last executing test programs: 3m48.393045366s ago: executing program 1 (id=422): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001e00010a00000000000000a42d"], 0x14}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3m48.028249519s ago: executing program 1 (id=423): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 3m44.720660081s ago: executing program 1 (id=441): r0 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x47fa, 0x0, 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10100, 0x1}) 3m44.092257989s ago: executing program 1 (id=450): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262) 3m43.931731288s ago: executing program 1 (id=452): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$rds(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000002800)}, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) 3m41.863883113s ago: executing program 1 (id=463): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x40}) fcntl$lock(r0, 0x7, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7}) 3m41.440504134s ago: executing program 32 (id=463): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x0, 0x0, 0x40}) fcntl$lock(r0, 0x7, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x2}) fcntl$lock(r0, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7}) 2m39.723340682s ago: executing program 5 (id=1011): r0 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}}, 0x8, {0x2, 0x4e21, @dev}}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x0, @local}, 0x42, {0x2, 0x0, @multicast2}, 'syz_tun\x00'}) 2m39.614861695s ago: executing program 5 (id=1013): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000300)=[{&(0x7f00000003c0)="580000001400192340834b80040d8c560a117436c379000000000000000058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000a0c100000000000224e0000", 0x58}], 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 2m39.389582678s ago: executing program 5 (id=1016): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000000)={0x3, 0x0, [{0x1, 0x10000, 0x0, 0xffffcab7, 0x9, 0x5, 0x3}, {0xd, 0x100000, 0x7, 0x3, 0x6, 0x400, 0x82b}, {0x80000008, 0x0, 0x7, 0x4, 0x198b, 0x9956, 0x40e6cf49}]}) 2m38.798914668s ago: executing program 5 (id=1024): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x5, 0x2, 0x7, 0x2, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4000}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 2m38.595237945s ago: executing program 5 (id=1028): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) fchown(r1, 0x0, 0x0) 2m38.347670148s ago: executing program 5 (id=1031): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x90000015}) 2m23.21463846s ago: executing program 33 (id=1031): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x90000015}) 1m19.408460265s ago: executing program 0 (id=1724): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffffe, 0x20031, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f0000001840)=""/42, &(0x7f0000000100)=0x2a) 1m19.218760701s ago: executing program 0 (id=1726): r0 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000100)={r0}) bind$xdp(r1, &(0x7f0000000080)={0x2d, 0x0, 0x0, 0xc}, 0x10) close(r0) 1m19.036643353s ago: executing program 0 (id=1729): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) setrlimit(0xb, 0x0) 1m17.170016434s ago: executing program 3 (id=1742): r0 = fsopen(&(0x7f00000000c0)='nilfs2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='fd', 0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x0, 0x0, 0x0) 1m17.068973934s ago: executing program 3 (id=1743): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x6c, 0x30, 0x871a15abc695f83f, 0x70bd27, 0x1, {}, [{0x58, 0x1, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x5c, 0x8001, 0x3, 0x5, 0xfffffff8}, @multicast1, @multicast1, 0xffffff00, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x6c}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1m16.994657915s ago: executing program 3 (id=1744): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r0, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="2801"], 0x128}, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29) 1m16.638723762s ago: executing program 3 (id=1747): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2901, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x1, 0x0, @ioapic={0x2, 0x296a, 0xf7f, 0x3, 0x0, [{0x1, 0x27, 0x81, '\x00', 0x7f}, {0xfd, 0xc, 0x81, '\x00', 0xf1}, {0xe9, 0x4, 0x8, '\x00', 0x4}, {0x7, 0x8, 0x3, '\x00', 0x8f}, {0xff, 0x80, 0xb1, '\x00', 0x7}, {0xf, 0xc, 0x28, '\x00', 0xaa}, {0x7f, 0x8, 0x1, '\x00', 0x3}, {0x1, 0x3, 0x2, '\x00', 0x67}, {0x2, 0x7, 0x91, '\x00', 0x8}, {0xc, 0x3, 0x43, '\x00', 0x80}, {0xfc, 0x8, 0x4, '\x00', 0x3}, {0x2, 0x3, 0xff, '\x00', 0x8}, {0x6, 0x8, 0x4, '\x00', 0xa6}, {0x8, 0x0, 0xa, '\x00', 0x9}, {0x4, 0x4e, 0x9}, {0x6, 0x5e, 0x5, '\x00', 0x3}, {0x2, 0x5, 0x7, '\x00', 0x5}, {0x0, 0x3, 0x3, '\x00', 0xff}, {0x5, 0x1, 0xb, '\x00', 0x3}, {0x4, 0x6, 0xb, '\x00', 0x3}, {0x7f, 0xf1, 0xf, '\x00', 0x4}, {0x7, 0x40, 0x9, '\x00', 0x10}, {0x8, 0x8, 0x1, '\x00', 0x7}, {0x2, 0xc, 0x91, '\x00', 0x1}]}}) ioctl$KVM_SET_IRQCHIP(r1, 0xc048aec8, &(0x7f0000000080)={0x1, 0x0, @pic={0x0, 0x81, 0x9, 0x5, 0x3c, 0xfd, 0x5, 0x9, 0x4, 0xfc, 0xff, 0x8, 0x55, 0x9, 0xf7, 0x7}}) 1m16.088468881s ago: executing program 0 (id=1750): r0 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x5a51, 0x10080, 0x0, 0xbf}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000100)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1b}, 0x3}, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 1m16.066750418s ago: executing program 3 (id=1751): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000280)=0x630a, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000f80)=[{{0x0, 0xfffffffffffffdba, &(0x7f0000000980)=[{&(0x7f0000000300)=""/122}, {&(0x7f0000000780)=""/126}, {&(0x7f00000004c0)=""/68}, {&(0x7f0000000540)=""/195}, {&(0x7f0000000640)=""/182}, {&(0x7f0000000700)=""/102}, {&(0x7f0000000180)=""/56}, {&(0x7f0000001000)=""/193}, {&(0x7f0000000880)=""/242}], 0x12, &(0x7f0000000a40)=""/126}, 0xe4}, {{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000440), 0x14}, {&(0x7f0000000ac0)=""/166}, {&(0x7f0000000b80)=""/173}, {&(0x7f0000000c40)=""/221}, {&(0x7f0000000d40)=""/236}, {&(0x7f0000000e40)=""/60}], 0x24, &(0x7f0000000800)=""/73}, 0x1}], 0x2a, 0x40012020, 0x0) 1m15.729516827s ago: executing program 3 (id=1754): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x23, 0x844}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x901}}}}}}]}, 0x48}}, 0x4) 1m15.432622724s ago: executing program 0 (id=1755): r0 = fsopen(&(0x7f0000000100)='mqueue\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0) 1m14.4809243s ago: executing program 4 (id=1761): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f0000006680)={0x0, 0x0, &(0x7f0000006640)={&(0x7f0000000180)=ANY=[@ANYBLOB="580000000102010100000000000000000a00000206000740000400003c"], 0x58}}, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0d030000000000000000130000001c000980080002"], 0x30}}, 0x0) 1m14.335462447s ago: executing program 4 (id=1762): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000ec0)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0xfff, 0x1}}, 0x20) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x2b00, 0x405, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 1m14.229872915s ago: executing program 4 (id=1763): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) nanosleep(&(0x7f0000000280)={0x0, 0x3938700}, 0x0) 1m12.746550371s ago: executing program 2 (id=1765): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) inotify_init() 1m12.57147954s ago: executing program 4 (id=1766): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10) 1m12.28881265s ago: executing program 2 (id=1767): bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) 1m12.005891935s ago: executing program 4 (id=1768): r0 = io_uring_setup(0x1a7, &(0x7f0000000000)={0x0, 0xfca0, 0x2, 0x1, 0x271}) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0) io_uring_register$IORING_REGISTER_RING_FDS(r0, 0x13, &(0x7f0000001bc0), 0x2) 1m11.795080265s ago: executing program 4 (id=1769): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000100000100c2800008000500ffffffff08000500", @ANYRES32=r2], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) 1m0.921080567s ago: executing program 0 (id=1770): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r0, 0x9, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0xfe}]}]}, 0x28}}, 0x20044000) 1m0.349975217s ago: executing program 34 (id=1754): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfc, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x23, 0x844}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x901}}}}}}]}, 0x48}}, 0x4) 58.299165834s ago: executing program 2 (id=1773): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x26001) 56.208655584s ago: executing program 35 (id=1769): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5000000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="1111020031880000280012800b0001006d61637365630000180002800c0004000100000100c2800008000500ffffffff08000500", @ANYRES32=r2], 0x50}, 0x1, 0x0, 0x0, 0x48890}, 0x0) 55.211434484s ago: executing program 2 (id=1778): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = memfd_create(&(0x7f00000008c0)='\xdd#\x00\xe6Z\x00\xafq%\xa5\x83\xa6#\r\x83y\xf3\xb2\xe6b\x00\x00\x00\x00\x00\x00\x00\x01\x00\xf9\xff\xff\xff\x00\x17?$^\xe1Ob\xe1Y\x03\x00\x00\x00\x00\x00\x00\x00\xce\xe5\x19THP\xf4O\xe2\x9f\xd9\xae\xcf>/\xdc\xaa<\x96\xedE>{\x05\x00\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xa2c\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0\xb04\xb7T5\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x06\xb5\x03\x8a\xc40\xbe\xe3\x93A\x15\xec\xdb\xaa\xdc\n\xcbC\x15\xfcp\x11\xdai\f{\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0%\x97!\xba\xe3J\x82t\x96\xf8\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83\x8e-k\x12\xdf\xb9\x87\xb6^r\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x00\xbc\xac\x18\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9w\xd2\r\t\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T[\xb7\xa4\xb0\bk&\xede\x8b\xc2\xb2\xcd\xef\xcf\x0fE\xc5\x86]\xc0]}\xdd^\xf6&\x16>c\x9d\x9c\xc9\x01\x04\x00\x00\xe9h\xbd\x10p\x8f\x14\x1f2\"\x1b;\xfda\x19\x8bo^\x96\x9a~Q\xce\x95\x02\xb8e\xbbG\xb0V[\xfe\x80\x94$y\x8a\\@\xa9^\x95!IJ\xcf\xf7\xafoX/qG\x97ITp\x01\xae\f\"n;%\xecT\xf6\xb6\xbf;\xde\xec\xb4z\xaa\xd9%\xa5;wy~\xcb\x9a\xd7\r\xe2\xcd\xf0C\x16\xbf0\x89\xb4\xf5\x86\xf3\x99\x9bq\xd3\x15\xe1:\x86\xe4\x14\x805K\xcf\xf6\xda\xd1A>\xf4r>\xfdyAH\x0f\x00'/426, 0x0) fsetxattr$security_ima(r1, &(0x7f0000000080), &(0x7f0000000040)=@md5={0x1, "d70ec82c696148625acfe64606069033"}, 0xfeb5, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 54.962555957s ago: executing program 2 (id=1779): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0xce2, 0x4) shutdown(r0, 0x1) sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000380)={0xa, 0x4e24, 0x81, @mcast1, 0x7}, 0x1c) 54.717355883s ago: executing program 2 (id=1780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close(r1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 45.564901939s ago: executing program 36 (id=1770): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x28, r0, 0x9, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0xfe}]}]}, 0x28}}, 0x20044000) 38.589311549s ago: executing program 37 (id=1780): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) close(r1) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) 18.435695456s ago: executing program 6 (id=1791): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x3, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0x3e57}, {0x6}]}, 0x10) sendmmsg$inet(r0, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0) 17.972702158s ago: executing program 6 (id=1792): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000)) 16.867850661s ago: executing program 6 (id=1793): set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r0}, 0x10) syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x4}, 0x0, 0x0) 15.754923735s ago: executing program 6 (id=1794): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) recvmmsg(r0, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}, 0xd57e}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=""/3, 0x3}, 0x101}], 0x2, 0x60010020, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10) 15.297252728s ago: executing program 6 (id=1795): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000380)=0x3) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000140)=[{0x0, 0x8, 0x0, 0xf2, @time={0x24}, {}, {}, @raw8={"3f5889e5d3adfc62a42c0d93"}}, {0x6, 0x0, 0x1, 0x81, @tick=0xffffff00, {0x8, 0x30}, {0x2}, @time=@tick=0x1}], 0x38) 15.101451551s ago: executing program 6 (id=1796): timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f0000000140), &(0x7f0000000180)) 0s ago: executing program 38 (id=1796): timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) timer_settime(r0, 0x1, &(0x7f0000000140), &(0x7f0000000180)) kernel console output (not intermixed with test programs): 74188][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.874409][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.100917][ T6930] vlan2: entered promiscuous mode [ 138.100938][ T6930] dummy0: entered promiscuous mode [ 138.101172][ T6930] vlan2: entered allmulticast mode [ 138.101185][ T6930] dummy0: entered allmulticast mode [ 138.513176][ T5833] cgroup: fork rejected by pids controller in /syz0 [ 139.305565][ T989] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 139.393352][ T6966] netlink: 'syz.4.393': attribute type 11 has an invalid length. [ 139.460726][ T989] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 139.460764][ T989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.478011][ T989] usb 4-1: config 0 descriptor?? [ 139.747309][ T989] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 139.949095][ T989] [drm:udl_init] *ERROR* Selecting channel failed [ 140.019483][ T989] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 140.019507][ T989] [drm] Initialized udl on minor 2 [ 140.046905][ T989] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 140.048644][ T989] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 140.110788][ T989] usb 4-1: USB disconnect, device number 4 [ 140.124034][ T5903] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 140.136345][ T5903] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 140.211997][ T67] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 140.389821][ T5923] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 140.480493][ T5841] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 140.503023][ T5841] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 140.516591][ T5841] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 140.535355][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 140.541438][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 140.544044][ T5841] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 140.593508][ T5923] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 140.593534][ T5923] usb 3-1: config 0 has no interface number 0 [ 140.619137][ T5923] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 140.619170][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.619193][ T5923] usb 3-1: Product: syz [ 140.619207][ T5923] usb 3-1: Manufacturer: syz [ 140.619223][ T5923] usb 3-1: SerialNumber: syz [ 140.639930][ T5923] usb 3-1: config 0 descriptor?? [ 140.649969][ T5923] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 140.761082][ T67] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.005048][ T5923] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 141.034126][ T5923] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 141.165597][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - xmit_empty message too short [ 141.212982][ T67] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.366717][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 141.368462][ T5923] usb 3-1: USB disconnect, device number 5 [ 141.413922][ T5923] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 141.439386][ T5923] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 141.440250][ T5923] quatech2 3-1:0.51: device disconnected [ 141.543674][ T7006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.410'. [ 141.543707][ T7006] netlink: 16 bytes leftover after parsing attributes in process `syz.3.410'. [ 141.692411][ T67] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 141.907300][ T7014] netlink: 60 bytes leftover after parsing attributes in process `syz.1.414'. [ 142.165825][ T7018] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 142.655972][ T5846] Bluetooth: hci0: command tx timeout [ 142.747865][ T67] bridge_slave_1: left allmulticast mode [ 142.748017][ T67] bridge_slave_1: left promiscuous mode [ 142.751500][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.891204][ T67] bridge_slave_0: left allmulticast mode [ 142.891240][ T67] bridge_slave_0: left promiscuous mode [ 142.891508][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.291379][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291417][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291441][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291482][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291507][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291531][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291555][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291579][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291604][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.291635][ T5903] hid-generic 00A0:0008:0003.0001: unknown main item tag 0x0 [ 144.441897][ T5903] hid-generic 00A0:0008:0003.0001: hidraw0: HID v0.05 Device [syz1] on syz0 [ 144.743603][ T5846] Bluetooth: hci0: command tx timeout [ 145.669208][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.726766][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.753474][ T67] bond0 (unregistering): Released all slaves [ 145.879025][ T6984] chnl_net:caif_netlink_parms(): no params data found [ 146.332651][ T7081] syz.4.440 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 146.825960][ T5846] Bluetooth: hci0: command tx timeout [ 147.300882][ T6984] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.301021][ T6984] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.301255][ T6984] bridge_slave_0: entered allmulticast mode [ 147.327413][ T6984] bridge_slave_0: entered promiscuous mode [ 147.346088][ T6984] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.346288][ T6984] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.346591][ T6984] bridge_slave_1: entered allmulticast mode [ 147.395108][ T6984] bridge_slave_1: entered promiscuous mode [ 148.655547][ T5924] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 