [ 602.447787][ T38] __x64_sys_exit_group+0x3f/0x40 [ 602.447808][ T38] x64_sys_call+0x21f7/0x2200 [ 602.447829][ T38] do_syscall_64+0xfa/0x3b0 [ 602.447848][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 602.447879][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.447900][ T38] ? clear_bhb_loop+0x60/0xb0 [ 602.447927][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 602.447957][ T38] RIP: 0033:0x7fd23aa3eba9 [ 602.447976][ T38] RSP: 002b:00007ffd0f5d93a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 602.448007][ T38] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd23aa3eba9 [ 602.448022][ T38] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 602.448034][ T38] RBP: 00007ffd0f5d940c R08: 000000040f5d949f R09: 00000000000927c0 [ 602.448049][ T38] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000001e [ 602.448062][ T38] R13: 00000000000927c0 R14: 000000000006b8ac R15: 00007ffd0f5d9460 [ 602.448098][ T38] [ 602.448128][ T38] [ 602.448128][ T38] Showing all locks held in the system: [ 602.448137][ T38] 6 locks held by kworker/0:0/9: [ 602.448149][ T38] #0: ffff888021763d38 ((wq_completion)wg-kex-wg2#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.448217][ T38] #1: ffffc900000e7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.448302][ T38] #2: ffff8880327495f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 602.448361][ T38] #3: ffff888023a4ae58 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 602.448423][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.448480][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.448539][ T38] 4 locks held by kworker/0:1/10: [ 602.448552][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.448619][ T38] #1: ffffc900000f7bc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.448678][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.448734][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.448793][ T38] 6 locks held by kworker/u8:1/13: [ 602.448806][ T38] #0: ffff8880379ec138 ((wq_completion)wg-kex-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.448869][ T38] #1: ffffc90000127bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.448929][ T38] #2: ffff888037df55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.448994][ T38] #3: ffff88805e4bc388 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.449049][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.449106][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.449164][ T38] 2 locks held by ksoftirqd/0/15: [ 602.449177][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.449233][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.449293][ T38] 2 locks held by rcuc/1/28: [ 602.449305][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.449352][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.449409][ T38] 2 locks held by ksoftirqd/1/30: [ 602.449421][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.449478][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.449535][ T38] 3 locks held by kworker/1:0/31: [ 602.449548][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.449614][ T38] #1: ffffc90000a5fbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.449671][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 602.449736][ T38] 1 lock held by khungtaskd/38: [ 602.449749][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 602.449802][ T38] 7 locks held by kworker/u8:3/44: [ 602.449815][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.449873][ T38] #1: ffffc90000b57bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.449933][ T38] #2: ffff88805e51e300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 602.450002][ T38] #3: ffff88805e46e520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 602.450066][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 602.450122][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.450178][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.450238][ T38] 4 locks held by kworker/1:1/50: [ 602.450251][ T38] #0: ffff88803ae81138 ((wq_completion)wg-kex-wg0#11){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.450314][ T38] #1: ffffc90000bc7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.450394][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.450460][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.450520][ T38] 2 locks held by kworker/u8:4/67: [ 602.450533][ T38] 5 locks held by kworker/u8:5/84: [ 602.450546][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.450615][ T38] #1: ffffc9000159fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.450673][ T38] #2: ffff888036e40898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 602.450735][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.450790][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.450862][ T38] 8 locks held by kworker/1:2/994: [ 602.450878][ T38] 