last executing test programs: 7m45.231469397s ago: executing program 3 (id=1474): r0 = io_uring_setup(0x2c93, &(0x7f0000000100)={0x0, 0xf0ce, 0x3481, 0xfffffffc, 0x14}) munmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000) io_uring_enter(r0, 0x0, 0xcb, 0xf, &(0x7f0000000000)={[0x20]}, 0x18) 7m44.927285162s ago: executing program 3 (id=1479): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x337) 7m44.208775293s ago: executing program 3 (id=1489): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)={0x54, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffd93, 0xb, 0x4}, {0x6}, {0x8, 0x13, 0xb}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x44040}, 0x4044000) 7m43.956550851s ago: executing program 3 (id=1490): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20) 7m43.647419223s ago: executing program 3 (id=1492): r0 = memfd_secret(0x80000) fcntl$setlease(r0, 0x400, 0x0) close(r0) 7m42.52631836s ago: executing program 3 (id=1506): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000017c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000001e40)={0x2c, r0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x54014840}, 0x20000000) 7m42.177692139s ago: executing program 32 (id=1506): r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000017c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000001e40)={0x2c, r0, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x54014840}, 0x20000000) 5m36.599266744s ago: executing program 1 (id=2979): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x37a}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xca}}]}, &(0x7f0000000000)='syzkaller\x00', 0x1, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90) 5m36.499950809s ago: executing program 1 (id=2972): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000001140), r0) sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001180)={0x3c, r1, 0x1, 0x70bd25, 0x25dfdbfc, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @broadcast}, @GTPA_LINK={0x8}, @GTPA_NET_NS_FD={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x4040000) 5m36.416013579s ago: executing program 1 (id=2973): r0 = open(&(0x7f0000000180)='./bus\x00', 0x14507e, 0x0) r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20) 5m36.103188778s ago: executing program 1 (id=2975): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$nfs(&(0x7f00000001c0)='..\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x85000, 0x0) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0) 5m35.973925453s ago: executing program 1 (id=2977): mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) io_setup(0x7, &(0x7f0000000000)) io_setup(0x6, &(0x7f0000000040)) 5m35.099252982s ago: executing program 1 (id=2993): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x8, {[@local=@item_012={0x1, 0x2, 0x2, ';'}, @local=@item_012={0x0, 0x2, 0xa}, @local=@item_4={0x3, 0x2, 0x1, "2fa7f2e1"}]}}, 0x0}, &(0x7f0000000380)={0x2c, &(0x7f0000000240)={0x40, 0x15, 0x4, "1fe85c7d"}, 0x0, 0x0, 0x0, 0x0}) 5m34.619230738s ago: executing program 33 (id=2993): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x4, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x8, {[@local=@item_012={0x1, 0x2, 0x2, ';'}, @local=@item_012={0x0, 0x2, 0xa}, @local=@item_4={0x3, 0x2, 0x1, "2fa7f2e1"}]}}, 0x0}, &(0x7f0000000380)={0x2c, &(0x7f0000000240)={0x40, 0x15, 0x4, "1fe85c7d"}, 0x0, 0x0, 0x0, 0x0}) 3m17.853086838s ago: executing program 2 (id=4538): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0xc}}], 0x30}], 0x1, 0x0) 3m17.61156292s ago: executing program 2 (id=4543): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}], 0x1c) getpeername(r0, 0x0, 0x0) 3m16.540349681s ago: executing program 2 (id=4555): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="3103259a5000fadbdf250b00000008000300", @ANYRES32], 0x1c}, 0x1, 0x0, 0x0, 0x24048800}, 0x4000000) 3m16.348192246s ago: executing program 2 (id=4558): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xd) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)) 3m16.183990423s ago: executing program 2 (id=4560): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10) mkdir(&(0x7f00000000c0)='./control\x00', 0x0) 3m16.002778452s ago: executing program 2 (id=4564): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x21, &(0x7f0000000180)=[@in={0x2, 0x0, @local}], 0x10) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 3m0.805875393s ago: executing program 34 (id=4564): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x21, &(0x7f0000000180)=[@in={0x2, 0x0, @local}], 0x10) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 2m5.811392767s ago: executing program 7 (id=5327): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) sendfile(r0, r0, 0x0, 0x10000000009) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000100)={0xa00, 0x4000a00}) 2m3.993998437s ago: executing program 7 (id=5343): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x9, 0x8, 0x40, 0x42, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000000), 0x86, r0}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000240)='_H', &(0x7f0000000540)=""/96}, 0x20) 2m3.755447295s ago: executing program 7 (id=5348): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000100)="140000001a004f7fb3e45f2024d2f1c9fb470000", 0x14) recvmmsg(r0, &(0x7f0000001600)=[{{0x0, 0x0, &(0x7f0000001580)=[{}, {&(0x7f0000000000)=""/53, 0x35}, {&(0x7f0000000140)=""/4096, 0x1000}, {&(0x7f0000001640)=""/206, 0xce}, {&(0x7f0000001240)=""/249, 0xf9}, {&(0x7f0000001340)=""/240, 0xf0}, {&(0x7f0000001440)=""/112, 0x70}, {&(0x7f00000014c0)=""/140, 0x8c}], 0x8, &(0x7f00000000c0)=""/46, 0x2e}, 0x8}], 0x32, 0x10122, 0x0) 2m3.599410304s ago: executing program 7 (id=5351): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000180)=0x2f9, 0x4) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e23, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x3}}}, 0x84) 2m3.394385076s ago: executing program 7 (id=5354): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30) mount$bpf(0x200000000000, &(0x7f0000000200)='./file0\x00', 0x0, 0x206002, 0x0) 2m3.257845437s ago: executing program 7 (id=5358): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x100, 0x0, 0x4}, 0xc) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000040)) 1m48.038789276s ago: executing program 35 (id=5358): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x100, 0x0, 0x4}, 0xc) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, 0x0, &(0x7f0000000040)) 21.452287502s ago: executing program 8 (id=6515): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, 0x0, 0x0) 21.237074552s ago: executing program 8 (id=6520): r0 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socketpair(0xa, 0x1, 0x0, &(0x7f0000000000)) 21.025126636s ago: executing program 8 (id=6524): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_TSC_KHZ_vm(r1, 0xaea3) 20.903973811s ago: executing program 4 (id=6525): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setrlimit(0x8, &(0x7f0000000180)={0x80000000, 0xfffffffffffffffd}) mlockall(0x5) 20.512455422s ago: executing program 8 (id=6530): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000000)={0x40, 0x1, 0x7, {0x7, 0x21, "0600000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 20.336022317s ago: executing program 4 (id=6532): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'dt2817\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x7f, 0x1600, 0x1, 0x0, 0x9, 0xe1cb, 0x4, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffd, 0x6, 0x6, 0xffffeadb, 0x2, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]}) 20.047558517s ago: executing program 4 (id=6535): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000001300)={0xc, {"a2e3ad214fc752f91b4847f70e06d038e7ff7fc6e5539b3f6d078b089b3b083848090890e0878f0e1ac6e7049b3367959b669a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31300d095da736cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465f41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f097e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f028dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff8f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db56c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadbbf5c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000", 0x1000}}, 0x1006) 19.745473696s ago: executing program 5 (id=6536): ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000240)={{&(0x7f0000574000/0x1000)=nil, 0x1000}}) r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90f, 0x8000, '\x00', @p_u8=&(0x7f0000000240)}}) 19.730202596s ago: executing program 0 (id=6537): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x30, r1, 0x1, 0x2, 0x0, {{}, {0x0, 0x4102}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 18.988167064s ago: executing program 5 (id=6538): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10) sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1c0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) 18.922188216s ago: executing program 0 (id=6540): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000001700)="61df7100c80400d5721ff59fe864", 0x0, 0x38000000, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x4c) 17.324259693s ago: executing program 8 (id=6541): socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000240)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r0, 0xc008ae09, &(0x7f0000000240)) 