148.809514][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.809548][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.809587][ T5924] usb 5-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00 [ 148.809610][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.815154][ T5924] usb 5-1: config 0 descriptor?? [ 148.895637][ T5846] Bluetooth: hci0: command tx timeout [ 148.973002][ T6984] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 148.995363][ T6984] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.175612][ T67] hsr_slave_0: left promiscuous mode [ 149.227463][ T67] hsr_slave_1: left promiscuous mode [ 149.234023][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 149.234122][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 149.262300][ T5924] cherry 0003:046A:0023.0002: unexpected long global item [ 149.263252][ T5924] cherry 0003:046A:0023.0002: probe with driver cherry failed with error -22 [ 149.311710][ T67] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 149.311741][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 149.472126][ T5903] usb 5-1: USB disconnect, device number 6 [ 149.475126][ T67] veth1_macvtap: left promiscuous mode [ 149.475337][ T67] veth0_macvtap: left promiscuous mode [ 149.493449][ T67] veth1_vlan: left promiscuous mode [ 149.493784][ T67] veth0_vlan: left promiscuous mode [ 150.253245][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 150.272468][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 150.281757][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 150.288702][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 150.290760][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 150.767476][ T1210] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 152.335807][ T5846] Bluetooth: hci1: command tx timeout [ 152.446582][ T67] team0 (unregistering): Port device team_slave_1 removed [ 152.626293][ T67] team0 (unregistering): Port device team_slave_0 removed [ 154.425658][ T5846] Bluetooth: hci1: command tx timeout [ 154.788713][ T7146] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 154.788950][ T7146] syzkaller1: linktype set to 1 [ 155.214001][ T6984] team0: Port device team_slave_0 added [ 155.272704][ T7161] team0: Device macvlan2 is already an upper device of the team interface [ 155.431421][ T6984] team0: Port device team_slave_1 added [ 155.749786][ T6984] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.749804][ T6984] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.749831][ T6984] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.757741][ T6984] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 155.757759][ T6984] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.757792][ T6984] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 155.875580][ T1230] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 156.028133][ T1230] usb 4-1: Using ep0 maxpacket: 16 [ 156.047672][ T1230] usb 4-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4 [ 156.047703][ T1230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.047723][ T1230] usb 4-1: Product: syz [ 156.047738][ T1230] usb 4-1: Manufacturer: syz [ 156.047753][ T1230] usb 4-1: SerialNumber: syz [ 156.105045][ T1230] usb 4-1: config 0 descriptor?? [ 156.120246][ T1230] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state. [ 156.318603][ T1230] gp8psk: usb in 128 operation failed. [ 156.320401][ T1230] gp8psk: usb in 137 operation failed. [ 156.320432][ T1230] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 156.321517][ T1230] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver) [ 156.321578][ T1230] usb 4-1: media controller created [ 156.380581][ T6984] hsr_slave_0: entered promiscuous mode [ 156.396790][ T6984] hsr_slave_1: entered promiscuous mode [ 156.432472][ T1230] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 156.460806][ T1230] gp8psk_fe: Frontend revision 1 attached [ 156.461469][ T1230] usb 4-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)... [ 156.462536][ T1230] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered. [ 156.495545][ T5846] Bluetooth: hci1: command tx timeout [ 156.788754][ T1230] gp8psk: usb in 137 operation failed. [ 156.788773][ T1230] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected. [ 156.788786][ T1230] gp8psk: found Genpix USB device pID = 201 (hex) [ 156.835054][ T1230] usb 4-1: USB disconnect, device number 5 [ 156.967658][ T1230] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected. [ 157.012034][ T7185] netlink: 32 bytes leftover after parsing attributes in process `syz.2.487'. [ 157.014455][ T7185] netlink: 32 bytes leftover after parsing attributes in process `syz.2.487'. [ 157.151397][ T7187] netlink: 76 bytes leftover after parsing attributes in process `syz.4.488'. [ 157.151436][ T7187] nbd: illegal input index -65456 [ 157.423491][ T7194] netlink: 'syz.2.492': attribute type 1 has an invalid length. [ 157.423515][ T7194] netlink: 144 bytes leftover after parsing attributes in process `syz.2.492'. [ 157.423543][ T7194] netlink: 36 bytes leftover after parsing attributes in process `syz.2.492'. [ 157.752291][ T7205] ip6gretap1: entered allmulticast mode [ 157.895804][ T7212] capability: warning: `syz.2.498' uses 32-bit capabilities (legacy support in use) [ 158.091701][ T3561] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.575641][ T5846] Bluetooth: hci1: command tx timeout [ 158.842167][ T3561] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.518029][ T3561] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.567285][ T7142] chnl_net:caif_netlink_parms(): no params data found [ 159.625579][ T1230] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 159.775808][ T1230] usb 4-1: Using ep0 maxpacket: 8 [ 159.778519][ T1230] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 159.778550][ T1230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.823359][ T1230] pvrusb2: Hardware description: Terratec Grabster AV400 [ 159.823381][ T1230] pvrusb2: ********** [ 159.823388][ T1230] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 159.823401][ T1230] pvrusb2: Important functionality might not be entirely working. [ 159.823411][ T1230] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 159.823439][ T1230] pvrusb2: ********** [ 160.012794][ T3561] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.073186][ T2368] pvrusb2: Invalid write control endpoint [ 160.181413][ T2368] pvrusb2: Invalid write control endpoint [ 160.181429][ T2368] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 160.181439][ T2368] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 160.181447][ T2368] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 160.181458][ T2368] pvrusb2: Device being rendered inoperable [ 160.229530][ T2368] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 160.229599][ T2368] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 160.233690][ T2368] pvrusb2: Attached sub-driver cx25840 [ 160.233711][ T2368] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 160.233723][ T2368] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 160.290936][ T5923] usb 4-1: USB disconnect, device number 6 [ 160.827433][ T7142] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.829722][ T7142] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.829959][ T7142] bridge_slave_0: entered allmulticast mode [ 160.846260][ T7142] bridge_slave_0: entered promiscuous mode [ 161.025772][ T7142] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.025924][ T7142] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.029700][ T7142] bridge_slave_1: entered allmulticast mode [ 161.032619][ T7142] bridge_slave_1: entered promiscuous mode [ 161.557817][ T7142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 161.632457][ T7142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 161.650527][ T7287] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 162.035541][ T5847] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 162.136576][ T7142] team0: Port device team_slave_0 added [ 162.137274][ T3561] bridge_slave_1: left allmulticast mode [ 162.137303][ T3561] bridge_slave_1: left promiscuous mode [ 162.137568][ T3561] bridge0: port 2(bridge_slave_1) entered disabled state [ 162.188164][ T5847] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 162.188195][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.214867][ T5847] usb 5-1: config 0 descriptor?? [ 162.268981][ T3561] bridge_slave_0: left allmulticast mode [ 162.269012][ T3561] bridge_slave_0: left promiscuous mode [ 162.269309][ T3561] bridge0: port 1(bridge_slave_0) entered disabled state [ 162.440805][ T5847] udl 5-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 162.595666][ T5924] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 162.645593][ T5847] [drm:udl_init] *ERROR* Selecting channel failed [ 162.670807][ T5847] [drm] Initialized udl 0.0.1 for 5-1:0.0 on minor 2 [ 162.670829][ T5847] [drm] Initialized udl on minor 2 [ 162.672912][ T5847] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 162.673260][ T5847] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 162.674860][ T1230] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 162.721248][ T1230] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 162.721436][ T1230] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 162.721942][ T5847] usb 5-1: USB disconnect, device number 7 [ 162.745488][ T5924] usb 4-1: Using ep0 maxpacket: 32 [ 162.754371][ T5924] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 162.754397][ T5924] usb 4-1: config 0 has no interface number 0 [ 162.775051][ T5924] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 162.775099][ T5924] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.775120][ T5924] usb 4-1: Product: syz [ 162.775135][ T5924] usb 4-1: Manufacturer: syz [ 162.775149][ T5924] usb 4-1: SerialNumber: syz [ 162.824827][ T5924] usb 4-1: config 0 descriptor?? [ 162.838325][ T5924] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 163.089567][ T5924] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 163.111430][ T5924] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 163.432979][ T7311] slcan: can't register candev [ 163.433407][ T7311] Falling back ldisc for ttyS3. [ 163.487330][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 163.488299][ T5923] usb 4-1: USB disconnect, device number 7 [ 163.560211][ T5923] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 163.614432][ T5923] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 163.615333][ T5923] quatech2 4-1:0.51: device disconnected [ 164.757027][ T7333] netlink: 'syz.2.551': attribute type 11 has an invalid length. [ 164.757072][ T7333] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.551'. [ 164.894049][ T7332] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.976909][ T3561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 165.037509][ T3561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.083496][ T3561] bond0 (unregistering): Released all slaves [ 165.131575][ T7142] team0: Port device team_slave_1 added [ 165.190745][ T7315] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 165.190977][ T7315] macsec1: entered allmulticast mode [ 165.192258][ T7315] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 165.246329][ T7315] netdevsim netdevsim4 netdevsim0: left allmulticast mode [ 165.246747][ T7315] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 165.367202][ T7325] netem: incorrect gi model size [ 165.367239][ T7325] netem: change failed [ 166.198699][ T6984] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 166.276497][ T7142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.276514][ T7142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.276542][ T7142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.720165][ T7142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.720181][ T7142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.720205][ T7142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.721028][ T6984] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 166.967460][ T6984] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 167.043329][ T6984] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 167.346497][ T989] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 167.375573][ T3561] hsr_slave_0: left promiscuous mode [ 167.402042][ T3561] hsr_slave_1: left promiscuous mode [ 167.403613][ T3561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.403635][ T3561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.446786][ T3561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.446817][ T3561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.495568][ T989] usb 3-1: Using ep0 maxpacket: 32 [ 167.497993][ T989] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 167.498023][ T989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.517431][ T989] usb 3-1: config 0 descriptor?? [ 167.528918][ T989] gspca_main: sq930x-2.14.0 probing 041e:403c [ 167.711025][ T3561] veth1_macvtap: left promiscuous mode [ 167.712405][ T3561] veth0_macvtap: left promiscuous mode [ 167.713660][ T3561] veth1_vlan: left promiscuous mode [ 167.714579][ T3561] veth0_vlan: left promiscuous mode [ 168.384630][ T7398] overlayfs: failed to clone lowerpath [ 168.423058][ T989] gspca_sq930x: reg_w 0105 bf00 failed -71 [ 168.475769][ T989] sq930x 3-1:0.0: probe with driver sq930x failed with error -71 [ 168.488340][ T989] usb 3-1: USB disconnect, device number 6 [ 168.886175][ T7408] netlink: 31 bytes leftover after parsing attributes in process `syz.3.582'. [ 170.377659][ T3561] team0 (unregistering): Port device team_slave_1 removed [ 170.576619][ T3561] team0 (unregistering): Port device team_slave_0 removed [ 172.772836][ T7407] gretap0: entered promiscuous mode [ 172.889525][ T7142] hsr_slave_0: entered promiscuous mode [ 172.890832][ T7142] hsr_slave_1: entered promiscuous mode [ 172.891737][ T7142] debugfs: 'hsr0' already exists in 'hsr' [ 172.891762][ T7142] Cannot create hsr debugfs directory [ 173.944284][ T7441] use of bytesused == 0 is deprecated and will be removed in the future, [ 173.944300][ T7441] use the actual size instead. [ 174.262947][ T7142] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 174.300988][ T7450] ALSA: mixer_oss: invalid OSS volume '' [ 174.711107][ T7457] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.779916][ T7142] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 174.835548][ T7142] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 174.886504][ T7142] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 174.971677][ T6984] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.070694][ T6984] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.122846][ T3561] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.125640][ T3561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.191460][ T1282] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.191598][ T1282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.299171][ T7474] netlink: 4 bytes leftover after parsing attributes in process `syz.4.606'. [ 175.707379][ T7142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.813082][ T7142] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.888551][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.889957][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.940158][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.940374][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 176.327814][ T6984] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.613722][ T6984] veth0_vlan: entered promiscuous mode [ 176.641535][ T6984] veth1_vlan: entered promiscuous mode [ 176.743407][ T6984] veth0_macvtap: entered promiscuous mode [ 176.771120][ T6984] veth1_macvtap: entered promiscuous mode [ 176.805302][ T6984] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 176.843282][ T6984] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.900205][ T1282] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.916269][ T1282] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.923035][ T1282] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 176.928141][ T1282] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.313137][ T7142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.495973][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.495993][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.646069][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 177.646090][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 177.958063][ T7536] pimreg: tun_chr_ioctl cmd 1074025673 [ 178.105620][ T5895] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 178.255598][ T5895] usb 3-1: Using ep0 maxpacket: 32 [ 178.258081][ T5895] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 178.258108][ T5895] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 178.258129][ T5895] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 178.258150][ T5895] usb 3-1: config 1 has no interface number 0 [ 178.258199][ T5895] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 178.258226][ T5895] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 178.258269][ T5895] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 178.258292][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.302772][ T5895] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 178.470852][ T7142] veth0_vlan: entered promiscuous mode [ 178.584041][ T5895] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 178.622968][ T7142] veth1_vlan: entered promiscuous mode [ 178.802439][ T7142] veth0_macvtap: entered promiscuous mode [ 178.834702][ T7142] veth1_macvtap: entered promiscuous mode [ 178.913529][ T7557] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.637'. [ 178.933248][ T7142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 178.966916][ T5924] usb 3-1: USB disconnect, device number 7 [ 178.974419][ T5924] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 179.005290][ T7142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.040451][ T3561] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.057516][ T3561] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.058080][ T3561] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.058124][ T3561] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.480155][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.480170][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.658658][ T1282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 179.658678][ T1282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 179.972461][ T7581] netlink: 'syz.3.647': attribute type 10 has an invalid length. [ 179.989985][ T7583] netlink: 16215 bytes leftover after parsing attributes in process `syz.2.649'. [ 180.068709][ T7581] geneve0: entered promiscuous mode [ 180.132151][ T7581] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 180.295627][ T7589] netlink: 64 bytes leftover after parsing attributes in process `syz.2.651'. [ 