last executing test programs: 15.012971779s ago: executing program 2 (id=770): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800f31dd9ab07ea1f574df19e05", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) 14.790278686s ago: executing program 2 (id=773): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$kcm(0x10, 0x2, 0x0) socket$nl_audit(0x10, 0x3, 0x9) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r3 = socket$netlink(0x10, 0x3, 0x10) syz_emit_vhci(0x0, 0x5a) bind$netlink(r3, &(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r4 = dup(r2) getsockname$packet(r4, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000100)=0x14) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000200), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180), 0x4) sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="300000002a000900000000000000000004"], 0x30}, 0x1, 0x3000000}, 0x0) syz_usb_connect$uac1(0x5, 0xf7, &(0x7f0000000340)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe5, 0x3, 0x1, 0xd, 0xa0, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x4, 0x4}, [@mixer_unit={0x9, 0x24, 0x4, 0x2, 0xdc, "7118ce1a"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x203, 0x5, 0x8d, 0x6, 0x80, 0x9}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0xfe, 0x4, 0x49, 0x95, 0x5, 0x3}, @feature_unit={0x11, 0x24, 0x6, 0x1, 0x3, 0x5, [0x3, 0x6, 0x6, 0x2, 0x5], 0x7}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x6, 0x3, 0x9, 0x5, "3511c396221085c831"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0xb924, 0x9, 0x1, "9f4c3277"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xf691, 0xd50, 0x6}, @as_header={0x7, 0x24, 0x1, 0x6, 0x14}]}, {{0x9, 0x5, 0x1, 0x9, 0x800, 0x4, 0x2, 0x3, {0x7, 0x25, 0x1, 0x2, 0x5, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x8, 0x7}, @as_header={0x7, 0x24, 0x1, 0x5, 0xf2, 0x5}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x7, 0x1, 0x10, 0x7, "80", "8b"}, @as_header={0x7, 0x24, 0x1, 0x7, 0x33, 0x2}, @as_header={0x7, 0x24, 0x1, 0xe4, 0xc7, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x49, 0x7, 0x4, {0x7, 0x25, 0x1, 0x0, 0x5, 0x4}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x2, 0x0, 0x7, 0x40, 0x4}, 0x50, &(0x7f0000000240)={0x5, 0xf, 0x50, 0x6, [@ssp_cap={0x1c, 0x10, 0xa, 0x20, 0x4, 0xa, 0x0, 0xa9, [0x3fcf, 0xffc017, 0xff3fcf, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "8819c7ac774913570bcd00cdfa173cae"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0xf7, 0x58, 0x4}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x2, 0x3, 0xbc2d}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x2, 0x2}, @ptm_cap={0x3}]}, 0x3, [{0x68, &(0x7f0000000440)=ANY=[@ANYBLOB="680343f171bb752d4410e936e13cde6ddf5679bd404328ea815224326565a3cdfee2dec3d497f5620e6d64cfc442cbb2ee4101c07c6c9056a7201ce4b01f43b69938c984cc664eb87afb74881a207c8cdf1bd5ea373e5210a97f51eb786616ff8b37f1078dbfdcfa"]}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x444}}, {0xa, &(0x7f0000000500)=@string={0xa, 0x3, "7fc448d21d0a7bc4"}}]}) 14.075325085s ago: executing program 1 (id=779): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x18, 0x2, [@TCA_CAKE_BASE_RATE64={0xc, 0x2, 0x2ffffffff}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0) 13.825790356s ago: executing program 1 (id=780): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 13.6286765s ago: executing program 4 (id=782): syz_emit_vhci(0x0, 0x22) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202ce9eaa48b326b038d97544c8b681bad547412afab3663029531077c8c4fa2f7501610d4eae6214096ae92430cd63486f07b04d9c519ab15a6e842e1352398f95ff35f5115a2c6c50f63336179b5e6b1f774a63506e8cb76bba42c6bee078240ec871a2bcf7dd5691833ac53a02f3614eae3afb9549df1b77ce0baebc9f6306644f6f08bbd3ca3229d272acd3483bf3ae4228f7a2b839594856918b10ca47ad4dc249d99c244aba277d101b5ac305"], 0xd) syz_emit_vhci(&(0x7f00000007c0)=ANY=[@ANYBLOB="042c1101c800000000000000000000000000000276e92be46cb4b048789e1eff4539e87b6bfb1fc6b7b85198f1ac5a68bdfb2e42474e6586935e56ee8bcc2b0862303fbda9aa452269363c343eda10b4e32b7e2b3f98468211959c7afff672359f2fe3b5391504b6da3e22412f476d10c5d40408587c2e2f9d44704d2dec295943edfd2d8c660e13bad71d93f1b6eba3b78f7c5b3429aa231816974c25cd997e7ada60073cfe534e335ad4121654b50dbfa355e5"], 0x14) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000780), 0x208e24b) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0xfecc) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') lseek(r2, 0x4, 0x0) getdents(r2, 0x0, 0x48) ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f00000002c0)={0x0, &(0x7f0000000340)=""/121, 0x79}) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000ac0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xfffffffc, 0xffffffffffffffe1, 0x0, 0x0, 0x10001, 0xfffffffffffff924], 0x2}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r4 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) socket$pppl2tp(0x18, 0x1, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r5, 0xffffffffffffffff, 0x2) sendmsg$NFT_MSG_GETCHAIN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c000000040a01040000000000000000020000000900010073797a300000000008000a4000000003100008800c00014000000000ffffffff0900030073797a31000000000800054000000000d1a33ea3db306d057801737f97839c50db8676ef5534a9d50a53104dd77926"], 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x4008800) unshare(0x40040000) fstat(0xffffffffffffffff, &(0x7f0000002600)) getgroups(0x2, &(0x7f0000002700)=[0xee01, 0xffffffffffffffff]) geteuid() read$FUSE(0xffffffffffffffff, &(0x7f0000002880)={0x2020}, 0x2020) 13.483847841s ago: executing program 3 (id=783): bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800f31dd9ab07ea1f574df19e05", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) 13.409476261s ago: executing program 3 (id=784): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0xc9, &(0x7f0000000740)=ANY=[@ANYBLOB="a1292cc857f0d8724bf8c60180c200000000006b1fb0aa824a0c17000000008847000000000000000000000000000f0000421400ab0065000001061078ac1414bbffffffff444c5871e0000002000000006401010000000000ac1414aa00000005ac14143500000001ac141432000000050000000000000001ac1414aa00000002ac1e010100000002ac141413000000018608ffffffff0702441c21330000000000000005ac1e010100000008e0000002000000059404010000000000000000000000000000000004"], 0x0) pipe2(&(0x7f0000000000), 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) gettid() timer_create(0x0, &(0x7f0000000180), 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050003000000000000002100000008000300", @ANYRES32=r5, @ANYBLOB="8f55c8a6e776a1f2184ffc2ae6325ee2689e77eb7f700d27dd92ab70627af5d76ff675c9b6b674fa1808d7a16b5e28ef855e853e887090682d01d919cdca3f65b2447669212f4273e9822658673b3e7934140e36b49d2fe15fac27ea997450a7572a0ed31dec822ac699a6b573f6065541fd5b6abbac9a391f7c70a94a9cd9e58401287ddb19028b1d68dc6830e1651f6862da0c48"], 0x3c}}, 0x0) 13.19474491s ago: executing program 4 (id=785): r0 = mq_open(&(0x7f00005a1ffb)='e\xeeQ\x92o', 0x42, 0x0, 0x0) r1 = dup2(r0, r0) mq_notify(r1, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x3, 0x7) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00') preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000440)=""/200, 0xc8}], 0x1, 0x14a, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) sendmsg$nl_route(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x34}}, 0x0) 13.170310126s ago: executing program 0 (id=786): close(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="28000000140001000000000000000000021f0000", @ANYRES32=r2, @ANYBLOB="08000200ac1414aa080008005072"], 0x28}}, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1}, 0x24}}, 0x0) 12.96383888s ago: executing program 4 (id=787): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0xc9, &(0x7f0000000740)=ANY=[@ANYBLOB="a1292cc857f0d8724bf8c60180c200000000006b1fb0aa824a0c17000000008847000000000000000000000000000f0000421400ab0065000001061078ac1414bbffffffff444c5871e0000002000000006401010000000000ac1414aa00000005ac14143500000001ac141432000000050000000000000001ac1414aa00000002ac1e010100000002ac141413000000018608ffffffff0702441c21330000000000000005ac1e010100000008e0000002000000059404010000000000000000000000000000000004"], 0x0) pipe2(&(0x7f0000000000), 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) gettid() timer_create(0x0, &(0x7f0000000180), 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050003000000000000002100000008000300", @ANYRES32=r5, @ANYBLOB="8f55c8a6e776a1f2184ffc2ae6325ee2689e77eb7f700d27dd92ab70627af5d76ff675c9b6b674fa1808d7a16b5e28ef855e853e887090682d01d919cdca3f65b2447669212f4273e9822658673b3e7934140e36b49d2fe15fac27ea997450a7572a0ed31dec822ac699a6b573f6065541fd5b6abbac9a391f7c70a94a9cd9e58401287ddb19028b1d68dc6830e1651f6862da0c48"], 0x3c}}, 0x0) 12.859370378s ago: executing program 0 (id=788): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, 0x0) 12.653550205s ago: executing program 0 (id=789): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x28, 0x0, 0x1, 0x0, 0x0, {{0x38}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}]}, 0x28}}, 0x0) 12.651795366s ago: executing program 3 (id=790): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 12.536990142s ago: executing program 0 (id=791): openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES8], 0x0) syz_usb_control_io(r0, 0x0, 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10) syz_emit_ethernet(0x82, &(0x7f0000000340)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @parameter_prob={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev, {[@ssrr={0x89, 0xb, 0x0, [@rand_addr, @remote]}, @timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@multicast1}, {@multicast2}, {@broadcast}]}, @timestamp_prespec={0x44, 0x1c, 0x0, 0x3, 0x0, [{@dev}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast}]}]}}}}}}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x8e, &(0x7f0000000400)=ANY=[@ANYBLOB], &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0x0, 0x7, 0x0, 0x8, 0xb0}, 0x23, &(0x7f0000000340)=ANY=[@ANYBLOB="fb020800017f20000000000007000900ffff0a10030000000002010001000000000000"]}) r2 = socket$kcm(0x10, 0x400000002, 0x0) recvmsg$kcm(r2, &(0x7f0000006480)={0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f0000006280)=""/108, 0x6c}, {&(0x7f0000000300)=""/198, 0xc6}, {&(0x7f00000024c0)=""/4090, 0xffa}, {&(0x7f0000000180)=""/85, 0x55}, {&(0x7f0000000c00)=""/40, 0x28}], 0x6}, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029ea69801d76ab0a272a2a788bab6c95f79725074", 0x1c}], 0x1}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x22042, 0x0) write$cgroup_int(r3, &(0x7f00000000c0)=0x7, 0x12) 12.536319346s ago: executing program 4 (id=792): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x6, 0x1, 0x2}) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000080)={0x0, 0x9, 0x2, {0x1, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x10}}, 0x90}}, 0x0) r2 = openat$sequencer2(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r2, 0x40085112, &(0x7f0000000180)=@e={0xff, 0xa, 0x0, 0x3, @SEQ_NOTEON=@special, 0xfb}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r4, r3) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) ioctl$SIOCGIFHWADDR(r3, 0x8932, &(0x7f0000000100)={'syzkaller0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r6, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102387, 0x18ff3}], 0x1, 0x0, 0x0) r7 = socket(0x11, 0x800000003, 0x0) r8 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x90, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x0, 0xfc], 0x0, [0x4, 0x2], [0x0, 0x4]}}}}, @TCA_RATE={0x6}]}, 0x90}}, 0x0) keyctl$dh_compute(0x17, 0x0, &(0x7f0000000200)=""/211, 0xd3, 0x0) openat$qat_adf_ctl(0xffffff9c, &(0x7f0000002140), 0x200000, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) r10 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080), 0x80002, 0x0) add_key$fscrypt_v1(&(0x7f000001aa80), &(0x7f000001aac0)={'fscrypt:', @desc4}, &(0x7f000001ab00)={0x0, "76fcc0056a20d78446ba98d0e6e6c75da860a932176b9664840f9a39abd17777aeb12e293b2d1fb6c91c393d5876371c887b69a1b4ba34e4c8ce926eb4b289f6", 0x34}, 0x48, 0xfffffffffffffffb) r11 = add_key$keyring(&(0x7f000001ab80), &(0x7f000001abc0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$link(0x8, 0x0, r11) write$FUSE_DIRENT(r10, 0x0, 0x0) 12.526242115s ago: executing program 3 (id=793): memfd_create(&(0x7f0000000280)='%\x00', 0x4) r0 = socket(0x0, 0x5, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r1 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), 0x0) syz_io_uring_setup(0x5e1, &(0x7f0000000600), &(0x7f0000000440)=0x0, 0x0) syz_io_uring_submit(r2, 0x0, 0x0) io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0x0) r3 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 12.409463577s ago: executing program 2 (id=794): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000ebffff05"]) 12.267783817s ago: executing program 4 (id=795): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xb4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x84, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x20, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xb4}}, 0x0) 12.091868503s ago: executing program 2 (id=796): openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8], 0x0) 10.567791193s ago: executing program 1 (id=797): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) writev(r0, &(0x7f0000000000)=[{0x0}], 0x1) 10.567517094s ago: executing program 1 (id=798): close(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0xffffffffffffff34, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="28000000140001000000000000000000021f0000", @ANYRES32=r2, @ANYBLOB="08000200ac1414aa080008005072"], 0x28}}, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1}, 0x24}}, 0x0) 10.481245239s ago: executing program 4 (id=799): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000300)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000004c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) dup3(r3, r2, 0x0) ioctl$BTRFS_IOC_QGROUP_LIMIT(r2, 0x8030942b, &(0x7f00000002c0)={0x6, {0x8, 0x401, 0x1, 0x2, 0x40}}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r4, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x0, 0x1}) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e0590ae8201460c1f00c7f641737d00000000e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29289dedf9d61d113d31db6302b67aa22b7910a09ca8fce5eeef342c9dfc8080015fcc1b3ea02fbcd8d5dc72551066f91d9a3a237803197298b0b296c8524e29bd6e506bca145c39a4065506350b136fb6d67612cfee321e2cdf89a03ed6dc5446257d90a8"], 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x2b, &(0x7f0000000040)=0x200000000005) syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="04221001aaaaaaaaaa10f50305a938a980"], 0x13) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9100, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5) socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_SET_LEDBIT(r6, 0x40045569, 0x0) ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x11) ioctl$UI_SET_LEDBIT(r6, 0x40045569, 0x80000000003) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r6, 0x5501) 8.916172552s ago: executing program 2 (id=800): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000000)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @mcast2, 0x4}}}, 0x30) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x10, 0x0, @mcast1}, {0x2, 0x4e20, 0x3, @empty}}}, 0x48) 8.770170865s ago: executing program 0 (id=801): bpf$PROG_LOAD(0x5, 0x0, 0x4b) r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000200), 0x129282, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000040)) write$binfmt_elf32(r0, 0x0, 0x4cd) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x1f, 0xc3, 0x55, 0x10, 0x5e1, 0x408, 0x5931, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfb, 0x90}}]}}]}}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$key(0xf, 0x3, 0x2) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f00000006c0)=@multiplanar_overlay={0x0, 0x3, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "60262417"}, 0x0, 0x3, {0x0}}) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x18, 0x0, 0x7, {[@timestamp={0x44, 0x4}, @noop]}}}], 0x38}, 0x0) read$char_usb(0xffffffffffffffff, &(0x7f0000000080)=""/139, 0xfdef) 8.744559893s ago: executing program 3 (id=802): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x28, r1, 0x0, 0x0, 0x0, {{0x38}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}]}, 0x28}}, 0x0) 8.743389289s ago: executing program 1 (id=803): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 8.74294882s ago: executing program 2 (id=804): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r2, 0x0, 0x0) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0xc9, &(0x7f0000000740)=ANY=[@ANYBLOB="a1292cc857f0d8724bf8c60180c200000000006b1fb0aa824a0c17000000008847000000000000000000000000000f0000421400ab0065000001061078ac1414bbffffffff444c5871e0000002000000006401010000000000ac1414aa00000005ac14143500000001ac141432000000050000000000000001ac1414aa00000002ac1e010100000002ac141413000000018608ffffffff0702441c21330000000000000005ac1e010100000008e0000002000000059404010000000000000000000000000000000004"], 0x0) pipe2(&(0x7f0000000000), 0x0) gettid() timer_create(0x0, &(0x7f0000000180), 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c}, 0x90) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050003000000000000002100000008000300", @ANYRES32=r4, @ANYBLOB="8f55c8a6e776a1f2184ffc2ae6325ee2689e77eb7f700d27dd92ab70627af5d76ff675c9b6b674fa1808d7a16b5e28ef855e853e887090682d01d919cdca3f65b2447669212f4273e9822658673b3e7934140e36b49d2fe15fac27ea997450a7572a0ed31dec822ac699a6b573f6065541fd5b6abbac9a391f7c70a94a9cd9e58401287ddb19028b1d68dc6830e1651f6862da0c48"], 0x3c}}, 0x0) 3.57607714s ago: executing program 3 (id=805): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{0x0}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0xc9, &(0x7f0000000740)=ANY=[@ANYBLOB="a1292cc857f0d8724bf8c60180c200000000006b1fb0aa824a0c17000000008847000000000000000000000000000f0000421400ab0065000001061078ac1414bbffffffff444c5871e0000002000000006401010000000000ac1414aa00000005ac14143500000001ac141432000000050000000000000001ac1414aa00000002ac1e010100000002ac141413000000018608ffffffff0702441c21330000000000000005ac1e010100000008e0000002000000059404010000000000000000000000000000000004"], 0x0) pipe2(&(0x7f0000000000), 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) gettid() timer_create(0x0, &(0x7f0000000180), 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004c}, 0x90) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050003000000000000002100000008000300", @ANYRES32=r5, @ANYBLOB="8f55c8a6e776a1f2184ffc2ae6325ee2689e77eb7f700d27dd92ab70627af5d76ff675c9b6b674fa1808d7a16b5e28ef855e853e887090682d01d919cdca3f65b2447669212f4273e9822658673b3e7934140e36b49d2fe15fac27ea997450a7572a0ed31dec822ac699a6b573f6065541fd5b6abbac9a391f7c70a94a9cd9e58401287ddb19028b1d68dc6830e1651f6862da0c48"], 0x3c}}, 0x0) 3.545844852s ago: executing program 0 (id=806): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000ebffff05"]) 0s ago: executing program 1 (id=807): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0406000000000000005872133b22b9441a168f2463fce7e35d03"], 0x1a) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req={0x8000, 0xffffffff, 0x2, 0x8000}, 0x10) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a000000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000002500000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x47, 0x10, 0x0, 0x1e}, 0x2d) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @remote}, 0x10) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) syz_emit_ethernet(0xc9, &(0x7f0000000740)=ANY=[@ANYBLOB="a1292cc857f0d8724bf8c60180c200000000006b1fb0aa824a0c17000000008847000000000000000000000000000f0000421400ab0065000001061078ac1414bbffffffff444c5871e0000002000000006401010000000000ac1414aa00000005ac14143500000001ac141432000000050000000000000001ac1414aa00000002ac1e010100000002ac141413000000018608ffffffff0702441c21330000000000000005ac1e010100000008e0000002000000059404010000000000000000000000000000000004"], 