4 locks held by kworker/u8:9/1127: [ 602.450891][ T38] #0: ffff88803990e938 ((wq_completion)wg-kex-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.450949][ T38] #1: ffffc90004d4fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.451008][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.451064][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.451122][ T38] 4 locks held by kworker/u8:10/1172: [ 602.451135][ T38] #0: ffff88805bf45938 ((wq_completion)wg-kex-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.451193][ T38] #1: ffffc90004ecfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.451252][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.734034][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.734101][ T38] 2 locks held by aoe_tx0/1322: [ 602.734114][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.734171][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.734244][ T38] 6 locks held by kworker/u8:12/3589: [ 602.734256][ T38] #0: ffff88814d783138 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.734315][ T38] #1: ffffc9000d4afbc0 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.734374][ T38] #2: ffff888065822078 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x15e/0x680 [ 602.734433][ T38] #3: ffff8880389ea1d0 (k-sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sock_set_nodelay+0x2a/0xf0 [ 602.734494][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.734560][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.734618][ T38] 3 locks held by kworker/u8:13/3596: [ 602.734631][ T38] #0: ffff88802ff07138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.734689][ T38] #1: ffffc9000d60fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.734750][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 602.734807][ T38] 7 locks held by kworker/u8:14/3600: [ 602.734821][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.734878][ T38] #1: ffffc9000d57fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.734939][ T38] #2: ffff8880370f8300 (&devlink->lock_key#3){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 602.735008][ T38] #3: ffff88805e0d7120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 602.735073][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 602.735129][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.735186][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.735244][ T38] 7 locks held by kworker/u8:17/3658: [ 602.735257][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.735315][ T38] #1: ffffc9000d8cfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.735376][ T38] #2: ffff888021756300 (&devlink->lock_key#2){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 602.735444][ T38] #3: ffff88805dbe8920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 602.735514][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 602.735571][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.735627][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.735687][ T38] 3 locks held by dhcpcd/5506: [ 602.735699][ T38] #0: ffff888033cc6650 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xc2f/0x2a70 [ 602.735761][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.735817][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.735875][ T38] 2 locks held by getty/5601: [ 602.735888][ T38] #0: ffff88823bf800a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 602.735952][ T38] #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 602.736010][ T38] 2 locks held by dhcpcd/5644: [ 602.736023][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.736079][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.736137][ T38] 3 locks held by syz-executor/5829: [ 602.736150][ T38] #0: ffff88802fcfa1d0 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_sendmsg+0x21/0x50 [ 602.736206][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.736263][ T38] #2: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.736321][ T38] 4 locks held by syz-executor/5840: [ 602.736333][ T38] #0: ffff88803d8a7538 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 602.736394][ T38] #1: ffff88806403cf90 (sk_lock-AF_INET){+.+.