180.408735][ T38] audit: type=1804 audit(1756428408.429:3): pid=7593 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.652" name="/newroot/155/bus" dev="tmpfs" ino=803 res=1 errno=0 [ 181.429532][ T5924] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 181.529410][ T7630] program syz.2.669 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.582759][ T5924] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 181.582793][ T5924] usb 5-1: config 0 has no interface number 0 [ 181.582826][ T5924] usb 5-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 181.582965][ T5924] usb 5-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 181.582993][ T5924] usb 5-1: config 0 interface 255 has no altsetting 0 [ 181.583028][ T5924] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 181.583050][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.658355][ T5924] usb 5-1: config 0 descriptor?? [ 181.664604][ T5924] ums-realtek 5-1:0.255: USB Mass Storage device detected [ 181.791907][ T3561] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 181.894026][ T5895] usb 5-1: USB disconnect, device number 8 [ 181.947845][ T7648] program syz.0.678 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 182.320860][ T7661] vlan2: entered allmulticast mode [ 182.320878][ T7661] hsr0: entered allmulticast mode [ 182.320888][ T7661] hsr_slave_0: entered allmulticast mode [ 182.320904][ T7661] hsr_slave_1: entered allmulticast mode [ 182.425510][ T5895] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 182.575913][ T5895] usb 4-1: Using ep0 maxpacket: 16 [ 182.578735][ T5895] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 182.578768][ T5895] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 182.578792][ T5895] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 182.583080][ T5895] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 182.583106][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 182.583126][ T5895] usb 4-1: SerialNumber: syz [ 182.600915][ T7646] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 182.838024][ T5895] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 182.857276][ T5895] usb 4-1: USB disconnect, device number 8 [ 183.259531][ T7682] nbd0: detected capacity change from 0 to 127 [ 183.294769][ T5846] block nbd0: Receive control failed (result -32) [ 183.655688][ T7693] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 183.705819][ T7696] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 183.705819][ T7696] The task syz.4.697 (7696) triggered the difference, watch for misbehavior. [ 183.733331][ T7697] netlink: 'syz.2.699': attribute type 6 has an invalid length. [ 184.226914][ T38] audit: type=1326 audit(1756428412.259:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7713 comm="syz.0.707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ac67ebe9 code=0x7ffc0000 [ 184.227057][ T38] audit: type=1326 audit(1756428412.259:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7713 comm="syz.0.707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23ac67ebe9 code=0x7ffc0000 [ 184.281817][ T38] audit: type=1326 audit(1756428412.289:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7713 comm="syz.0.707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f23ac67ebe9 code=0x7ffc0000 [ 184.296148][ T38] audit: type=1326 audit(1756428412.319:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7713 comm="syz.0.707" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f23ac67ebe9 code=0x0 [ 185.373900][ T7727] loop8: detected capacity change from 0 to 1 [ 185.409366][ T7727] Dev loop8: unable to read RDB block 1 [ 185.409565][ T7727] loop8: unable to read partition table [ 185.409816][ T7727] loop8: partition table beyond EOD, truncated [ 185.409834][ T7727] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 185.552704][ T7734] netlink: 24 bytes leftover after parsing attributes in process `syz.0.714'. [ 185.552727][ T7734] netlink: 28 bytes leftover after parsing attributes in process `syz.0.714'. [ 185.763372][ T7740] random: crng reseeded on system resumption [ 186.248595][ T7755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.724'. [ 186.248630][ T7755] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'. [ 188.185558][ T989] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 188.362342][ T989] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88 [ 188.362373][ T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 188.362398][ T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 188.378274][ T989] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 188.378305][ T989] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.378327][ T989] usb 5-1: Product: syz [ 188.378342][ T989] usb 5-1: Manufacturer: syz [ 188.378358][ T989] usb 5-1: SerialNumber: syz [ 188.403651][ T989] usb 5-1: config 0 descriptor?? [ 188.453515][ T989] iguanair 5-1:0.0: probe with driver iguanair failed with error -12 [ 188.492103][ T7804] loop9: detected capacity change from 0 to 7 [ 188.493087][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493221][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493408][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493509][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493656][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493791][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.493907][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.494001][ T7804] ldm_validate_partition_table(): Disk read failed. [ 188.494051][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.494161][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.494272][ T7804] Buffer I/O error on dev loop9, logical block 0, async page read [ 188.560359][ T7804] Dev loop9: unable to read RDB block 0 [ 188.560882][ T7804] loop9: unable to read partition table [ 188.561138][ T7804] loop9: partition table beyond EOD, truncated [ 188.561174][ T7804] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 188.561174][ T7804] ) failed (rc=-5) [ 188.640226][ T31] usb 5-1: USB disconnect, device number 9 [ 188.718503][ T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 188.822460][ T7811] netlink: 'syz.5.748': attribute type 1 has an invalid length. [ 188.885635][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 188.901972][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 188.902035][ T9] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 188.902061][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.921809][ T9] usb 4-1: config 0 descriptor?? [ 188.957313][ T9] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 189.400704][ T7821] netlink: 'syz.4.752': attribute type 7 has an invalid length. [ 189.400727][ T7821] netlink: 'syz.4.752': attribute type 8 has an invalid length. [ 189.400741][ T7821] netlink: 'syz.4.752': attribute type 4 has an invalid length. [ 189.400754][ T7821] netlink: 212 bytes leftover after parsing attributes in process `syz.4.752'. [ 189.535918][ T5895] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 189.706754][ T5895] usb 6-1: Using ep0 maxpacket: 16 [ 189.714668][ T5895] usb 6-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 189.714698][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.755539][ T9] gspca_vc032x: reg_w err -71 [ 189.755630][ T9] vc032x 4-1:0.0: probe with driver vc032x failed with error -71 [ 189.764430][ T5895] usb 6-1: config 0 descriptor?? [ 189.770210][ T9] usb 4-1: USB disconnect, device number 9 [ 189.819788][ T5895] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected [ 189.939609][ T7824] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.941243][ T7824] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.006817][ T5895] usb 6-1: Detected FT232B [ 190.207747][ T5895] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 190.211243][ T5895] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 190.431244][ T5895] usb 6-1: USB disconnect, device number 2 [ 190.452608][ T5895] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 190.454272][ T5895] ftdi_sio 6-1:0.0: device disconnected [ 190.512297][ T7838] program syz.3.760 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 190.704743][ T7824] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 190.751092][ T7824] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 190.932244][ T7844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.763'. [ 192.037943][ T7824] ip6gretap1: left allmulticast mode [ 192.099186][ T3580] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.130515][ T3580] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.134472][ T3580] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 192.134511][ T3580] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 193.087453][ T7872] pim6reg0: tun_chr_ioctl cmd 1074025680 [ 193.391643][ T7898] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 193.451619][ T7898] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 194.328220][ T7938] netlink: 16 bytes leftover after parsing attributes in process `syz.5.801'. [ 194.571147][ T7949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.805'. [ 194.765574][ T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 194.922754][ T31] usb 1-1: config 0 has an invalid interface number: 229 but max is 0 [ 194.922784][ T31] usb 1-1: config 0 has no interface number 0 [ 194.922846][ T31] usb 1-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice= c.19 [ 194.922870][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.974277][ T31] usb 1-1: config 0 descriptor?? [ 195.204523][ T31] usb 1-1: USB disconnect, device number 3 [ 195.562989][ T7986] netlink: 'syz.4.824': attribute type 29 has an invalid length. [ 195.653795][ T7987] syz.2.823 (7987) used greatest stack depth: 18064 bytes left [ 196.025620][ T989] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 196.186042][ T989] usb 5-1: Using ep0 maxpacket: 16 [ 196.189356][ T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.189392][ T989] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.189433][ T989] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 196.189456][ T989] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.205549][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 196.208280][ T989] usb 5-1: config 0 descriptor?? [ 196.372135][ T9] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 196.372166][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.414536][ T9] usb 3-1: config 0 descriptor?? [ 196.639752][ T9] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 196.708597][ T989] hid_parser_main: 5 callbacks suppressed [ 196.709052][ T989] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 196.709092][ T989] mcp2221 0003:04D8:00DD.0003: unknown main item tag 0x0 [ 196.709589][ T989] mcp2221 0003:04D8:00DD.0003: item fetching failed at offset 3/5 [ 196.713840][ T989] mcp2221 0003:04D8:00DD.0003: can't parse reports [ 196.714389][ T989] mcp2221 0003:04D8:00DD.0003: probe with driver mcp2221 failed with error -22 [ 196.839804][ T9] [drm:udl_init] *ERROR* Selecting channel failed [ 196.889602][ T989] usb 5-1: USB disconnect, device number 10 [ 196.945724][ T9] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 196.945749][ T9] [drm] Initialized udl on minor 2 [ 196.952896][ T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 196.953247][ T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 196.957534][ T5895] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 196.961990][ T5895] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 196.962193][ T5895] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 196.969858][ T9] usb 3-1: USB disconnect, device number 8 [ 197.215568][ T5841] Bluetooth: hci1: command 0x0405 tx timeout [ 197.309777][ T8032] netlink: 'syz.5.844': attribute type 11 has an invalid length. [ 197.309803][ T8032] netlink: 199836 bytes leftover after parsing attributes in process `syz.5.844'. [ 197.492366][ T8036] netlink: 24 bytes leftover after parsing attributes in process `syz.0.845'. [ 197.569026][ T8038] netlink: 4 bytes leftover after parsing attributes in process `syz.3.847'. [ 197.569979][ T8038] netlink: 8 bytes leftover after parsing attributes in process `syz.3.847'. [ 197.626349][ T8031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.927706][ T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 198.033252][ T8052] vlan3: entered promiscuous mode [ 198.033280][ T8052] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 198.045952][ T8052] vlan3: entered allmulticast mode [ 198.045985][ T8052] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 198.053352][ T8052] team0: Device vlan3 is up. Set it down before adding it as a team port [ 198.088375][ T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 198.088408][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.120315][ T9] usb 5-1: config 0 descriptor?? [ 198.152896][ T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 198.191567][ T8060] netlink: 'syz.5.858': attribute type 58 has an invalid length. [ 198.191589][ T8060] netlink: 20 bytes leftover after parsing attributes in process `syz.5.858'. [ 198.225527][ T31] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 198.331219][ T9] gspca_sn9c2028: read1 error -32 [ 198.332220][ T9] gspca_sn9c2028: read1 error -32 [ 198.384853][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.384889][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.384929][ T31] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 198.384953][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.429879][ T31] usb 4-1: config 0 descriptor?? [ 198.547212][ T9] usb 5-1: USB disconnect, device number 11 [ 198.871491][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871532][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871561][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871588][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871615][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871642][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.871668][ T31] cp2112 0003:10C4:EA90.0004: unknown main item tag 0x0 [ 198.961584][ T31] cp2112 0003:10C4:EA90.0004: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 199.068098][ T31] cp2112 0003:10C4:EA90.0004: Part Number: 0x00 Device Version: 0x00 [ 199.271992][ T31] cp2112 0003:10C4:EA90.0004: error requesting SMBus config [ 199.293354][ T31] cp2112 0003:10C4:EA90.0004: probe with driver cp2112 failed with error -71 [ 199.317907][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.317987][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.327015][ T31] usb 4-1: USB disconnect, device number 10 [ 200.494673][ T8113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.511035][ T8114] program syz.5.882 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 200.894141][ T8119] netlink: 36 bytes leftover after parsing attributes in process `syz.0.884'. [ 200.894170][ T8119] netlink: 'syz.0.884': attribute type 10 has an invalid length. [ 201.367761][ T8134] sp0: Synchronizing with TNC [ 201.477875][ T8140] program syz.5.894 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 202.222177][ T38] audit: type=1400 audit(1756428430.249:8): lsm=SMACK fn=smack_inode_permission action=denied subject="w" object="_" requested=wx pid=8168 comm="syz.2.908" name="192" dev="tmpfs" ino=988 [ 203.332813][ T8193] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.361546][ T8222] sctp: [Deprecated]: syz.0.928 (pid 8222) Use of struct sctp_assoc_value in delayed_ack socket option. [ 204.361546][ T8222] Use struct sctp_sack_info instead [ 204.445563][ T5847] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 204.524918][ T8224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.931'. [ 204.597460][ T5847] usb 5-1: Using ep0 maxpacket: 32 [ 204.598132][ T989] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 204.601333][ T5847] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 204.601354][ T5847] usb 5-1: config 0 has no interface number 0 [ 204.601395][ T5847] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 204.601418][ T5847] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 204.601450][ T5847] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 204.601470][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.672700][ T5847] usb 5-1: config 0 descriptor?? [ 204.735679][ T3561] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 204.867708][ T38] audit: type=1400 audit(1756428432.889:9): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=8229 comm="syz.0.933" dest=20002 netif=wpan0 [ 205.335601][ T5847] uclogic 0003:28BD:0094.0005: pen parameters not found [ 205.335631][ T5847] uclogic 0003:28BD:0094.0005: interface is invalid, ignoring [ 205.371825][ T5847] usb 5-1: USB disconnect, device number 12 [ 205.452405][ T38] audit: type=1326 audit(1756428433.479:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.452460][ T38] audit: type=1326 audit(1756428433.479:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.457420][ T989] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 205.463661][ T38] audit: type=1326 audit(1756428433.489:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.463715][ T38] audit: type=1326 audit(1756428433.489:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.463762][ T38] audit: type=1326 audit(1756428433.489:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.464628][ T38] audit: type=1326 audit(1756428433.489:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.464675][ T38] audit: type=1326 audit(1756428433.489:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.464777][ T38] audit: type=1326 audit(1756428433.489:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8242 comm="syz.5.939" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5a763ebe9 code=0x7ffc0000 [ 205.788240][ T1758] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 205.788563][ T1758] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 206.155651][ T8255] netlink: 64 bytes leftover after parsing attributes in process `syz.0.944'. [ 206.225704][ T5924] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 206.965785][ T8280] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 207.285762][ T5895] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 207.435493][ T5895] usb 5-1: Using ep0 maxpacket: 16 [ 207.462722][ T5895] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 207.462754][ T5895] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 207.498390][ T5895] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 207.498420][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.498440][ T5895] usb 5-1: Product: syz [ 207.498454][ T5895] usb 5-1: Manufacturer: syz [ 207.498468][ T5895] usb 5-1: SerialNumber: syz [ 207.533937][ T5895] usb 5-1: config 0 descriptor?? [ 207.579935][ T5895] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 207.579968][ T5895] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 208.197930][ T5895] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 208.406344][ T5895] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 208.406830][ T5895] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 208.406848][ T5895] em28xx 5-1:0.0: No AC97 audio processor [ 208.452627][ T5895] usb 5-1: USB disconnect, device number 13 [ 208.454784][ T5895] em28xx 5-1:0.0: Disconnecting em28xx [ 208.509744][ T5895] em28xx 5-1:0.0: Freeing device [ 208.720713][ T8327] netlink: 60 bytes leftover after parsing attributes in process `syz.2.979'. [ 209.536454][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 209.825612][ T8356] nbd1: detected capacity change from 0 to 127 [ 209.846771][ T59] block nbd1: Receive control failed (result -32) [ 210.719939][ T38] kauditd_printk_skb: 176 callbacks suppressed [ 210.719957][ T38] audit: type=1326 audit(1756428438.749:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8383 comm="syz.3.