17.323751954s ago: executing program 5 (id=6542): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000022c0)={0x0, 0x0, &(0x7f0000002280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000ffdbdf25040000001400018008000500030000f7050001"], 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x12) 17.322937248s ago: executing program 4 (id=6544): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x1e, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00m\xa0\x8dN\xd4\xa2\x88\x00\xd1l\xac'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fstat(r0, &(0x7f0000000440)) 17.322262153s ago: executing program 8 (id=6545): ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x3, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x350bae1d, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x7, 0xf2, 0x10, 0x5, 0x8, 0x10001, 0x401, 0x80000000, 0x2401, 0x3ca5, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x3, 0xa, 0x0, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x1, 0xc, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x211, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffe, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0x2, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000002, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1fe, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0xf7a, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x1, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x8001, 0x30, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x6, 0xfffffff8, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x1000008, 0x6688, 0x45e3, 0x5, 0x7, 0xe, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x2, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x2, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x2, 0x80000004, 0x29, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x1, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xc, 0x6, 0x7, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x101, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x6, 0x80000000, 0x5, 0x1, 0xa9c, 0x9, 0x9, 0x1, 0x2, 0x6, 0x1000, 0x5, 0x1ff, 0x9, 0x3, 0x3, 0x10001, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0xa, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x5, 0x4, 0xfff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x3, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0x9, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x47, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x6, 0x4b15, 0x10000, 0x1, 0x9, 0x1, 0xd, 0x9, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x0, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x8, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x80000001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x1, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x1, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x4000, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x5, 0x6, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x2, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbf8, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000000, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x10000005, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0x0, 0x924, 0x6, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x1, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x19, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x5, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x5, 0x6330, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x2ec, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x7ff, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x40, 0x10, 0x5, 0x200, 0x7fff, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x8, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 17.321826956s ago: executing program 5 (id=6546): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e23, @remote}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000400)={&(0x7f0000000000)=@in={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000280)='+', 0xffe0}], 0x1, &(0x7f0000000180)=[@init={0x18, 0x84, 0x0, {0x7, 0x3, 0x6, 0x400}}, @sndinfo={0x20, 0x84, 0x2, {0x3, 0xb, 0xffff7ffe, 0xff}}], 0x38, 0x4014}, 0x2c0408d0) 17.319993706s ago: executing program 0 (id=6547): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x8, 0xfe6a, &(0x7f00000014c0)=""/4098, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe65}, 0x23) 17.270380946s ago: executing program 5 (id=6549): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x3c, r1, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_STATS_BLOCK_USECS={0x8, 0xa, 0xa}]}, 0x3c}}, 0x0) 17.270273953s ago: executing program 4 (id=6550): r0 = socket$pppl2tp(0x18, 0x1, 0x1) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) connect$pppl2tp(r0, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}, 0x4}}, 0x2e) 17.000545485s ago: executing program 4 (id=6551): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xfffffffd}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0xc}]}}}]}]}], {0x14}}, 0x94}}, 0x0) 16.998041563s ago: executing program 6 (id=6552): r0 = socket$kcm(0xa, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x890b, &(0x7f0000000000)) 16.96182793s ago: executing program 0 (id=6553): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private0={0xfc, 0x0, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046}) 16.950901309s ago: executing program 5 (id=6554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a32"], 0x94}}, 0x0) 16.596858338s ago: executing program 0 (id=6555): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}}, 0x0) 16.596530976s ago: executing program 6 (id=6556): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @flow_dissector=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x38, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 16.323027331s ago: executing program 0 (id=6557): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x0) 16.322712714s ago: executing program 6 (id=6558): prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setreuid(0xee01, 0x0) setreuid(0x0, 0x0) 15.595456958s ago: executing program 6 (id=6559): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x7}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0xf9ba, 0x501) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000001040000ea"]) 15.595328437s ago: executing program 6 (id=6560): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) ioctl$FIONREAD(r0, 0x541b, 0x0) 15.405339289s ago: executing program 6 (id=6561): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c}) ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x20000000) 2.646123488s ago: executing program 36 (id=6545): ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000000240)={{0x3, 0x100, 0x5, 0xb7a4, 0x1, 0xffff}, 0x341, [0xc, 0x40, 0xcd6, 0x4, 0x6, 0x0, 0x3, 0x7, 0x9, 0x7a18fde9, 0x9, 0xf12, 0x4, 0x3, 0x378, 0x350bae1d, 0x4, 0x0, 0x1, 0xffff06bd, 0x0, 0xd4f, 0x7, 0xf2, 0x10, 0x5, 0x8, 0x10001, 0x401, 0x80000000, 0x2401, 0x3ca5, 0x1, 0x0, 0xff, 0x4, 0x4, 0x3, 0x0, 0x0, 0x40000000, 0x80000000, 0x7fff, 0x7, 0x3, 0xa, 0x0, 0x10000, 0x401, 0x8, 0xffff, 0x91ba, 0x7, 0x9, 0x1, 0xc, 0x24, 0xcb, 0x5, 0x7f, 0x5, 0x211, 0x66d1, 0xfffffffd, 0xa7d6, 0xb6eb, 0xc74, 0x77, 0x1, 0xff, 0x5cb5, 0xfffffffe, 0x401, 0xedf4, 0x4, 0x1000, 0x6, 0xfffffffe, 0x8001, 0xc1, 0x1, 0x8, 0x1, 0x32, 0x98, 0x7f, 0x2, 0x401, 0x2, 0x2, 0x4680, 0x7, 0xe665, 0x3c6e, 0x3, 0x40, 0x80, 0x4b, 0x8000, 0x2, 0xb, 0x6, 0x4fa4, 0x80000002, 0x1, 0xb, 0x0, 0xfffffffa, 0x3, 0x9, 0xfd, 0x101, 0x4, 0x40, 0xa, 0x1b, 0x1ff, 0x7ff, 0x2, 0x80000000, 0xffff, 0x9, 0x0, 0x6, 0x2, 0x1, 0x3, 0xa0, 0xf, 0x1fe, 0x9, 0x7, 0x6, 0x400, 0x8, 0xff2, 0x6, 0x0, 0x6, 0x0, 0x9, 0x1, 0xf1a, 0x664, 0x4, 0x9, 0x9, 0x2, 0x4, 0xfffffffd, 0x10, 0x0, 0x9, 0x10000, 0x1, 0x9, 0xf7a, 0xc6, 0x1, 0x4, 0x6, 0xffffffff, 0x6, 0x10001, 0x8, 0x68, 0x7, 0x1, 0x5, 0x3, 0x9a3f, 0x400000, 0x0, 0x80000067, 0xffffff7e, 0x7, 0x10000000, 0x10001, 0x7, 0x3, 0x10, 0x10a, 0x2, 0x40, 0x1c, 0x80, 0xb5f8, 0x8bc, 0x3, 0x101, 0x5, 0x63, 0x4, 0x8001, 0x30, 0x1000, 0x288c, 0x1ffe, 0x73ee, 0x1, 0x5, 0x9, 0x7fffffff, 0x73, 0x7, 0x8, 0x6, 0xfffffff8, 0x40, 0x0, 0x0, 0x0, 0x546c, 0x981, 0x5aa, 0x7fff, 0x7, 0x4, 0x1000008, 0x6688, 0x45e3, 0x5, 0x7, 0xe, 0x5, 0x3, 0x0, 0x1, 0x2, 0xffffffff, 0x4, 0xce, 0xf, 0x0, 0x1, 0x667, 0x3, 0x0, 0x9, 0x9, 0x37d, 0x10001, 0xc, 0x1, 0x1, 0x2, 0x6, 0x4, 0x6, 0x1, 0x9, 0x6, 0xfffffffa, 0x2, 0x0, 0x9, 0x5, 0x2, 0x7, 0x3, 0xffffff1b, 0x9, 0x2, 0xd, 0x34ea, 0x10000, 0x0, 0x80000001, 0x8, 0x8000, 0x3a, 0x10, 0x8, 0x9, 0x5, 0x1, 0x6, 0x10001, 0x2, 0x4, 0x10000, 0x4, 0xffff, 0xe, 0x89, 0x2, 0x7, 0x1, 0x73, 0x3, 0x9, 0x4, 0x1, 0x9, 0x0, 0x8, 0x0, 0x2, 0x80000004, 0x29, 0x9, 0x0, 0x4, 0x4, 0x0, 0x1, 0x4, 0x5, 0x4, 0x10001, 0xf, 0x9, 0x100, 0x4, 0x59b, 0x7, 0x8, 0x9, 0x3, 0x2, 0x4, 0xbf, 0x0, 0x8, 0x40, 0xd3, 0x7, 0x1, 0x89aa, 0x8, 0x0, 0xf0ce, 0x4, 0x1, 0x0, 0x2, 0xc6, 0x1000, 0x1, 0x937, 0xa, 0x6, 0x1, 0xffffffff, 0x5, 0x9, 0x5, 0xffffffff, 0xbe, 0x1, 0x7, 0x0, 0xffffffff, 0x0, 0x3d6, 0x0, 0xc, 0x6, 0x7, 0xfffffeff, 0x4, 0x2, 0x7fff, 0x101, 0x7, 0x6, 0x706, 0x2, 0x49, 0x10, 0xfffffff7, 0xfffff772, 0x6, 0x80000000, 0x5, 0x1, 0xa9c, 0x9, 0x9, 0x1, 0x2, 0x6, 0x1000, 0x5, 0x1ff, 0x9, 0x3, 0x3, 0x10001, 0xffff0000, 0xf, 0x1, 0xffffa5ba, 0xffffa9b4, 0x1, 0x4, 0x5, 0x3, 0x4b5f, 0x6, 0xa, 0xffffffff, 0x1, 0x80000000, 0xb, 0x0, 0xc8f, 0x1, 0x7, 0x8, 