0x0) pipe2(&(0x7f0000000000), 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) gettid() timer_create(0x0, &(0x7f0000000180), 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050003000000000000002100000008000300", @ANYRES32=r5, @ANYBLOB="8f55c8a6e776a1f2184ffc2ae6325ee2689e77eb7f700d27dd92ab70627af5d76ff675c9b6b674fa1808d7a16b5e28ef855e853e887090682d01d919cdca3f65b2447669212f4273e9822658673b3e7934140e36b49d2fe15fac27ea997450a7572a0ed31dec822ac699a6b573f6065541fd5b6abbac9a391f7c70a94a9cd9e58401287ddb19028b1d68dc6830e1651f6862da0c48"], 0x3c}}, 0x0) kernel console output (not intermixed with test programs): 0x06 length: 23 > 3 [ 169.224499][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.247960][ T25] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 169.275218][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.286280][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.298358][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.309914][ T25] usb 4-1: device descriptor read/8, error -71 [ 169.321287][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 169.416433][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.438088][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.451123][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.470283][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.480300][ T5094] Bluetooth: hci2: command tx timeout [ 169.483558][ T6366] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 169.507482][ T6366] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 169.532925][ T6366] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 169.545501][ T6569] netlink: 32 bytes leftover after parsing attributes in process `syz.0.269'. [ 169.579897][ T6366] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.590686][ T25] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 169.599822][ T6366] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.613820][ T6366] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.622609][ T6366] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 169.628547][ T25] usb 4-1: device descriptor read/8, error -71 [ 169.758459][ T25] usb usb4-port1: unable to enumerate USB device [ 169.998989][ T6578] loop0: detected capacity change from 0 to 7 [ 170.092327][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.122117][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.166626][ T6580] netlink: 24 bytes leftover after parsing attributes in process `syz.1.285'. [ 170.260055][ T2841] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 170.287657][ T2841] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 170.302795][ T6447] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.425174][ T5094] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 170.427203][ T6447] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.517242][ T5149] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.524418][ T5149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.597603][ T5149] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.604797][ T5149] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.837273][ T6584] netlink: 32 bytes leftover after parsing attributes in process `syz.4.275'. [ 170.877718][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 170.944101][ T6447] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 170.998509][ T5094] Bluetooth: hci0: command tx timeout [ 171.252121][ T6589] netlink: 32 bytes leftover after parsing attributes in process `syz.3.287'. [ 171.328058][ T6447] veth0_vlan: entered promiscuous mode [ 171.373354][ T6447] veth1_vlan: entered promiscuous mode [ 171.522596][ T6600] binder: 6599:6600 ioctl 8030942b 200002c0 returned -22 [ 171.665476][ T6447] veth0_macvtap: entered promiscuous mode [ 171.750724][ T6602] input: syz0 as /devices/virtual/input/input7 [ 171.772175][ T6447] veth1_macvtap: entered promiscuous mode [ 171.827707][ T6606] netlink: 28 bytes leftover after parsing attributes in process `syz.3.292'. [ 171.848601][ T6603] netlink: 'syz.3.292': attribute type 10 has an invalid length. [ 171.932189][ T6603] team0: Port device netdevsim0 added [ 171.989738][ T6611] netlink: 24 bytes leftover after parsing attributes in process `syz.4.294'. [ 172.103459][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.157944][ T45] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 172.170682][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.198420][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.228429][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.247324][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.268763][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.279403][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 172.291809][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.305350][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.344471][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.356620][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.377167][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.378177][ T45] usb 4-1: Using ep0 maxpacket: 8 [ 172.398249][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.406855][ T45] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 172.417915][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.432820][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.437268][ T45] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 172.454147][ T6447] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.477047][ T45] usb 4-1: config 1 has no interface number 1 [ 172.484937][ T45] usb 4-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 172.497675][ T5149] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 172.507528][ T6447] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.512577][ T45] usb 4-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 172.533494][ T45] usb 4-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 172.554359][ T45] usb 4-1: config 1 interface 2 has no altsetting 0 [ 172.555803][ T6447] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.564256][ T45] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 172.591386][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.607988][ T45] usb 4-1: Product: 쑿퉈ਝ쑻 [ 172.614296][ T6447] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.623322][ T6447] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.632664][ T45] usb 4-1: Manufacturer: ф [ 172.633000][ T6447] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.637174][ T45] usb 4-1: SerialNumber: syz [ 172.657471][ T6447] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.668099][ T5149] usb 2-1: device descriptor read/64, error -71 [ 172.872422][ T2953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.906258][ T2953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.941862][ T5149] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 173.002479][ T45] usb 4-1: USB disconnect, device number 9 [ 173.026563][ T5094] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 173.108086][ T5149] usb 2-1: device descriptor read/64, error -71 [ 173.200122][ T1038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 173.208661][ T1038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 173.238559][ T5149] usb usb2-port1: attempt power cycle [ 173.279158][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 173.425975][ T6622] netlink: 32 bytes leftover after parsing attributes in process `syz.4.297'. [ 173.653967][ T5094] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 173.708182][ T5149] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 173.797357][ T5149] usb 2-1: device descriptor read/8, error -71 [ 174.045063][ T6635] netlink: 32 bytes leftover after parsing attributes in process `syz.0.298'. [ 174.099168][ T5149] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 174.180085][ T5149] usb 2-1: device descriptor read/8, error -71 [ 174.226032][ T6645] binder: 6644:6645 ioctl 8030942b 200002c0 returned -22 [ 174.276031][ T6647] netlink: 24 bytes leftover after parsing attributes in process `syz.0.304'. [ 174.352124][ T5149] usb usb2-port1: unable to enumerate USB device [ 174.367459][ T6649] netlink: 4 bytes leftover after parsing attributes in process `syz.4.305'. [ 174.376834][ T5094] Bluetooth: hci1: command tx timeout [ 174.486750][ T6645] input: syz0 as /devices/virtual/input/input8 [ 174.655150][ T5094] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 174.797363][ T6655] netlink: 32 bytes leftover after parsing attributes in process `syz.0.307'. [ 175.317766][ T6669] binder: 6668:6669 ioctl 8030942b 200002c0 returned -22 [ 175.575429][ T6672] input: syz0 as /devices/virtual/input/input9 [ 175.935545][ T6682] netlink: 28 bytes leftover after parsing attributes in process `syz.2.315'. [ 176.011157][ T6680] netlink: 'syz.2.315': attribute type 10 has an invalid length. [ 176.098081][ T6680] team0: Failed to send options change via netlink (err -105) [ 176.110479][ T6680] team0: Port device netdevsim0 added [ 176.171716][ T5149] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 176.193787][ T6688] netlink: 24 bytes leftover after parsing attributes in process `syz.4.317'. [ 176.248123][ T5144] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 176.295583][ T6690] netlink: 4 bytes leftover after parsing attributes in process `syz.3.318'. [ 176.438549][ T5144] usb 3-1: Using ep0 maxpacket: 8 [ 176.475074][ T5144] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 176.497273][ T5144] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 176.516023][ T6700] binder: 6699:6700 ioctl 8030942b 200002c0 returned -22 [ 176.524905][ T5144] usb 3-1: config 1 has no interface number 1 [ 176.540343][ T5144] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 176.563473][ T5144] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 176.578884][ T5144] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 176.607692][ T5144] usb 3-1: config 1 interface 2 has no altsetting 0 [ 176.627955][ T5149] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 176.648383][ T5144] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 176.685042][ T5144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.715885][ T6702] input: syz0 as /devices/virtual/input/input10 [ 176.760421][ T5096] Bluetooth: hci2: command tx timeout [ 176.771472][ T5144] usb 3-1: Product: 쑿퉈ਝ쑻 [ 176.776459][ T5144] usb 3-1: Manufacturer: ф [ 176.803349][ T5144] usb 3-1: SerialNumber: syz [ 176.861862][ T5149] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 176.879056][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.901344][ T5149] usb 5-1: config 0 descriptor?? [ 176.910798][ T5149] cp210x 5-1:0.0: cp210x converter detected [ 177.164033][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 177.268528][ T5144] usb 3-1: USB disconnect, device number 11 [ 177.269222][ T5143] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 177.352096][ T5149] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 177.371416][ T5149] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -121 [ 177.406460][ T5149] cp210x 5-1:0.0: GPIO initialisation failed: -121 [ 177.438978][ T6709] netlink: 32 bytes leftover after parsing attributes in process `syz.1.325'. [ 177.491698][ T5096] Bluetooth: hci1: command tx timeout [ 177.496849][ T5149] usb 5-1: cp210x converter now attached to ttyUSB0 [ 177.574604][ T5143] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 177.598906][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.638304][ T5143] usb 1-1: config 0 descriptor?? [ 177.657541][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 177.678639][ T5144] usb 5-1: USB disconnect, device number 6 [ 177.697673][ T5143] cp210x 1-1:0.0: cp210x converter detected [ 177.741902][ T5144] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 177.789773][ T5144] cp210x 5-1:0.0: device disconnected [ 177.866117][ T6720] binder: 6719:6720 ioctl 8030942b 200002c0 returned -22 [ 177.991911][ T6722] input: syz0 as /devices/virtual/input/input11 [ 178.126963][ T5143] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 178.158454][ T5143] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -121 [ 178.171099][ T5143] cp210x 1-1:0.0: GPIO initialisation failed: -121 [ 178.207990][ T5143] usb 1-1: cp210x converter now attached to ttyUSB0 [ 178.376687][ T6725] netlink: 24 bytes leftover after parsing attributes in process `syz.2.329'. [ 178.529382][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 178.569995][ T6733] netlink: 4 bytes leftover after parsing attributes in process `syz.4.332'. [ 178.624513][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.2.334'. [ 178.812058][ T6740] netlink: 32 bytes leftover after parsing attributes in process `syz.1.333'. [ 178.881407][ T5144] usb 1-1: USB disconnect, device number 5 [ 178.896620][ T5144] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 178.969717][ T5144] cp210x 1-1:0.0: device disconnected [ 179.085227][ T6749] binder: 6748:6749 ioctl 8030942b 200002c0 returned -22 [ 179.178123][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 179.195320][ T6752] input: syz0 as /devices/virtual/input/input12 [ 179.333887][ T6754] netlink: 32 bytes leftover after parsing attributes in process `syz.3.338'. [ 179.436157][ T6756] netlink: 'syz.1.340': attribute type 10 has an invalid length. [ 179.506396][ T6756] team0: Failed to send options change via netlink (err -105) [ 179.522913][ T6756] team0: Port device netdevsim0 added [ 179.538448][ T5143] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 179.664768][ T6760] binder: 6759:6760 ioctl 8030942b 200002c0 returned -22 [ 179.804143][ T6765] input: syz0 as /devices/virtual/input/input13 [ 179.847980][ T5143] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 179.938182][ T5147] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 180.011687][ T6770] binder: 6769:6770 ioctl 8030942b 200002c0 returned -22 [ 180.068616][ T5143] usb 2-1: Using ep0 maxpacket: 8 [ 180.078682][ T5143] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.093893][ T5143] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 180.114859][ T5143] usb 2-1: config 1 has no interface number 1 [ 180.126668][ T5143] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 180.143537][ T5147] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 180.156231][ T5147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.158674][ T6774] input: syz0 as /devices/virtual/input/input14 [ 180.170207][ T5143] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 180.224107][ T5143] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 180.253602][ T5143] usb 2-1: config 1 interface 2 has no altsetting 0 [ 180.262868][ T5147] usb 3-1: config 0 descriptor?? [ 180.279294][ T5143] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 180.298158][ T5143] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.320847][ T5143] usb 2-1: Product: 쑿퉈ਝ쑻 [ 180.327207][ T5147] cp210x 3-1:0.0: cp210x converter detected [ 180.337905][ T5143] usb 2-1: Manufacturer: ф [ 180.347638][ T5143] usb 2-1: SerialNumber: syz [ 180.362479][ T6773] __nla_validate_parse: 2 callbacks suppressed [ 180.362497][ T6773] netlink: 8 bytes leftover after parsing attributes in process `syz.3.346'. [ 180.555964][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 180.690528][ T5147] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 180.699382][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 180.739039][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 180.805590][ T5147] cp210x 3-1:0.0: failed to get vendor val 0x3711 size 2: -121 [ 180.859441][ T5143] usb 2-1: USB disconnect, device number 8 [ 180.865583][ T6787] netlink: 32 bytes leftover after parsing attributes in process `syz.4.348'. [ 180.874727][ T5147] cp210x 3-1:0.0: GPIO initialisation failed: -121 [ 180.918779][ T5147] usb 3-1: cp210x converter now attached to ttyUSB0 [ 181.023627][ T5149] usb 3-1: USB disconnect, device number 12 [ 181.049395][ T6786] netlink: 32 bytes leftover after parsing attributes in process `syz.3.351'. [ 181.083935][ T5149] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 181.103789][ T5149] cp210x 3-1:0.0: device disconnected [ 181.140174][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 181.718045][ T5096] Bluetooth: hci1: command tx timeout [ 181.776364][ T6795] binder: 6794:6795 ioctl 8030942b 200002c0 returned -22 [ 181.839246][ T6796] netlink: 24 bytes leftover after parsing attributes in process `syz.4.353'. [ 182.013423][ T6803] input: syz0 as /devices/virtual/input/input15 [ 182.039036][ T6805] binder: 6804:6805 ioctl 8030942b 200002c0 returned -22 [ 182.190344][ T6808] input: syz0 as /devices/virtual/input/input16 [ 182.283334][ T6811] FAULT_INJECTION: forcing a failure. [ 182.283334][ T6811] name failslab, interval 1, probability 0, space 0, times 1 [ 182.307632][ T6811] CPU: 1 PID: 6811 Comm: syz.2.360 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 182.317636][ T6811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 182.327733][ T6811] Call Trace: [ 182.331036][ T6811] [ 182.333988][ T6811] dump_stack_lvl+0x241/0x360 [ 182.338671][ T6811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.343866][ T6811] ? __pfx__printk+0x10/0x10 [ 182.348460][ T6811] ? ref_tracker_alloc+0x332/0x490 [ 182.353571][ T6811] should_fail_ex+0x3b0/0x4e0 [ 182.358238][ T6811] ? skb_clone+0x20c/0x390 [ 182.362643][ T6811] should_failslab+0x9/0x20 [ 182.367135][ T6811] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 182.372500][ T6811] skb_clone+0x20c/0x390 [ 182.376750][ T6811] __netlink_deliver_tap+0x3cc/0x7c0 [ 182.382044][ T6811] ? netlink_deliver_tap+0x2e/0x1b0 [ 182.387246][ T6811] netlink_deliver_tap+0x19d/0x1b0 [ 182.392421][ T6811] netlink_unicast+0x7b8/0x980 [ 182.397195][ T6811] ? __pfx_netlink_unicast+0x10/0x10 [ 182.402496][ T6811] ? __virt_addr_valid+0x183/0x520 [ 182.407601][ T6811] ? __check_object_size+0x49c/0x900 [ 182.412872][ T6811] ? bpf_lsm_netlink_send+0x9/0x10 [ 182.417975][ T6811] netlink_sendmsg+0x8db/0xcb0 [ 182.422740][ T6811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.428099][ T6811] ? aa_sock_msg_perm+0x91/0x160 [ 182.433025][ T6811] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 182.438289][ T6811] ? security_socket_sendmsg+0x87/0xb0 [ 182.443745][ T6811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 182.449033][ T6811] __sock_sendmsg+0x221/0x270 [ 182.453742][ T6811] ____sys_sendmsg+0x525/0x7d0 [ 182.458501][ T6811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 182.463792][ T6811] __sys_sendmsg+0x2b0/0x3a0 [ 182.468372][ T6811] ? __pfx___sys_sendmsg+0x10/0x10 [ 182.473469][ T6811] ? vfs_write+0x7c4/0xc90 [ 182.477903][ T6811] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 182.484482][ T6811] ? lockdep_hardirqs_on+0x99/0x150 [ 182.489672][ T6811] __do_fast_syscall_32+0xb4/0x120 [ 182.494777][ T6811] ? exc_page_fault+0x590/0x8c0 [ 182.499632][ T6811] do_fast_syscall_32+0x34/0x80 [ 182.504490][ T6811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 182.510810][ T6811] RIP: 0023:0xf7432579 [ 182.514865][ T6811] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 182.534453][ T6811] RSP: 002b:00000000f5d4b57c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 182.542854][ T6811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 182.550819][ T6811] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 182.558786][ T6811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 182.566741][ T6811] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 182.574691][ T6811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 182.582655][ T6811] [ 182.624905][ T6814] binder: BINDER_SET_CONTEXT_MGR already set [ 182.668480][ T6814] binder: 6813:6814 ioctl 4018620d 20000100 returned -16 [ 182.740020][ T6814] binder: 6813:6814 ioctl 8030942b 200002c0 returned -22 [ 182.809849][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 182.964871][ T6820] input: syz0 as /devices/virtual/input/input17 [ 183.050855][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 183.061252][ T6823] netlink: 32 bytes leftover after parsing attributes in process `syz.1.362'. [ 183.330884][ T6830] netlink: 'syz.0.365': attribute type 10 has an invalid length. [ 183.368479][ T6831] netlink: 28 bytes leftover after parsing attributes in process `syz.0.365'. [ 183.391733][ T6828] netlink: 32 bytes leftover after parsing attributes in process `syz.3.364'. [ 183.518552][ T6830] team0: Failed to send options change via netlink (err -105) [ 183.536395][ T6830] team0: Port device netdevsim0 added [ 183.583005][ T5143] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 183.698077][ T5146] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 183.788035][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 183.938302][ T5146] usb 1-1: Using ep0 maxpacket: 8 [ 183.984708][ T5146] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.999092][ T6846] netlink: 24 bytes leftover after parsing attributes in process `syz.1.370'. [ 184.015377][ T5146] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 184.044066][ T5146] usb 1-1: config 1 has no interface number 1 [ 184.054721][ T5146] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 184.108177][ T5146] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 184.183562][ T6850] netlink: 4 bytes leftover after parsing attributes in process `syz.2.373'. [ 184.273902][ T5146] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 184.288357][ T6854] FAULT_INJECTION: forcing a failure. [ 184.288357][ T6854] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 184.304211][ T5146] usb 1-1: config 1 interface 2 has no altsetting 0 [ 184.313219][ T6854] CPU: 0 PID: 6854 Comm: syz.3.372 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 184.323245][ T6854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 184.333322][ T6854] Call Trace: [ 184.336645][ T6854] [ 184.339592][ T6854] dump_stack_lvl+0x241/0x360 [ 184.344299][ T6854] ? __pfx_dump_stack_lvl+0x10/0x10 [ 184.349525][ T6854] ? __pfx__printk+0x10/0x10 [ 184.354133][ T6854] ? validate_chain+0x11e/0x5900 [ 184.359094][ T6854] ? __pfx_lock_release+0x10/0x10 [ 184.364140][ T6854] ? validate_chain+0x11e/0x5900 [ 184.369101][ T6854] should_fail_ex+0x3b0/0x4e0 [ 184.373785][ T6854] _copy_from_user+0x2f/0xe0 [ 184.378369][ T6854] do_tcp_getsockopt+0x20f/0x3570 [ 184.383394][ T6854] ? __pfx_do_tcp_getsockopt+0x10/0x10 [ 184.388842][ T6854] ? aa_sock_perm+0x110/0x120 [ 184.393518][ T6854] ? __pfx_validate_chain+0x10/0x10 [ 184.398708][ T6854] ? __lock_acquire+0x1346/0x1fd0 [ 184.403723][ T6854] ? aa_label_sk_perm+0x4f0/0x6d0 [ 184.408742][ T6854] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 184.414110][ T6854] ? __pfx_lock_acquire+0x10/0x10 [ 184.419121][ T6854] ? __pfx___might_resched+0x10/0x10 [ 184.424397][ T6854] ? __lock_acquire+0x1346/0x1fd0 [ 184.429414][ T6854] ? aa_sk_perm+0x967/0xab0 [ 184.433923][ T6854] ? aa_sock_perm+0x110/0x120 [ 184.438602][ T6854] tcp_getsockopt+0xfb/0x1c0 [ 184.443185][ T6854] ? aa_sock_perm+0x110/0x120 [ 184.447861][ T6854] ? __pfx_tcp_getsockopt+0x10/0x10 [ 184.453058][ T6854] ? aa_sock_perm+0x110/0x120 [ 184.457725][ T6854] ? sock_common_getsockopt+0x2e/0xb0 [ 184.463088][ T6854] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 184.468974][ T6854] do_sock_getsockopt+0x373/0x850 [ 184.474008][ T6854] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 184.479542][ T6854] ? __fget_files+0x3f6/0x470 [ 184.484216][ T6854] ? __fget_files+0x29/0x470 [ 184.488809][ T6854] __sys_getsockopt+0x271/0x330 [ 184.493648][ T6854] ? __pfx___sys_getsockopt+0x10/0x10 [ 184.499025][ T6854] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 184.505343][ T6854] __ia32_sys_getsockopt+0xb5/0xd0 [ 184.510446][ T6854] __do_fast_syscall_32+0xb4/0x120 [ 184.515555][ T6854] ? exc_page_fault+0x590/0x8c0 [ 184.520408][ T6854] do_fast_syscall_32+0x34/0x80 [ 184.525259][ T6854] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 184.531580][ T6854] RIP: 0023:0xf7422579 [ 184.535640][ T6854] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 184.555239][ T6854] RSP: 002b:00000000f5d3b57c EFLAGS: 00000206 ORIG_RAX: 000000000000016d [ 184.563643][ T6854] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006 [ 184.571628][ T6854] RDX: 000000000000000b RSI: 0000000000000000 RDI: 0000000020000100 [ 184.579590][ T6854] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 184.587544][ T6854] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 184.595502][ T6854] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 184.603473][ T6854] [ 184.635117][ T5146] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 184.647877][ T5146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.696287][ T5096] Bluetooth: hci3: command tx timeout [ 184.724781][ T5146] usb 1-1: Product: 쑿퉈ਝ쑻 [ 184.745046][ T5146] usb 1-1: Manufacturer: ф [ 184.774037][ T5146] usb 1-1: SerialNumber: syz [ 184.848519][ T5096] Bluetooth: hci2: command tx timeout [ 184.851902][ T6861] netlink: 20 bytes leftover after parsing attributes in process `syz.3.375'. [ 185.259159][ T5146] usb 1-1: USB disconnect, device number 6 [ 185.326129][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 185.442260][ T6870] netlink: 'syz.3.376': attribute type 10 has an invalid length. [ 185.483463][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 185.605149][ T6867] netlink: 32 bytes leftover after parsing attributes in process `syz.4.377'. [ 185.626572][ T6870] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 185.636780][ T6855] netlink: 8 bytes leftover after parsing attributes in process `syz.2.373'. [ 186.171625][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 186.375967][ T6890] netlink: 32 bytes leftover after parsing attributes in process `syz.4.384'. [ 186.419607][ T6894] netlink: 'syz.1.382': attribute type 6 has an invalid length. [ 186.460968][ T6894] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.382'. [ 186.656042][ T6896] netlink: 64 bytes leftover after parsing attributes in process `syz.1.382'. [ 186.794040][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 186.868455][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 187.146275][ T6904] netlink: 32 bytes leftover after parsing attributes in process `syz.1.388'. [ 187.635162][ T6914] AppArmor: change_hat: Invalid input '0' [ 187.816655][ T6917] binder: 6916:6917 ioctl 8030942b 200002c0 returned -22 [ 188.103739][ T6920] input: syz0 as /devices/virtual/input/input18 [ 188.481934][ T6930] netlink: 'syz.4.398': attribute type 6 has an invalid length. [ 188.526532][ T6930] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.398'. [ 188.551349][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 188.656210][ T6930] netlink: 64 bytes leftover after parsing attributes in process `syz.4.398'. [ 188.706289][ T6938] netlink: 32 bytes leftover after parsing attributes in process `syz.3.400'. [ 188.954382][ T6944] netlink: 336 bytes leftover after parsing attributes in process `syz.2.402'. [ 189.178167][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 189.298040][ T5145] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 189.317990][ T5096] Bluetooth: hci4: command tx timeout [ 189.550259][ T5145] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 189.596571][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.650869][ T5145] usb 1-1: config 0 descriptor?? [ 189.677194][ T5145] cp210x 1-1:0.0: cp210x converter detected [ 189.807670][ T6958] FAULT_INJECTION: forcing a failure. [ 189.807670][ T6958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.837480][ T6958] CPU: 0 PID: 6958 Comm: syz.4.410 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 189.847498][ T6958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 189.857572][ T6958] Call Trace: [ 189.860868][ T6958] [ 189.863807][ T6958] dump_stack_lvl+0x241/0x360 [ 189.868511][ T6958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.873739][ T6958] ? __pfx__printk+0x10/0x10 [ 189.878349][ T6958] ? __pfx_lock_release+0x10/0x10 [ 189.883395][ T6958] should_fail_ex+0x3b0/0x4e0 [ 189.888101][ T6958] _copy_from_user+0x2f/0xe0 [ 189.892697][ T6958] get_compat_msghdr+0xae/0x730 [ 189.897569][ T6958] ? __fget_files+0x29/0x470 [ 189.902183][ T6958] ? __pfx_get_compat_msghdr+0x10/0x10 [ 189.907660][ T6958] ? __fget_files+0x3f6/0x470 [ 189.912363][ T6958] __sys_sendmsg+0x273/0x3a0 [ 189.916968][ T6958] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.922092][ T6958] ? vfs_write+0x7c4/0xc90 [ 189.926577][ T6958] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 189.933177][ T6958] ? lockdep_hardirqs_on+0x99/0x150 [ 189.938387][ T6958] __do_fast_syscall_32+0xb4/0x120 [ 189.943577][ T6958] ? exc_page_fault+0x590/0x8c0 [ 189.948446][ T6958] do_fast_syscall_32+0x34/0x80 [ 189.953291][ T6958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 189.959613][ T6958] RIP: 0023:0xf73ad579 [ 189.963685][ T6958] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 189.984162][ T6958] RSP: 002b:00000000f5cc657c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 189.992583][ T6958] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 190.000553][ T6958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 190.008525][ T6958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.016487][ T6958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 190.024459][ T6958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.032431][ T6958] [ 190.096023][ T5145] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 190.132552][ T5145] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 190.150986][ T5145] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 190.182322][ T5145] usb 1-1: cp210x converter now attached to ttyUSB0 [ 190.198190][ T5146] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 190.222426][ T5145] usb 1-1: USB disconnect, device number 7 [ 190.249798][ T5145] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 190.279912][ T5145] cp210x 1-1:0.0: device disconnected [ 190.363177][ T6969] netlink: 'syz.4.414': attribute type 6 has an invalid length. [ 190.372821][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 190.400458][ T5146] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 8192, setting to 1024 [ 190.439888][ T5146] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 190.466903][ T5146] usb 4-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12 [ 190.478877][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.496672][ T5146] usb 4-1: config 0 descriptor?? [ 190.841247][ T6968] __nla_validate_parse: 3 callbacks suppressed [ 190.841262][ T6968] netlink: 32 bytes leftover after parsing attributes in process `syz.1.415'. [ 190.875373][ T9] usb 4-1: USB disconnect, device number 10 [ 190.994895][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 191.091277][ T6991] netlink: 32 bytes leftover after parsing attributes in process `syz.2.419'. [ 191.197954][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 191.288109][ T5146] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 191.556303][ T5146] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 191.650442][ T5146] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 191.696089][ T5146] usb 1-1: config 1 has no interface number 1 [ 191.721361][ T5146] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 191.793054][ T5146] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 191.826092][ T5146] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 191.868196][ T5146] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 191.912564][ T5146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.958021][ T5145] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 191.980655][ T5146] usb 1-1: Product: syz [ 191.984868][ T5146] usb 1-1: Manufacturer: syz [ 192.027248][ T5146] usb 1-1: SerialNumber: syz [ 192.210607][ T5145] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 192.242408][ T7017] FAULT_INJECTION: forcing a failure. [ 192.242408][ T7017] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 192.246905][ T5145] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.272806][ T7017] CPU: 1 PID: 7017 Comm: syz.4.430 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 192.282818][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 192.292872][ T7017] Call Trace: [ 192.296162][ T7017] [ 192.299107][ T7017] dump_stack_lvl+0x241/0x360 [ 192.303813][ T7017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.309016][ T7017] ? __pfx__printk+0x10/0x10 [ 192.313624][ T7017] should_fail_ex+0x3b0/0x4e0 [ 192.318327][ T7017] strncpy_from_user+0x36/0x2f0 [ 192.323191][ T7017] do_tcp_setsockopt+0x18d/0x2540 [ 192.328242][ T7017] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 192.333702][ T7017] ? __pfx_aa_sk_perm+0x10/0x10 [ 192.338551][ T7017] ? __pfx_lock_acquire+0x10/0x10 [ 192.343588][ T7017] ? aa_sock_opt_perm+0x79/0x120 [ 192.348535][ T7017] ? tcp_setsockopt+0x3e/0xf0 [ 192.353230][ T7017] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 192.359116][ T7017] do_sock_setsockopt+0x3af/0x720 [ 192.364152][ T7017] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 192.369710][ T7017] ? __fget_files+0x3f6/0x470 [ 192.374397][ T7017] __sys_setsockopt+0x1ae/0x250 [ 192.379242][ T7017] __ia32_sys_setsockopt+0xb5/0xd0 [ 192.384358][ T7017] __do_fast_syscall_32+0xb4/0x120 [ 192.389485][ T7017] ? exc_page_fault+0x590/0x8c0 [ 192.394340][ T7017] do_fast_syscall_32+0x34/0x80 [ 192.399183][ T7017] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 192.405524][ T7017] RIP: 0023:0xf73ad579 [ 192.409591][ T7017] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 192.429206][ T7017] RSP: 002b:00000000f5cc657c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 192.437669][ T7017] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000006 [ 192.445641][ T7017] RDX: 000000000000000d RSI: 0000000020000100 RDI: 0000000000000009 [ 192.453614][ T7017] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 192.461578][ T7017] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 192.469551][ T7017] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 192.477532][ T7017] [ 192.513234][ T5145] usb 4-1: config 0 descriptor?? [ 192.526155][ T5145] cp210x 4-1:0.0: cp210x converter detected [ 192.611543][ T5146] usb 1-1: USB disconnect, device number 8 [ 192.741931][ T5145] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 192.770681][ T5145] cp210x 4-1:0.0: querying part number failed [ 192.792514][ T5145] usb 4-1: cp210x converter now attached to ttyUSB0 [ 192.836156][ T5145] usb 4-1: USB disconnect, device number 11 [ 192.859392][ T5145] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 192.868536][ T5145] cp210x 4-1:0.0: device disconnected [ 192.900235][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 192.938855][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 193.139625][ T7031] netlink: 'syz.2.435': attribute type 10 has an invalid length. [ 193.182457][ T7031] team0: Port device geneve1 added [ 193.298179][ T7026] netlink: 32 bytes leftover after parsing attributes in process `syz.4.433'. [ 193.349997][ T7036] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 193.376969][ T7037] netlink: 8 bytes leftover after parsing attributes in process `syz.0.436'. [ 193.447100][ T7037] netlink: 8 bytes leftover after parsing attributes in process `syz.0.436'. [ 193.479584][ T5145] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 193.517078][ T7044] netlink: 4 bytes leftover after parsing attributes in process `syz.4.438'. [ 193.642559][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 193.668000][ T5145] usb 3-1: Using ep0 maxpacket: 8 [ 193.724336][ T5145] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 193.755913][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 193.793770][ T5145] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.805063][ T7053] netlink: 32 bytes leftover after parsing attributes in process `syz.0.439'. [ 193.860824][ T5145] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.909870][ T5145] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 193.947027][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.206995][ T5145] usb 3-1: usb_control_msg returned -32 [ 194.238174][ T5145] usbtmc 3-1:16.0: can't read capabilities [ 194.247217][ T7064] program syz.3.446 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 194.381388][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 194.458146][ T5149] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 194.698294][ T5149] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 194.763724][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.770257][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.780351][ T5149] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.804532][ T5149] usb 5-1: config 0 descriptor?? [ 194.821083][ T5149] cp210x 5-1:0.0: cp210x converter detected [ 194.893472][ T7070] netlink: 32 bytes leftover after parsing attributes in process `syz.1.449'. [ 195.023668][ T5149] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 195.036003][ T5149] cp210x 5-1:0.0: querying part number failed [ 195.060734][ T5149] usb 5-1: cp210x converter now attached to ttyUSB0 [ 195.090002][ T5149] usb 5-1: USB disconnect, device number 7 [ 195.105149][ T5149] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 195.122959][ T5149] cp210x 5-1:0.0: device disconnected [ 195.298171][ T5145] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 195.490781][ T5145] usb 1-1: config 0 has an invalid interface number: 68 but max is 0 [ 195.503678][ T5145] usb 1-1: config 0 has no interface number 0 [ 195.515294][ T5145] usb 1-1: config 0 interface 68 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 195.528942][ T5145] usb 1-1: New USB device found, idVendor=07b8, idProduct=b21c, bcdDevice=92.9f [ 195.539325][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.547349][ T5145] usb 1-1: Product: syz [ 195.551987][ T5145] usb 1-1: Manufacturer: syz [ 195.556602][ T5145] usb 1-1: SerialNumber: syz [ 195.561616][ T45] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 195.572688][ T5145] usb 1-1: config 0 descriptor?? [ 195.683072][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 195.771225][ T45] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 195.791736][ T7107] netlink: 32 bytes leftover after parsing attributes in process `syz.1.462'. [ 195.931901][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.950817][ T5145] usb 1-1: USB disconnect, device number 9 [ 195.978941][ T45] usb 4-1: config 0 descriptor?? [ 195.987970][ T5144] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 196.130870][ T5146] usb 3-1: USB disconnect, device number 13 [ 196.251242][ T5144] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 196.276429][ T5144] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 196.290542][ T45] usb 4-1: string descriptor 0 read error: -71 [ 196.304229][ T5144] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 196.315560][ T45] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 196.325745][ T45] gspca_cpia1: usb_control_msg 05, error -71 [ 196.334939][ T5144] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.345499][ T45] gspca_cpia1: usb_control_msg 01, error -71 [ 196.359281][ T45] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0) [ 196.378619][ T45] usb 4-1: USB disconnect, device number 12 [ 196.464937][ T7115] netlink: 4 bytes leftover after parsing attributes in process `syz.2.466'. [ 196.488348][ T7117] mmap: syz.1.467 (7117) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 196.578037][ T5144] usb 5-1: string descriptor 0 read error: -22 [ 196.711775][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 196.804728][ T45] usb 5-1: USB disconnect, device number 8 [ 196.864147][ T7131] netlink: 32 bytes leftover after parsing attributes in process `syz.0.471'. [ 197.104550][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 197.199638][ T7139] netlink: 32 bytes leftover after parsing attributes in process `syz.3.474'. [ 197.389510][ T7144] netlink: 'syz.0.477': attribute type 10 has an invalid length. [ 197.415539][ T7144] team0: Port device geneve1 added [ 197.455838][ T7150] tipc: Started in network mode [ 197.504749][ T7150] tipc: Node identity aaaaaaaaaa32, cluster identity 4711 [ 197.515535][ T7150] tipc: Enabled bearer , priority 10 [ 197.728394][ T5145] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 197.767400][ T45] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 197.918049][ T5145] usb 1-1: Using ep0 maxpacket: 8 [ 197.924820][ T5145] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 197.937512][ T5145] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 197.950359][ T5145] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 197.962267][ T5145] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 197.975774][ T5145] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 197.985112][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.994865][ T45] usb 5-1: config 0 has an invalid interface number: 68 but max is 0 [ 198.003592][ T45] usb 5-1: config 0 has no interface number 0 [ 198.010218][ T45] usb 5-1: config 0 interface 68 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 198.025096][ T45] usb 5-1: New USB device found, idVendor=07b8, idProduct=b21c, bcdDevice=92.9f [ 198.035608][ T45] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.043890][ T45] usb 5-1: Product: syz [ 198.048266][ T45] usb 5-1: Manufacturer: syz [ 198.054157][ T45] usb 5-1: SerialNumber: syz [ 198.064722][ T45] usb 5-1: config 0 descriptor?? [ 198.179045][ T5144] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 198.185588][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 198.309295][ T5145] usb 1-1: usb_control_msg returned -32 [ 198.354376][ T5145] usbtmc 1-1:16.0: can't read capabilities [ 198.357727][ T9] usb 5-1: USB disconnect, device number 9 [ 198.382876][ T5144] usb 4-1: Using ep0 maxpacket: 32 [ 198.404179][ T5144] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 198.449857][ T5144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.486044][ T7167] netlink: 32 bytes leftover after parsing attributes in process `syz.1.485'. [ 198.506119][ T5144] usb 4-1: config 0 descriptor?? [ 198.530393][ T5144] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 198.630206][ T5145] tipc: Node number set to 10005162 [ 199.053274][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 199.147601][ T7186] netlink: 32 bytes leftover after parsing attributes in process `syz.1.491'. [ 199.446486][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 200.478756][ T5144] gspca_vc032x: reg_w err -71 [ 200.578108][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.600208][ T5143] usb 1-1: USB disconnect, device number 10 [ 200.607983][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.614237][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.677325][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.707282][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.770733][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.816988][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.849234][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.888027][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.909800][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.926177][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.942945][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.971909][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 200.977263][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 201.007916][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 201.053243][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 201.067583][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 201.082605][ T5144] gspca_vc032x: I2c Bus Busy Wait 00 [ 201.098832][ T5144] gspca_vc032x: Unknown sensor... [ 201.103969][ T5144] vc032x 4-1:0.0: probe with driver vc032x failed with error -22 [ 201.110930][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 201.167643][ T5144] usb 4-1: USB disconnect, device number 13 [ 201.457152][ T7211] netlink: 32 bytes leftover after parsing attributes in process `syz.2.498'. [ 201.519858][ T7225] SET target dimension over the limit! [ 201.683138][ T2953] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.763912][ T2953] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.867753][ T2953] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.062745][ T2953] team0: Port device netdevsim0 removed [ 202.076308][ T2953] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.130381][ T7241] netlink: 4 bytes leftover after parsing attributes in process `syz.2.508'. [ 202.141475][ T7238] netlink: 'syz.4.507': attribute type 10 has an invalid length. [ 202.233742][ T5094] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 202.254511][ T5094] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 202.262897][ T5094] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 202.274956][ T5094] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 202.303876][ T7238] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 202.314769][ T5094] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 202.325848][ T5094] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 202.516748][ T5144] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 202.622107][ T5096] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 202.737378][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 202.748428][ T5144] usb 3-1: Using ep0 maxpacket: 16 [ 202.752467][ T2953] bridge_slave_1: left allmulticast mode [ 202.775437][ T5144] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 202.792037][ T5144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.801800][ T5144] usb 3-1: Product: syz [ 202.806492][ T2953] bridge_slave_1: left promiscuous mode [ 202.806511][ T5144] usb 3-1: Manufacturer: syz [ 202.817041][ T5144] usb 3-1: SerialNumber: syz [ 202.823997][ T5144] usb 3-1: config 0 descriptor?? [ 202.835031][ T5144] usb 3-1: no audio or video endpoints found [ 202.841683][ T2953] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.849703][ T5144] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 202.858191][ T25] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 202.889114][ T2953] bridge_slave_0: left allmulticast mode [ 202.897511][ T2953] bridge_slave_0: left promiscuous mode [ 202.913621][ T2953] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.965563][ T7260] netlink: 32 bytes leftover after parsing attributes in process `syz.4.513'. [ 203.071373][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 203.124003][ T25] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 203.152647][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.170861][ T25] usb 1-1: Product: syz [ 203.186685][ T25] usb 1-1: Manufacturer: syz [ 203.204386][ T25] usb 1-1: SerialNumber: syz [ 203.237593][ T25] usb 1-1: config 0 descriptor?? [ 203.254361][ T25] em28xx 1-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 203.263787][ T25] em28xx 1-1:0.0: Device initialization failed. [ 203.271066][ T25] em28xx 1-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 203.878148][ T5096] Bluetooth: hci0: command tx timeout [ 204.003423][ T2953] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 204.020985][ T2953] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 204.053337][ T2953] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 204.095590][ T2953] bond0 (unregistering): Released all slaves [ 204.359023][ T5096] Bluetooth: hci4: command tx timeout [ 204.543454][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 204.572944][ T7275] netlink: 'syz.1.516': attribute type 10 has an invalid length. [ 204.670839][ T7275] team0: Port device geneve1 added [ 204.736623][ T7246] chnl_net:caif_netlink_parms(): no params data found [ 204.816850][ T7285] netlink: 32 bytes leftover after parsing attributes in process `syz.4.517'. [ 204.849918][ T5146] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 204.957009][ T2953] hsr_slave_0: left promiscuous mode [ 204.972146][ T2953] hsr_slave_1: left promiscuous mode [ 204.992061][ T2953] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 205.017217][ T2953] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 205.042890][ T2953] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 205.051072][ T2953] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 205.068070][ T5146] usb 2-1: Using ep0 maxpacket: 8 [ 205.081899][ T2953] veth1_macvtap: left promiscuous mode [ 205.087426][ T5146] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 205.087498][ T2953] veth0_macvtap: left promiscuous mode [ 205.107156][ T2953] veth1_vlan: left promiscuous mode [ 205.112787][ T2953] veth0_vlan: left promiscuous mode [ 205.133193][ T5146] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 205.145054][ T5146] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 205.162706][ T5146] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 205.184239][ T5146] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 205.195122][ T5146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.470712][ T25] usb 1-1: USB disconnect, device number 11 [ 205.478093][ T9] usb 3-1: USB disconnect, device number 14 [ 205.550121][ T5146] usb 2-1: usb_control_msg returned -32 [ 205.573856][ T5146] usbtmc 2-1:16.0: can't read capabilities [ 205.626437][ T7301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.519'. [ 206.052306][ T2953] team0 (unregistering): Port device team_slave_1 removed [ 206.091220][ T2953] team0 (unregistering): Port device team_slave_0 removed [ 206.438354][ T5096] Bluetooth: hci4: command tx timeout [ 206.719048][ T7246] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.733592][ T7246] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.747522][ T7246] bridge_slave_0: entered allmulticast mode [ 206.758643][ T7246] bridge_slave_0: entered promiscuous mode [ 206.778069][ T7246] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.787732][ T7246] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.801857][ T7246] bridge_slave_1: entered allmulticast mode [ 206.809569][ T7246] bridge_slave_1: entered promiscuous mode [ 206.864380][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 206.999457][ T7246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.026685][ T7246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.142323][ T7246] team0: Port device team_slave_0 added [ 207.166453][ T7246] team0: Port device team_slave_1 added [ 207.258456][ T7246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.271821][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 207.305540][ T7246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.372206][ T7332] netlink: 32 bytes leftover after parsing attributes in process `syz.4.525'. [ 207.489950][ T7246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.531561][ T7246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.550003][ T7246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.624494][ T7246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.664441][ T5143] usb 2-1: USB disconnect, device number 9 [ 207.878063][ T5096] Bluetooth: hci2: command tx timeout [ 208.113079][ T7246] hsr_slave_0: entered promiscuous mode [ 208.153039][ T7246] hsr_slave_1: entered promiscuous mode [ 208.400640][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 208.511452][ T7354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.530'. [ 208.527783][ T5096] Bluetooth: hci4: command tx timeout [ 208.628936][ T7347] netlink: 32 bytes leftover after parsing attributes in process `syz.2.528'. [ 208.839398][ T5145] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 208.981900][ T7376] netlink: 4 bytes leftover after parsing attributes in process `syz.2.535'. [ 209.027959][ T5145] usb 1-1: Using ep0 maxpacket: 16 [ 209.040642][ T5145] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 209.062540][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.100312][ T5145] usb 1-1: Product: syz [ 209.123509][ T5145] usb 1-1: Manufacturer: syz [ 209.131083][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 209.140528][ T5145] usb 1-1: SerialNumber: syz [ 209.172183][ T5145] usb 1-1: config 0 descriptor?? [ 209.190418][ T5145] usb 1-1: no audio or video endpoints found [ 209.217183][ T5145] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 209.637075][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 209.775033][ T7402] netlink: 32 bytes leftover after parsing attributes in process `syz.2.539'. [ 209.864909][ T7246] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 209.892312][ T7246] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 209.912078][ T7246] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 209.993206][ T7246] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 210.306124][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.543'. [ 210.403924][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.1.543'. [ 210.505595][ T7246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.535368][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 210.613888][ T5096] Bluetooth: hci4: command tx timeout [ 210.634528][ T7425] netlink: 8 bytes leftover after parsing attributes in process `syz.4.546'. [ 210.666573][ T7427] netlink: 32 bytes leftover after parsing attributes in process `syz.2.545'. [ 210.716646][ T7428] netlink: 4 bytes leftover after parsing attributes in process `syz.1.547'. [ 210.729937][ T7246] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.817239][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.824476][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.854325][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.861573][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.135824][ T7246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.255655][ T7246] veth0_vlan: entered promiscuous mode [ 211.305879][ T7246] veth1_vlan: entered promiscuous mode [ 211.435704][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 211.448716][ T7246] veth0_macvtap: entered promiscuous mode [ 211.503103][ T7246] veth1_macvtap: entered promiscuous mode [ 211.558363][ T5096] Bluetooth: hci1: command tx timeout [ 211.637176][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.669821][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.696578][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.726911][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.754398][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.786794][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.816491][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 211.842767][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.871450][ T7246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.947705][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.007855][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.017710][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.066230][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.088087][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.104586][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.125526][ T7246] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 212.145425][ T7246] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.159605][ T7246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.212612][ T7246] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.224532][ T7246] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.238450][ T7246] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.267617][ T7246] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 212.611097][ T9] usb 1-1: USB disconnect, device number 12 [ 212.833949][ T2953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 212.898534][ T2953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 212.902493][ T7480] binder: 7479:7480 ioctl 8030942b 200002c0 returned -22 [ 213.094902][ T7484] __nla_validate_parse: 1 callbacks suppressed [ 213.094921][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'. [ 213.146909][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.183495][ T7484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'. [ 213.316757][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 213.381090][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 213.457157][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.533693][ T7495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.559'. [ 213.556017][ T7500] netlink: 4 bytes leftover after parsing attributes in process `syz.0.560'. [ 213.659970][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.803494][ T5094] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 213.822164][ T5094] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 213.831336][ T5094] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 213.844997][ T5094] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 213.854991][ T5094] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 213.866802][ T5094] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 213.900945][ T11] team0: Port device netdevsim0 removed [ 213.913427][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.956800][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 214.036306][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 214.089277][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 214.198429][ T5096] Bluetooth: hci0: command tx timeout [ 214.248089][ T7524] netlink: 32 bytes leftover after parsing attributes in process `syz.0.563'. [ 214.564810][ T11] bridge_slave_1: left allmulticast mode [ 214.580826][ T11] bridge_slave_1: left promiscuous mode [ 214.642092][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.708954][ T7517] netlink: 32 bytes leftover after parsing attributes in process `syz.4.565'. [ 214.783516][ T11] bridge_slave_0: left allmulticast mode [ 214.816740][ T11] bridge_slave_0: left promiscuous mode [ 214.844432][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.889327][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.568'. [ 214.919349][ T7544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.568'. [ 215.091254][ T25] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 215.278399][ T11] team0: Port device geneve1 removed [ 215.288392][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 215.314101][ T25] usb 2-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 215.326959][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.336465][ T25] usb 2-1: Product: syz [ 215.341913][ T25] usb 2-1: Manufacturer: syz [ 215.357732][ T25] usb 2-1: SerialNumber: syz [ 215.374288][ T25] usb 2-1: config 0 descriptor?? [ 215.395333][ T25] usb 2-1: no audio or video endpoints found [ 215.402154][ T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 215.506578][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.523201][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 215.537415][ T11] bond0 (unregistering): Released all slaves [ 215.715732][ T11] tipc: Disabling bearer [ 215.761349][ T11] tipc: Left network mode [ 215.761477][ T7558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.571'. [ 