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 210.720005][ T38] audit: type=1326 audit(1756428438.749:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8383 comm="syz.3.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 210.765535][ T38] audit: type=1326 audit(1756428438.789:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8383 comm="syz.3.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 210.982355][ T38] audit: type=1326 audit(1756428439.009:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.988314][ T38] audit: type=1326 audit(1756428439.009:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.988676][ T38] audit: type=1326 audit(1756428439.019:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.989317][ T38] audit: type=1326 audit(1756428439.019:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.989620][ T38] audit: type=1326 audit(1756428439.019:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.991030][ T38] audit: type=1326 audit(1756428439.019:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 210.991364][ T38] audit: type=1326 audit(1756428439.019:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.1008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 211.621362][ T59] Bluetooth: hci2: command 0x0406 tx timeout [ 211.621404][ T59] Bluetooth: hci3: command 0x0406 tx timeout [ 211.940090][ T8421] bridge_slave_0: invalid flags given to default FDB implementation [ 211.981648][ T8423] openvswitch: netlink: IPv4 tunnel dst address is zero [ 212.498020][ T8438] program syz.0.1029 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 212.628512][ T8442] input: syz1 as /devices/virtual/input/input13 [ 212.821168][ T1758] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 212.938049][ T8450] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1037'. [ 213.979375][ T8465] loop8: detected capacity change from 0 to 1 [ 214.015867][ T8465] Dev loop8: unable to read RDB block 1 [ 214.015921][ T8465] loop8: unable to read partition table [ 214.016382][ T8465] loop8: partition table beyond EOD, truncated [ 214.016400][ T8465] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 214.415670][ T5999] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 214.575634][ T5999] usb 4-1: Using ep0 maxpacket: 16 [ 214.578288][ T5999] usb 4-1: config 0 has an invalid interface number: 203 but max is 0 [ 214.578316][ T5999] usb 4-1: config 0 has no interface number 0 [ 214.578376][ T5999] usb 4-1: config 0 interface 203 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80 [ 214.581550][ T5999] usb 4-1: New USB device found, idVendor=0499, idProduct=1026, bcdDevice=e8.af [ 214.581578][ T5999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.581596][ T5999] usb 4-1: Product: syz [ 214.581609][ T5999] usb 4-1: Manufacturer: syz [ 214.581622][ T5999] usb 4-1: SerialNumber: syz [ 214.658623][ T5999] usb 4-1: config 0 descriptor?? [ 214.662784][ T8468] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 214.673881][ T5999] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 215.005538][ T5895] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 215.110997][ T5924] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 215.168831][ T5895] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 215.168861][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.174952][ T5895] usb 5-1: config 0 descriptor?? [ 215.208177][ T5895] cp210x 5-1:0.0: cp210x converter detected [ 215.258155][ T5924] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.258189][ T5924] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.258227][ T5924] usb 1-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 215.258250][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.268603][ T5924] usb 1-1: config 0 descriptor?? [ 215.621683][ T5895] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 215.664934][ T5895] usb 5-1: cp210x converter now attached to ttyUSB0 [ 215.748031][ T5924] sony 0003:054C:024B.0006: unexpected long global item [ 215.756189][ T5924] sony 0003:054C:024B.0006: parse failed [ 215.756302][ T5924] sony 0003:054C:024B.0006: probe with driver sony failed with error -22 [ 215.838846][ T5924] usb 5-1: USB disconnect, device number 14 [ 215.866714][ T5924] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 215.942463][ T8492] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1054'. [ 215.942520][ T8492] netem: change failed [ 215.944114][ T989] usb 4-1: USB disconnect, device number 11 [ 215.965287][ T31] usb 1-1: USB disconnect, device number 4 [ 216.086142][ T5924] cp210x 5-1:0.0: device disconnected [ 216.694817][ T8501] netlink: 71 bytes leftover after parsing attributes in process `syz.2.1057'. [ 216.724251][ T5841] Bluetooth: hci3: unexpected event for opcode 0x080d [ 217.215583][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 217.353291][ T5924] kernel write not supported for file /input/mouse0 (pid: 5924 comm: kworker/1:5) [ 217.958800][ T8538] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check. [ 217.985760][ T5923] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 218.625694][ T5923] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 219.775996][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 220.185765][ T989] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 220.395567][ T989] usb 4-1: Using ep0 maxpacket: 8 [ 220.401334][ T989] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 220.401437][ T989] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 220.401465][ T989] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 220.401504][ T989] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 220.406966][ T989] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 220.406998][ T989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.407021][ T989] usb 4-1: Product: syz [ 220.407038][ T989] usb 4-1: Manufacturer: syz [ 220.407056][ T989] usb 4-1: SerialNumber: syz [ 220.645282][ T989] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 220.645325][ T989] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 220.648577][ T989] usb 4-1: 2:1 : sample bitwidth 16 in over sample bytes 1 [ 220.674454][ T989] usb 4-1: 2:1 : invalid channels 0 [ 220.737931][ T5841] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 220.738047][ T5841] Bluetooth: hci3: Injecting HCI hardware error event [ 220.740055][ T5841] Bluetooth: hci3: hardware error 0x00 [ 220.848638][ T989] usb 4-1: USB disconnect, device number 12 [ 222.239380][ T8602] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 8602 comm: syz.4.1105) [ 222.298155][ T38] kauditd_printk_skb: 6 callbacks suppressed [ 222.298174][ T38] audit: type=1800 audit(1756428450.269:210): pid=8602 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1105" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=21658 res=0 errno=0 [ 222.895664][ T5841] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 223.065537][ T5847] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 223.193735][ T8629] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1118'. [ 223.241699][ T5847] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 223.241725][ T5847] usb 4-1: config 0 has no interface number 0 [ 223.257010][ T5847] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 223.257046][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.257068][ T5847] usb 4-1: Product: syz [ 223.257083][ T5847] usb 4-1: Manufacturer: syz [ 223.257098][ T5847] usb 4-1: SerialNumber: syz [ 223.300702][ T5847] usb 4-1: config 0 descriptor?? [ 223.475776][ T8633] syz.4.1121 uses obsolete (PF_INET,SOCK_PACKET) [ 223.513562][ T5847] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 223.528609][ T8636] netlink: 'syz.0.1120': attribute type 2 has an invalid length. [ 223.529776][ T5847] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 223.530150][ T5847] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 223.530212][ T5847] usb 4-1: media controller created [ 223.616387][ T5847] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 223.715621][ T5847] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 223.814990][ T5847] usb 4-1: USB disconnect, device number 13 [ 224.085572][ T5895] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 224.236655][ T5895] usb 3-1: Using ep0 maxpacket: 16 [ 224.239225][ T5895] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 224.239254][ T5895] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 224.239294][ T5895] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 224.239317][ T5895] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.244740][ T5895] usb 3-1: config 0 descriptor?? [ 224.459817][ T5895] usbhid 3-1:0.0: can't add hid device: -71 [ 224.459953][ T5895] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 224.520284][ T5895] usb 3-1: USB disconnect, device number 9 [ 224.892678][ T8662] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1133'. [ 225.407420][ T38] audit: type=1400 audit(1756428453.419:211): lsm=SMACK fn=smack_task_setpgid action=denied subject="w" object="_" requested=w pid=8673 comm="syz.2.1139" opid=8673 ocomm="syz.2.1139" [ 226.033088][ T8698] mkiss: ax0: crc mode is auto. [ 226.656716][ T31] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 226.808289][ T31] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 226.808320][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.823276][ T31] usb 3-1: config 0 descriptor?? [ 226.841954][ T31] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 227.064809][ T31] gspca_sn9c2028: read1 error -32 [ 227.067137][ T31] gspca_sn9c2028: read1 error -32 [ 227.302427][ T31] usb 3-1: USB disconnect, device number 10 [ 227.370719][ T8729] Bluetooth: MGMT ver 1.23 [ 228.757245][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 228.783860][ T5846] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 228.794637][ T5846] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 228.803274][ T5923] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 228.811208][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 228.813313][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 228.945483][ T5923] usb 3-1: Using ep0 maxpacket: 32 [ 228.950832][ T5923] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 228.950862][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.039539][ T5923] usb 3-1: config 0 descriptor?? [ 229.111663][ T5923] gspca_main: sunplus-2.14.0 probing 041e:400b [ 229.355651][ T5847] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 229.405565][ T5924] usb 5-1: new full-speed USB device number 15 using dummy_hcd [ 229.521864][ T5847] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 229.521904][ T5847] usb 4-1: config 0 has no interface number 0 [ 229.526808][ T5847] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 229.526835][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.526855][ T5847] usb 4-1: Product: syz [ 229.526886][ T5847] usb 4-1: Manufacturer: syz [ 229.526901][ T5847] usb 4-1: SerialNumber: syz [ 229.558034][ T5924] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 229.558061][ T5924] usb 5-1: config 0 has no interface number 0 [ 229.585560][ T5924] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 229.585590][ T5924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.585610][ T5924] usb 5-1: Product: syz [ 229.585625][ T5924] usb 5-1: Manufacturer: syz [ 229.585640][ T5924] usb 5-1: SerialNumber: syz [ 229.626337][ T5847] usb 4-1: config 0 descriptor?? [ 229.629087][ T5924] usb 5-1: config 0 descriptor?? [ 229.844560][ T5847] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 229.863959][ T5923] gspca_sunplus: reg_w_riv err -71 [ 229.864072][ T5923] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 229.886526][ T5923] usb 3-1: USB disconnect, device number 11 [ 229.923908][ T5847] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 229.924793][ T5847] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 229.924829][ T5847] usb 4-1: media controller created [ 230.063978][ T8767] netlink: 'syz.0.1179': attribute type 14 has an invalid length. [ 230.118407][ T5847] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 230.461919][ T5924] usb 5-1: Firmware version (0.0) predates our first public release. [ 230.461945][ T5924] usb 5-1: Please update to version 0.2 or newer [ 230.551186][ T7880] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 230.865051][ T5924] usb 5-1: USB disconnect, device number 15 [ 230.895709][ T5841] Bluetooth: hci5: command tx timeout [ 231.144757][ T7880] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.169571][ T5847] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 231.229475][ T5847] usb 4-1: USB disconnect, device number 14 [ 231.376891][ T8783] netlink: 'syz.0.1185': attribute type 2 has an invalid length. [ 231.417696][ T8785] vlan2: entered promiscuous mode [ 231.417727][ T8785] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 231.423262][ T8785] vlan2: entered allmulticast mode [ 231.423288][ T8785] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 231.832009][ T7880] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.855605][ T31] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 231.935632][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 231.953657][ T8750] chnl_net:caif_netlink_parms(): no params data found [ 232.012066][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 232.012097][ T31] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 232.012122][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 232.012143][ T31] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 232.044208][ T31] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 232.044243][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.044267][ T31] usb 3-1: Product: syz [ 232.044284][ T31] usb 3-1: Manufacturer: syz [ 232.044300][ T31] usb 3-1: SerialNumber: syz [ 232.079652][ T31] usb 3-1: config 0 descriptor?? [ 232.098991][ T31] ums-isd200 3-1:0.0: USB Mass Storage device detected [ 232.211945][ T8803] random: crng reseeded on system resumption [ 232.319711][ T31] scsi host1: usb-storage 3-1:0.0 [ 232.458540][ T7880] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.523266][ T5923] usb 3-1: USB disconnect, device number 12 [ 232.978020][ T5841] Bluetooth: hci5: command tx timeout [ 233.132216][ T8750] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.132362][ T8750] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.132605][ T8750] bridge_slave_0: entered allmulticast mode [ 233.154388][ T8827] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1202'. [ 233.175732][ T8750] bridge_slave_0: entered promiscuous mode [ 233.274024][ T8750] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.274171][ T8750] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.274369][ T8750] bridge_slave_1: entered allmulticast mode [ 233.299074][ T8750] bridge_slave_1: entered promiscuous mode [ 233.699538][ T8750] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.704054][ T8750] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.068163][ T8750] team0: Port device team_slave_0 added [ 234.082199][ T8750] team0: Port device team_slave_1 added [ 234.264284][ T7880] bridge_slave_1: left allmulticast mode [ 234.264317][ T7880] bridge_slave_1: left promiscuous mode [ 234.264621][ T7880] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.351994][ T7880] bridge_slave_0: left allmulticast mode [ 234.352027][ T7880] bridge_slave_0: left promiscuous mode [ 234.356431][ T7880] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.415575][ T989] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 234.618022][ T989] usb 4-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 234.618053][ T989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.618073][ T989] usb 4-1: Product: syz [ 234.618088][ T989] usb 4-1: Manufacturer: syz [ 234.618102][ T989] usb 4-1: SerialNumber: syz [ 234.634598][ T989] usb 4-1: config 0 descriptor?? [ 234.644584][ T989] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 235.055577][ T5841] Bluetooth: hci5: command tx timeout [ 235.499253][ T989] usb 4-1: USB disconnect, device number 15 [ 236.073221][ T8883] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 236.606543][ T7880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.674322][ T7880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.700514][ T7880] bond0 (unregistering): Released all slaves [ 237.011051][ T8887] @: renamed from vlan0 (while UP) [ 237.135665][ T5841] Bluetooth: hci5: command tx timeout [ 237.219818][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 237.391673][ T8900] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1236'. [ 237.500132][ T8750] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.500149][ T8750] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.500177][ T8750] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.626119][ T8897] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1234'. [ 237.626227][ T8897] ip6gretap0: entered promiscuous mode [ 237.703449][ T8750] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.703467][ T8750] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.703493][ T8750] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.704062][ T8897] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1234'. [ 237.891596][ T8904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1239'. [ 238.337761][ T8920] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1246'. [ 238.337794][ T8920] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1246'. [ 238.803570][ T8750] hsr_slave_0: entered promiscuous mode [ 238.823988][ T8750] hsr_slave_1: entered promiscuous mode [ 238.824948][ T8750] debugfs: 'hsr0' already exists in 'hsr' [ 238.824974][ T8750] Cannot create hsr debugfs directory [ 238.957285][ T8935] 9pnet_fd: Insufficient options for proto=fd [ 239.038296][ T7880] hsr_slave_0: left promiscuous mode [ 239.095610][ T7880] hsr_slave_1: left promiscuous mode [ 239.096559][ T7880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 239.096589][ T7880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 