0x1, 0x10000, 0x57dc, 0x818a, 0x10, 0x8, 0x10, 0xfffffffc, 0xfffff001, 0xa, 0x5, 0x5, 0x4, 0xfff, 0x9, 0x10, 0xfffffffd, 0x4, 0xc2, 0x400, 0x4, 0x2, 0x80000000, 0xd, 0x3, 0x1, 0x0, 0x5, 0xb6, 0x101, 0x401, 0x2, 0x7, 0xc, 0x6623258, 0xf2, 0x741, 0xae6, 0x9, 0xffffa0ae, 0x9, 0x6, 0x2, 0x8, 0x9, 0x1, 0x7f, 0x9a, 0x9, 0xb, 0x800, 0x4, 0x3ff, 0x5, 0x7, 0x7, 0x8, 0xfe, 0x7f, 0x9, 0x4, 0x2, 0x20000000, 0x2, 0x8000, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x47, 0x8000001, 0x0, 0xfff, 0x101, 0x4, 0x0, 0x96c6, 0xc, 0x5, 0xfff, 0x100, 0xffff, 0x1, 0x401, 0xf0, 0x0, 0xfffff53d, 0x9, 0x2, 0x6, 0x0, 0x6, 0x4b15, 0x10000, 0x1, 0x9, 0x1, 0xd, 0x9, 0x4, 0xfffffe01, 0x1, 0x6, 0x0, 0x3, 0x10001, 0x1, 0x7, 0x1, 0x5, 0x8, 0xffffc487, 0x200, 0x10001, 0x37c, 0x7, 0x6, 0x6, 0x8, 0xfffffe00, 0x1, 0x1, 0x0, 0xe, 0x0, 0x2, 0x4, 0x80000000, 0xb46d, 0x3, 0x1000, 0x1eb4bce6, 0x10, 0x8, 0x1, 0x5, 0x1, 0x5, 0x9, 0x1000, 0x7, 0x62f2f805, 0x9, 0x3, 0xffffffff, 0x9, 0x7f, 0x6, 0x8, 0x40, 0x5, 0x2, 0xa, 0x5, 0x6, 0x80000000, 0x25, 0x8, 0x7, 0x7, 0x1, 0x5, 0x9, 0x6709, 0x80000001, 0x0, 0x80, 0x8, 0x6, 0x0, 0xa95a, 0xff, 0x5, 0x2, 0x2, 0x4, 0x10000, 0x80000001, 0x5, 0x8001, 0x9, 0x0, 0xb7, 0x3, 0xff, 0x9, 0xffff, 0x80, 0xfea5, 0x7fff, 0x7, 0x7, 0x7, 0x7485, 0x9, 0x8, 0x0, 0x5, 0xf, 0x5, 0xe, 0x8, 0x1000, 0x3, 0x7, 0x382d, 0x459, 0xcad, 0x9, 0x0, 0x2, 0x9, 0x6, 0x20000a4, 0xe0, 0xfffffffb, 0x1, 0xffffffff, 0x2, 0x7, 0xa05a, 0x0, 0x0, 0x0, 0x35, 0x8, 0x1, 0x1, 0x30, 0xffffff7e, 0x1, 0x2, 0x9, 0x3, 0x7, 0x8, 0x8, 0x4000, 0x1, 0x4, 0x15294b70, 0x3, 0x3, 0x2, 0x43, 0x3, 0x9, 0x5, 0x80000000, 0x9, 0x0, 0x5, 0x81, 0x1, 0x2, 0x3fd, 0x1df, 0x5, 0x6, 0xfffffffa, 0x1a, 0x9, 0x2, 0x9, 0x1, 0x9, 0x7, 0x2c1, 0x9e95, 0x2, 0xfffffedd, 0x30c8, 0x2, 0x38a0, 0x7b, 0x0, 0x8, 0x9, 0x6, 0x9, 0x9, 0x8, 0x5, 0x8, 0x1ff, 0x7fff, 0x3, 0x2, 0x8, 0x2b, 0x200006, 0x4, 0x7, 0x2, 0xfb4, 0xbf8, 0x7, 0x405, 0x6, 0x4, 0x8001, 0x9, 0x8, 0x3, 0x6ae574d2, 0x6, 0xfffffe00, 0x1000, 0x5, 0x92, 0x3, 0x7fffffff, 0xd7, 0x8001, 0x905, 0x3, 0x6, 0xfffffb31, 0xb, 0x4, 0x7, 0x8, 0x1, 0x6, 0x1, 0xff, 0x100, 0x4, 0x3, 0x6, 0x80000000, 0x0, 0x100a, 0x7fffffff, 0x7fff, 0x2, 0xfffffff8, 0x2, 0x9af, 0x10001, 0x8, 0x4, 0x8, 0x6, 0x7742348d, 0x5, 0x5, 0x1f, 0x40, 0x0, 0x6, 0x7fffffff, 0x7, 0x7, 0x8, 0x17f, 0x6, 0x2, 0x10000005, 0x6, 0x1, 0xb, 0xe, 0x5, 0x1, 0xfe7, 0xfffffffc, 0x8, 0x7ff, 0x3e9, 0x0, 0x3, 0x2000, 0xd, 0x3, 0x4, 0x3, 0x81, 0x8, 0x14, 0x8, 0x9, 0x6, 0xffff, 0xf28c, 0x7, 0x6, 0x4, 0x7fffffff, 0xffff, 0x7fffffff, 0xc9, 0x2, 0x0, 0x924, 0x6, 0x100, 0x1, 0x5, 0xffff351b, 0x8, 0xfffffffb, 0x7, 0x9, 0x2, 0x5, 0x4, 0x1, 0x4, 0xff, 0xee, 0x2, 0x4, 0x8, 0x9f, 0x7, 0x3, 0x19, 0xc9, 0x1, 0x1, 0x1, 0xfffffff7, 0x0, 0x5, 0x5, 0x6, 0x400, 0x51, 0x7, 0xefb, 0xb8, 0x8, 0x5, 0xfffffff7, 0x7, 0x7, 0x5, 0x6330, 0x0, 0x6, 0xea, 0x0, 0xfff, 0x809, 0x6, 0x0, 0x6, 0xffff, 0xfffffffa, 0x3, 0x0, 0x1, 0x6, 0xfffffc00, 0x5, 0x7, 0x2ec, 0x9, 0x6, 0x3ff, 0x6, 0xfff, 0x0, 0xa7b, 0x62cc, 0xfffffff7, 0x7, 0x40, 0xa, 0x9b, 0x3, 0xe, 0x1, 0x1, 0xc, 0x40, 0x3, 0x4, 0x5, 0x5, 0x7ff, 0x5, 0x8, 0x5, 0x3, 0x9, 0x7ff, 0x80000001, 0x54, 0x400, 0x1, 0x8, 0xa, 0x9, 0xc0, 0x3, 0x72, 0x80, 0x1000, 0x7, 0x800, 0x6, 0xd19, 0x3, 0x93c, 0x6, 0x0, 0x0, 0xe, 0x5, 0x3, 0xfffffffa, 0xa01, 0xf3, 0xffffff00, 0x8, 0xe, 0x3, 0x3ff, 0x5, 0x2, 0x6, 0xfffffff8, 0xffff, 0xfffffff9, 0x9, 0x5, 0x62, 0x8, 0x1, 0xfffffffb, 0x1af88, 0x2, 0x9, 0x7, 0x0, 0x7, 0x8, 0x10000, 0x40, 0x8, 0x7, 0x2b, 0x40, 0x10, 0x5, 0x200, 0x7fff, 0x6, 0x3, 0x8, 0x10, 0x4, 0x6, 0x633, 0xf05, 0x0, 0x101, 0x200, 0x7, 0x7ff, 0x0, 0x1, 0x1, 0x10000, 0x9, 0x40, 0x9, 0x0, 0x7f, 0x8, 0x6, 0xe, 0x3, 0x80000001, 0x0, 0x8, 0x8, 0x7, 0xdd, 0x8, 0x89, 0x0, 0x100, 0x1, 0x9, 0xe75, 0x400, 0x1, 0x0, 0x200, 0xe9ab, 0xfffffff8, 0x8000, 0x13, 0x2, 0x2, 0x43, 0x3ff, 0x0, 0x7, 0x9, 0x1, 0x6, 0x7, 0xa, 0xf, 0xf39d, 0x71, 0xfff, 0x5, 0x8]}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 1.328622014s ago: executing program 37 (id=6554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0904000000000000000002000000400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a32"], 0x94}}, 0x0) 1.012927471s ago: executing program 38 (id=6551): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5021900000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xfffffffd}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0xc}]}}}]}]}], {0x14}}, 0x94}}, 0x0) 786.79733ms ago: executing program 39 (id=6557): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_RULE_EXPRESSIONS={0x44, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x1}]}}}, {0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x98}}, 0x0) 0s ago: executing program 40 (id=6561): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c}) ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x20000000) kernel console output (not intermixed with test programs): ffc0000 [ 448.234373][ T37] audit: type=1326 audit(1759086616.540:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15303 comm="syz.2.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f20aa58eec9 code=0x7ffc0000 [ 448.235125][ T37] audit: type=1326 audit(1759086616.540:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15303 comm="syz.2.4235" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20aa58eec9 code=0x7ffc0000 [ 449.380185][ T31] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 449.529944][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 449.532855][ T31] usb 1-1: unable to get BOS descriptor or descriptor too short [ 449.534481][ T31] usb 1-1: config 4 has an invalid interface number: 30 but max is 0 [ 449.534506][ T31] usb 1-1: config 4 has no interface number 0 [ 449.534539][ T31] usb 1-1: config 4 interface 30 has no altsetting 0 [ 449.539428][ T31] usb 1-1: string descriptor 0 read error: -22 [ 449.539572][ T31] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88 [ 449.539595][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.607184][ T31] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state. [ 449.607240][ T31] dw2102: su3000_power_ctrl: 1, initialized 0 [ 449.607260][ T31] dvb-usb: bulk message failed: -22 (2/0) [ 449.628890][ T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 449.635521][ T31] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2)) [ 449.635577][ T31] usb 1-1: media controller created [ 449.636073][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636088][ T31] dw2102: i2c transfer failed. [ 449.636110][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636124][ T31] dw2102: i2c transfer failed. [ 449.636139][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636151][ T31] dw2102: i2c transfer failed. [ 449.636167][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636179][ T31] dw2102: i2c transfer failed. [ 449.636195][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636208][ T31] dw2102: i2c transfer failed. [ 449.636224][ T31] dvb-usb: bulk message failed: -22 (6/0) [ 449.636236][ T31] dw2102: i2c transfer failed. [ 449.636244][ T31] dvb-usb: MAC address: 02:02:02:02:02:02 [ 449.787035][ T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 449.928790][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 449.928811][ T31] dw2102: command 0x0e transfer failed. [ 449.928820][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 449.928832][ T31] dw2102: command 0x0e transfer failed. [ 450.242965][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 450.242995][ T31] dw2102: command 0x0e transfer failed. [ 450.243005][ T31] dvb-usb: bulk message failed: -22 (3/0) [ 450.243018][ T31] dw2102: command 0x0e transfer failed. [ 450.243027][ T31] dvb-usb: bulk message failed: -22 (1/0) [ 450.243039][ T31] dw2102: command 0x51 transfer failed. [ 450.243048][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 450.243061][ T31] dw2102: i2c probe for address 0x68 failed. [ 450.243072][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 450.243085][ T31] dw2102: i2c probe for address 0x69 failed. [ 450.243096][ T31] dvb-usb: bulk message failed: -22 (5/0) [ 450.243108][ T31] dw2102: i2c probe for address 0x6a failed. [ 450.243118][ T31] dw2102: probing for demodulator failed. Is the external power switched on? [ 450.243127][ T31] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)' [ 450.410317][ T31] rc_core: IR keymap rc-tt-1500 not found [ 450.410336][ T31] Registered IR keymap rc-empty [ 450.412212][ T31] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 450.423461][ T31] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input23 [ 450.551143][ T31] dvb-usb: schedule remote query interval to 250 msecs. [ 450.551167][ T31] dw2102: su3000_power_ctrl: 0, initialized 1 [ 450.551179][ T31] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected. [ 450.589018][ T31] usb 1-1: USB disconnect, device number 36 [ 450.718660][T15381] atomic_op ffff888038eb5218 conn xmit_atomic 0000000000000000 [ 451.043927][ T31] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected. [ 451.276752][T15400] netlink: 'syz.2.4281': attribute type 10 has an invalid length. [ 451.301269][T15400] team0: Port device netdevsim0 added [ 451.312492][T15400] netlink: 'syz.2.4281': attribute type 10 has an invalid length. [ 451.494900][T15400] team0: Port device netdevsim0 removed [ 451.512350][T15400] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 452.132613][T15426] xt_cluster: you have exceeded the maximum number of cluster nodes (37482740 > 