215.918670][ T7565] netlink: 4 bytes leftover after parsing attributes in process `syz.0.572'. [ 215.959501][ T5096] Bluetooth: hci2: command tx timeout [ 216.003808][ T7512] chnl_net:caif_netlink_parms(): no params data found [ 216.620409][ T7512] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.648004][ T7512] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.667079][ T7512] bridge_slave_0: entered allmulticast mode [ 216.682506][ T7512] bridge_slave_0: entered promiscuous mode [ 216.715650][ T7512] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.737194][ T7512] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.759988][ T7512] bridge_slave_1: entered allmulticast mode [ 216.777049][ T7512] bridge_slave_1: entered promiscuous mode [ 216.801964][ T11] hsr_slave_0: left promiscuous mode [ 216.816628][ T11] hsr_slave_1: left promiscuous mode [ 216.825916][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 216.843735][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 216.855632][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 216.865695][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.988232][ T11] veth1_macvtap: left promiscuous mode [ 216.993821][ T11] veth0_macvtap: left promiscuous mode [ 217.020882][ T11] veth1_vlan: left promiscuous mode [ 217.025317][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 217.036445][ T11] veth0_vlan: left promiscuous mode [ 217.514881][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 217.952453][ T5145] usb 2-1: USB disconnect, device number 10 [ 218.040098][ T5096] Bluetooth: hci2: command tx timeout [ 218.445547][ T11] team0 (unregistering): Port device team_slave_1 removed [ 218.511025][ T11] team0 (unregistering): Port device team_slave_0 removed [ 219.170364][ T7512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.232294][ T7512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.282604][ T7624] __nla_validate_parse: 4 callbacks suppressed [ 219.282623][ T7624] netlink: 4 bytes leftover after parsing attributes in process `syz.3.584'. [ 219.378834][ T7512] team0: Port device team_slave_0 added [ 219.387676][ T7512] team0: Port device team_slave_1 added [ 219.427028][ T7637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.588'. [ 219.455939][ T7637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.588'. [ 219.495410][ T7512] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 219.532975][ T7512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.618622][ T7512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 219.678744][ T7512] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 219.700745][ T7512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 219.768027][ T7512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 219.975718][ T7512] hsr_slave_0: entered promiscuous mode [ 220.014746][ T7512] hsr_slave_1: entered promiscuous mode [ 220.039377][ T7512] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 220.061559][ T7512] Cannot create hsr debugfs directory [ 220.118068][ T5096] Bluetooth: hci2: command tx timeout [ 220.219409][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 220.346667][ T7662] netlink: 32 bytes leftover after parsing attributes in process `syz.0.593'. [ 220.516502][ T7667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 220.534127][ T7667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.595'. [ 220.659089][ T7669] netlink: 4 bytes leftover after parsing attributes in process `syz.0.597'. [ 220.710206][ T7674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.598'. [ 221.288583][ T5096] Bluetooth: hci1: unexpected event 0x06 length: 23 > 3 [ 221.343455][ T7705] input: syz1 as /devices/virtual/input/input20 [ 221.475937][ T7701] netlink: 32 bytes leftover after parsing attributes in process `syz.4.604'. [ 221.799523][ T5096] Bluetooth: hci4: command tx timeout [ 221.922740][ T7725] netlink: 4 bytes leftover after parsing attributes in process `syz.3.609'. [ 222.122272][ T7512] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 222.170265][ T7512] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 222.198033][ T5096] Bluetooth: hci2: command tx timeout [ 222.224763][ T7512] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 222.294422][ T7512] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 222.831486][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 223.182070][ T7512] 8021q: adding VLAN 0 to HW filter on device bond0 [ 223.252262][ T7512] 8021q: adding VLAN 0 to HW filter on device team0 [ 223.460089][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.467273][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state [ 223.559127][ T5096] Bluetooth: hci0: command tx timeout [ 223.571710][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.578898][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 223.935782][ T7512] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 224.008253][ T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 224.022273][ T7794] binder: 7792:7794 ioctl 8030942b 200002c0 returned -22 [ 224.085497][ T7512] veth0_vlan: entered promiscuous mode [ 224.103410][ T7512] veth1_vlan: entered promiscuous mode [ 224.134414][ T7512] veth0_macvtap: entered promiscuous mode [ 224.143608][ T7512] veth1_macvtap: entered promiscuous mode [ 224.159248][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.172436][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.183252][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.201474][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.212724][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.224317][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 224.230373][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.243647][ T25] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 224.253017][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 224.264590][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.273576][ T7794] input: syz0 as /devices/virtual/input/input21 [ 224.276706][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.292741][ T7512] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 224.303547][ T25] usb 1-1: config 0 descriptor?? [ 224.322037][ T7798] __nla_validate_parse: 5 callbacks suppressed [ 224.322053][ T7798] netlink: 16 bytes leftover after parsing attributes in process `syz.4.624'. [ 224.357251][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.381669][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.405912][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.442368][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.467972][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.480595][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.498416][ T7512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 224.515290][ T7512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 224.555935][ T7512] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 224.621242][ T7512] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.650698][ T7512] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.684875][ T7512] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 224.715374][ T7512] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.052810][ T7825] netlink: 'syz.4.629': attribute type 3 has an invalid length. [ 225.063956][ T2953] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.070724][ T29] audit: type=1326 audit(1720126028.254:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.121144][ T2953] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.197946][ T29] audit: type=1326 audit(1720126028.254:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.246199][ T2953] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.266321][ T2953] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.281958][ T29] audit: type=1326 audit(1720126028.264:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=449 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.364518][ T29] audit: type=1326 audit(1720126028.264:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.468701][ T29] audit: type=1326 audit(1720126028.264:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.485825][ T5096] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 225.566917][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 225.577505][ T7837] netlink: 4 bytes leftover after parsing attributes in process `syz.4.633'. [ 225.578452][ T29] audit: type=1326 audit(1720126028.264:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7821 comm="syz.3.628" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf740e579 code=0x7ffc0000 [ 225.916548][ T7847] netlink: 16 bytes leftover after parsing attributes in process `syz.4.634'. [ 225.937261][ T7840] netlink: 32 bytes leftover after parsing attributes in process `syz.2.558'. [ 226.501666][ T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 226.545741][ T25] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 226.585176][ T25] asix 1-1:0.0: probe with driver asix failed with error -71 [ 226.641246][ T25] usb 1-1: USB disconnect, device number 13 [ 227.465060][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 227.533909][ T7899] binder: 7898:7899 ioctl 8030942b 200002c0 returned -22 [ 227.585583][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 227.695137][ T5094] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 227.713661][ T5094] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 227.722536][ T5094] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 227.731992][ T5094] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 227.739966][ T5094] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 227.749123][ T5094] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 227.755214][ T7903] netlink: 32 bytes leftover after parsing attributes in process `syz.0.648'. [ 227.857010][ T7899] input: syz0 as /devices/virtual/input/input22 [ 228.121463][ T7905] chnl_net:caif_netlink_parms(): no params data found [ 228.379005][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 228.474365][ T7905] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.492381][ T7905] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.500818][ T7905] bridge_slave_0: entered allmulticast mode [ 228.513960][ T7905] bridge_slave_0: entered promiscuous mode [ 228.520095][ T7927] netlink: 32 bytes leftover after parsing attributes in process `syz.2.651'. [ 228.640659][ T1038] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.708350][ T7905] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.734401][ T7905] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.768915][ T7905] bridge_slave_1: entered allmulticast mode [ 228.780779][ T7905] bridge_slave_1: entered promiscuous mode [ 228.862226][ T1038] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.932484][ T5096] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 228.937278][ T7939] binder: 7937:7939 ioctl 8030942b 200002c0 returned -22 [ 228.970806][ T7905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 229.044746][ T1038] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.071881][ T7939] input: syz0 as /devices/virtual/input/input23 [ 229.123367][ T7905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 229.280505][ T1038] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 229.327399][ T7951] netlink: 28 bytes leftover after parsing attributes in process `syz.0.661'. [ 229.360559][ T7905] team0: Port device team_slave_0 added [ 229.377042][ T7948] netlink: 'syz.0.661': attribute type 10 has an invalid length. [ 229.383743][ T5096] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 229.447239][ T7905] team0: Port device team_slave_1 added [ 229.573798][ T7905] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 229.582697][ T7905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.669486][ T7905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.698562][ T5144] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 229.716141][ T7905] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.745948][ T7905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.803734][ T7905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.878181][ T5096] Bluetooth: hci5: command tx timeout [ 229.887955][ T5144] usb 1-1: Using ep0 maxpacket: 8 [ 229.897096][ T5144] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 229.959804][ T5096] Bluetooth: hci0: command tx timeout [ 229.967254][ T5144] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 230.002040][ T7968] binder: 7967:7968 ioctl 8030942b 200002c0 returned -22 [ 230.031932][ T5144] usb 1-1: config 1 has no interface number 1 [ 230.052592][ T5144] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 230.088273][ T5144] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 230.115853][ T5144] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 230.131506][ T1038] bridge_slave_1: left allmulticast mode [ 230.140017][ T5144] usb 1-1: config 1 interface 2 has no altsetting 0 [ 230.149442][ T5144] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 230.163031][ T1038] bridge_slave_1: left promiscuous mode [ 230.169122][ T5144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.177401][ T1038] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.185454][ T5144] usb 1-1: Product: 쑿퉈ਝ쑻 [ 230.195037][ T5144] usb 1-1: Manufacturer: ф [ 230.206460][ T5144] usb 1-1: SerialNumber: syz [ 230.220908][ T1038] bridge_slave_0: left allmulticast mode [ 230.244083][ T7971] input: syz0 as /devices/virtual/input/input24 [ 230.259913][ T1038] bridge_slave_0: left promiscuous mode [ 230.265625][ T1038] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.438933][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 230.650050][ T5144] usb 1-1: USB disconnect, device number 14 [ 230.931316][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 231.008696][ T1038] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 231.021968][ T1038] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 231.036790][ T1038] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 231.055581][ T1038] bond0 (unregistering): Released all slaves [ 231.092311][ T7905] hsr_slave_0: entered promiscuous mode [ 231.111014][ T7905] hsr_slave_1: entered promiscuous mode [ 231.123200][ T5145] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 231.138170][ T7905] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 231.145755][ T7905] Cannot create hsr debugfs directory [ 231.308069][ T5144] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 231.347907][ T5145] usb 3-1: Using ep0 maxpacket: 16 [ 231.362222][ T5145] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 231.395421][ T5145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.417937][ T5145] usb 3-1: Product: syz [ 231.422470][ T5145] usb 3-1: Manufacturer: syz [ 231.427081][ T5145] usb 3-1: SerialNumber: syz [ 231.453784][ T5145] usb 3-1: config 0 descriptor?? [ 231.461365][ T5094] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 231.464196][ T5145] usb 3-1: no audio or video endpoints found [ 231.495426][ T5145] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 231.511399][ T5144] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 231.542446][ T5144] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 231.552017][ T5144] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.582795][ T1038] hsr_slave_0: left promiscuous mode [ 231.587906][ T5144] usb 2-1: Product: syz [ 231.597240][ T5144] usb 2-1: Manufacturer: syz [ 231.617557][ T1038] hsr_slave_1: left promiscuous mode [ 231.631949][ T5144] usb 2-1: SerialNumber: syz [ 231.642532][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.657384][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.684229][ T7996] netlink: 32 bytes leftover after parsing attributes in process `syz.0.674'. [ 231.704049][ T5144] usb 2-1: config 0 descriptor?? [ 231.705134][ T1038] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.717970][ T5144] em28xx 2-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 231.734946][ T5144] em28xx 2-1:0.0: Device initialization failed. [ 231.743726][ T5144] em28xx 2-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 231.747058][ T1038] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.871344][ T1038] veth1_macvtap: left promiscuous mode [ 231.899508][ T1038] veth0_macvtap: left promiscuous mode [ 231.906652][ T1038] veth1_vlan: left promiscuous mode [ 231.918050][ T1038] veth0_vlan: left promiscuous mode [ 231.959304][ T5094] Bluetooth: hci5: command tx timeout [ 232.049570][ T5094] Bluetooth: hci0: command tx timeout [ 232.820850][ T1038] team0 (unregistering): Port device team_slave_1 removed [ 232.882277][ T1038] team0 (unregistering): Port device team_slave_0 removed [ 233.788072][ T8022] binder: 8020:8022 ioctl 8030942b 200002c0 returned -22 [ 233.958488][ T8027] input: syz0 as /devices/virtual/input/input25 [ 234.048087][ T5094] Bluetooth: hci5: command tx timeout [ 234.066454][ T5146] usb 2-1: USB disconnect, device number 11 [ 234.118126][ T5094] Bluetooth: hci0: command tx timeout [ 234.246758][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 234.530365][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 234.633678][ T5178] usb 3-1: USB disconnect, device number 15 [ 234.880740][ T8048] netlink: 32 bytes leftover after parsing attributes in process `syz.3.683'. [ 235.060502][ T5094] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 235.138256][ T8055] netlink: 32 bytes leftover after parsing attributes in process `syz.2.686'. [ 235.179102][ T7905] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 235.275433][ T7905] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 235.284363][ T8058] binder: 8056:8058 ioctl 8030942b 200002c0 returned -22 [ 235.366547][ T7905] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 235.403072][ T7905] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 235.458898][ T8061] input: syz0 as /devices/virtual/input/input26 [ 235.598405][ T8066] binder: 8065:8066 ioctl 8030942b 200002c0 returned -22 [ 235.818618][ T8073] input: syz0 as /devices/virtual/input/input27 [ 236.008942][ T8081] netlink: 'syz.1.693': attribute type 10 has an invalid length. [ 236.035377][ T8085] netlink: 28 bytes leftover after parsing attributes in process `syz.1.693'. [ 236.118806][ T5094] Bluetooth: hci5: command tx timeout [ 236.188098][ T5145] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 236.336421][ T7905] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.363701][ T25] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 236.417022][ T5145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 236.447643][ T5145] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 236.476820][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.495651][ T5145] usb 1-1: Product: syz [ 236.505774][ T5145] usb 1-1: Manufacturer: syz [ 236.516028][ T5145] usb 1-1: SerialNumber: syz [ 236.555611][ T5145] usb 1-1: config 0 descriptor?? [ 236.566941][ T5145] em28xx 1-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 236.581782][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 236.601113][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.616541][ T5145] em28xx 1-1:0.0: Device initialization failed. [ 236.623266][ T25] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 236.632790][ T5145] em28xx 1-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 236.649818][ T25] usb 2-1: config 1 has no interface number 1 [ 236.652265][ T7905] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.686699][ T25] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 236.708185][ T5149] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 236.725245][ T25] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 236.738492][ T25] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 