239.147055][ T7880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 239.147087][ T7880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 239.329224][ T7880] veth1_macvtap: left promiscuous mode [ 239.329349][ T7880] veth0_macvtap: left promiscuous mode [ 239.329642][ T7880] veth1_vlan: left promiscuous mode [ 239.329839][ T7880] veth0_vlan: left promiscuous mode [ 239.828523][ T8961] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1265'. [ 240.381771][ T8971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1270'. [ 242.146566][ T7880] team0 (unregistering): Port device team_slave_1 removed [ 242.397945][ T7880] team0 (unregistering): Port device team_slave_0 removed [ 243.949231][ T12] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 244.742556][ T8965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1267'. [ 244.742809][ T8965] netlink: 'syz.2.1267': attribute type 5 has an invalid length. [ 244.804648][ T8973] netlink: 268 bytes leftover after parsing attributes in process `syz.4.1271'. [ 245.029805][ T8989] netlink: 'syz.0.1279': attribute type 3 has an invalid length. [ 246.254328][ T8750] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 246.340084][ T8750] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 246.460614][ T8750] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 246.550611][ T8750] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 246.882469][ T8750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.969713][ T8750] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.038837][ T1758] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.038990][ T1758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.041660][ T1758] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.041801][ T1758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.899517][ T8750] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 248.452499][ T9082] netlink: 'syz.4.1312': attribute type 10 has an invalid length. [ 248.452538][ T9082] geneve0: entered promiscuous mode [ 248.457932][ T9082] bond0: (slave geneve0): Enslaving as an active interface with an up link [ 248.465850][ T57] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.466022][ T57] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.466083][ T57] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.466124][ T57] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 248.732705][ T8750] veth0_vlan: entered promiscuous mode [ 248.837601][ T8750] veth1_vlan: entered promiscuous mode [ 248.916991][ T8750] veth0_macvtap: entered promiscuous mode [ 248.959244][ T8750] veth1_macvtap: entered promiscuous mode [ 249.026161][ T8750] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.034764][ T8750] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.065183][ T37] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.080854][ T37] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.080898][ T37] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.080935][ T37] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 249.741964][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.741985][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 249.926790][ T3580] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 249.926809][ T3580] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 250.757606][ T9124] netlink: 48 bytes leftover after parsing attributes in process `syz.6.1328'. [ 252.333303][ T9159] bpf: Bad value for 'gid' [ 253.103073][ T9183] misc userio: Begin command sent, but we're already running [ 253.567161][ T989] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 253.718580][ T989] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 253.718608][ T989] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 253.723881][ T989] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 253.723911][ T989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.723932][ T989] usb 1-1: Product: syz [ 253.723947][ T989] usb 1-1: Manufacturer: syz [ 253.723961][ T989] usb 1-1: SerialNumber: syz [ 254.008990][ T989] usb 1-1: 0:2 : does not exist [ 254.027150][ T989] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 254.081069][ T989] usb 1-1: USB disconnect, device number 5 [ 254.650797][ T38] audit: type=1326 audit(1756428482.679:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9213 comm="syz.2.1369" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x0 [ 255.677811][ T9229] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1374'. [ 255.982398][ T9231] vxcan0: tx address claim with dest, not broadcast [ 256.634176][ T9253] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1385'. [ 258.144033][ T9281] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1397'. [ 259.863857][ T9299] syz.6.1404 (9299) used greatest stack depth: 16696 bytes left [ 260.008969][ T9309] openvswitch: netlink: Multiple metadata blocks provided [ 260.742713][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.742793][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 260.755517][ T989] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 260.966423][ T989] usb 7-1: Using ep0 maxpacket: 16 [ 261.032575][ T989] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.032609][ T989] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.032631][ T989] usb 7-1: config 0 interface 0 has no altsetting 0 [ 261.032664][ T989] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 261.032685][ T989] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.039053][ T989] usb 7-1: config 0 descriptor?? [ 261.659915][ T989] hid (null): unknown global tag 0xc [ 261.661602][ T989] hid (null): report_id 0 is invalid [ 261.661623][ T989] hid (null): unknown global tag 0xe [ 261.679267][ T9349] program syz.0.1428 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 261.939182][ T31] usb 7-1: USB disconnect, device number 2 [ 262.336604][ T9373] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1439'. [ 262.336629][ T9373] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1439'. [ 262.490352][ T9382] program syz.2.1443 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.656025][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 263.405713][ T9400] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1451'. [ 264.032962][ T9423] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 264.062816][ T7880] Bluetooth: hci1: Frame reassembly failed (-84) [ 265.438907][ T31] kernel write not supported for file /sequencer (pid: 31 comm: kworker/1:0) [ 266.015942][ T5841] Bluetooth: hci1: command 0x1003 tx timeout [ 266.016300][ T5846] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 266.269626][ T9473] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1484'. [ 267.092454][ T9496] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1495'. [ 267.215762][ T5895] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 267.387319][ T5895] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 267.387348][ T5895] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 267.387368][ T5895] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 267.391786][ T5895] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 267.391818][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.391838][ T5895] usb 5-1: Product: syz [ 267.391854][ T5895] usb 5-1: Manufacturer: syz [ 267.391868][ T5895] usb 5-1: SerialNumber: syz [ 267.552007][ T9507] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1499'. [ 268.130094][ T5895] usb 5-1: 0:2 : does not exist [ 268.352189][ T31] usb 5-1: USB disconnect, device number 16 [ 268.918042][ T9532] openvswitch: netlink: Multiple metadata blocks provided [ 269.735597][ T31] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 269.889376][ T31] usb 5-1: config 150 has an invalid interface number: 204 but max is 2 [ 269.889410][ T31] usb 5-1: config 150 has 2 interfaces, different from the descriptor's value: 3 [ 269.889433][ T31] usb 5-1: config 150 has no interface number 0 [ 269.889484][ T31] usb 5-1: config 150 interface 204 has no altsetting 0 [ 269.905899][ T31] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 269.905933][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.905955][ T31] usb 5-1: Product: syz [ 269.905973][ T31] usb 5-1: Manufacturer: syz [ 269.905990][ T31] usb 5-1: SerialNumber: syz [ 270.239172][ T31] xr_serial 5-1:150.204: skipping garbage [ 270.239236][ T31] xr_serial 5-1:150.204: xr_serial converter detected [ 270.380063][ T9575] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1532'. [ 270.839242][ T31] xr_serial ttyUSB0: Failed to set reg 0x0d: -71 [ 270.839314][ T31] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 270.856877][ T31] usb 5-1: USB disconnect, device number 17 [ 270.876509][ T31] xr_serial 5-1:150.204: device disconnected [ 273.245537][ T5923] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 273.278176][ T9658] 9p: Unknown uid 00000000004294967295 [ 273.398177][ T5923] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.398227][ T5923] usb 7-1: config 0 interface 0 has no altsetting 0 [ 273.401563][ T5923] usb 7-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 273.401595][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.401616][ T5923] usb 7-1: Product: syz [ 273.401632][ T5923] usb 7-1: Manufacturer: syz [ 273.401647][ T5923] usb 7-1: SerialNumber: syz [ 273.428604][ T5923] usb 7-1: config 0 descriptor?? [ 273.458072][ T5923] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 273.492355][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 273.497888][ T5923] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 273.497961][ T5923] usb 7-1: media controller created [ 273.680713][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 273.916828][ T38] audit: type=1326 audit(1756428501.939:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.917107][ T38] audit: type=1326 audit(1756428501.949:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.917787][ T38] audit: type=1326 audit(1756428501.949:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.918514][ T38] audit: type=1326 audit(1756428501.949:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.925082][ T38] audit: type=1326 audit(1756428501.949:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.925138][ T38] audit: type=1326 audit(1756428501.949:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.925194][ T38] audit: type=1326 audit(1756428501.949:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.925241][ T38] audit: type=1326 audit(1756428501.949:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 273.935478][ T38] audit: type=1326 audit(1756428501.959:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9674 comm="syz.3.1578" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 274.172563][ T5923] DVB: Unable to find symbol tda10046_attach() [ 274.172581][ T5923] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 274.172597][ T5923] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 274.575615][ T31] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 274.601756][ T5923] dvb_usb_m920x 7-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 274.626616][ T5923] usb 7-1: USB disconnect, device number 3 [ 274.758133][ T31] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 274.758173][ T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.758213][ T31] usb 4-1: Product: syz [ 274.758230][ T31] usb 4-1: Manufacturer: syz [ 274.758248][ T31] usb 4-1: SerialNumber: syz [ 274.834832][ T31] usb 4-1: config 0 descriptor?? [ 274.976565][ T7891] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 275.074465][ T31] usb 4-1: ignoring: probably an ADSL modem [ 275.398183][ T9701] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1590'. [ 275.478861][ T31] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 275.698931][ T5999] usb 4-1: USB disconnect, device number 16 [ 277.136973][ T9736] bridge0: port 3(batadv1) entered blocking state [ 277.161738][ T9736] bridge0: port 3(batadv1) entered disabled state [ 277.162018][ T9736] batadv1: entered allmulticast mode [ 277.178202][ T9736] batadv1: entered promiscuous mode [ 277.668716][ T9138] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 277.668744][ T9138] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 277.825816][ T9746] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1608'. [ 278.089745][ T9756] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1610'. [ 279.660215][ T9794] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1629'. [ 279.909865][ T9802] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 280.511352][ T9812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1637'. [ 280.511377][ T9812] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1637'. [ 280.921508][ T9821] sctp: [Deprecated]: syz.3.1641 (pid 9821) Use of struct sctp_assoc_value in delayed_ack socket option. [ 280.921508][ T9821] Use struct sctp_sack_info instead [ 281.377604][ T5895] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 281.525464][ T5895] usb 7-1: Using ep0 maxpacket: 32 [ 281.533272][ T5895] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 281.533304][ T5895] usb 7-1: config 0 has no interface number 0 [ 281.589753][ T5895] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 281.589787][ T5895] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.589808][ T5895] usb 7-1: Product: syz [ 281.589823][ T5895] usb 7-1: Manufacturer: syz [ 281.589839][ T5895] usb 7-1: SerialNumber: syz [ 281.647610][ T5895] usb 7-1: config 0 descriptor?? [ 281.668499][ T5895] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 281.925862][ T5895] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 281.983366][ T5895] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 282.070760][ C1] vkms_vblank_simulate: vblank timer overrun [ 282.331907][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 282.334404][ T5999] usb 7-1: USB disconnect, device number 4 [ 282.358574][ T5847] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 282.379588][ T5999] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 282.406000][ T5999] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 282.406840][ T5999] quatech2 7-1:0.51: device disconnected [ 282.528950][ T5847] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 282.528982][ T5847] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.556008][ T5847] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 282.556041][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.556062][ T5847] usb 1-1: Product: syz [ 282.556086][ T5847] usb 1-1: Manufacturer: syz [ 282.556101][ T5847] usb 1-1: SerialNumber: syz [ 282.608396][ T5847] usb 1-1: config 0 descriptor?? [ 282.614255][ T5847] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 283.446541][ T5847] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 283.446651][ T5847] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 283.499309][ T5847] usb 1-1: USB disconnect, device number 6 [ 283.573811][ T5846] Bluetooth: hci5: link tx timeout [ 283.574603][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.600143][ T5846] Bluetooth: hci5: link tx timeout [ 283.600167][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.606645][ T5846] Bluetooth: hci5: link tx timeout [ 283.606669][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.606700][ T5846] Bluetooth: hci5: link tx timeout [ 283.606711][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.607704][ T5846] Bluetooth: hci5: link tx timeout [ 283.607727][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.607756][ T5846] Bluetooth: hci5: link tx timeout [ 283.607768][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.607855][ T5846] Bluetooth: hci5: link tx timeout [ 283.607868][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.607943][ T5846] Bluetooth: hci5: link tx timeout [ 283.607956][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608039][ T5846] Bluetooth: hci5: link tx timeout [ 283.608052][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608124][ T5846] Bluetooth: hci5: link tx timeout [ 283.608137][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608216][ T5846] Bluetooth: hci5: link tx timeout [ 283.608228][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608307][ T5846] Bluetooth: hci5: link tx timeout [ 283.608319][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608394][ T5846] Bluetooth: hci5: link tx timeout [ 283.608406][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608500][ T5846] Bluetooth: hci5: link tx timeout [ 283.608512][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608592][ T5846] Bluetooth: hci5: link tx timeout [ 283.608604][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608687][ T5846] Bluetooth: hci5: link tx timeout [ 283.608699][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608762][ T5846] Bluetooth: hci5: link tx timeout [ 283.608775][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608859][ T5846] Bluetooth: hci5: link tx timeout [ 283.608877][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.608945][ T5846] Bluetooth: hci5: link tx timeout [ 283.608975][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609053][ T5846] Bluetooth: hci5: link tx timeout [ 283.609065][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609141][ T5846] Bluetooth: hci5: link tx timeout [ 283.609154][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609229][ T5846] Bluetooth: hci5: link tx timeout [ 283.609241][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609343][ T5846] Bluetooth: hci5: link tx timeout [ 283.609356][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609431][ T5846] Bluetooth: hci5: link tx timeout [ 283.609444][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609528][ T5846] Bluetooth: hci5: link tx timeout [ 283.609540][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609616][ T5846] Bluetooth: hci5: link tx timeout [ 283.609628][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609726][ T5846] Bluetooth: hci5: link tx timeout [ 283.609739][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609825][ T5846] Bluetooth: hci5: link tx timeout [ 283.609837][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609908][ T5846] Bluetooth: hci5: link tx timeout [ 283.609921][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.609997][ T5846] Bluetooth: hci5: link tx timeout [ 283.610010][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610088][ T5846] Bluetooth: hci5: link tx timeout [ 283.610101][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610184][ T5846] Bluetooth: hci5: link tx timeout [ 283.610196][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610300][ T5846] Bluetooth: hci5: link tx timeout [ 283.610313][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610495][ T5846] Bluetooth: hci5: link tx timeout [ 283.610509][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610584][ T5846] Bluetooth: hci5: link tx timeout [ 