32) [ 452.718091][T15440] vlan3: entered promiscuous mode [ 452.718111][T15440] gretap0: entered promiscuous mode [ 453.258936][T15457] binder: BINDER_SET_CONTEXT_MGR already set [ 453.258950][T15457] binder: 15456:15457 ioctl 40046207 0 returned -16 [ 454.179597][T15490] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 454.356516][T15496] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4326'. [ 454.594073][T15505] netlink: 'syz.2.4331': attribute type 1 has an invalid length. [ 454.698096][T15509] kAFS: unable to lookup cell 'sէKyy [ 454.698096][T15509] [ 454.698096][T15509] =6%*;eܲ5;Z*d{iElZSjUF/k!btF\_vfVnDPPB1%A)X\YT"8ώdJ_.5d#ۜhGp6"5ͺ*,ImI-(WA?WZ)n[qG jnڇ%(J-%ؘccʵ{|6ZA5k@a+oST;]5 !G3{K,' [ 454.841304][T15516] netlink: 'syz.5.4336': attribute type 2 has an invalid length. [ 454.846620][ T37] audit: type=1326 audit(1759086623.150:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15512 comm="syz.0.4335" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e7948eec9 code=0x0 [ 455.457545][ T45] hid_parser_main: 643 callbacks suppressed [ 455.457567][ T45] hid-generic 0000:0000:0000.0037: unknown main item tag 0x0 [ 455.477224][ T45] hid-generic 0000:0000:0000.0037: hidraw0: HID v0.00 Device [syz1] on syz0 [ 455.604614][T15526] fido_id[15526]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 455.950043][ T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 456.110507][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 456.115289][ T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 456.115316][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.115335][ T10] usb 1-1: Product: syz [ 456.115349][ T10] usb 1-1: Manufacturer: syz [ 456.115362][ T10] usb 1-1: SerialNumber: syz [ 456.173126][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 456.173151][ T10] r8152-cfgselector 1-1: config 0 descriptor?? [ 456.397315][ T10] r8152-cfgselector 1-1: Needed 1 retries to read version [ 456.397366][ T10] r8152-cfgselector 1-1: Unknown version 0x0000 [ 456.397882][ T10] r8152-cfgselector 1-1: bad CDC descriptors [ 456.601203][ T1232] r8152-cfgselector 1-1: USB disconnect, device number 37 [ 457.273326][T15581] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4366'. [ 457.361276][T15582] gretap2: entered allmulticast mode [ 457.834733][T15597] netlink: 'syz.2.4371': attribute type 10 has an invalid length. [ 457.843633][T15597] batman_adv: batadv0: Adding interface: team0 [ 457.843649][T15597] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 457.843677][T15597] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 457.846997][T15597] netlink: 'syz.2.4371': attribute type 10 has an invalid length. [ 457.847016][T15597] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4371'. [ 457.847180][T15597] team0: entered promiscuous mode [ 457.847195][T15597] team_slave_0: entered promiscuous mode [ 457.847440][T15597] team_slave_1: entered promiscuous mode [ 457.852336][T15597] 8021q: adding VLAN 0 to HW filter on device team0 [ 457.852640][T15597] batman_adv: batadv0: Interface activated: team0 [ 457.852680][T15597] batman_adv: batadv0: Interface deactivated: team0 [ 457.852700][T15597] batman_adv: batadv0: Removing interface: team0 [ 457.972411][T15597] bridge0: port 3(team0) entered blocking state [ 457.972562][T15597] bridge0: port 3(team0) entered disabled state [ 457.972863][T15597] team0: entered allmulticast mode [ 457.972879][T15597] team_slave_0: entered allmulticast mode [ 457.972901][T15597] team_slave_1: entered allmulticast mode [ 458.066146][T15599] autofs: Bad value for 'fd' [ 459.759893][ T989] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 459.928863][ T989] usb 6-1: Using ep0 maxpacket: 8 [ 459.941726][ T989] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 459.941753][ T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.941773][ T989] usb 6-1: Product: syz [ 459.941785][ T989] usb 6-1: Manufacturer: syz [ 459.941798][ T989] usb 6-1: SerialNumber: syz [ 459.947240][ T989] usb 6-1: config 0 descriptor?? [ 460.003212][ T989] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 460.003266][ T989] dvb-usb: bulk message failed: -22 (2/0) [ 460.003284][ T989] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 460.009105][ T989] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 460.009165][ T989] usb 6-1: media controller created [ 460.100455][ T989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 460.136384][ T989] dvb-usb: bulk message failed: -22 (1/0) [ 460.136434][ T989] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 460.163830][ T989] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input24 [ 460.195222][ T989] dvb-usb: schedule remote query interval to 50 msecs. [ 460.195250][ T989] dvb-usb: bulk message failed: -22 (2/0) [ 460.195263][ T989] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 460.254915][ T989] dvb-usb: bulk message failed: -22 (1/0) [ 460.254957][ T989] dvb-usb: error while querying for an remote control event. [ 460.256274][ T5926] usb 6-1: USB disconnect, device number 22 [ 460.369992][ T31] usb 1-1: new full-speed USB device number 38 using dummy_hcd [ 460.426585][ T5926] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 460.525170][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 460.525193][ T31] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 460.525219][ T31] usb 1-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00 [ 460.525231][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.535954][ T31] usb 1-1: config 0 descriptor?? [ 460.550598][T15668] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 460.979439][ T31] logitech 0003:046D:CA04.0038: unknown main item tag 0x6 [ 460.997618][ T31] logitech 0003:046D:CA04.0038: hidraw0: USB HID vff.fa Device [HID 046d:ca04] on usb-dummy_hcd.0-1/input0 [ 460.997664][ T31] logitech 0003:046D:CA04.0038: no inputs found [ 461.172141][ T5919] usb 1-1: USB disconnect, device number 38 [ 461.350310][ T5926] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 461.365963][T15690] tipc: Started in network mode [ 461.365991][T15690] tipc: Node identity d23676031f9f, cluster identity 4711 [ 461.377139][T15690] tipc: Enabled bearer , priority 0 [ 461.515348][ T5926] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 461.515384][ T5926] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 461.515426][ T5926] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 461.515451][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.597241][ T5926] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 461.598504][ T5926] usb 3-1: invalid MIDI out EP 0 [ 461.748792][T12881] udevd[12881]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 461.760330][ T989] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 461.859088][ T5926] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 461.864177][ T5926] usb 3-1: USB disconnect, device number 35 [ 461.930162][ T989] usb 6-1: Using ep0 maxpacket: 32 [ 461.933058][ T989] usb 6-1: config 0 has an invalid interface number: 85 but max is 0 [ 461.933090][ T989] usb 6-1: config 0 has no interface number 0 [ 461.933141][ T989] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 461.933167][ T989] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 461.933189][ T989] usb 6-1: config 0 interface 85 has no altsetting 0 [ 461.937297][ T989] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 461.937323][ T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.937342][ T989] usb 6-1: Product: syz [ 461.937367][ T989] usb 6-1: Manufacturer: syz [ 461.937380][ T989] usb 6-1: SerialNumber: syz [ 462.022621][ T989] usb 6-1: config 0 descriptor?? [ 462.150015][ T10] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 462.249389][ T989] appletouch 6-1:0.85: Failed to read mode from device. [ 462.249616][ T989] appletouch 6-1:0.85: probe with driver appletouch failed with error -5 [ 462.302696][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 462.305367][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 462.305391][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 462.321975][ T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 462.322002][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.322021][ T10] usb 1-1: Product: syz [ 462.322034][ T10] usb 1-1: Manufacturer: syz [ 462.322048][ T10] usb 1-1: SerialNumber: syz [ 462.480290][ T5926] tipc: Node number set to 3450435075 [ 462.512328][ T989] usb 6-1: USB disconnect, device number 23 [ 462.547183][ T5160] Bluetooth: hci4: unexpected event for opcode 0x1005 [ 462.680665][ T10] usb 1-1: USB disconnect, device number 39 [ 462.712528][T15704] netlink: 'syz.4.4424': attribute type 2 has an invalid length. [ 462.712550][T15704] netlink: 244 bytes leftover after parsing attributes in process `syz.4.4424'. [ 462.880904][ T5160] Bluetooth: hci3: command 0x0406 tx timeout [ 462.886988][T12881] udevd[12881]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 462.909966][ T1232] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 463.072237][ T1232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 463.072305][ T1232] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.072327][ T1232] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 463.072370][ T1232] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 463.072393][ T1232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.077945][ T1232] usb 3-1: config 0 descriptor?? [ 