236.755458][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.762688][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.763917][ T25] usb 2-1: config 1 interface 2 has no altsetting 0 [ 236.815964][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.823187][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.830935][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 236.849697][ T5094] Bluetooth: hci0: command tx timeout [ 236.863010][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.871386][ T25] usb 2-1: Product: 쑿퉈ਝ쑻 [ 236.878784][ T25] usb 2-1: Manufacturer: ф [ 236.885348][ T25] usb 2-1: SerialNumber: syz [ 236.920145][ T5149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 236.936672][ T5149] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 236.961142][ T5149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.976221][ T5149] usb 4-1: Product: syz [ 236.992764][ T5149] usb 4-1: Manufacturer: syz [ 237.004385][ T5149] usb 4-1: SerialNumber: syz [ 237.024876][ T5149] usb 4-1: config 0 descriptor?? [ 237.042396][ T5149] em28xx 4-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 237.083660][ T5149] em28xx 4-1:0.0: Device initialization failed. [ 237.137888][ T5149] em28xx 4-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 237.217138][ T25] usb 2-1: USB disconnect, device number 12 [ 237.237784][ T7905] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.422340][ T7905] veth0_vlan: entered promiscuous mode [ 237.460889][ T7905] veth1_vlan: entered promiscuous mode [ 237.513402][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 237.524423][ T7905] veth0_macvtap: entered promiscuous mode [ 237.565081][ T7905] veth1_macvtap: entered promiscuous mode [ 237.651203][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.683901][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.718778][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.747212][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.786058][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.794248][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 237.798062][ T5094] Bluetooth: hci4: command tx timeout [ 237.810572][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.810594][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.810610][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.812244][ T7905] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.877565][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.903647][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.920682][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.931567][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.942106][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.953876][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.964235][ T7905] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.977457][ T7905] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.002143][ T7905] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 238.018188][ T5149] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 238.039773][ T7905] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.053106][ T7905] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.063681][ T7905] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.077570][ T7905] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 238.153010][ T8137] netlink: 32 bytes leftover after parsing attributes in process `syz.1.702'. [ 238.218659][ T5149] usb 3-1: Using ep0 maxpacket: 16 [ 238.250122][ T5149] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 238.273947][ T5149] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 238.299551][ T5149] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.313433][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.331923][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.344952][ T5149] usb 3-1: config 0 descriptor?? [ 238.422845][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.446067][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.684141][ T8127] netlink: 16 bytes leftover after parsing attributes in process `syz.2.701'. [ 238.724712][ T8144] netlink: 16 bytes leftover after parsing attributes in process `syz.4.645'. [ 238.827129][ T25] usb 1-1: USB disconnect, device number 15 [ 239.102469][ T8148] binder: 8147:8148 ioctl 8030942b 200002c0 returned -22 [ 239.187003][ T8127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.213733][ T8127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.228525][ T8127] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.239107][ T8127] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.267548][ T5149] hid-generic 0003:0158:0100.0001: unknown main item tag 0x1 [ 239.283307][ T5149] hid-generic 0003:0158:0100.0001: unexpected long global item [ 239.303582][ T5149] hid-generic 0003:0158:0100.0001: probe with driver hid-generic failed with error -22 [ 239.372471][ T5149] usb 4-1: USB disconnect, device number 14 [ 239.429727][ T8153] input: syz0 as /devices/virtual/input/input28 [ 239.619919][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 240.227345][ T5144] usb 3-1: USB disconnect, device number 16 [ 240.340789][ T8182] netlink: 'syz.0.711': attribute type 10 has an invalid length. [ 240.378926][ T8182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.711'. [ 240.380212][ T8181] netlink: 'syz.1.712': attribute type 10 has an invalid length. [ 240.418949][ T8184] netlink: 16 bytes leftover after parsing attributes in process `syz.3.713'. [ 240.496230][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 240.497640][ T8188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.712'. [ 240.645416][ T8191] netlink: 32 bytes leftover after parsing attributes in process `syz.4.715'. [ 240.720982][ T5149] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 240.818283][ T5147] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 240.888578][ T5144] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 240.908187][ T5149] usb 1-1: Using ep0 maxpacket: 8 [ 240.915727][ T5149] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 240.927046][ T5149] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 240.936113][ T5149] usb 1-1: config 1 has no interface number 1 [ 240.942295][ T5149] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 240.953387][ T5149] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 240.965181][ T5149] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 240.978436][ T5149] usb 1-1: config 1 interface 2 has no altsetting 0 [ 240.987276][ T5149] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 240.996466][ T5149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.004658][ T5149] usb 1-1: Product: 쑿퉈ਝ쑻 [ 241.009754][ T5149] usb 1-1: Manufacturer: ф [ 241.014355][ T5149] usb 1-1: SerialNumber: syz [ 241.028124][ T5147] usb 2-1: Using ep0 maxpacket: 8 [ 241.039764][ T5147] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 241.054186][ T5147] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 241.067306][ T5147] usb 2-1: config 1 has no interface number 1 [ 241.080038][ T5144] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 241.080460][ T5147] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 241.111704][ T5147] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 241.119831][ T5144] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 241.124480][ T5147] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 241.139407][ T5144] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.158712][ T5147] usb 2-1: config 1 interface 2 has no altsetting 0 [ 241.172390][ T5147] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 241.173089][ T5144] usb 4-1: Product: syz [ 241.185915][ T5144] usb 4-1: Manufacturer: syz [ 241.190548][ T5147] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.190987][ T5147] usb 2-1: Product: 쑿퉈ਝ쑻 [ 241.204344][ T5147] usb 2-1: Manufacturer: ф [ 241.212678][ T5147] usb 2-1: SerialNumber: syz [ 241.234295][ T5144] usb 4-1: SerialNumber: syz [ 241.239315][ T5094] Bluetooth: hci3: command tx timeout [ 241.266311][ T5144] usb 4-1: config 0 descriptor?? [ 241.286235][ T5144] em28xx 4-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 241.299661][ T5144] em28xx 4-1:0.0: Device initialization failed. [ 241.306234][ T5144] em28xx 4-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 241.319209][ T5149] usb 1-1: USB disconnect, device number 16 [ 241.472814][ T5147] usb 2-1: USB disconnect, device number 13 [ 241.550932][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 241.671039][ T5146] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 241.710229][ T7299] udevd[7299]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 241.868063][ T5146] usb 3-1: Using ep0 maxpacket: 16 [ 241.892706][ T5146] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 241.903815][ T5146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.917456][ T5146] usb 3-1: Product: syz [ 241.924070][ T5146] usb 3-1: Manufacturer: syz [ 241.933554][ T5146] usb 3-1: SerialNumber: syz [ 241.944123][ T5146] usb 3-1: config 0 descriptor?? [ 241.957348][ T5146] usb 3-1: no audio or video endpoints found [ 241.987625][ T5146] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 242.202656][ T8211] binder: 8210:8211 ioctl 8030942b 200002c0 returned -22 [ 242.369715][ T8220] netlink: 16 bytes leftover after parsing attributes in process `syz.0.726'. [ 242.382820][ T8219] input: syz0 as /devices/virtual/input/input29 [ 242.630266][ T8224] binder: 8223:8224 ioctl 8030942b 200002c0 returned -22 [ 242.708349][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 242.764909][ T8229] input: syz0 as /devices/virtual/input/input30 [ 242.861545][ T8231] netlink: 32 bytes leftover after parsing attributes in process `syz.4.731'. [ 242.978331][ T5149] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 243.047000][ T8234] netlink: 'syz.0.732': attribute type 10 has an invalid length. [ 243.072597][ T8234] netlink: 28 bytes leftover after parsing attributes in process `syz.0.732'. [ 243.177991][ T5149] usb 2-1: Using ep0 maxpacket: 16 [ 243.191799][ T5149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 243.211684][ T5149] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 243.224841][ T5149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.249771][ T5149] usb 2-1: config 0 descriptor?? [ 243.367632][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 243.388110][ T5145] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 243.498214][ T8227] netlink: 16 bytes leftover after parsing attributes in process `syz.1.730'. [ 243.573565][ T8241] netlink: 32 bytes leftover after parsing attributes in process `syz.4.734'. [ 243.593306][ T5147] usb 4-1: USB disconnect, device number 15 [ 243.597550][ T5145] usb 1-1: Using ep0 maxpacket: 8 [ 243.629172][ T5145] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.660623][ T5145] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 243.692162][ T5145] usb 1-1: config 1 has no interface number 1 [ 243.711630][ T5145] usb 1-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 243.747870][ T5145] usb 1-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 243.780721][ T5145] usb 1-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 243.816819][ T5145] usb 1-1: config 1 interface 2 has no altsetting 0 [ 243.853517][ T5145] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 243.892252][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.931076][ T5145] usb 1-1: Product: 쑿퉈ਝ쑻 [ 243.949165][ T5145] usb 1-1: Manufacturer: ф [ 243.954803][ T5145] usb 1-1: SerialNumber: syz [ 244.162405][ T8227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 244.242889][ T8227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.335243][ T5145] usb 1-1: USB disconnect, device number 17 [ 244.350786][ T8227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 244.420186][ T8227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 244.518094][ T5094] Bluetooth: hci0: command tx timeout [ 244.530476][ T5149] hid-generic 0003:0158:0100.0002: unknown main item tag 0x1 [ 244.548351][ T5149] hid-generic 0003:0158:0100.0002: unexpected long global item [ 244.557537][ T5149] hid-generic 0003:0158:0100.0002: probe with driver hid-generic failed with error -22 [ 244.608575][ T7299] udevd[7299]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 244.670947][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 244.769313][ T5149] usb 3-1: USB disconnect, device number 17 [ 244.993188][ T5146] usb 2-1: USB disconnect, device number 14 [ 245.118568][ T8269] binder: 8267:8269 ioctl 8030942b 200002c0 returned -22 [ 245.131889][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 245.238845][ T8273] input: syz0 as /devices/virtual/input/input31 [ 245.244687][ T8274] netlink: 32 bytes leftover after parsing attributes in process `syz.4.743'. [ 245.295080][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 245.605794][ T8280] netlink: 32 bytes leftover after parsing attributes in process `syz.3.746'. [ 245.708164][ T8] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 245.902695][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 245.943377][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 245.961982][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.984969][ T8] usb 3-1: Product: syz [ 246.007865][ T8] usb 3-1: Manufacturer: syz [ 246.020186][ T8] usb 3-1: SerialNumber: syz [ 246.033300][ T8] usb 3-1: config 0 descriptor?? [ 246.084511][ T8] em28xx 3-1:0.0: New device syz syz @ 12 Mbps (2040:0264, interface 0, class 0) [ 246.133603][ T8] em28xx 3-1:0.0: Device initialization failed. [ 246.170964][ T8] em28xx 3-1:0.0: Device must be connected to a high-speed USB 2.0 port. [ 246.410494][ T8298] netlink: 28 bytes leftover after parsing attributes in process `syz.1.752'. [ 246.420657][ T5094] Bluetooth: hci3: unexpected event 0x06 length: 23 > 3 [ 246.518042][ T5094] Bluetooth: hci5: command tx timeout [ 246.761114][ T25] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 246.886218][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 246.999054][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 247.026451][ T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.038051][ T5147] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 247.057998][ T25] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 247.085810][ T25] usb 2-1: config 1 has no interface number 1 [ 247.098210][ T25] usb 2-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 247.132297][ T25] usb 2-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 247.178839][ T25] usb 2-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 247.242662][ T25] usb 2-1: config 1 interface 2 has no altsetting 0 [ 247.262041][ T5147] usb 1-1: Using ep0 maxpacket: 16 [ 247.263641][ T25] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 247.278071][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.286591][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 247.286792][ T25] usb 2-1: Product: 쑿퉈ਝ쑻 [ 247.298927][ T25] usb 2-1: Manufacturer: ф [ 247.303469][ T25] usb 2-1: SerialNumber: syz [ 247.316718][ T5147] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 247.359281][ T5147] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.428588][ T5147] usb 1-1: Product: syz [ 247.466838][ T5147] usb 1-1: Manufacturer: syz [ 247.491984][ T5147] usb 1-1: SerialNumber: syz [ 247.524956][ T5147] usb 1-1: config 0 descriptor?? [ 247.552904][ T5147] usb 1-1: no audio or video endpoints found [ 247.564779][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 247.566973][ T8320] netlink: 32 bytes leftover after parsing attributes in process `syz.4.760'. [ 247.582537][ T25] usb 2-1: USB disconnect, device number 15 [ 247.593532][ T5147] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 247.670995][ T8325] netlink: 32 bytes leftover after parsing attributes in process `syz.3.761'. [ 247.849054][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 248.118124][ T5094] Bluetooth: hci4: command tx timeout [ 248.294021][ T5149] usb 3-1: USB disconnect, device number 18 [ 248.328252][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 248.612633][ T5094] Bluetooth: hci5: command tx timeout [ 249.106428][ T8358] netlink: 'syz.2.773': attribute type 10 has an invalid length. [ 249.122619][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 249.182967][ T8362] netlink: 28 bytes leftover after parsing attributes in process `syz.2.773'. [ 249.189869][ T8358] team0: Port device netdevsim0 added [ 249.478588][ T8361] netlink: 32 bytes leftover after parsing attributes in process `syz.1.772'. [ 249.624617][ T25] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 249.648477][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 249.776762][ T8378] binder: 8377:8378 ioctl 8030942b 200002c0 returned -22 [ 249.817935][ T25] usb 3-1: Using ep0 maxpacket: 8 [ 249.832975][ T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.867618][ T25] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 249.893870][ T25] usb 3-1: config 1 has no interface number 1 [ 249.914806][ T25] usb 3-1: too many endpoints for config 1 interface 2 altsetting 220: 113, using maximum allowed: 30 [ 249.938035][ T8382] input: syz0 as /devices/virtual/input/input32 [ 249.947446][ T25] usb 3-1: config 1 interface 2 altsetting 220 has an invalid endpoint descriptor of length 3, skipping [ 249.992660][ T8374] netlink: 32 bytes leftover after parsing attributes in process `syz.4.776'. [ 249.998402][ T25] usb 3-1: config 1 interface 2 altsetting 220 has 1 endpoint descriptor, different from the interface descriptor's value: 113 [ 250.080792][ T25] usb 3-1: config 1 interface 2 has no altsetting 0 [ 250.097302][ T25] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 250.114046][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.125508][ T25] usb 3-1: Product: 쑿퉈ਝ쑻 [ 250.136229][ T25] usb 3-1: Manufacturer: ф [ 250.141259][ T25] usb 3-1: SerialNumber: syz [ 250.358299][ T5149] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 250.399352][ T5144] usb 1-1: USB disconnect, device number 18 [ 250.518153][ T5094] Bluetooth: hci2: command tx timeout [ 250.524818][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 250.538691][ T5149] usb 2-1: device descriptor read/64, error -71 [ 250.678337][ T25] usb 3-1: USB disconnect, device number 19 [ 250.891905][ T8393] netlink: 32 bytes leftover after parsing attributes in process `syz.3.784'. [ 250.913080][ T5149] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 250.932545][ T5094] Bluetooth: hci5: unexpected event 0x06 length: 23 > 3 [ 251.008030][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 251.098119][ T5149] usb 2-1: device descriptor read/64, error -71 [ 251.193798][ T8403] netlink: 32 bytes leftover after parsing attributes in process `syz.4.787'. [ 251.218564][ T5149] usb usb2-port1: attempt power cycle [ 251.555500][ C1] hrtimer: interrupt took 10748004 ns [ 251.751910][ T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 252.201924][ T5149] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 252.298317][ T5094] Bluetooth: hci5: command tx timeout [ 252.303832][ T5146] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 252.549982][ T5146] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 252.560474][ T5146] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 252.571267][ T5146] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 252.580896][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 252.589440][ T5146] usb 3-1: SerialNumber: syz [ 252.817558][ T5146] usb 3-1: 0:2 : does not exist [ 252.830508][ T5146] usb 3-1: unit 255 not found! [ 252.866359][ T5146] usb 3-1: USB disconnect, device number 20 [ 253.069315][ T6030] udevd[6030]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 255.011264][ T8438] binder: 