}-{0:0}, at: tcp_close+0x1d/0x110 [ 602.736457][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.736522][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.736580][ T38] 4 locks held by kworker/u9:4/5848: [ 602.736593][ T38] #0: ffff88814d722938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.736651][ T38] #1: ffffc90004a7fbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.736710][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.736767][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.736825][ T38] 1 lock held by syz-executor/5851: [ 602.736838][ T38] #0: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 602.736905][ T38] 6 locks held by kworker/0:3/5893: [ 602.736918][ T38] #0: ffff88802a735938 ((wq_completion)wg-kex-wg1#10){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.736982][ T38] #1: ffffc90004d3fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.737061][ T38] #2: ffff8880282595f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 602.737119][ T38] #3: ffff888023a49928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 602.737176][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.737232][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.737292][ T38] 4 locks held by kworker/1:3/5911: [ 602.737304][ T38] #0: ffff888021761538 ((wq_completion)wg-crypt-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.737362][ T38] #1: ffffc90004e3fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.737439][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.737503][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.737564][ T38] 4 locks held by kworker/0:6/5980: [ 602.737578][ T38] 4 locks held by kworker/1:6/6000: [ 602.737591][ T38] #0: ffff888036795d38 ((wq_completion)wg-kex-wg2#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.737655][ T38] #1: ffffc9000523fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.737735][ T38] #2: ffff88803d0255f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 602.737792][ T38] #3: ffff88805e4be350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 602.737849][ T38] 2 locks held by kworker/0:7/6025: [ 602.737862][ T38] 4 locks held by kworker/0:8/6049: [ 602.737874][ T38] #0: ffff88805bd7b938 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.737937][ T38] #1: ffffc9000526fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.738015][ T38] #2: ffff888035f555f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 602.738073][ T38] #3: ffff88805e4b9928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 602.738131][ T38] 4 locks held by kworker/0:9/6050: [ 602.738144][ T38] #0: ffff88803ae82d38 ((wq_completion)wg-crypt-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.738207][ T38] #1: ffffc90005e7fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.738285][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.738342][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.738401][ T38] 3 locks held by kworker/u8:18/6952: [ 602.738413][ T38] #0: ffff888019f2c138 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.738472][ T38] #1: ffffc9000477fbc0 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.738540][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: cfg80211_dfs_channels_update_work+0xb6/0x630 [ 602.738598][ T38] 4 locks held by kworker/u8:19/6953: [ 602.738611][ T38] #0: ffff888035cff138 ((wq_completion)wg-kex-wg1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.738675][ T38] #1: ffffc900042bfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.738734][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.738790][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.738847][ T38] 6 locks held by kworker/u8:20/6954: [ 602.738859][ T38] #0: ffff8880379ec138 ((wq_completion)wg-kex-wg0#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.738923][ T38] #1: ffffc900041dfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.738982][ T38] #2: ffff888037df55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.739038][ T38] #3: ffff88805e4bce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.739095][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.739151][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.739210][ T38] 5 locks held by kworker/u8:23/6957: [ 602.739222][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.739280][ T38] #1: ffffc9000418fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.739338][ T38] #2: ffff888051840898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 602.739400][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.739456][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.739520][ T38] 4 locks held by kworker/u8:26/6960: [ 602.739533][ T38] #0: ffff888033a0b938 ((wq_completion)wg-kex-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.739595][ T38] #1: ffffc900042afbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.739654][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.739711][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.739768][ T38] 4 locks held by kworker/u8:28/6962: [ 602.739782][ T38] #0: ffff8880307a2938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.739838][ T38] #1: ffffc9000413fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.739897][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.739953][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.740012][ T38] 6 locks held by kworker/u8:31/6966: [ 602.740024][ T38] #0: ffff888036b6b938 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.740087][ T38] #1: ffffc9000428fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.740146][ T38] #2: ffff888035f555f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.740203][ T38] #3: ffff88805e4b9928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.740260][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.740317][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.740375][ T38] 4 locks held by kworker/u8:32/6967: [ 602.740388][ T38] #0: ffff88803990e938 ((wq_completion)wg-kex-wg2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.740445][ T38] #1: ffffc900041bfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.740510][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.740568][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.740626][ T38] 6 locks held by kworker/u8:33/6968: [ 602.740639][ T38] #0: ffff888035cfe138 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.740702][ T38] #1: ffffc9000415fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.740761][ T38] #2: ffff8880307b15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.740818][ T38] #3: ffff88805e4b83f8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.740875][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.740931][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.740990][ T38] 2 locks held by kworker/u8:34/6969: [ 602.741003][ T38] 3 locks held by kworker/u8:41/6982: [ 602.741016][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.741073][ T38] #1: ffffc9000438fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.741131][ T38] #2: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 602.741184][ T38] 3 locks held by kworker/u8:42/6985: [ 602.741197][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.741269][ T38] #1: ffffc9000426fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.814778][ T38] #2: ffff88805ff70898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 602.814846][ T38] 4 locks held by kworker/u8:43/6986: [ 602.814860][ T38] #0: ffff888033a0f938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.814923][ T38] #1: ffffc900040afbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.814982][ T38] #2: ffff8880327495f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.815041][ T38] #3: ffff888023a4a3c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.815099][ T38] 2 locks held by kworker/R-wg-cr/11426: [ 602.815113][ T38] 4 locks held by kworker/R-wg-cr/11427: [ 602.815126][ T38] #0: ffff88804a438538 ((wq_completion)wg-crypt-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.815189][ T38] #1: ffffc90003a6fba0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.815248][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.815306][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.815364][ T38] 2 locks held by napi/wg0-0/11671: [ 602.815377][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.815434][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.815501][ T38] 3 locks held by syz.1.2738/12168: [ 602.815514][ T38] #0: ffffffff8ed39740 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 602.815565][ T38] #1: ffffffff8ecd3738 (rtnl_mutex){+.+.}-{4:4}, at: nl80211_pre_doit+0x5f/0x930 [ 602.815619][ T38] #2: ffff88805fa80898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_stop+0x126/0x240 [ 602.815680][ T38] 4 locks held by kworker/1:7/12185: [ 602.815694][ T38] 4 locks held by kworker/1:9/12188: [ 602.815707][ T38] #0: ffff88805c5ef138 ((wq_completion)wg-kex-wg0#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.815770][ T38] #1: ffffc900040cfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.815847][ T38] #2: ffff888037df55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 602.815905][ T38] #3: ffff88805e4bc388 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 602.815963][ T38] 5 locks held by kworker/u8:0/12189: [ 602.815976][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.816033][ T38] #1: ffffc9000d27fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.816091][ T38] #2: ffff88804a530898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 602.816151][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.816207][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.816266][ T38] 4 locks held by kworker/u8:2/12190: [ 602.816278][ T38] #0: ffff888035cff138 ((wq_completion)wg-kex-wg1#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.816341][ T38] #1: ffffc90005ae7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.816400][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.816457][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.816522][ T38] 6 locks held by kworker/u8:6/12192: [ 602.816535][ T38] #0: ffff8880379e9138 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.816596][ T38] #1: ffffc90005d5fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.816654][ T38] #2: ffff888037df15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.816711][ T38] #3: ffff88805e4903f8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.816767][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.816823][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.816881][ T38] 1 lock held by dhcpcd/12196: [ 602.816894][ T38] #0: ffff88803d8db878 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 602.816956][ T38] 4 locks held by kworker/u8:7/12199: [ 602.816969][ T38] #0: ffff88805c3ff138 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.817032][ T38] #1: ffffc90004937bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.817091][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.817147][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.817205][ T38] 7 locks held by kworker/u8:11/12201: [ 602.817217][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.817275][ T38] #1: ffffc9000ceffbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.817336][ T38] #2: ffff88805fc0c300 (&devlink->lock_key#6){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 602.817403][ T38] #3: ffff88805ede2520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 602.817465][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 602.817528][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.817584][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.817642][ T38] 4 locks held by kworker/1:12/12203: [ 602.817655][ T38] #0: ffff88805bd7b938 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.817718][ T38] #1: ffffc90005aa7bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.817797][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.817853][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.817911][ T38] 5 locks held by kworker/1:13/12204: [ 602.817923][ T38] #0: ffff88805bd63938 ((wq_completion)wg-kex-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.817986][ T38] #1: ffffc90005a97bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.818061][ T38] #2: ffff8880307b55f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 602.818119][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.818175][ T38] #4: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.818235][ T38] 4 locks held by kworker/1:16/12208: [ 602.818247][ T38] #0: ffff888019899138 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.818306][ T38] #1: ffffc90005a2fbc0 ((work_completion)(&(&ipvs->defense_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.818364][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.818419][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.818478][ T38] 1 lock held by dhcpcd/12209: [ 602.818497][ T38] #0: ffff88805f32f538 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 602.818559][ T38] 6 locks held by kworker/u8:22/12212: [ 602.818571][ T38] #0: ffff88805bf45938 ((wq_completion)wg-kex-wg0){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.818629][ T38] #1: ffffc90005c8fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.818688][ T38] #2: ffff88805c05d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.818744][ T38] #3: ffff88805e160e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.818800][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.818856][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.818915][ T38] 6 locks held by kworker/u8:24/12215: [ 602.818928][ T38] #0: ffff888035cfe138 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.818990][ T38] #1: ffffc900059c7bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.819048][ T38] #2: ffff8880307b15f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 602.819106][ T38] #3: ffff88805e4b8e90 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 602.819161][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.819218][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.819276][ T38] 4 locks held by kworker/u8:27/12218: [ 602.819289][ T38] #0: ffff88805c3ff138 ((wq_completion)wg-kex-wg1#7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.819351][ T38] #1: ffffc90005bbfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.819410][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.819466][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.819530][ T38] 7 locks held by kworker/u8:29/12219: [ 602.819543][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.819600][ T38] #1: ffffc90005b9fbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.819660][ T38] #2: ffff88805da8d300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 602.819725][ T38] #3: ffff88805da03120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 602.819788][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 602.819843][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.819900][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.819957][ T38] 2 locks held by kworker/0:5/12220: [ 602.819970][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.820027][ T38] #1: ffffc90005b77bc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.820085][ T38] 1 lock held by dhcpcd/12223: [ 602.820098][ T38] #0: ffff888025564350 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcd0 [ 602.820156][ T38] 5 locks held by syz-executor/12227: [ 602.820170][ T38] 4 locks held by kworker/0:11/12228: [ 602.820182][ T38] #0: ffff88805bd63938 ((wq_completion)wg-kex-wg1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.820246][ T38] #1: ffffc900054ffbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.820325][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.820380][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.820438][ T38] 6 locks held by kworker/0:12/12229: [ 602.820451][ T38] #0: ffff888036795d38 ((wq_completion)wg-kex-wg2#8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 602.820519][ T38] #1: ffffc900054efbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 602.820598][ T38] #2: ffff88803d0255f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 602.820656][ T38] #3: ffff88805e4be350 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 602.820711][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 602.820768][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 602.820829][ T38] [ 602.820836][ T38] ============================================= [ 602.820836][ T38] [ 602.820858][ T38] NMI backtrace for cpu 0 [ 602.820883][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 602.820907][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 602.820921][ T38] Call Trace: [ 602.820930][ T38] [ 602.820940][ T38] dump_stack_lvl+0x189/0x250 [ 602.820979][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 602.821013][ T38] ? __pfx__printk+0x10/0x10 [ 602.821051][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 602.821084][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 602.821116][ T38] ? __pfx__printk+0x10/0x10 [ 602.821146][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 602.821176][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 602.821209][ T38] watchdog+0xf93/0xfe0 [ 602.821258][ T38] ? watchdog+0x1de/0xfe0 [ 602.821297][ T38] kthread+0x70e/0x8a0 [ 602.821332][ T38] ? __pfx_watchdog+0x10/0x10 [ 602.821359][ T38] ? __pfx_kthread+0x10/0x10 [ 602.821399][ T38] ? __pfx_kthread+0x10/0x10 [ 602.821434][ T38] ret_from_fork+0x439/0x7d0 [ 602.821466][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 602.821509][ T38] ? __switch_to_asm+0x39/0x70 [ 602.821530][ T38] ? __switch_to_asm+0x33/0x70 [ 602.821549][ T38] ? __pfx_kthread+0x10/0x10 [ 602.821584][ T38] ret_from_fork_asm+0x1a/0x30 [ 602.821624][ T38] [ 602.821686][ T38] Sending NMI from CPU 0 to CPUs 1: [ 602.821719][ C1] NMI backtrace for cpu 1 [ 602.821734][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 602.821756][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 602.821767][ C1] RIP: 0010:__lock_acquire+0x4f2/0xd20 [ 602.821793][ C1] Code: 4c 8d 3c c7 49 81 c7 40 0b 00 00 eb 1d 44 89 e0 48 ff c3 48 63 8f 18 0b 00 00 49 83 c7 28 41 89 c4 48 39 cb 0f 8d d6 00 00 00 <48> 83 fb 31 0f 83 92 00 00 00 41 8b 07 25 ff 1f 00 00 48 0f a3 05 [ 602.821808][ C1] RSP: 0018:ffffc90000a3e908 EFLAGS: 00000086 [ 602.821824][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffffff [ 602.821836][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88801caf1dc0 [ 602.821848][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8172c165 [ 602.821861][ C1] R10: ffffc90000a3eb58 R11: ffffffff81aaf310 R12: ffffffffffffff05 [ 602.821875][ C1] R13: 0000000000000001 R14: ffff88801caf29d0 R15: ffff88801caf2900 [ 602.821888][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 602.821903][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 602.821916][ C1] CR2: 00007fc06a658710 CR3: 0000000024638000 CR4: 00000000003526f0 [ 602.821932][ C1] Call Trace: [ 602.821938][ C1] [ 602.821949][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.821974][ C1] lock_acquire+0x120/0x360 [ 602.821997][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.822026][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.822051][ C1] ? skb_release_data+0x62d/0x7c0 [ 602.822068][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.822093][ C1] unwind_next_frame+0xc2/0x2390 [ 602.822118][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.822145][ C1] ? unwind_next_frame+0xa5/0x2390 [ 602.822170][ C1] ? kmem_cache_free+0x195/0x510 [ 602.822199][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 602.822219][ C1] arch_stack_walk+0x11c/0x150 [ 602.822258][ C1] ? skb_release_data+0x62d/0x7c0 [ 602.822277][ C1] stack_trace_save+0x9c/0xe0 [ 602.822296][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 602.822320][ C1] ? __lock_acquire+0xab9/0xd20 [ 602.822344][ C1] kasan_save_track+0x3e/0x80 [ 602.822364][ C1] ? kasan_save_track+0x3e/0x80 [ 602.822384][ C1] ? kasan_save_free_info+0x46/0x50 [ 