283.610597][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610681][ T5846] Bluetooth: hci5: link tx timeout [ 283.610695][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610761][ T5846] Bluetooth: hci5: link tx timeout [ 283.610773][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610849][ T5846] Bluetooth: hci5: link tx timeout [ 283.610861][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.610938][ T5846] Bluetooth: hci5: link tx timeout [ 283.610950][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611029][ T5846] Bluetooth: hci5: link tx timeout [ 283.611041][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611120][ T5846] Bluetooth: hci5: link tx timeout [ 283.611132][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611219][ T5846] Bluetooth: hci5: link tx timeout [ 283.611230][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611320][ T5846] Bluetooth: hci5: link tx timeout [ 283.611333][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611409][ T5846] Bluetooth: hci5: link tx timeout [ 283.611421][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611506][ T5846] Bluetooth: hci5: link tx timeout [ 283.611518][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611599][ T5846] Bluetooth: hci5: link tx timeout [ 283.611611][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611698][ T5846] Bluetooth: hci5: link tx timeout [ 283.611710][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611778][ T5846] Bluetooth: hci5: link tx timeout [ 283.611790][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611883][ T5846] Bluetooth: hci5: link tx timeout [ 283.611896][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.611979][ T5846] Bluetooth: hci5: link tx timeout [ 283.611991][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612068][ T5846] Bluetooth: hci5: link tx timeout [ 283.612079][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612159][ T5846] Bluetooth: hci5: link tx timeout [ 283.612171][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612256][ T5846] Bluetooth: hci5: link tx timeout [ 283.612269][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612339][ T5846] Bluetooth: hci5: link tx timeout [ 283.612351][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612425][ T5846] Bluetooth: hci5: link tx timeout [ 283.612438][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612524][ T5846] Bluetooth: hci5: link tx timeout [ 283.612537][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612840][ T5846] Bluetooth: hci5: link tx timeout [ 283.612855][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.612916][ T5846] Bluetooth: hci5: link tx timeout [ 283.612928][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613006][ T5846] Bluetooth: hci5: link tx timeout [ 283.613018][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613098][ T5846] Bluetooth: hci5: link tx timeout [ 283.613110][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613180][ T5846] Bluetooth: hci5: link tx timeout [ 283.613192][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613272][ T5846] Bluetooth: hci5: link tx timeout [ 283.613285][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613360][ T5846] Bluetooth: hci5: link tx timeout [ 283.613382][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613460][ T5846] Bluetooth: hci5: link tx timeout [ 283.613473][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613544][ T5846] Bluetooth: hci5: link tx timeout [ 283.613556][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613637][ T5846] Bluetooth: hci5: link tx timeout [ 283.613655][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613749][ T5846] Bluetooth: hci5: link tx timeout [ 283.613762][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613837][ T5846] Bluetooth: hci5: link tx timeout [ 283.613849][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.613925][ T5846] Bluetooth: hci5: link tx timeout [ 283.613937][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614014][ T5846] Bluetooth: hci5: link tx timeout [ 283.614026][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614102][ T5846] Bluetooth: hci5: link tx timeout [ 283.614114][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614191][ T5846] Bluetooth: hci5: link tx timeout [ 283.614203][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614278][ T5846] Bluetooth: hci5: link tx timeout [ 283.614290][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614372][ T5846] Bluetooth: hci5: link tx timeout [ 283.614395][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614465][ T5846] Bluetooth: hci5: link tx timeout [ 283.614477][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614552][ T5846] Bluetooth: hci5: link tx timeout [ 283.614564][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614638][ T5846] Bluetooth: hci5: link tx timeout [ 283.614650][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614731][ T5846] Bluetooth: hci5: link tx timeout [ 283.614743][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614841][ T5846] Bluetooth: hci5: link tx timeout [ 283.614854][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.614952][ T5846] Bluetooth: hci5: link tx timeout [ 283.614965][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.615034][ T5846] Bluetooth: hci5: link tx timeout [ 283.615046][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.615126][ T5846] Bluetooth: hci5: link tx timeout [ 283.615138][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.615211][ T5846] Bluetooth: hci5: link tx timeout [ 283.615223][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.615298][ T5846] Bluetooth: hci5: link tx timeout [ 283.615311][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 283.750522][ T5846] Bluetooth: hci5: link tx timeout [ 283.750553][ T5846] Bluetooth: hci5: killing stalled connection 11:aa:aa:aa:aa:aa [ 284.145570][ T5895] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 284.331253][ T5895] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 284.331294][ T5895] usb 5-1: config 0 has no interface number 0 [ 284.337864][ T5895] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 284.337908][ T5895] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.337934][ T5895] usb 5-1: Product: syz [ 284.337952][ T5895] usb 5-1: Manufacturer: syz [ 284.337972][ T5895] usb 5-1: SerialNumber: syz [ 284.353251][ T5895] usb 5-1: config 0 descriptor?? [ 284.850681][ T5895] usb 5-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 284.850720][ T5895] usb 5-1: Firmware version (0.0) predates our first public release. [ 284.850742][ T5895] usb 5-1: Please update to version 0.2 or newer [ 285.266037][ T5895] usb 5-1: USB disconnect, device number 18 [ 285.605289][ C1] vkms_vblank_simulate: vblank timer overrun [ 285.627064][ T5846] Bluetooth: hci5: command 0x0406 tx timeout [ 285.772223][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.332207][ T5895] kernel write not supported for file /sg0 (pid: 5895 comm: kworker/0:3) [ 286.927666][ T9925] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1686'. [ 288.616931][ T5841] Bluetooth: hci4: SCO packet for unknown connection handle 200 [ 288.617880][ T9952] macvtap1: entered allmulticast mode [ 288.617910][ T9952] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode [ 288.744785][ T9952] mac80211_hwsim hwsim10 wlan0: left allmulticast mode [ 289.366835][ T38] audit: type=1326 audit(1756428517.399:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.366897][ T38] audit: type=1326 audit(1756428517.399:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.433469][ T9970] netlink: 'syz.0.1707': attribute type 1 has an invalid length. [ 289.435422][ T38] audit: type=1326 audit(1756428517.459:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.451858][ T38] audit: type=1326 audit(1756428517.479:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.451937][ T38] audit: type=1326 audit(1756428517.479:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.456045][ T38] audit: type=1326 audit(1756428517.479:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1e0500ebe9 code=0x7ffc0000 [ 289.456502][ T38] audit: type=1326 audit(1756428517.489:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1e05005ba7 code=0x7ffc0000 [ 289.475162][ T38] audit: type=1326 audit(1756428517.499:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1e04faade9 code=0x7ffc0000 [ 289.492769][ T38] audit: type=1326 audit(1756428517.499:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f1e05005ba7 code=0x7ffc0000 [ 289.499715][ T38] audit: type=1326 audit(1756428517.529:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9966 comm="syz.3.1706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1e04faade9 code=0x7ffc0000 [ 289.810850][ T57] Bluetooth: hci1: Frame reassembly failed (-84) [ 289.812450][ T9976] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 290.513128][ T9993] sctp: [Deprecated]: syz.3.1717 (pid 9993) Use of struct sctp_assoc_value in delayed_ack socket option. [ 290.513128][ T9993] Use struct sctp_sack_info instead [ 291.856121][ T5846] Bluetooth: hci1: command 0x1003 tx timeout [ 291.856564][ T5841] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 292.656308][T10035] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1735'. [ 293.325519][ T5903] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 293.482239][ T5903] usb 7-1: config 0 has an invalid interface number: 128 but max is 0 [ 293.482274][ T5903] usb 7-1: config 0 has no interface number 0 [ 293.489211][ T5903] usb 7-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 293.489396][ T5903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 293.489423][ T5903] usb 7-1: Product: syz [ 293.489441][ T5903] usb 7-1: Manufacturer: syz [ 293.489459][ T5903] usb 7-1: SerialNumber: syz [ 293.520277][ T5903] usb 7-1: config 0 descriptor?? [ 293.615908][ T989] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 293.785632][ T989] usb 5-1: Using ep0 maxpacket: 32 [ 293.800077][ T989] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 293.800120][ T989] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.853351][ T989] usb 5-1: config 0 descriptor?? [ 293.963048][ T5903] usb 7-1: Firmware: major: 225, minor: 107, hardware type: RZUSB (3) [ 294.107133][ T989] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 294.186251][ T5903] usb 7-1: failed to fetch extended address, random address set [ 294.191861][ T989] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 294.193537][ T989] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 294.193621][ T989] usb 5-1: media controller created [ 294.296951][ T989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 294.322954][ T5903] usb 7-1: USB disconnect, device number 5 [ 294.354349][ T989] az6027: usb out operation failed. (-71) [ 294.354781][ T989] az6027: usb out operation failed. (-71) [ 294.354795][ T989] stb0899_attach: Driver disabled by Kconfig [ 294.354806][ T989] az6027: no front-end attached [ 294.354806][ T989] [ 294.355218][ T989] az6027: usb out operation failed. (-71) [ 294.355233][ T989] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 294.408330][ T989] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input15 [ 294.428762][ T989] dvb-usb: schedule remote query interval to 400 msecs. [ 294.428792][ T989] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 294.433664][ T989] usb 5-1: USB disconnect, device number 19 [ 294.640370][ T989] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 295.858051][T10086] input: syz0 as /devices/virtual/input/input16 [ 296.456597][T10095] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1761'. [ 298.360769][ T38] kauditd_printk_skb: 4 callbacks suppressed [ 298.360792][ T38] audit: type=1326 audit(1756428527.391:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.2.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 298.361559][ T38] audit: type=1326 audit(1756428527.391:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.2.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 298.361856][ T38] audit: type=1326 audit(1756428527.391:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.2.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 298.363257][ T38] audit: type=1326 audit(1756428527.391:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.2.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 298.368398][ T38] audit: type=1326 audit(1756428527.391:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10103 comm="syz.2.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc168f3ebe9 code=0x7ffc0000 [ 306.058666][ T57] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 313.179089][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 313.240921][ T5999] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 313.259181][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 313.285169][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 313.310501][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 313.311647][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 313.635927][ T5999] usb 3-1: Using ep0 maxpacket: 32 [ 313.638751][ T5999] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 313.638786][ T5999] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 313.638827][ T5999] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 313.638853][ T5999] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.815222][ T5999] usb 3-1: config 0 descriptor?? [ 314.647885][ T5999] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0 [ 314.843740][ T5847] usb 3-1: USB disconnect, device number 13 [ 315.455699][ T5841] Bluetooth: hci1: command tx timeout [ 316.617137][ T5846] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 316.650070][ T5846] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 316.652585][ T5846] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 316.654097][ T5846] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 316.655190][ T5846] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 317.536068][ T5841] Bluetooth: hci1: command tx timeout [ 318.815633][ T5841] Bluetooth: hci6: command tx timeout [ 319.628472][ T5841] Bluetooth: hci1: command tx timeout [ 320.460092][ T15] sched: DL replenish lagged too much [ 320.896342][ T5841] Bluetooth: hci6: command tx timeout [ 321.695621][ T5841] Bluetooth: hci1: command tx timeout [ 322.184323][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.184412][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.978335][ T5841] Bluetooth: hci6: command tx timeout [ 325.066630][ T5841] Bluetooth: hci6: command tx timeout [ 325.246024][T10150] vxcan1: tx address claim with dest, not broadcast [ 327.323988][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 328.069286][ T5846] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 328.105828][ T5846] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 328.111615][ T5846] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 328.113045][ T5846] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 328.113961][ T5846] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 329.235697][T10143] chnl_net:caif_netlink_parms(): no params data found [ 329.613604][T10126] chnl_net:caif_netlink_parms(): no params data found [ 330.345580][ T5846] Bluetooth: hci7: command tx timeout [ 332.416584][ T5846] Bluetooth: hci7: command tx timeout [ 332.949447][ T5841] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 332.994273][ T5841] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 333.008498][ T5841] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 333.009932][ T5841] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 333.035140][ T5841] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 334.505480][ T5841] Bluetooth: hci7: command tx timeout [ 335.135789][ T5841] Bluetooth: hci8: command tx timeout [ 336.585605][ T5841] Bluetooth: hci7: command tx timeout [ 337.215980][ T5841] Bluetooth: hci8: command tx timeout [ 337.901768][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 339.327992][ T5841] Bluetooth: hci8: command tx timeout [ 341.506263][ T5841] Bluetooth: hci8: command tx timeout [ 342.407395][ T1282] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 374.113264][ T5846] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 374.138353][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 374.140029][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 374.141697][ T5846] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 374.167488][ T5846] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 375.572770][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 375.601014][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 375.602924][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 375.648432][ T5846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 375.649925][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 376.270999][ T5846] Bluetooth: hci0: command tx timeout [ 376.690114][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 376.740939][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 376.753781][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 376.769821][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 376.770766][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 377.775742][ T5841] Bluetooth: hci2: command tx timeout [ 378.357115][ T5841] Bluetooth: hci0: command tx timeout [ 378.815578][ T5841] Bluetooth: hci3: command tx timeout [ 379.863135][ T5841] Bluetooth: hci2: command tx timeout [ 380.430831][ T5841] Bluetooth: hci0: command tx timeout [ 380.895732][ T5841] Bluetooth: hci3: command tx timeout [ 381.166202][T10208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 381.935507][ T5841] Bluetooth: hci2: command tx timeout [ 382.506050][ T5841] Bluetooth: hci0: command tx timeout [ 382.990230][ T5841] Bluetooth: hci3: command tx timeout [ 384.015562][ T5841] Bluetooth: hci2: command tx timeout [ 384.506968][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.507062][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.065909][ T5841] Bluetooth: hci3: command tx timeout [ 386.954423][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 387.026115][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 387.030686][ T5846] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 387.034413][ T5846] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 387.071824][ T5846] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 389.215667][ T5846] Bluetooth: hci4: command tx timeout [ 391.295707][ T5846] Bluetooth: hci4: command tx timeout [ 393.375522][ T5846] Bluetooth: hci4: command tx timeout [ 393.498906][ T5841] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 393.523165][ T5841] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 393.524644][ T5841] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 393.527669][ T5841] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 393.530097][ T5841] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 