8435:8438 ioctl 8030942b 200002c0 returned -22 [ 257.159969][ T5149] usb 2-1: device descriptor read/8, error -71 [ 257.198386][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 257.218843][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.223358][ T5094] Bluetooth: hci2: unexpected event 0x06 length: 23 > 3 [ 260.166337][ T25] usb 1-1: device not accepting address 19, error -71 [ 260.254387][ T5094] Bluetooth: hci4: unexpected event 0x06 length: 23 > 3 [ 263.910760][ T5094] Bluetooth: hci0: unexpected event 0x06 length: 23 > 3 [ 277.619536][ T5102] Bluetooth: hci0: command 0x0406 tx timeout [ 277.633052][ T5104] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 277.642289][ T5104] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 280.607959][ T53] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 280.615429][ T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 280.622745][ T53] Bluetooth: hci3: command 0x0406 tx timeout [ 280.709682][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 280.717546][ T5102] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 280.727422][ T5104] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 280.736146][ T5104] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 280.745638][ T5102] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 280.754289][ T5104] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 280.761834][ T5102] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 280.781984][ T5102] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 280.834859][ T5102] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 280.848142][ T5102] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 280.856111][ T5102] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 280.864236][ T5102] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 280.871974][ T5102] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 280.879324][ T5102] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 284.647254][ T53] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 284.688372][ T5100] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 287.687893][ T5094] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 290.897339][ T5094] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 290.904192][ T5094] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 293.438150][ T53] Bluetooth: hci8: command 0x1001 tx timeout [ 293.445582][ T53] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 293.478052][ T8455] Bluetooth: hci8: Opcode 0x1001 failed: -110 [ 293.524989][ T53] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 293.786513][ T8468] chnl_net:caif_netlink_parms(): no params data found [ 293.854770][ T8469] chnl_net:caif_netlink_parms(): no params data found [ 294.173279][ T53] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 294.182619][ T53] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 294.191082][ T53] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 294.208389][ T53] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 294.216344][ T53] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 294.224106][ T53] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 295.498195][ T8465] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 298.724392][ T5102] Bluetooth: hci7: command tx timeout [ 300.969858][ T4494] Bluetooth: hci7: command tx timeout [ 300.975754][ T4494] Bluetooth: hci6: command tx timeout [ 300.981709][ T4494] Bluetooth: hci1: command tx timeout [ 301.018538][ T5104] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 301.020724][ T5104] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 301.021790][ T5104] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 301.023219][ T5104] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 301.023965][ T5104] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 301.024340][ T5104] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 303.797109][ T5102] Bluetooth: hci6: command tx timeout [ 303.810629][ T4494] Bluetooth: hci7: command tx timeout [ 307.391860][ T5104] Bluetooth: hci6: command tx timeout [ 307.397308][ T5104] Bluetooth: hci1: command tx timeout [ 307.403582][ T5104] Bluetooth: hci7: command tx timeout [ 307.465228][ T8467] chnl_net:caif_netlink_parms(): no params data found [ 310.277648][ T4494] Bluetooth: hci1: command tx timeout [ 310.295390][ T4494] Bluetooth: hci6: command tx timeout [ 313.180165][ T5104] Bluetooth: hci8: command tx timeout [ 313.186073][ T5104] Bluetooth: hci1: command tx timeout [ 313.191889][ T5104] Bluetooth: hci3: command tx timeout [ 316.713862][ T5096] Bluetooth: hci3: command tx timeout [ 316.719395][ T5096] Bluetooth: hci8: command tx timeout [ 320.954461][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 320.960798][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.975914][ T5104] Bluetooth: hci8: command tx timeout [ 320.982970][ T5096] Bluetooth: hci3: command tx timeout [ 325.917409][ T5096] Bluetooth: hci3: command tx timeout [ 325.922990][ T5096] Bluetooth: hci8: command tx timeout [ 338.914546][ T5096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 338.924405][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 338.937009][ T5096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 338.945946][ T5096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 338.957995][ T5096] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 338.965390][ T5096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 339.048341][ T5096] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 339.060312][ T5096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 339.068468][ T5096] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 339.076518][ T5096] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 339.096344][ T5096] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 339.104667][ T5096] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 341.028355][ T5102] Bluetooth: hci0: command tx timeout [ 341.178416][ T5102] Bluetooth: hci2: command tx timeout [ 343.078211][ T5102] Bluetooth: hci0: command tx timeout [ 343.273409][ T5102] Bluetooth: hci2: command tx timeout [ 345.168177][ T5102] Bluetooth: hci0: command tx timeout [ 345.318166][ T5102] Bluetooth: hci2: command tx timeout [ 352.730860][ T5096] Bluetooth: hci0: command tx timeout [ 352.736304][ T5096] Bluetooth: hci2: command tx timeout [ 352.742003][ T5102] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 352.822658][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 361.227019][ T8501] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 396.580697][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 396.587082][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 397.283505][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 397.686285][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 397.761077][ T5095] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 397.770303][ T5095] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 397.778347][ T5095] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 397.805307][ T5095] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 397.814418][ T5095] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 397.856446][ T5095] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 397.864634][ T5095] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 397.884137][ T5095] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 397.893600][ T5095] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 397.900976][ T5095] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 397.909036][ T5095] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 397.918980][ T5095] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 397.941335][ T5095] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 397.948629][ T5095] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 397.957936][ T5095] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 397.965321][ T5095] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 399.958589][ T5104] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 399.980424][ T5104] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 399.993513][ T5104] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 400.002651][ T5104] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 400.011098][ T5104] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 400.020072][ T5104] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 400.117711][ T53] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 400.137139][ T53] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 400.146626][ T53] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 400.155677][ T53] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 400.163983][ T53] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 400.173821][ T53] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 457.607882][ T5096] Bluetooth: hci5: command tx timeout [ 457.614439][ T5096] Bluetooth: hci4: command tx timeout [ 457.621386][ T5096] Bluetooth: hci11: command tx timeout [ 457.628909][ T5096] Bluetooth: hci10: command tx timeout [ 457.638671][ T5096] Bluetooth: hci9: command tx timeout [ 458.047243][ T1247] ieee802154 phy0 wpan0: encryption failed: -22 [ 458.053682][ T1247] ieee802154 phy1 wpan1: encryption failed: -22 [ 458.863517][ T5095] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 458.918419][ T5094] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 458.927524][ T5094] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 459.077890][ T5094] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 459.086124][ T5094] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 459.208689][ T5100] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 459.217317][ T5100] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 459.239917][ T5100] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 459.250119][ T5100] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 459.257438][ T5100] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 459.266699][ T5100] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 459.292436][ T5100] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 459.302279][ T5100] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 459.309598][ T5100] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 459.316832][ T5100] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 459.336001][ T5100] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 459.345247][ T5100] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 488.148884][ T5094] Bluetooth: hci4: command tx timeout [ 488.156229][ T5094] Bluetooth: hci5: command tx timeout [ 488.161839][ T5094] Bluetooth: hci9: command tx timeout [ 488.167283][ T5094] Bluetooth: hci10: command tx timeout [ 488.172839][ T5094] Bluetooth: hci11: command tx timeout [ 488.178452][ T5094] Bluetooth: hci8: command 0x0406 tx timeout [ 488.184846][ T5094] Bluetooth: hci1: command 0x0406 tx timeout [ 488.191349][ T5094] Bluetooth: hci7: command 0x0406 tx timeout [ 488.199831][ T5094] Bluetooth: hci12: command 0x0c1a tx timeout [ 488.206696][ T5094] Bluetooth: hci14: command 0x0c38 tx timeout [ 488.214268][ T5094] Bluetooth: hci13: command 0x0c16 tx timeout [ 488.277848][ T5095] Bluetooth: hci13: Opcode 0x0c16 failed: -110 [ 488.288548][ T4494] Bluetooth: hci14: Opcode 0x0c38 failed: -110 [ 488.327797][ T30] INFO: task kworker/u8:3:51 blocked for more than 142 seconds. [ 488.335742][ T30] Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 488.382312][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 488.417773][ T30] task:kworker/u8:3 state:D stack:21312 pid:51 tgid:51 ppid:2 flags:0x00004000 [ 488.517762][ T30] Workqueue: netns cleanup_net [ 488.522877][ T30] Call Trace: [ 488.526173][ T30] [ 488.567767][ T30] __schedule+0x17e8/0x4a20 [ 488.572360][ T30] ? __pfx___schedule+0x10/0x10 [ 488.577225][ T30] ? __pfx_lock_release+0x10/0x10 [ 488.627781][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 488.633333][ T30] ? kthread_data+0x52/0xd0 [ 488.667792][ T30] ? schedule+0x90/0x320 [ 488.672105][ T30] ? wq_worker_sleeping+0x66/0x240 [ 488.677231][ T30] ? schedule+0x90/0x320 [ 488.727747][ T30] schedule+0x14b/0x320 [ 488.731973][ T30] schedule_preempt_disabled+0x13/0x30 [ 488.737457][ T30] __mutex_lock+0x6a4/0xd70 [ 488.788069][ T30] ? __mutex_lock+0x527/0xd70 [ 488.792807][ T30] ? wg_netns_pre_exit+0x1f/0x1e0 [ 488.827763][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 488.833561][ T30] ? __local_bh_enable_ip+0x168/0x200 [ 488.868211][ T30] ? cleanup_net+0x427/0xcc0 [ 488.872968][ T30] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 488.899188][ T30] wg_netns_pre_exit+0x1f/0x1e0 [ 488.904495][ T30] cleanup_net+0x615/0xcc0 [ 488.927776][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 488.932788][ T30] ? process_scheduled_works+0x945/0x1830 [ 488.957812][ T30] process_scheduled_works+0xa2c/0x1830 [ 488.963848][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 488.977786][ T30] ? assign_work+0x364/0x3d0 [ 488.982532][ T30] worker_thread+0x86d/0xd50 [ 488.987177][ T30] ? __kthread_parkme+0x169/0x1d0 [ 489.017756][ T30] ? __pfx_worker_thread+0x10/0x10 [ 489.022958][ T30] kthread+0x2f0/0x390 [ 489.027061][ T30] ? __pfx_worker_thread+0x10/0x10 [ 489.037885][ T30] ? __pfx_kthread+0x10/0x10 [ 489.042750][ T30] ret_from_fork+0x4b/0x80 [ 489.057751][ T30] ? __pfx_kthread+0x10/0x10 [ 489.062703][ T30] ret_from_fork_asm+0x1a/0x30 [ 489.067648][ T30] [ 489.089947][ T30] INFO: task kworker/u8:14:2953 blocked for more than 143 seconds. [ 489.107184][ T30] Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 489.115469][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 489.124482][ T30] task:kworker/u8:14 state:D stack:21040 pid:2953 tgid:2953 ppid:2 flags:0x00004000 [ 489.135053][ T30] Workqueue: ipv6_addrconf addrconf_verify_work [ 489.141789][ T30] Call Trace: [ 489.145122][ T30] [ 489.148134][ T30] __schedule+0x17e8/0x4a20 [ 489.152681][ T30] ? __pfx___schedule+0x10/0x10 [ 489.157822][ T30] ? __pfx_lock_release+0x10/0x10 [ 489.163029][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 489.168704][ T30] ? kthread_data+0x52/0xd0 [ 489.173341][ T30] ? schedule+0x90/0x320 [ 489.178959][ T30] ? wq_worker_sleeping+0x66/0x240 [ 489.184192][ T30] ? schedule+0x90/0x320 [ 489.189670][ T30] schedule+0x14b/0x320 [ 489.194042][ T30] schedule_preempt_disabled+0x13/0x30 [ 489.199599][ T30] __mutex_lock+0x6a4/0xd70 [ 489.204239][ T30] ? __mutex_lock+0x527/0xd70 [ 489.209104][ T30] ? addrconf_verify_work+0x19/0x30 [ 489.214422][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 489.250986][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 489.257134][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 489.309571][ T30] ? process_scheduled_works+0x945/0x1830 [ 489.315635][ T30] addrconf_verify_work+0x19/0x30 [ 489.327765][ T30] process_scheduled_works+0xa2c/0x1830 [ 489.333491][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 489.357833][ T30] ? assign_work+0x364/0x3d0 [ 489.363277][ T30] worker_thread+0x86d/0xd50 [ 489.377782][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 489.386440][ T30] ? __kthread_parkme+0x169/0x1d0 [ 489.407769][ T30] ? __pfx_worker_thread+0x10/0x10 [ 489.413034][ T30] kthread+0x2f0/0x390 [ 489.417177][ T30] ? __pfx_worker_thread+0x10/0x10 [ 489.438044][ T30] ? __pfx_kthread+0x10/0x10 [ 489.443495][ T30] ret_from_fork+0x4b/0x80 [ 489.457774][ T30] ? __pfx_kthread+0x10/0x10 [ 489.463683][ T30] ret_from_fork_asm+0x1a/0x30 [ 489.477778][ T30] [ 489.483600][ T30] INFO: task syz-executor:8467 blocked for more than 144 seconds. [ 489.506643][ T30] Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 489.514637][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 489.524093][ T30] task:syz-executor state:D stack:20736 pid:8467 tgid:8467 ppid:1 flags:0x20000004 [ 489.534730][ T30] Call Trace: [ 489.539202][ T30] [ 489.542381][ T30] __schedule+0x17e8/0x4a20 [ 489.547107][ T30] ? __pfx___schedule+0x10/0x10 [ 489.552254][ T30] ? __pfx_lock_release+0x10/0x10 [ 489.557551][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 489.563333][ T30] ? schedule+0x90/0x320 [ 489.567596][ T30] schedule+0x14b/0x320 [ 489.571979][ T30] schedule_preempt_disabled+0x13/0x30 [ 489.578237][ T30] __mutex_lock+0x6a4/0xd70 [ 489.582873][ T30] ? __mutex_lock+0x527/0xd70 [ 489.588859][ T30] ? rtnetlink_rcv_msg+0x842/0x1180 [ 489.594482][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 489.600670][ T30] rtnetlink_rcv_msg+0x842/0x1180 [ 489.605766][ T30] ? rtnetlink_rcv_msg+0x208/0x1180 [ 489.611077][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 489.616818][ T30] ? is_bpf_text_address+0x285/0x2a0 [ 489.622272][ T30] ? __pfx_validate_chain+0x10/0x10 [ 489.627534][ T30] ? __pfx_validate_chain+0x10/0x10 [ 489.632833][ T30] ? arch_stack_walk+0x16d/0x1b0 [ 489.638182][ T30] ? mark_lock+0x9a/0x350 [ 489.642662][ T30] ? __pfx_validate_chain+0x10/0x10 [ 489.648062][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 489.653438][ T30] ? mark_lock+0x9a/0x350 [ 489.657906][ T30] ? __lock_acquire+0x1346/0x1fd0 [ 489.663064][ T30] netlink_rcv_skb+0x1e3/0x430 [ 489.667999][ T30] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 489.673685][ T30] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 489.679299][ T30] ? netlink_deliver_tap+0x2e/0x1b0 [ 489.684571][ T30] netlink_unicast+0x7ea/0x980 [ 489.690741][ T30] ? __pfx_netlink_unicast+0x10/0x10 [ 489.696076][ T30] ? __virt_addr_valid+0x183/0x520 [ 489.702635][ T30] ? __check_object_size+0x49c/0x900 [ 489.708001][ T30] ? bpf_lsm_netlink_send+0x9/0x10 [ 489.713139][ T30] netlink_sendmsg+0x8db/0xcb0 [ 489.718027][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 489.723346][ T30] ? aa_sock_msg_perm+0x91/0x160 [ 489.728756][ T30] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 489.734079][ T30] ? security_socket_sendmsg+0x87/0xb0 [ 489.739660][ T30] ? __pfx_netlink_sendmsg+0x10/0x10 [ 489.744994][ T30] __sock_sendmsg+0x221/0x270 [ 489.749746][ T30] __sys_sendto+0x3a4/0x4f0 [ 489.754272][ T30] ? __pfx___sys_sendto+0x10/0x10 [ 489.759521][ T30] ? __might_fault+0xaa/0x120 [ 489.764225][ T30] ? __might_fault+0xc6/0x120 [ 489.768951][ T30] __se_compat_sys_socketcall+0xb18/0x1430 [ 489.774780][ T30] ? __pfx___se_compat_sys_socketcall+0x10/0x10 [ 489.781136][ T30] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 489.787941][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 489.795275][ T30] __do_fast_syscall_32+0xb4/0x120 [ 489.800491][ T30] ? exc_page_fault+0x590/0x8c0 [ 489.805479][ T30] do_fast_syscall_32+0x34/0x80 [ 489.810531][ T30] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 489.816913][ T30] RIP: 0023:0xf73d0579 [ 489.821187][ T30] RSP: 002b:00000000f7522850 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 489.829713][ T30] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f7522864 [ 489.837749][ T30] RDX: 0000000000000000 RSI: 00000000f7f27568 RDI: 00000000f73bbff4 [ 489.845925][ T30] RBP: 00000000f7f27568 R08: 0000000000000000 R09: 0000000000000000 [ 489.854119][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 489.862214][ T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 489.870249][ T30] [ 489.873500][ T30] INFO: task syz-executor:8508 blocked for more than 144 seconds. [ 489.881357][ T30] Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 489.889109][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 489.899096][ T30] task:syz-executor state:D stack:26464 pid:8508 tgid:8508 ppid:1 flags:0x20004004 [ 489.910903][ T30] Call Trace: [ 489.914741][ T30] [ 489.917964][ T30] __schedule+0x17e8/0x4a20 [ 489.922533][ T30] ? __pfx___schedule+0x10/0x10 [ 489.927406][ T30] ? __pfx_lock_release+0x10/0x10 [ 489.932502][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 489.938137][ T30] ? schedule+0x90/0x320 [ 489.942404][ T30] schedule+0x14b/0x320 [ 489.946709][ T30] schedule_preempt_disabled+0x13/0x30 [ 489.952290][ T30] __mutex_lock+0x6a4/0xd70 [ 489.956824][ T30] ? __mutex_lock+0x527/0xd70 [ 489.961563][ T30] ? register_nexthop_notifier+0x84/0x290 [ 489.967391][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 489.972508][ T30] ? __asan_memset+0x23/0x50 [ 489.977234][ T30] register_nexthop_notifier+0x84/0x290 [ 489.982908][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 489.988868][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 489.997117][ T30] ? __asan_memset+0x23/0x50 [ 490.001781][ T30] ops_init+0x359/0x610 [ 490.005960][ T30] setup_net+0x515/0xca0 [ 490.010252][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 490.015910][ T30] ? __pfx_setup_net+0x10/0x10 [ 490.020965][ T30] copy_net_ns+0x4e2/0x7b0 [ 490.025470][ T30] create_new_namespaces+0x425/0x7b0 [ 490.030882][ T30] ? bpf_lsm_capable+0x9/0x10 [ 490.035594][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 490.041941][ T30] ksys_unshare+0x619/0xc10 [ 490.046514][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 490.051594][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 490.057768][ T30] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 490.064396][ T30] __ia32_sys_unshare+0x37/0x40 [ 490.069325][ T30] __do_fast_syscall_32+0xb4/0x120 [ 490.074579][ T30] ? exc_page_fault+0x590/0x8c0 [ 490.079570][ T30] do_fast_syscall_32+0x34/0x80 [ 490.084475][ T30] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 490.090951][ T30] RIP: 0023:0xf7483579 [ 490.095026][ T30] RSP: 002b:00000000f75d5f7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136 [ 490.104797][ T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000 [ 490.113880][ T30] RDX: 00000000f746eff4 RSI: 00000000f736e830 RDI: 0000000030000000 [ 490.121916][ T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.130032][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 490.138141][ T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.147538][ T30] [ 490.150692][ T30] INFO: task syz-executor:8509 blocked for more than 144 seconds. [ 490.158622][ T30] Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 490.166259][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 490.175089][ T30] task:syz-executor state:D stack:24688 pid:8509 tgid:8509 ppid:1 flags:0x20004004 [ 490.185424][ T30] Call Trace: [ 490.188973][ T30] [ 490.191931][ T30] __schedule+0x17e8/0x4a20 [ 490.196496][ T30] ? __pfx___schedule+0x10/0x10 [ 490.202543][ T30] ? __pfx_lock_release+0x10/0x10 [ 490.207632][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 490.214088][ T30] ? schedule+0x90/0x320 [ 490.218426][ T30] schedule+0x14b/0x320 [ 490.222612][ T30] schedule_preempt_disabled+0x13/0x30 [ 490.228203][ T30] __mutex_lock+0x6a4/0xd70 [ 490.232766][ T30] ? __mutex_lock+0x527/0xd70 [ 490.237475][ T30] ? register_nexthop_notifier+0x84/0x290 [ 490.243477][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 490.248844][ T30] ? __asan_memset+0x23/0x50 [ 490.253453][ T30] register_nexthop_notifier+0x84/0x290 [ 490.259138][ T30] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 490.264963][ T30] ? __pfx_register_nexthop_notifier+0x10/0x10 [ 490.271167][ T30] ? __asan_memset+0x23/0x50 [ 490.275799][ T30] ops_init+0x359/0x610 [ 490.280052][ T30] setup_net+0x515/0xca0 [ 490.284323][ T30] ? __pfx_down_read_killable+0x10/0x10 [ 490.290577][ T30] ? __pfx_setup_net+0x10/0x10 [ 490.295409][ T30] copy_net_ns+0x4e2/0x7b0 [ 490.299957][ T30] create_new_namespaces+0x425/0x7b0 [ 490.307768][ T30] ? bpf_lsm_capable+0x9/0x10 [ 490.312497][ T30] unshare_nsproxy_namespaces+0x124/0x180 [ 490.318278][ T30] ksys_unshare+0x619/0xc10 [ 490.322814][ T30] ? __pfx_ksys_unshare+0x10/0x10 [ 490.327921][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 490.333951][ T30] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 490.340666][ T30] __ia32_sys_unshare+0x37/0x40 [ 490.345552][ T30] __do_fast_syscall_32+0xb4/0x120 [ 490.350727][ T30] ? exc_page_fault+0x590/0x8c0 [ 490.355595][ T30] do_fast_syscall_32+0x34/0x80 [ 490.360673][ T30] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 490.367037][ T30] RIP: 0023:0xf7490579 [ 490.371253][ T30] RSP: 002b:00000000f75e2f7c EFLAGS: 00000206 ORIG_RAX: 0000000000000136 [ 490.379876][ T30] RAX: ffffffffffffffda RBX: 0000000040000000 RCX: 0000000000000000 [ 490.388120][ T30] RDX: 00000000f747bff4 RSI: 00000000f737b830 RDI: 0000000030000000 [ 490.396111][ T30] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.405312][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 490.414289][ T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.422326][ T30] [ 490.425521][ T30] [ 490.425521][ T30] Showing all locks held in the system: [ 490.433282][ T30] 2 locks held by kworker/0:0/8: [ 490.438297][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.449381][ T30] #1: ffffc900000d7d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.459779][ T30] 3 locks held by kworker/0:1/9: [ 490.464720][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.475755][ T30] #1: ffffc900000e7d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.486783][ T30] #2: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 490.497398][ T30] 5 locks held by kworker/u8:0/11: [ 490.502545][ T30] 3 locks held by kworker/1:0/25: [ 490.508833][ T30] 1 lock held by khungtaskd/30: [ 490.513699][ T30] #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 490.524701][ T30] 4 locks held by kworker/u8:3/51: [ 490.529978][ T30] #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.541053][ T30] #1: ffffc90000bb7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.551734][ T30] #2: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 490.561195][ T30] #3: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: wg_netns_pre_exit+0x1f/0x1e0 [ 490.570582][ T30] 3 locks held by kworker/u9:0/53: [ 490.575756][ T30] 3 locks held by kworker/u8:14/2953: [ 490.581164][ T30] #0: ffff888029527948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.592840][ T30] #1: ffffc90009bf7d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.606667][ T30] #2: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 490.617435][ T30] 3 locks held by kworker/u9:1/4494: [ 490.623850][ T30] #0: ffff888065e39948 ((wq_completion)hci14){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.635134][ T30] #1: ffffc9000d607d00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.647605][ T30] #2: ffff888068e28d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1bf/0x6b0 [ 490.657575][ T30] 2 locks held by getty/4850: [ 490.662331][ T30] #0: ffff88802a4190a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 490.672221][ T30] #1: ffffc900031432f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10 [ 490.682557][ T30] 3 locks held by kworker/u9:2/5094: [ 490.687983][ T30] 3 locks held by kworker/u9:3/5095: [ 490.693453][ T30] #0: ffff88802e61d948 ((wq_completion)hci13){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.704546][ T30] #1: ffffc9000359fd00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.717934][ T30] #2: ffff888071968d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1bf/0x6b0 [ 490.727389][ T30] 5 locks held by kworker/u9:4/5096: [ 490.733661][ T30] #0: ffff888064452948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.744624][ T30] #1: ffffc900035afd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.757240][ T30] #2: ffff888029950d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 490.767728][ T30] #3: ffff888029950078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 490.777648][ T30] #4: ffffffff8f7515c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 490.787556][ T30] 5 locks held by kworker/u9:6/5102: [ 490.793006][ T30] #0: ffff88807ca4a948 ((wq_completion)hci8#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.804140][ T30] #1: ffffc9000360fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.818089][ T30] #2: ffff8880667d8d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 490.829357][ T30] #3: ffff8880667d8078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 490.839501][ T30] #4: ffffffff8f7515c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 490.849750][ T30] 5 locks held by kworker/u9:8/5104: [ 490.855045][ T30] #0: ffff888056c0b148 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.865985][ T30] #1: ffffc9000362fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.878639][ T30] #2: ffff88805b2a8d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 490.888706][ T30] #3: ffff88805b2a8078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 490.898589][ T30] #4: ffffffff8f7515c8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340 [ 490.908514][ T30] 5 locks held by kworker/0:3/5143: [ 490.913826][ T30] #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 490.926186][ T30] #1: ffffc90003f1fd00 (_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830 [ 490.936892][ T30] #2: ffffffff8e1eee08 (sched_core_mutex){+.+.}-{3:3}, at: __sched_core_put+0x20/0x120 [ 490.946786][ T30] #3: ffffffff8e1ce5b0 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_disable+0x12/0x20 [ 490.957101][ T30] #4: ffffffff8e3e1888 (jump_label_mutex){+.+.}-{3:3}, at: static_key_disable_cpuslocked+0x9b/0x1c0 [ 490.968115][ T30] 3 locks held by kworker/0:5/5147: [ 490.973375][ T30] 3 locks held by kworker/1:8/6073: [ 490.978671][ T30] 3 locks held by syz-executor/8468: [ 490.983993][ T30] 1 lock held by syz-executor/8467: [ 490.989286][ T30] #0: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180 [ 490.998873][ T30] 2 locks held by syz-executor/8484: [ 491.004167][ T30] 2 locks held by syz-executor/8495: [ 491.009657][ T30] #0: ffff88805f244d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1d3/0x4e0 [ 491.020983][ T30] #1: ffff88805f244078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60 [ 491.031593][ T30] 2 locks held by syz-executor/8508: [ 491.037472][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.047017][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.057254][ T30] 2 locks held by syz-executor/8509: [ 491.062607][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.072245][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.082442][ T30] 2 locks held by syz-executor/8526: [ 491.087886][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.097393][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.107544][ T30] 2 locks held by syz-executor/8527: [ 491.113071][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.123739][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.134784][ T30] 2 locks held by syz-executor/8528: [ 491.140253][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.149784][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.159982][ T30] 2 locks held by syz-executor/8532: [ 491.165302][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.174841][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.185067][ T30] 2 locks held by syz-executor/8534: [ 491.190513][ T30] #0: ffffffff8f5da690 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0 [ 491.202789][ T30] #1: ffffffff8f5e6ec8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 491.215081][ T30] 1 lock held by syz-executor/8540: [ 491.220645][ T30] #0: ffff88807196cd88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x1d3/0x4e0 [ 491.232011][ T30] [ 491.234347][ T30] ============================================= [ 491.234347][ T30] [ 491.243727][ T30] NMI backtrace for cpu 0 [ 491.248060][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 491.257950][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 491.268201][ T30] Call Trace: [ 491.271494][ T30] [ 491.274443][ T30] dump_stack_lvl+0x241/0x360 [ 491.279575][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 491.284957][ T30] ? __pfx__printk+0x10/0x10 [ 491.289568][ T30] ? vprintk_emit+0x631/0x770 [ 491.294278][ T30] ? __pfx_vprintk_emit+0x10/0x10 [ 491.299358][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 491.304367][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 491.309876][ T30] ? _printk+0xd5/0x120 [ 491.314081][ T30] ? __pfx__printk+0x10/0x10 [ 491.318813][ T30] ? __wake_up_klogd+0xcc/0x110 [ 491.323710][ T30] ? __pfx__printk+0x10/0x10 [ 491.328414][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 491.333485][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 491.339516][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 491.345539][ T30] watchdog+0xfde/0x1020 [ 491.349817][ T30] ? watchdog+0x1ea/0x1020 [ 491.354276][ T30] ? __pfx_watchdog+0x10/0x10 [ 491.359004][ T30] kthread+0x2f0/0x390 [ 491.363115][ T30] ? __pfx_watchdog+0x10/0x10 [ 491.367834][ T30] ? __pfx_kthread+0x10/0x10 [ 491.372487][ T30] ret_from_fork+0x4b/0x80 [ 491.376941][ T30] ? __pfx_kthread+0x10/0x10 [ 491.381571][ T30] ret_from_fork_asm+0x1a/0x30 [ 491.386400][ T30] [ 491.390561][ T30] Sending NMI from CPU 0 to CPUs 1: [ 491.395991][ C1] NMI backtrace for cpu 1 [ 491.396005][ C1] CPU: 1 PID: 6073 Comm: kworker/1:8 Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 491.396023][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 491.396034][ C1] Workqueue: events_power_efficient gc_worker [ 491.396059][ C1] RIP: 0010:lock_is_held_type+0x52/0x190 [ 491.396081][ C1] Code: 96 27 04 00 0f 84 00 01 00 00 65 8b 05 c7 a0 7c 74 85 c0 0f 85 f1 00 00 00 65 4c 8b 2c 25 c0 d4 03 00 41 83 bd dc 0a 00 00 00 <0f> 85 da 00 00 00 41 89 f6 49 89 ff 48 c7 04 24 00 00 00 00 9c 8f [ 491.396095][ C1] RSP: 0018:ffffc90000a18c48 EFLAGS: 00000046 [ 491.396108][ C1] RAX: 0000000000000000 RBX: 00000000ffffffff RCX: ffff888022e4bc00 [ 491.396119][ C1] RDX: ffff888022e4bc00 RSI: 00000000ffffffff RDI: ffff8880653fc300 [ 491.396131][ C1] RBP: dffffc0000000000 R08: ffffffff898f40d1 R09: fffff52000143180 [ 491.396143][ C1] R10: dffffc0000000000 R11: fffff52000143180 R12: 0000000000000002 [ 491.396154][ C1] R13: ffff888022e4bc00 R14: ffff8880653fc340 R15: ffff888024909000 [ 491.396166][ C1] FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 491.396180][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 491.396191][ C1] CR2: 00000000f64dbda4 CR3: 000000000e132000 CR4: 00000000003506f0 [ 491.396205][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 491.396214][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 491.396224][ C1] Call Trace: [ 491.396233][ C1] [ 491.396241][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 491.396258][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 491.396276][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 491.396292][ C1] ? nmi_handle+0x2a/0x5a0 [ 491.396320][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 491.396339][ C1] ? nmi_handle+0x14f/0x5a0 [ 491.396358][ C1] ? nmi_handle+0x2a/0x5a0 [ 491.396378][ C1] ? lock_is_held_type+0x52/0x190 [ 491.396396][ C1] ? default_do_nmi+0x63/0x160 [ 491.396411][ C1] ? exc_nmi+0x123/0x1f0 [ 491.396427][ C1] ? end_repeat_nmi+0xf/0x53 [ 491.396450][ C1] ? advance_sched+0x131/0xca0 [ 491.396472][ C1] ? lock_is_held_type+0x52/0x190 [ 491.396490][ C1] ? lock_is_held_type+0x52/0x190 [ 491.396510][ C1] ? lock_is_held_type+0x52/0x190 [ 491.396528][ C1] [ 491.396534][ C1] [ 491.396540][ C1] ? __pfx_advance_sched+0x10/0x10 [ 491.396559][ C1] advance_sched+0x148/0xca0 [ 491.396580][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 491.396596][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 491.396615][ C1] ? __pfx_advance_sched+0x10/0x10 [ 491.396639][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 491.396660][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 491.396685][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 491.396704][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 491.396723][ C1] hrtimer_interrupt+0x396/0x990 [ 491.396754][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 491.396776][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 491.396796][ C1] [ 491.396801][ C1] [ 491.396807][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 491.396827][ C1] RIP: 0010:lock_release+0x166/0x9f0 [ 491.396843][ C1] Code: 00 00 4c 89 f3 48 c1 eb 03 42 80 3c 3b 00 74 08 4c 89 f7 e8 bc 4e 89 00 4c 89 6c 24 50 48 c7 84 24 b0 00 00 00 00 00 00 00 9c <8f> 84 24 b0 00 00 00 42 80 3c 3b 00 74 08 4c 89 f7 e8 a4 4d 89 00 [ 491.396855][ C1] RSP: 0018:ffffc9000493f918 EFLAGS: 00000246 [ 491.396868][ C1] RAX: 0000000000000000 RBX: 1ffff92000927f3a RCX: ffffffff81728e40 [ 491.396879][ C1] RDX: 0000000000000000 RSI: ffffffff8c1fe920 RDI: ffffffff8c1fe8e0 [ 491.396890][ C1] RBP: ffffc9000493fa50 R08: ffffffff8fad4daf R09: 1ffffffff1f5a9b5 [ 491.396902][ C1] R10: dffffc0000000000 R11: fffffbfff1f5a9b6 R12: 1ffff92000927f30 [ 491.396914][ C1] R13: ffffffff89a0a4fb R14: ffffc9000493f9d0 R15: dffffc0000000000 [ 491.396927][ C1] ? gc_worker+0x26b/0x1530 [ 491.396946][ C1] ? lock_release+0xb0/0x9f0 [ 491.396968][ C1] ? gc_worker+0x316/0x1530 [ 491.396984][ C1] ? seqcount_lockdep_reader_access+0x157/0x220 [ 491.397000][ C1] ? gc_worker+0x26b/0x1530 [ 491.397017][ C1] ? __pfx_lock_release+0x10/0x10 [ 491.397032][ C1] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 491.397048][ C1] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 491.397070][ C1] ? gc_worker+0x26b/0x1530 [ 491.397087][ C1] gc_worker+0xdc2/0x1530 [ 491.397105][ C1] ? gc_worker+0x26b/0x1530 [ 491.397125][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 491.397145][ C1] ? __pfx_gc_worker+0x10/0x10 [ 491.397166][ C1] ? process_scheduled_works+0x945/0x1830 [ 491.397182][ C1] process_scheduled_works+0xa2c/0x1830 [ 491.397212][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 491.397233][ C1] ? assign_work+0x364/0x3d0 [ 491.397250][ C1] worker_thread+0x86d/0xd50 [ 491.397270][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 491.397287][ C1] ? __kthread_parkme+0x169/0x1d0 [ 491.397306][ C1] ? __pfx_worker_thread+0x10/0x10 [ 491.397321][ C1] kthread+0x2f0/0x390 [ 491.397338][ C1] ? __pfx_worker_thread+0x10/0x10 [ 491.397354][ C1] ? __pfx_kthread+0x10/0x10 [ 491.397371][ C1] ret_from_fork+0x4b/0x80 [ 491.397389][ C1] ? __pfx_kthread+0x10/0x10 [ 491.397406][ C1] ret_from_fork_asm+0x1a/0x30 [ 491.397433][ C1] [ 491.990629][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 491.997530][ T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00069-g795c58e4c7fc #0 [ 492.007455][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 492.017597][ T30] Call Trace: [ 492.020939][ T30] [ 492.023895][ T30] dump_stack_lvl+0x241/0x360 [ 492.028607][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.033822][ T30] ? __pfx__printk+0x10/0x10 [ 492.038472][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 492.044840][ T30] ? vscnprintf+0x5d/0x90 [ 492.049290][ T30] panic+0x349/0x860 [ 492.053228][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 492.059409][ T30] ? __pfx_panic+0x10/0x10 [ 492.063872][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 492.069362][ T30] ? __irq_work_queue_local+0x137/0x410 [ 492.074921][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 492.080359][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 492.086542][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 492.092758][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 492.098983][ T30] watchdog+0x101d/0x1020 [ 492.103368][ T30] ? watchdog+0x1ea/0x1020 [ 492.107816][ T30] ? __pfx_watchdog+0x10/0x10 [ 492.112589][ T30] kthread+0x2f0/0x390 [ 492.116691][ T30] ? __pfx_watchdog+0x10/0x10 [ 492.121384][ T30] ? __pfx_kthread+0x10/0x10 [ 492.126005][ T30] ret_from_fork+0x4b/0x80 [ 492.130443][ T30] ? __pfx_kthread+0x10/0x10 [ 492.135075][ T30] ret_from_fork_asm+0x1a/0x30 [ 492.139993][ T30] [ 493.265197][ T30] Shutting down cpus with NMI [ 493.270260][ T30] Kernel Offset: disabled [ 493.274634][ T30] Rebooting in 86400 seconds..