602.822400][ C1] ? __kasan_slab_free+0x5b/0x80 [ 602.822422][ C1] ? kmem_cache_free+0x195/0x510 [ 602.822446][ C1] ? skb_release_data+0x62d/0x7c0 [ 602.822487][ C1] kasan_save_free_info+0x46/0x50 [ 602.822506][ C1] __kasan_slab_free+0x5b/0x80 [ 602.822527][ C1] ? skb_release_data+0x62d/0x7c0 [ 602.822543][ C1] kmem_cache_free+0x195/0x510 [ 602.822570][ C1] skb_release_data+0x62d/0x7c0 [ 602.822592][ C1] consume_skb+0x9e/0xf0 [ 602.822619][ C1] nft_synproxy_eval_v4+0x376/0x560 [ 602.822642][ C1] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 602.822664][ C1] ? nf_ip_checksum+0x13c/0x510 [ 602.822685][ C1] nft_synproxy_do_eval+0x345/0x570 [ 602.822707][ C1] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 602.822727][ C1] ? __pfx___ip_vs_conn_in_get+0x10/0x10 [ 602.822755][ C1] nft_do_chain+0x409/0x1920 [ 602.822781][ C1] ? __pfx_nft_do_chain+0x10/0x10 [ 602.822802][ C1] ? __pfx_ip_vs_conn_out_get_proto+0x10/0x10 [ 602.822834][ C1] ? ip_vs_out_hook+0x9b5/0xef0 [ 602.822858][ C1] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 602.822884][ C1] nft_do_chain_inet+0x25d/0x340 [ 602.822902][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 602.822928][ C1] ? NF_HOOK+0x9a/0x3a0 [ 602.822952][ C1] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 602.822971][ C1] nf_hook_slow+0xc5/0x220 [ 602.823000][ C1] NF_HOOK+0x206/0x3a0 [ 602.823025][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 602.823050][ C1] ? NF_HOOK+0x9a/0x3a0 [ 602.823074][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 602.823097][ C1] ? ip_rcv_finish_core+0xda3/0x1c00 [ 602.823125][ C1] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 602.823152][ C1] ? skb_dst+0x4f/0xd0 [ 602.823177][ C1] ? ip_local_deliver+0x12a/0x1b0 [ 602.823203][ C1] NF_HOOK+0x309/0x3a0 [ 602.823228][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 602.823258][ C1] ? NF_HOOK+0x9a/0x3a0 [ 602.823282][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 602.823308][ C1] ? __pfx_ip_rcv_finish+0x10/0x10 [ 602.823338][ C1] ? __pfx_ip_rcv+0x10/0x10 [ 602.823362][ C1] __netif_receive_skb+0x143/0x380 [ 602.823385][ C1] ? rt_spin_unlock+0x65/0x80 [ 602.823409][ C1] ? process_backlog+0x27b/0x900 [ 602.823434][ C1] process_backlog+0x31e/0x900 [ 602.823463][ C1] __napi_poll+0xb3/0x540 [ 602.823488][ C1] net_rx_action+0x707/0xe00 [ 602.823522][ C1] ? __pfx_net_rx_action+0x10/0x10 [ 602.823564][ C1] handle_softirqs+0x22f/0x710 [ 602.823592][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 602.823620][ C1] run_ktimerd+0xcf/0x190 [ 602.823645][ C1] ? __pfx_run_ktimerd+0x10/0x10 [ 602.823670][ C1] ? schedule+0x91/0x360 [ 602.823698][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 602.823720][ C1] smpboot_thread_fn+0x53f/0xa60 [ 602.823743][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 602.823770][ C1] kthread+0x70e/0x8a0 [ 602.823798][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 602.823821][ C1] ? __pfx_kthread+0x10/0x10 [ 602.823851][ C1] ? __pfx_kthread+0x10/0x10 [ 602.823878][ C1] ret_from_fork+0x439/0x7d0 [ 602.823902][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 602.823929][ C1] ? __switch_to_asm+0x39/0x70 [ 602.823946][ C1] ? __switch_to_asm+0x33/0x70 [ 602.823962][ C1] ? __pfx_kthread+0x10/0x10 [ 602.823990][ C1] ret_from_fork_asm+0x1a/0x30 [ 602.824015][ C1] [ 602.877572][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 602.877598][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 602.877626][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 602.877640][ T38] Call Trace: [ 602.877649][ T38] [ 602.877660][ T38] dump_stack_lvl+0x99/0x250 [ 602.877698][ T38] ? __asan_memcpy+0x40/0x70 [ 602.877722][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 602.877756][ T38] ? __pfx__printk+0x10/0x10 [ 602.877795][ T38] vpanic+0x281/0x750 [ 602.877833][ T38] ? __pfx_vpanic+0x10/0x10 [ 602.877863][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 602.877886][ T38] ? preempt_schedule+0xae/0xc0 [ 602.877921][ T38] ? preempt_schedule_common+0x83/0xd0 [ 602.877962][ T38] panic+0xb9/0xc0 [ 602.877993][ T38] ? __pfx_panic+0x10/0x10 [ 602.878027][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 602.878061][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 602.878094][ T38] watchdog+0xfd2/0xfe0 [ 602.878129][ T38] ? watchdog+0x1de/0xfe0 [ 602.878166][ T38] kthread+0x70e/0x8a0 [ 602.878204][ T38] ? __pfx_watchdog+0x10/0x10 [ 602.878232][ T38] ? __pfx_kthread+0x10/0x10 [ 602.878272][ T38] ? __pfx_kthread+0x10/0x10 [ 602.878308][ T38] ret_from_fork+0x439/0x7d0 [ 602.878340][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 602.878375][ T38] ? __switch_to_asm+0x39/0x70 [ 602.878394][ T38] ? __switch_to_asm+0x33/0x70 [ 602.878415][ T38] ? __pfx_kthread+0x10/0x10 [ 602.878451][ T38] ret_from_fork_asm+0x1a/0x30 [ 602.878498][ T38] [ 602.881025][ T38] Kernel Offset: disabled