395.455704][ T5846] Bluetooth: hci4: command tx timeout [ 395.615718][ T5846] Bluetooth: hci9: command tx timeout [ 397.695745][ T5846] Bluetooth: hci9: command tx timeout [ 399.775758][ T5846] Bluetooth: hci9: command tx timeout [ 401.855887][ T5846] Bluetooth: hci9: command tx timeout [ 411.321147][ T5846] Bluetooth: hci5: command 0x0406 tx timeout [ 414.137554][T10202] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 432.245130][ T5835] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 432.283437][ T5835] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 432.295812][ T5835] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 432.303389][ T5835] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 432.304966][ T5835] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 432.812723][ T5846] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 432.845010][ T5846] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 432.853823][ T5846] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 432.865968][ T5846] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 432.891762][ T5846] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 434.415511][ T5841] Bluetooth: hci10: command tx timeout [ 434.975651][ T5841] Bluetooth: hci11: command tx timeout [ 435.892416][ T5846] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 435.908345][ T5846] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 435.909843][ T5846] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 435.911071][ T5846] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 435.911897][ T5846] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 436.495472][ T5841] Bluetooth: hci10: command tx timeout [ 436.899340][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 437.055590][ T5841] Bluetooth: hci11: command tx timeout [ 438.027024][ T5841] Bluetooth: hci12: command tx timeout [ 438.585884][ T5841] Bluetooth: hci10: command tx timeout [ 439.139167][ T5841] Bluetooth: hci11: command tx timeout [ 440.105660][ T5846] Bluetooth: hci12: command tx timeout [ 440.187687][T10143] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg0": -EINTR [ 440.688417][ T5846] Bluetooth: hci10: command tx timeout [ 441.229791][ T5846] Bluetooth: hci11: command tx timeout [ 442.026463][ T5846] Bluetooth: hci6: command 0x0406 tx timeout [ 442.182734][ T5846] Bluetooth: hci12: command tx timeout [ 444.535834][ T5846] Bluetooth: hci12: command tx timeout [ 445.062322][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.062386][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 448.509398][ T5846] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 448.537634][ T5846] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 448.539101][ T5846] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 448.540390][ T5846] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 448.541514][ T5846] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 450.656118][ T5846] Bluetooth: hci13: command tx timeout [ 452.260017][ T5846] Bluetooth: hci7: command 0x0406 tx timeout [ 452.735929][ T5846] Bluetooth: hci13: command tx timeout [ 454.357005][ T59] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 454.382371][ T59] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 454.384332][ T59] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 454.404605][ T59] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 454.422117][ T59] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 454.815601][ T5846] Bluetooth: hci13: command tx timeout [ 456.895932][ T5841] Bluetooth: hci13: command tx timeout [ 458.831356][T10205] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 460.450449][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 493.117602][ T5841] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 493.137491][ T5841] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 493.139089][ T5841] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 493.160205][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 493.173487][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 493.732685][ T5846] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 493.768897][ T5846] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 493.770837][ T5846] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 493.772903][ T5846] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 493.773852][ T5846] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 494.032180][T10208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 496.963874][T10313] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 496.989784][T10313] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 496.991498][T10313] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 496.996073][T10313] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 497.019686][T10313] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 498.353830][T10314] Bluetooth: hci0: command 0x0406 tx timeout [ 498.353875][T10314] Bluetooth: hci2: command 0x0406 tx timeout [ 503.467989][T10318] Bluetooth: hci3: command 0x0406 tx timeout [ 503.500397][ T59] Bluetooth: hci14: command tx timeout [ 505.546402][T10318] Bluetooth: hci14: command tx timeout [ 506.509911][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.509992][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.615498][T10318] Bluetooth: hci14: command tx timeout [ 507.899410][ T59] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 507.918754][ T59] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 507.920141][ T59] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 507.922177][ T59] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 507.922982][ T59] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 509.695576][ T59] Bluetooth: hci14: command tx timeout [ 513.855532][T10323] Bluetooth: hci4: command 0x0406 tx timeout [ 514.472559][T10328] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 514.490214][T10328] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 514.491563][T10328] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 514.492719][T10328] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 514.525643][T10328] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 518.827063][T10328] Bluetooth: hci9: command 0x0406 tx timeout [ 526.415631][T10317] Bluetooth: hci1: command tx timeout [ 526.416271][T10317] Bluetooth: hci15: command tx timeout [ 526.416549][T10317] Bluetooth: hci16: command tx timeout [ 528.495991][ T5835] Bluetooth: hci15: command tx timeout [ 528.496028][ T5835] Bluetooth: hci1: command tx timeout [ 528.499503][T10317] Bluetooth: hci16: command tx timeout [ 530.577180][T10313] Bluetooth: hci1: command tx timeout [ 530.577218][T10313] Bluetooth: hci15: command tx timeout [ 530.579445][T10317] Bluetooth: hci16: command tx timeout [ 532.656259][ T59] Bluetooth: hci15: command tx timeout [ 532.656298][ T59] Bluetooth: hci1: command tx timeout [ 532.656355][T10318] Bluetooth: hci16: command tx timeout [ 533.775977][T10323] Bluetooth: hci8: command tx timeout [ 533.779228][T10318] Bluetooth: hci6: command tx timeout [ 535.192085][T10227] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 535.855673][T10318] Bluetooth: hci8: command tx timeout [ 535.859446][T10304] Bluetooth: hci6: command tx timeout [ 536.575861][ T39] INFO: task syz-executor:10165 blocked for more than 145 seconds. [ 536.575902][ T39] Not tainted syzkaller #0 [ 536.575913][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.575927][ T39] task:syz-executor state:D stack:23912 pid:10165 tgid:10165 ppid:1 task_flags:0x400140 flags:0x00004006 [ 536.575989][ T39] Call Trace: [ 536.575996][ T39] [ 536.576012][ T39] __schedule+0x16f3/0x4c20 [ 536.576069][ T39] ? __pfx___schedule+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 536.576114][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.576162][ T39] rt_mutex_schedule+0x77/0xf0 [ 536.576183][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 536.576206][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 536.576247][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 536.576273][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 536.576296][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 536.576315][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.576356][ T39] ? wg_netns_pre_exit+0x1c/0x1d0 [ 536.576384][ T39] ? net_generic+0x1e/0x240 [ 536.576411][ T39] ? wg_netns_pre_exit+0x1c/0x1d0 [ 536.576430][ T39] mutex_lock_nested+0x16a/0x1d0 [ 536.576471][ T39] wg_netns_pre_exit+0x1c/0x1d0 [ 536.576504][ T39] ops_undo_list+0x187/0x990 [ 536.576540][ T39] ? __pfx_ops_undo_list+0x10/0x10 [ 536.576565][ T39] ? ops_init+0x469/0x5c0 [ 536.576602][ T39] setup_net+0x2d3/0x320 [ 536.576631][ T39] ? __pfx_setup_net+0x10/0x10 [ 536.576660][ T39] ? __mutex_rt_init+0x3b/0x50 [ 536.576689][ T39] copy_net_ns+0x31b/0x4d0 [ 536.576720][ T39] create_new_namespaces+0x3f3/0x720 [ 536.576752][ T39] ? security_capable+0x7e/0x2e0 [ 536.576791][ T39] unshare_nsproxy_namespaces+0x11c/0x170 [ 536.576822][ T39] ksys_unshare+0x4c8/0x8c0 [ 536.576863][ T39] ? __pfx_ksys_unshare+0x10/0x10 [ 536.576895][ T39] ? rt_spin_unlock+0x65/0x80 [ 536.576929][ T39] __x64_sys_unshare+0x38/0x50 [ 536.576962][ T39] do_syscall_64+0xfa/0x3b0 [ 536.576990][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.577017][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.577058][ T39] ? clear_bhb_loop+0x60/0xb0 [ 536.577085][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.577114][ T39] RIP: 0033:0x7f5a54ab03e7 [ 536.577137][ T39] RSP: 002b:00007ffe91add9e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 536.577164][ T39] RAX: ffffffffffffffda RBX: 00007f5a54cd5f40 RCX: 00007f5a54ab03e7 [ 536.577181][ T39] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 536.577196][ T39] RBP: 00007f5a54cd67b8 R08: 0000000000000000 R09: 0000000000000000 [ 536.577210][ T39] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 536.577224][ T39] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 536.577258][ T39] [ 536.577287][ T39] INFO: task syz-executor:10258 blocked for more than 145 seconds. [ 536.577302][ T39] Not tainted syzkaller #0 [ 536.577314][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.577324][ T39] task:syz-executor state:D stack:26952 pid:10258 tgid:10258 ppid:1 task_flags:0x400140 flags:0x00004004 [ 536.577388][ T39] Call Trace: [ 536.577395][ T39] [ 536.577409][ T39] __schedule+0x16f3/0x4c20 [ 536.577467][ T39] ? __pfx___schedule+0x10/0x10 [ 536.577522][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.577555][ T39] rt_mutex_schedule+0x77/0xf0 [ 536.577576][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 536.577599][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 536.577642][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 536.577668][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 536.577692][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 536.577713][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.577756][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.577798][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 536.577834][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.577866][ T39] mutex_lock_nested+0x16a/0x1d0 [ 536.577894][ T39] inet_rtm_newaddr+0x3b0/0x18b0 [ 536.577941][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.577997][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.578030][ T39] rtnetlink_rcv_msg+0x7cc/0xb70 [ 536.578057][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.578089][ [ 536.578089][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 536.578115][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.578162][ T39] netlink_rcv_skb+0x205/0x470 [ 536.578188][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.578219][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.578247][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.578289][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 536.578326][ T39] netlink_unicast+0x843/0xa10 [ 536.578361][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 536.578397][ T39] ? netlink_sendmsg+0x642/0xb30 [ 536.578420][ T39] ? skb_put+0x11b/0x210 [ 536.578451][ T39] netlink_sendmsg+0x805/0xb30 [ 536.578486][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.578549][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 536.578571][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.578599][ T39] __sock_sendmsg+0x219/0x270 [ 536.578627][ T39] __sys_sendto+0x3c7/0x520 [ 536.578669][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 536.578724][ T39] ? exc_page_fault+0x76/0xf0 [ 536.578753][ T39] ? do_user_addr_fault+0xc8a/0x1390 [ 536.578783][ T39] __x64_sys_sendto+0xde/0x100 [ 536.578813][ T39] do_syscall_64+0xfa/0x3b0 [ 536.578839][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.578864][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.578884][ T39] ? clear_bhb_loop+0x60/0xb0 [ 536.578909][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.578928][ T39] RIP: 0033:0x7f3329b30a7c [ 536.578944][ T39] RSP: 002b:00007fff05f79a00 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 536.578964][ T39] RAX: ffffffffffffffda RBX: 00007f332a884620 RCX: 00007f3329b30a7c [ 536.578979][ T39] RDX: 0000000000000028 RSI: 00007f332a884670 RDI: 0000000000000003 [ 536.578992][ T39] RBP: 0000000000000000 R08: 00007fff05f79a54 R09: 000000000000000c [ 536.579005][ T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 536.579017][ T39] R13: 0000000000000000 R14: 00007f332a884670 R15: 0000000000000000 [ 536.579048][ T39] [ 536.579056][ T39] INFO: task syz-executor:10261 blocked for more than 145 seconds. [ 536.579070][ T39] Not tainted syzkaller #0 [ 536.579080][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.579090][ T39] task:syz-executor state:D stack:26952 pid:10261 tgid:10261 ppid:1 task_flags:0x400140 flags:0x00004004 [ 536.579145][ T39] Call Trace: [ 536.579152][ T39] [ 536.579164][ T39] __schedule+0x16f3/0x4c20 [ 536.579216][ T39] ? __pfx___schedule+0x10/0x10 [ 536.579259][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.579289][ T39] rt_mutex_schedule+0x77/0xf0 [ 536.579308][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 536.579328][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 536.579367][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 536.579390][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 536.579412][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 536.579430][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.579468][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.579512][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 536.579544][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.579571][ T39] mutex_lock_nested+0x16a/0x1d0 [ 536.579598][ T39] inet_rtm_newaddr+0x3b0/0x18b0 [ 536.579639][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.579688][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.579718][ T39] rtnetlink_rcv_msg+0x7cc/0xb70 [ 536.579742][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.579771][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 536.579794][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.579837][ T39] netlink_rcv_skb+0x205/0x470 [ 536.579858][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.579885][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.579911][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.579966][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 536.580048][ T39] netlink_unicast+0x843/0xa10 [ 536.580081][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 536.580108][ T39] ? netlink_sendmsg+0x642/0xb30 [ 536.580132][ T39] ? skb_put+0x11b/0x210 [ 536.580164][ T39] netlink_sendmsg+0x805/0xb30 [ 536.580202][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.580239][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 536.580260][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.580288][ T39] __sock_sendmsg+0x219/0x270 [ 536.580315][ T39] __sys_sendto+0x3c7/0x520 [ 536.580345][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 536.580404][ T39] ? exc_page_fault+0x76/0xf0 [ 536.580435][ T39] ? do_user_addr_fault+0xc8a/0x1390 [ 536.580466][ T39] __x64_sys_sendto+0xde/0x100 [ 536.580506][ T39] do_syscall_64+0xfa/0x3b0 [ 536.580534][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.580561][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.580582][ T39] ? clear_bhb_loop+0x60/0xb0 [ 536.580609][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.580629][ T39] RIP: 0033:0x7f7315f80a7c [ 536.580647][ T39] RSP: 002b:00007ffdd13aacb0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 536.580668][ T39] RAX: ffffffffffffffda RBX: 00007f7316cd4620 RCX: 00007f7315f80a7c [ 536.580685][ T39] RDX: 0000000000000028 RSI: 00007f7316cd4670 RDI: 0000000000000003 [ 536.580699][ T39] RBP: 0000000000000000 R08: 00007ffdd13aad04 R09: 000000000000000c [ 536.580712][ T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 536.580725][ T39] R13: 0000000000000000 R14: 00007f7316cd4670 R15: 0000000000000000 [ 536.580758][ T39] [ 536.580767][ T39] INFO: task syz-executor:10263 blocked for more than 145 seconds. [ 536.580782][ T39] Not tainted syzkaller #0 [ 536.580793][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.580802][ T39] task:syz-executor state:D stack:26952 pid:10263 tgid:10263 ppid:1 task_flags:0x400140 flags:0x00004004 [ 536.580863][ T39] Call Trace: [ 536.580870][ T39] [ 536.580883][ T39] __schedule+0x16f3/0x4c20 [ 536.580938][ T39] ? __pfx___schedule+0x10/0x10 [ 536.580986][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.581017][ T39] rt_mutex_schedule+0x77/0xf0 [ 536.581038][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 536.581061][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 536.581102][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 536.581127][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 536.581161][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 536.581180][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.581218][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.581256][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 536.581289][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.581317][ T39] mutex_lock_nested+0x16a/0x1d0 [ 536.581343][ T39] inet_rtm_newaddr+0x3b0/0x18b0 [ 536.581384][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.581434][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.581464][ T39] rtnetlink_rcv_msg+0x7cc/0xb70 [ 536.581487][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.581523][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 536.581545][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.581588][ T39] netlink_rcv_skb+0x205/0x470 [ 536.581610][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.581637][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.581663][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.581701][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 536.581734][ T39] netlink_unicast+0x843/0xa10 [ 536.581765][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 536.581790][ T39] ? netlink_sendmsg+0x642/0xb30 [ 536.581813][ T39] ? skb_put+0x11b/0x210 [ 536.581843][ T39] netlink_sendmsg+0x805/0xb30 [ 536.581878][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.581912][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 536.581932][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.581958][ T39] __sock_sendmsg+0x219/0x270 [ 536.581983][ T39] __sys_sendto+0x3c7/0x520 [ 536.582012][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 536.582067][ T39] ? exc_page_fault+0x76/0xf0 [ 536.582097][ T39] ? do_user_addr_fault+0xc8a/0x1390 [ 536.582127][ T39] __x64_sys_sendto+0xde/0x100 [ 536.582157][ T39] do_syscall_64+0xfa/0x3b0 [ 536.582183][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.582208][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.582228][ T39] ? clear_bhb_loop+0x60/0xb0 [ 536.582253][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.582273][ T39] RIP: 0033:0x7efe940b0a7c [ 536.582289][ T39] RSP: 002b:00007ffc46c846f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 536.582309][ T39] RAX: ffffffffffffffda RBX: 00007efe94e04620 RCX: 00007efe940b0a7c [ 536.582324][ T39] RDX: 0000000000000028 RSI: 00007efe94e04670 RDI: 0000000000000003 [ 536.582356][ T39] RBP: 0000000000000000 R08: 00007ffc46c84744 R09: 000000000000000c [ 536.582369][ T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 536.582382][ T39] R13: 0000000000000000 R14: 00007efe94e04670 R15: 0000000000000000 [ 536.582416][ T39] [ 536.582424][ T39] INFO: task syz-executor:10270 blocked for more than 145 seconds. [ 536.582439][ T39] Not tainted syzkaller #0 [ 536.582450][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 536.582459][ T39] task:syz-executor state:D stack:26952 pid:10270 tgid:10270 ppid:1 task_flags:0x400140 flags:0x00004004 [ 536.582526][ T39] Call Trace: [ 536.582534][ T39] [ 536.582547][ T39] __schedule+0x16f3/0x4c20 [ 536.582602][ T39] ? __pfx___schedule+0x10/0x10 [ 536.582649][ T39] ? _raw_spin_unlock_irq+0x23/0x50 [ 536.582681][ T39] rt_mutex_schedule+0x77/0xf0 [ 536.582701][ T39] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 536.582723][ T39] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 536.582765][ T39] rt_mutex_slowlock+0x2b1/0x6e0 [ 536.582789][ T39] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 536.582813][ T39] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 536.582832][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.582872][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.582914][ T39] ? is_bpf_text_address+0x26/0x2b0 [ 536.582947][ T39] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 536.582977][ T39] mutex_lock_nested+0x16a/0x1d0 [ 536.583005][ T39] inet_rtm_newaddr+0x3b0/0x18b0 [ 536.583048][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.583102][ T39] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 536.583134][ T39] rtnetlink_rcv_msg+0x7cc/0xb70 [ 536.583159][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.583190][ T39] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 536.583226][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.583268][ T39] netlink_rcv_skb+0x205/0x470 [ 536.583290][ T39] ? __lock_acquire+0xab9/0xd20 [ 536.583316][ T39] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 536.583342][ T39] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 536.583379][ T39] ? netlink_deliver_tap+0x2e/0x1b0 [ 536.583413][ T39] netlink_unicast+0x843/0xa10 [ 536.583444][ T39] ? __pfx_netlink_unicast+0x10/0x10 [ 536.583468][ T39] ? netlink_sendmsg+0x642/0xb30 [ 536.583491][ T39] ? skb_put+0x11b/0x210 [ 536.583527][ T39] netlink_sendmsg+0x805/0xb30 [ 536.583562][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.583596][ T39] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 536.583615][ T39] ? __pfx_netlink_sendmsg+0x10/0x10 [ 536.583641][ T39] __sock_sendmsg+0x219/0x270 [ 536.583667][ T39] __sys_sendto+0x3c7/0x520 [ 536.583695][ T39] ? __pfx___sys_sendto+0x10/0x10 [ 536.583769][ T39] ? exc_page_fault+0x76/0xf0 [ 536.583800][ T39] ? do_user_addr_fault+0xc8a/0x1390 [ 536.583831][ T39] __x64_sys_sendto+0xde/0x100 [ 536.583862][ T39] do_syscall_64+0xfa/0x3b0 [ 536.583889][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 536.583916][ T39] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.583938][ T39] ? clear_bhb_loop+0x60/0xb0 [ 536.583965][ T39] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.583986][ T39] RIP: 0033:0x7fec00010a7c [ 536.584004][ T39] RSP: 002b:00007ffd11cfd4b0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 536.584025][ T39] RAX: ffffffffffffffda RBX: 00007fec00d64620 RCX: 00007fec00010a7c [ 536.584041][ T39] RDX: 0000000000000028 RSI: 00007fec00d64670 RDI: 0000000000000003 [ 536.584055][ T39] RBP: 0000000000000000 R08: 00007ffd11cfd504 R09: 000000000000000c [ 536.584069][ T39] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 536.584082][ T39] R13: 0000000000000000 R14: 00007fec00d64670 R15: 0000000000000000 [ 536.584116][ T39] [ 536.584144][ T39] [ 536.584144][ T39] Showing all locks held in the system: [ 536.584154][ T39] 2 locks held by kworker/0:0/9: [ 536.584167][ T39] 2 locks held by ksoftirqd/0/15: [ 536.584181][ T39] 1 lock held by khungtaskd/39: [ 536.584193][ T39] #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 536.584256][ T39] 3 locks held by kworker/u8:7/1282: [ 536.584268][ T39] #0: ffff88814d25e138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 536.584324][ T39] #1: ffffc9000509fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 536.584381][ T39] #2: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 536.584445][ T39] 2 locks held by getty/5598: [ 536.584457][ T39] #0: ffff88823bf5e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 536.584522][ T39] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 536.584578][ T39] 3 locks held by kworker/1:6/5999: [ 536.584590][ T39] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 536.584644][ T39] #1: ffffc9000557fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 536.584698][ T39] #2: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 536.584759][ T39] 3 locks held by kworker/u8:15/7883: [ 536.584771][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 536.584825][ T39] #1: ffffc9000611fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 536.584880][ T39] #2: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 536.584940][ T39] 4 locks held by kworker/u8:22/9141: [ 536.584952][ T39] #0: ffff88801a6f4138 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 536.585006][ T39] #1: ffffc900061c7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 536.585060][ T39] #2: ffffffff8ecc51c0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 536.585114][ T39] #3: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 536.585163][ T39] 1 lock held by syz.4.1769/10114: [ 536.585174][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 537.025364][ T39] 1 lock held by syz-executor/10126: [ 537.025382][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 537.025443][ T39] 1 lock held by syz.2.1780/10141: [ 537.025455][ T39] #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 537.025502][ T39] 1 lock held by syz-executor/10143: [ 537.025513][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 537.025567][ T39] 2 locks held by syz-executor/10165: [ 537.025578][ T39] #0: ffffffff8ecc51c0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 537.025628][ T39] #1: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0 [ 537.025676][ T39] 5 locks held by kworker/u8:29/10202: [ 537.025688][ T39] 2 locks held by kworker/u8:35/10208: [ 537.025703][ T39] 3 locks held by kworker/u8:65/10238: [ 537.025714][ T39] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 537.025781][ T39] #1: ffffc9000154fbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 537.025834][ T39] #2: ffff88805e3c0898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 537.025886][ T39] 2 locks held by syz.6.1796/10251: [ 537.025898][ T39] #0: ffffffff8ecc51c0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 537.025946][ T39] #1: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x80/0x210 [ 537.026001][ T39] 1 lock held by syz-executor/10258: [ 537.026012][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026069][ T39] 1 lock held by syz-executor/10261: [ 537.026080][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026137][ T39] 1 lock held by syz-executor/10263: [ 537.026148][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026204][ T39] 1 lock held by syz-executor/10270: [ 537.026215][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026270][ T39] 1 lock held by syz-executor/10273: [ 537.026282][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026340][ T39] 1 lock held by syz-executor/10285: [ 537.026352][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026408][ T39] 1 lock held by syz-executor/10287: [ 537.026419][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026475][ T39] 1 lock held by syz-executor/10290: [ 537.026486][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026542][ T39] 1 lock held by syz-executor/10297: [ 537.026555][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026611][ T39] 1 lock held by syz-executor/10302: [ 537.026622][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026679][ T39] 1 lock held by syz-executor/10308: [ 537.026691][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026752][ T39] 1 lock held by syz-executor/10310: [ 537.026763][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026820][ T39] 1 lock held by syz-executor/10315: [ 537.026831][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026887][ T39] 1 lock held by syz-executor/10320: [ 537.026898][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.026956][ T39] 1 lock held by syz-executor/10327: [ 537.026967][ T39] #0: ffffffff8ecd20b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 537.027026][ T39] [ 537.027031][ T39] ============================================= [ 537.027031][ T39] [ 537.027057][ T39] NMI backtrace for cpu 1 [ 537.027085][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 537.027128][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 537.027149][ T39] Call Trace: [ 537.027160][ T39] [ 537.027169][ T39] dump_stack_lvl+0x189/0x250 [ 537.027220][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 537.027252][ T39] ? __pfx__printk+0x10/0x10 [ 537.027291][ T39] nmi_cpu_backtrace+0x39e/0x3d0 [ 537.027319][ T39] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 537.027346][ T39] ? __pfx__printk+0x10/0x10 [ 537.027375][ T39] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 537.027405][ T39] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 537.027432][ T39] watchdog+0xf93/0xfe0 [ 537.027466][ T39] ? watchdog+0x1de/0xfe0 [ 537.027500][ T39] kthread+0x711/0x8a0 [ 537.027537][ T39] ? __pfx_watchdog+0x10/0x10 [ 537.027563][ T39] ? __pfx_kthread+0x10/0x10 [ 537.027601][ T39] ? __pfx_kthread+0x10/0x10 [ 537.027634][ T39] ret_from_fork+0x3fc/0x770 [ 537.027665][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 537.027700][ T39] ? __switch_to_asm+0x39/0x70 [ 537.027728][ T39] ? __switch_to_asm+0x33/0x70 [ 537.027747][ T39] ? __pfx_kthread+0x10/0x10 [ 537.027782][ T39] ret_from_fork_asm+0x1a/0x30 [ 537.027821][ T39] [ 537.027829][ T39] Sending NMI from CPU 1 to CPUs 0: [ 537.027857][ C0] NMI backtrace for cpu 0 [ 537.027874][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 537.027907][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 537.027924][ C0] RIP: 0010:unwind_next_frame+0x10e/0x2390 [ 537.027957][ C0] Code: 7d 94 0d 00 75 1f c6 05 17 7d 94 0d 01 48 c7 c7 20 45 08 8b be 4b 03 00 00 48 c7 c2 60 45 08 8b e8 47 69 29 00 4c 89 6c 24 70 <48> 89 5c 24 68 4d 8d 6e 50 4c 89 e8 48 c1 e8 03 48 89 44 24 38 80 [ 537.027973][ C0] RSP: 0018:ffffc90000156918 EFLAGS: 00000202 [ 537.027990][ C0] RAX: 0000000000000001 RBX: ffffffff88e2bc87 RCX: 47a8f83957c3ca00 [ 537.028003][ C0] RDX: 0000000000000000 RSI: ffffffff8b620de0 RDI: ffffffff8b620da0 [ 537.028016][ C0] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8172b165 [ 537.028029][ C0] R10: ffffc90000156a38 R11: ffffffff81aae030 R12: 1ffff9200002ad3d [ 537.028043][ C0] R13: ffffc90000156a20 R14: ffffc900001569e8 R15: ffffffff8172b165 [ 537.028058][ C0] FS: 0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 537.028073][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 537.028086][ C0] CR2: 00007fa74f45deef CR3: 000000003f2d8000 CR4: 00000000003526f0 [ 537.028102][ C0] Call Trace: [ 537.028108][ C0] [ 537.028120][ C0] ? unwind_next_frame+0xa5/0x2390 [ 537.028146][ C0] ? __napi_poll+0xb6/0x540 [ 537.028167][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 537.028188][ C0] arch_stack_walk+0x11c/0x150 [ 537.028218][ C0] ? net_rx_action+0x707/0xe00 [ 537.028242][ C0] stack_trace_save+0x9c/0xe0 [ 537.028260][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 537.028277][ C0] ? do_raw_spin_lock+0x121/0x290 [ 537.028305][ C0] kasan_save_track+0x3e/0x80 [ 537.028326][ C0] ? kasan_save_track+0x3e/0x80 [ 537.028344][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 537.028365][ C0] ? kmem_cache_alloc_node_noprof+0x14e/0x330 [ 537.028390][ C0] ? kmalloc_reserve+0xbd/0x290 [ 537.028424][ C0] ? __alloc_skb+0x142/0x2d0 [ 537.028444][ C0] ? synproxy_send_client_synack+0x16c/0xe20 [ 537.028474][ C0] ? nft_synproxy_eval_v4+0x36e/0x560 [ 537.028501][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 537.028527][ C0] ? nft_do_chain+0x40c/0x1920 [ 537.028550][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 537.028576][ C0] ? nf_hook_slow+0xc5/0x220 [ 537.028596][ C0] ? NF_HOOK+0x206/0x3a0 [ 537.028616][ C0] ? NF_HOOK+0x309/0x3a0 [ 537.028634][ C0] ? __netif_receive_skb+0x143/0x380 [ 537.028663][ C0] ? process_backlog+0x31e/0x900 [ 537.028681][ C0] ? __napi_poll+0xb6/0x540 [ 537.028695][ C0] ? net_rx_action+0x707/0xe00 [ 537.028752][ C0] ? kmalloc_reserve+0xbd/0x290 [ 537.028789][ C0] __kasan_slab_alloc+0x6c/0x80 [ 537.028809][ C0] ? kmalloc_reserve+0xbd/0x290 [ 537.028829][ C0] kmem_cache_alloc_node_noprof+0x14e/0x330 [ 537.028855][ C0] kmalloc_reserve+0xbd/0x290 [ 537.028877][ C0] __alloc_skb+0x142/0x2d0 [ 537.028899][ C0] synproxy_send_client_synack+0x16c/0xe20 [ 537.028946][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 537.028968][ C0] ? nft_osf_reduce+0x440/0x560 [ 537.028992][ C0] ? synproxy_pernet+0x45/0x270 [ 537.029022][ C0] nft_synproxy_eval_v4+0x36e/0x560 [ 537.029052][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 537.029081][ C0] ? nf_ip_checksum+0x13c/0x510 [ 537.029110][ C0] nft_synproxy_do_eval+0x345/0x570 [ 537.029139][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 537.029176][ C0] nft_do_chain+0x40c/0x1920 [ 537.029201][ C0] ? __pfx_nft_rt_get_eval+0x10/0x10 [ 537.029233][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 537.029262][ C0] ? nft_do_chain+0x171f/0x1920 [ 537.029303][ C0] nft_do_chain_inet+0x25d/0x340 [ 537.029328][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 537.029354][ C0] ? __lock_acquire+0xab9/0xd20 [ 537.029383][ C0] ? NF_HOOK+0x9a/0x3a0 [ 537.029403][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 537.029429][ C0] nf_hook_slow+0xc5/0x220 [ 537.029454][ C0] NF_HOOK+0x206/0x3a0 [ 537.029479][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 537.029500][ C0] ? NF_HOOK+0x9a/0x3a0 [ 537.029520][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 537.029538][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 537.029561][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 537.029584][ C0] ? skb_dst+0x4f/0xd0 [ 537.029604][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 537.029627][ C0] NF_HOOK+0x309/0x3a0 [ 537.029647][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 537.029668][ C0] ? NF_HOOK+0x9a/0x3a0 [ 537.029687][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 537.029708][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 537.029735][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 537.029754][ C0] __netif_receive_skb+0x143/0x380 [ 537.029772][ C0] ? rt_spin_unlock+0x65/0x80 [ 537.029791][ C0] ? process_backlog+0x27b/0x900 [ 537.029810][ C0] process_backlog+0x31e/0x900 [ 537.029837][ C0] __napi_poll+0xb6/0x540 [ 537.029857][ C0] net_rx_action+0x707/0xe00 [ 537.029888][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 537.029927][ C0] handle_softirqs+0x22c/0x710 [ 537.029954][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 537.029982][ C0] run_ktimerd+0xcf/0x190 [ 537.030005][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 537.030030][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 537.030052][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 537.030073][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 537.030093][ C0] smpboot_thread_fn+0x542/0xa60 [ 537.030115][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 537.030141][ C0] kthread+0x711/0x8a0 [ 537.030168][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 537.030190][ C0] ? __pfx_kthread+0x10/0x10 [ 537.030218][ C0] ? __pfx_kthread+0x10/0x10 [ 537.030244][ C0] ret_from_fork+0x3fc/0x770 [ 537.030268][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 537.030293][ C0] ? __switch_to_asm+0x39/0x70 [ 537.030309][ C0] ? __switch_to_asm+0x33/0x70 [ 537.030325][ C0] ? __pfx_kthread+0x10/0x10 [ 537.030350][ C0] ret_from_fork_asm+0x1a/0x30 [ 537.030376][ C0] [ 537.030859][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 537.030875][ T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 537.030899][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 537.030911][ T39] Call Trace: [ 537.030919][ T39] [ 537.030927][ T39] dump_stack_lvl+0x99/0x250 [ 537.030960][ T39] ? __asan_memcpy+0x40/0x70 [ 537.030983][ T39] ? __pfx_dump_stack_lvl+0x10/0x10 [ 537.031014][ T39] ? __pfx__printk+0x10/0x10 [ 537.031051][ T39] vpanic+0x281/0x750 [ 537.031085][ T39] ? __pfx_vpanic+0x10/0x10 [ 537.031112][ T39] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 537.031135][ T39] ? lockdep_hardirqs_on+0x9c/0x150 [ 537.031173][ T39] panic+0xb9/0xc0 [ 537.031203][ T39] ? __pfx_panic+0x10/0x10 [ 537.031236][ T39] ? irq_work_queue+0xc3/0x140 [ 537.031267][ T39] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 537.031292][ T39] watchdog+0xfd2/0xfe0 [ 537.031323][ T39] ? watchdog+0x1de/0xfe0 [ 537.031356][ T39] kthread+0x711/0x8a0 [ 537.031392][ T39] ? __pfx_watchdog+0x10/0x10 [ 537.031417][ T39] ? __pfx_kthread+0x10/0x10 [ 537.031454][ T39] ? __pfx_kthread+0x10/0x10 [ 537.031487][ T39] ret_from_fork+0x3fc/0x770 [ 537.031518][ T39] ? __pfx_ret_from_fork+0x10/0x10 [ 537.031552][ T39] ? __switch_to_asm+0x39/0x70 [ 537.031571][ T39] ? __switch_to_asm+0x33/0x70 [ 537.031590][ T39] ? __pfx_kthread+0x10/0x10 [ 537.031624][ T39] ret_from_fork_asm+0x1a/0x30 [ 537.031672][ T39] [ 537.032007][ T39] Kernel Offset: disabled