463.533337][ T1232] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x2 [ 463.533378][ T1232] plantronics 0003:047F:FFFF.0039: unknown main item tag 0x6 [ 463.650984][ T1232] plantronics 0003:047F:FFFF.0039: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 463.660209][ T45] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 463.744636][ T10] usb 3-1: USB disconnect, device number 36 [ 463.825540][ T45] usb 6-1: config index 0 descriptor too short (expected 23569, got 27) [ 463.825599][ T45] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 463.827284][ T45] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 463.827311][ T45] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 463.827330][ T45] usb 6-1: Manufacturer: syz [ 463.896521][T15727] fido_id[15727]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 463.922951][ T1232] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 463.943571][ T45] usb 6-1: config 0 descriptor?? [ 464.059976][ T45] rc_core: IR keymap rc-hauppauge not found [ 464.059996][ T45] Registered IR keymap rc-empty [ 464.061681][ T45] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 464.068842][ T45] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input26 [ 464.082613][ T1232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 464.082658][ T1232] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 464.082681][ T1232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 464.190146][ T1232] usb 1-1: config 0 descriptor?? [ 464.271511][T15737] netlink: 'syz.4.4438': attribute type 2 has an invalid length. [ 464.271534][T15737] netlink: 'syz.4.4438': attribute type 1 has an invalid length. [ 464.271548][T15737] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.4438'. [ 464.271564][T15737] nbd: must specify at least one socket [ 464.423263][ C1] igorplugusb 6-1:0.0: receive overflow, at least 9 lost [ 464.683315][ T45] usb 6-1: USB disconnect, device number 24 [ 464.813074][ T1232] logitech-djreceiver 0003:046D:C71F.003A: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.0-1/input0 [ 464.922114][T12881] udevd[12881]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 464.929961][ T1232] usb 1-1: USB disconnect, device number 40 [ 465.064544][ T5842] Bluetooth: hci0: link tx timeout [ 465.065278][ T5842] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa [ 465.143902][T15749] fido_id[15749]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 466.171806][T15791] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 466.171869][T15791] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 466.171956][T15791] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 466.172047][T15791] comedi comedi3: 8255: I/O port conflict (0xc9,4) [ 466.172094][T15791] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 466.172142][T15791] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 466.172190][T15791] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 466.172318][T15791] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 466.172366][T15791] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 466.172418][T15791] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 466.172554][T15791] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 466.172606][T15791] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 466.172657][T15791] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 466.172703][T15791] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 466.172751][T15791] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 466.172799][T15791] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 466.172853][T15791] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffff5,4) [ 466.172902][T15791] comedi comedi3: 8255: I/O port conflict (0xffffffffffffeadb,4) [ 466.172951][T15791] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 466.172997][T15791] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 466.173042][T15791] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 466.300144][ T45] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 466.450212][ T45] usb 6-1: Using ep0 maxpacket: 8 [ 466.458340][ T45] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 466.458370][ T45] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.458390][ T45] usb 6-1: Product: syz [ 466.458403][ T45] usb 6-1: Manufacturer: syz [ 466.458417][ T45] usb 6-1: SerialNumber: syz [ 466.517291][ T45] usb 6-1: config 0 descriptor?? [ 466.560018][ C0] syz_tun: tun_net_xmit 70 [ 466.581131][ T45] gspca_main: se401-2.14.0 probing 047d:5003 [ 466.970899][ T45] gspca_se401: Wrong descriptor type [ 467.076049][T15813] tipc: Started in network mode [ 467.076081][T15813] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711 [ 467.076273][T15813] tipc: Enabled bearer , priority 0 [ 467.129949][ T5160] Bluetooth: hci0: command 0x0405 tx timeout [ 467.203366][ T10] usb 6-1: USB disconnect, device number 25 [ 467.355953][T15819] netlink: 'syz.6.4477': attribute type 1 has an invalid length. [ 467.438063][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438086][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438099][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438112][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438125][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438138][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.438151][T15825] netlink: 'syz.0.4481': attribute type 1 has an invalid length. [ 467.668703][T15829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4483'. [ 467.733448][T15829] veth0_macvtap: left promiscuous mode [ 468.190225][ T31] tipc: Node number set to 11578026 [ 468.265225][T15844] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4490'. [ 470.071400][T15898] rdma_op ffff88805f373270 conn xmit_rdma 0000000000000000 [ 470.289995][ T1232] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 470.439984][ T1232] usb 1-1: Using ep0 maxpacket: 32 [ 470.442547][ T1232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 470.442578][ T1232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 470.442670][ T1232] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00a, bcdDevice= 0.00 [ 470.442694][ T1232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.458334][ T1232] usb 1-1: config 0 descriptor?? [ 470.937207][ T1232] aquacomputer_d5next 0003:0C70:F00A.003B: unknown main item tag 0x7 [ 470.952994][ T1232] aquacomputer_d5next 0003:0C70:F00A.003B: hidraw0: USB HID v0.00 Device [HID 0c70:f00a] on usb-dummy_hcd.0-1/input0 [ 471.125924][ T1232] usb 1-1: USB disconnect, device number 41 [ 471.387382][T15930] fido_id[15930]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 471.819647][T15955] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.4540'. [ 471.825244][T15952] netlink: 16402 bytes leftover after parsing attributes in process `syz.6.4540'. [ 473.095585][T15990] netlink: 64 bytes leftover after parsing attributes in process `syz.5.4556'. [ 474.241962][T16018] macsec1: entered allmulticast mode [ 474.241986][T16018] syz_tun: entered allmulticast mode [ 474.298673][T16018] syz_tun: left allmulticast mode [ 474.407110][T16022] syz.0.4573 (16022) used greatest stack depth: 16656 bytes left [ 474.574238][T16024] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4575'. [ 475.515306][T16045] random: crng reseeded on system resumption [ 476.842081][T16072] delete_channel: no stack [ 476.843857][T16071] delete_channel: no stack [ 478.005220][T16109] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4615'. [ 478.275902][T16115] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003 [ 478.317443][T16118] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 479.509940][ T31] usb 6-1: new full-speed USB device number 26 using dummy_hcd [ 479.679359][ T31] usb 6-1: config 162 has an invalid interface number: 79 but max is 1 [ 479.679385][ T31] usb 6-1: config 162 has an invalid interface number: 183 but max is 1 [ 479.679405][ T31] usb 6-1: config 162 has no interface number 0 [ 479.679420][ T31] usb 6-1: config 162 has no interface number 1 [ 479.679480][ T31] usb 6-1: config 162 interface 79 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 479.679519][ T31] usb 6-1: config 162 interface 183 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 479.679542][ T31] usb 6-1: config 162 interface 183 altsetting 1 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 479.679569][ T31] usb 6-1: config 162 interface 183 altsetting 1 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 479.679594][ T31] usb 6-1: config 162 interface 183 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 479.679618][ T31] usb 6-1: config 162 interface 183 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 64 [ 479.679644][ T31] usb 6-1: config 162 interface 183 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 479.679670][ T31] usb 6-1: config 162 interface 79 has no altsetting 0 [ 479.679688][ T31] usb 6-1: config 162 interface 183 has no altsetting 0 [ 479.815845][ T31] usb 6-1: New USB device found, idVendor=056e, idProduct=5004, bcdDevice=db.d1 [ 479.815875][ T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.815894][ T31] usb 6-1: Product: syz [ 479.815908][ T31] usb 6-1: Manufacturer: syz [ 479.815921][ T31] usb 6-1: SerialNumber: syz [ 480.112619][ T31] pl2303 6-1:162.79: required endpoints missing [ 480.164574][ T31] pl2303 6-1:162.183: pl2303 converter detected [ 480.167427][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8484]: -71 [ 480.167994][ T31] pl2303 6-1:162.183: pl2303_vendor_write - failed to write [0404]: -71 [ 480.168423][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8484]: -71 [ 480.168827][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8383]: -71 [ 480.220133][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8484]: -71 [ 480.220958][ T31] pl2303 6-1:162.183: pl2303_vendor_write - failed to write [0404]: -71 [ 480.221364][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8484]: -71 [ 480.221764][ T31] pl2303 6-1:162.183: pl2303_vendor_read - failed to read [8383]: -71 [ 480.222169][ T31] pl2303 6-1:162.183: pl2303_vendor_write - failed to write [0000]: -71 [ 480.222588][ T31] pl2303 6-1:162.183: pl2303_vendor_write - failed to write [0001]: -71 [ 480.223087][ T31] pl2303 6-1:162.183: pl2303_vendor_write - failed to write [0002]: -71 [ 480.240493][ T31] usb 6-1: pl2303 converter now attached to ttyUSB0 [ 480.305881][ T31] usb 6-1: USB disconnect, device number 26 [ 480.341444][ T31] pl2303 ttyUSB0: pl2303 converter now disconnected from ttyUSB0 [ 480.342435][ T31] pl2303 6-1:162.183: device disconnected [ 480.856266][T16171] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4645'. [ 481.244843][ T5211] udevd[5211]: worker [15383] terminated by signal 33 (Unknown signal 33) [ 481.244894][ T5211] udevd[5211]: worker [15383] failed while handling '/devices/virtual/block/loop0' [ 481.446676][T16188] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4654'. [ 482.271390][T16212] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4665'. [ 482.894760][ T5842] Bluetooth: hci3: unknown advertising packet type: 0x0c [ 482.985529][T16236] syz.4.4677 uses old SIOCAX25GETINFO [ 484.821972][T16271] iso9660: Bad value for 'gid' [ 484.821992][T16271] iso9660: Bad value for 'gid' [ 485.829916][ T10] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 485.988109][ T10] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 485.988140][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.988160][ T10] usb 6-1: Product: syz [ 485.988174][ T10] usb 6-1: Manufacturer: syz [ 485.988188][ T10] usb 6-1: SerialNumber: syz [ 486.028929][ T10] usb 6-1: config 0 descriptor?? [ 486.051867][ T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 486.081708][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 486.082650][ T10] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 486.082708][ T10] usb 6-1: media controller created [ 486.160787][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 486.295149][ T10] DVB: Unable to find symbol mt352_attach() [ 486.367130][ T10] DVB: Unable to find symbol nxt6000_attach() [ 486.367146][ T10] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 486.398310][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input27 [ 486.419552][ T10] dvb-usb: schedule remote query interval to 1000 msecs. [ 486.419574][ T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 486.419590][ T10] dvb-usb: bulk message failed: -22 (7/0) [ 486.419607][ T10] dvb-usb: bulk message failed: -22 (7/0) [ 486.464259][ T10] usb 6-1: USB disconnect, device number 27 [ 486.616945][ T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 486.769993][ T45] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 486.937225][ T45] usb 1-1: config 1 has an invalid descriptor of length 84, skipping remainder of the config [ 486.937252][ T45] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 486.950375][ T45] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 486.950403][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 486.950420][ T45] usb 1-1: SerialNumber: syz [ 487.177932][ T45] usb 1-1: 0:2 : does not exist [ 487.341087][ T45] usb 1-1: USB disconnect, device number 42 [ 487.501375][T12881] udevd[12881]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 487.945667][T16331] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 487.945749][T16331] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 487.945797][T16331] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 487.945849][T16331] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 487.945979][T16331] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 487.946024][T16331] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 487.946070][T16331] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 487.946197][T16331] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 487.946248][T16331] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 487.946299][T16331] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 488.191148][T16336] program syz.6.4725 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 488.369936][ T45] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 488.522865][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 488.526882][ T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 488.526915][ T45] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.526937][ T45] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 488.526980][ T45] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 488.527003][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.541969][ T45] usb 1-1: config 0 descriptor?? [ 488.975650][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.975692][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.975717][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.975989][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976018][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976047][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976076][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976104][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976132][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 488.976160][ T45] microsoft 0003:045E:07DA.003C: unknown main item tag 0x0 [ 489.030545][ T45] microsoft 0003:045E:07DA.003C: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 489.030579][ T45] microsoft 0003:045E:07DA.003C: no inputs found [ 489.030593][ T45] microsoft 0003:045E:07DA.003C: could not initialize ff, continuing anyway [ 489.218985][ T10] usb 1-1: USB disconnect, device number 43 [ 489.331935][T16351] fido_id[16351]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 489.541297][ T5160] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 489.547311][ T5160] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 489.558597][T16360] validate_nla: 45 callbacks suppressed [ 489.558614][T16360] netlink: 'syz.5.4735': attribute type 2 has an invalid length. [ 489.565340][ T5160] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 489.585052][ T5160] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 489.585820][ T5160] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 490.231372][ T37] audit: type=1326 audit(1759086658.530:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.231430][ T37] audit: type=1326 audit(1759086658.530:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.231697][ T37] audit: type=1326 audit(1759086658.550:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.232169][ T37] audit: type=1326 audit(1759086658.550:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.234184][ T37] audit: type=1326 audit(1759086658.550:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.234880][ T37] audit: type=1326 audit(1759086658.550:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.242885][ T37] audit: type=1326 audit(1759086658.550:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.242930][ T37] audit: type=1326 audit(1759086658.550:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16373 comm="syz.5.4742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 490.537503][T16381] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4746'. [ 491.230071][ T45] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 491.412305][ T45] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 491.412338][ T45] usb 6-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 491.412380][ T45] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 491.412401][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.456814][ T45] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 491.457819][ T45] usb 6-1: invalid MIDI out EP 0 [ 491.754903][T12881] udevd[12881]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 491.761359][ T5842] Bluetooth: hci5: command tx timeout [ 491.912135][ T45] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 491.939948][ T45] usb 6-1: USB disconnect, device number 28 [ 492.104433][T16411] sp0: Synchronizing with TNC [ 492.472635][ T1312] bond0: (slave netdevsim0): Releasing backup interface [ 493.059719][T16356] chnl_net:caif_netlink_parms(): no params data found [ 493.100215][ T45] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 493.255416][ T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 493.255443][ T45] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 493.257966][ T45] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 493.257994][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.258013][ T45] usb 1-1: Product: syz [ 493.258027][ T45] usb 1-1: Manufacturer: syz [ 493.258040][ T45] usb 1-1: SerialNumber: syz [ 493.587602][T16447] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4776'. [ 493.721140][ T1312] team0: left allmulticast mode [ 493.721161][ T1312] team_slave_0: left allmulticast mode [ 493.721184][ T1312] team_slave_1: left allmulticast mode [ 493.724612][ T1312] bridge0: port 3(team0) entered disabled state [ 493.730770][ T45] usb 1-1: cannot find UAC_HEADER [ 493.797995][ T45] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 493.840048][ T5842] Bluetooth: hci5: command tx timeout [ 493.867394][ T1312] bridge_slave_1: left allmulticast mode [ 493.867425][ T1312] bridge_slave_1: left promiscuous mode [ 493.867769][ T1312] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.915891][T12881] udevd[12881]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 493.954569][ T5947] usb 1-1: USB disconnect, device number 44 [ 493.985765][ T1312] bridge_slave_0: left allmulticast mode [ 493.986603][ T1312] bridge_slave_0: left promiscuous mode [ 493.986844][ T1312] bridge0: port 1(bridge_slave_0) entered disabled state [ 494.912841][T16473] vivid-000: disconnect [ 494.917109][T16471] vivid-000: reconnect [ 495.260022][ T5926] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 495.433891][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 495.433942][ T5926] usb 6-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 495.433965][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 495.443991][ T5926] usb 6-1: config 0 descriptor?? [ 495.917719][ T5926] steelseries 0003:1038:12B6.003D: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.5-1/input0 [ 495.920294][ T5842] Bluetooth: hci5: command tx timeout [ 496.111761][ T5926] steelseries 0003:1038:12B6.003D: hid_hw_raw_request() failed with -71 [ 496.126226][ T5926] usb 6-1: USB disconnect, device number 29 [ 496.580443][ T1312] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 496.653866][ T1312] bond0 (unregistering): (slave c@0): Releasing backup interface [ 496.697737][ T1312] bond0 (unregistering): Released all slaves [ 497.566553][ T1312] bond1 (unregistering): Released all slaves [ 497.960780][ T1312] tipc: Disabling bearer [ 498.000308][ T5842] Bluetooth: hci5: command tx timeout [ 498.042151][ T1312] tipc: Left network mode [ 498.042702][T16356] bridge0: port 1(bridge_slave_0) entered blocking state [ 498.042839][T16356] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.043128][T16356] bridge_slave_0: entered allmulticast mode [ 498.045814][T16356] bridge_slave_0: entered promiscuous mode [ 498.070337][T16356] bridge0: port 2(bridge_slave_1) entered blocking state [ 498.070470][T16356] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.070694][T16356] bridge_slave_1: entered allmulticast mode [ 498.075841][T16356] bridge_slave_1: entered promiscuous mode [ 498.537819][T16356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 498.593084][T16356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 499.041096][ T1232] kernel write not supported for file /amidi2 (pid: 1232 comm: kworker/0:3) [ 499.259910][ T10] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 499.413807][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 499.416401][ T10] usb 1-1: config 0 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 499.416429][ T10] usb 1-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 499.416456][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 499.416491][ T10] usb 1-1: New USB device found, idVendor=20bc, idProduct=5500, bcdDevice= 0.00 [ 499.416513][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 499.436182][T16526] netlink: 'syz.5.4811': attribute type 29 has an invalid length. [ 499.486852][ T10] usb 1-1: config 0 descriptor?? [ 499.546783][T16356] team0: Port device team_slave_0 added [ 499.553368][T16356] team0: Port device team_slave_1 added [ 499.903400][T16542] ptrace attach of "./syz-executor exec"[5854] was attempted by ""[16542] [ 499.947072][ T10] betop 0003:20BC:5500.003E: hidraw0: USB HID v8.00 Device [HID 20bc:5500] on usb-dummy_hcd.0-1/input0 [ 499.947173][ T10] betop 0003:20BC:5500.003E: no inputs found [ 500.132940][ T10] usb 1-1: USB disconnect, device number 45 [ 500.209050][T16551] netlink: 52 bytes leftover after parsing attributes in process `syz.4.4820'. [ 500.351481][ T1232] libceph: connect (1)[c::]:6789 error -101 [ 500.352300][ T1232] libceph: mon0 (1)[c::]:6789 connect error [ 500.397967][ T1232] libceph: connect (1)[c::]:6789 error -101 [ 500.398185][ T1232] libceph: mon0 (1)[c::]:6789 connect error [ 500.578553][T16356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 500.578570][T16356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.578704][T16356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 500.583790][T16356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 500.583804][T16356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 500.583829][T16356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 500.663368][ T1232] libceph: connect (1)[c::]:6789 error -101 [ 500.664185][ T1232] libceph: mon0 (1)[c::]:6789 connect error [ 500.827770][T16544] ceph: No mds server is up or the cluster is laggy [ 501.353250][ T37] audit: type=1400 audit(1759086669.660:100): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=16573 comm="syz.5.4831" src=1 dest=20000 netif=wpan0 [ 501.594245][T16356] hsr_slave_0: entered promiscuous mode [ 501.595706][T16356] hsr_slave_1: entered promiscuous mode [ 501.596810][T16356] debugfs: 'hsr0' already exists in 'hsr' [ 501.596833][T16356] Cannot create hsr debugfs directory [ 501.774167][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.619542][ T1312] hsr_slave_0: left promiscuous mode [ 502.666479][ T1312] hsr_slave_1: left promiscuous mode [ 502.667453][ T1312] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 502.720667][ T1312] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 504.062646][T16633] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 504.062673][T16633] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 504.078103][T16633] vhci_hcd vhci_hcd.0: Device attached [ 504.251199][ T1232] vhci_hcd: vhci_device speed not set [ 504.325793][ T1232] usb 43-1: new full-speed USB device number 2 using vhci_hcd [ 504.362333][ T10] usb 6-1: new low-speed USB device number 30 using dummy_hcd [ 504.524559][ T10] usb 6-1: config 0 has no interfaces? [ 504.524595][ T10] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 504.524617][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.531691][ T10] usb 6-1: config 0 descriptor?? [ 504.747527][T16634] vhci_hcd: unknown pdu 1 [ 504.748728][ T989] usb 6-1: USB disconnect, device number 30 [ 504.779902][ T68] vhci_hcd: stop threads [ 504.782553][ T68] vhci_hcd: release socket [ 504.819746][ T68] vhci_hcd: disconnect device [ 504.822078][ T1232] vhci_hcd: vhci_device speed not set [ 505.622510][ T1312] team_slave_1 (unregistering): left promiscuous mode [ 505.668197][ T1312] team0 (unregistering): Port device team_slave_1 removed [ 506.013818][ T1312] team_slave_0 (unregistering): left promiscuous mode [ 506.050719][ T1312] team0 (unregistering): Port device team_slave_0 removed [ 506.056587][ T1453] smc: removing ib device !yz! [ 506.137304][T16657] comedi comedi3: comedi_test: 20263 microvolt, 31 microsecond waveform attached [ 506.877015][T16670] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 506.877048][T16670] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 506.877077][T16670] comedi comedi3: 8255: I/O port conflict (0x401,4) [ 506.877102][T16670] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 506.877358][T16670] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 506.877393][T16670] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 506.877421][T16670] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 506.877499][T16670] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 506.877525][T16670] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 506.877551][T16670] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 506.877600][T16670] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 506.877625][T16670] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 506.877650][T16670] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 508.256614][ T1312] vxcan1 (unregistering): left allmulticast mode [ 509.687228][T16697] tipc: Enabling of bearer rejected, failed to enable media [ 509.726142][T16699] macvlan2: entered promiscuous mode [ 509.726173][T16699] macvlan2: entered allmulticast mode [ 509.871324][ T37] audit: type=1326 audit(1759086678.180:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16700 comm="syz.4.4893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1614eec9 code=0x7ffc0000 [ 509.871377][ T37] audit: type=1326 audit(1759086678.180:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16700 comm="syz.4.4893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1614eec9 code=0x7ffc0000 [ 509.872029][ T37] audit: type=1326 audit(1759086678.180:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16700 comm="syz.4.4893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f3e1614eec9 code=0x7ffc0000 [ 509.872076][ T37] audit: type=1326 audit(1759086678.180:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16700 comm="syz.4.4893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1614eec9 code=0x7ffc0000 [ 509.872481][ T37] audit: type=1326 audit(1759086678.180:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16700 comm="syz.4.4893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e1614eec9 code=0x7ffc0000 [ 510.016829][T16704] smc: net device bond0 applied user defined pnetid S [ 510.384632][T16714] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4899'. [ 510.384661][T16714] netlink: 56 bytes leftover after parsing attributes in process `syz.6.4899'. [ 510.384677][T16714] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4899'. [ 511.840820][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.536189][T16765] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4923'. [ 512.536212][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4923'. [ 512.536237][T16765] netlink: 'syz.5.4923': attribute type 7 has an invalid length. [ 512.823063][T16356] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 512.967668][T16356] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 512.990678][T16773] netlink: 'syz.5.4928': attribute type 10 has an invalid length. [ 513.436670][T16773] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 513.477407][T16772] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.505693][T16356] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 514.173066][T16356] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 514.808562][T16356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 514.887011][T16356] 8021q: adding VLAN 0 to HW filter on device team0 [ 514.972150][ T68] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.975780][ T68] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.010817][ T68] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.011027][ T68] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.330179][T16825] tipc: Enabled bearer , priority 10 [ 515.476849][ T1312] IPVS: stop unused estimator thread 0... [ 515.820424][T16842] devpts: Bad value for 'max' [ 516.449935][ T6033] tipc: Node number set to 754974784 [ 516.670290][T16356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 516.820028][ T5926] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 516.986990][ T5926] usb 6-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 516.987021][ T5926] usb 6-1: config 0 interface 0 has no altsetting 0 [ 516.987054][ T5926] usb 6-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 516.987075][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 517.008993][ T5926] usb 6-1: config 0 descriptor?? [ 517.444797][ T5926] apple 0003:05AC:027A.003F: hidraw0: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.5-1/input0 [ 517.547103][ T37] audit: type=1800 audit(1759086685.850:106): pid=16884 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.4972" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 517.624368][ T6033] usb 6-1: USB disconnect, device number 31 [ 517.772961][T16356] veth0_vlan: entered promiscuous mode [ 517.799522][T16356] veth1_vlan: entered promiscuous mode [ 517.937714][T16888] fido_id[16888]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 518.001027][T16356] veth0_macvtap: entered promiscuous mode [ 518.022170][T16356] veth1_macvtap: entered promiscuous mode [ 518.061132][T16356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 518.136063][T16356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 518.179167][ T1132] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.179417][ T1132] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.180615][ T4776] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.181855][ T4776] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 518.664919][ T1453] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.664938][ T1453] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 518.797806][ T1423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 518.797827][ T1423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 519.591737][T16940] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 519.591764][T16940] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 519.591856][T16940] vhci_hcd vhci_hcd.0: Device attached [ 519.782751][ T5926] vhci_hcd: vhci_device speed not set [ 519.840222][ T5926] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 520.612259][ T37] audit: type=1326 audit(1759086688.910:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.612960][ T37] audit: type=1326 audit(1759086688.920:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.616594][ T37] audit: type=1326 audit(1759086688.920:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.623645][ T37] audit: type=1326 audit(1759086688.920:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.623693][ T37] audit: type=1326 audit(1759086688.930:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.623734][ T37] audit: type=1326 audit(1759086688.930:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 520.623775][ T37] audit: type=1326 audit(1759086688.930:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16970 comm="syz.5.5010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 522.060051][ T5947] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 522.213578][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 522.213613][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.213635][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 522.213675][ T5947] usb 1-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00 [ 522.213697][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.236696][ T5947] usb 1-1: config 0 descriptor?? [ 522.568302][T17031] netlink: 8 bytes leftover after parsing attributes in process `syz.7.5038'. [ 522.666476][T16941] vhci_hcd: connection reset by peer [ 522.685809][ T1312] vhci_hcd: stop threads [ 522.685829][ T1312] vhci_hcd: release socket [ 522.688284][ T1312] vhci_hcd: disconnect device [ 522.708342][ T5947] hid-generic 0003:045E:008E.0040: unbalanced collection at end of report description [ 522.709219][ T5947] hid-generic 0003:045E:008E.0040: probe with driver hid-generic failed with error -22 [ 522.893250][ T5947] usb 1-1: USB disconnect, device number 46 [ 522.902241][T17038] netlink: 'syz.7.5040': attribute type 4 has an invalid length. [ 523.370256][T17049] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5046'. [ 523.370359][T17049] tipc: Enabling of bearer rejected, failed to enable media [ 523.833158][T17061] netlink: 'syz.5.5052': attribute type 1 has an invalid length. [ 523.833181][T17061] netlink: 236 bytes leftover after parsing attributes in process `syz.5.5052'. [ 523.968181][T17064] IPv6: NLM_F_CREATE should be specified when creating new route [ 523.968298][T17064] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 523.968308][T17064] IPv6: NLM_F_CREATE should be set when creating new route [ 523.968397][T17064] IPv6: NLM_F_CREATE should be set when creating new route [ 523.968428][T17064] IPv6: NLM_F_CREATE should be set when creating new route [ 524.005115][T17068] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 524.950032][ T5926] vhci_hcd: vhci_device speed not set [ 525.527055][T17115] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5077'. [ 526.015923][T17133] vlan2: entered allmulticast mode [ 526.015945][T17133] bond0: entered allmulticast mode [ 526.015957][T17133] bond_slave_0: entered allmulticast mode [ 526.017230][T17133] bond_slave_1: entered allmulticast mode [ 526.699924][ T5926] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 526.857990][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 526.858023][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 526.858045][ T5926] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 526.858085][ T5926] usb 6-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 526.858107][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.867496][ T5926] usb 6-1: config 0 descriptor?? [ 527.362763][ T5926] elo 0003:04E7:0030.0041: reserved main item tag 0xe [ 527.362801][ T5926] elo 0003:04E7:0030.0041: item fetching failed at offset 8/9 [ 527.363570][ T5926] elo 0003:04E7:0030.0041: parse failed [ 527.363674][ T5926] elo 0003:04E7:0030.0041: probe with driver elo failed with error -22 [ 527.574178][ T5926] usb 6-1: USB disconnect, device number 32 [ 529.322770][T17213] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5123'. [ 529.399305][T17216] netlink: 36 bytes leftover after parsing attributes in process `syz.7.5125'. [ 530.111694][T17239] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 530.614484][T17255] loop9: detected capacity change from 0 to 7 [ 530.616584][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.616714][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.616828][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.616937][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.617079][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.617214][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.617321][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.617403][T17255] ldm_validate_partition_table(): Disk read failed. [ 530.617451][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.617562][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.618456][T17255] Buffer I/O error on dev loop9, logical block 0, async page read [ 530.618630][T17255] Dev loop9: unable to read RDB block 0 [ 530.618954][T17255] loop9: unable to read partition table [ 530.619193][T17255] loop9: partition table beyond EOD, truncated [ 530.619211][T17255] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 530.619211][T17255] ) failed (rc=-5) [ 530.862105][T17265] netlink: 277 bytes leftover after parsing attributes in process `syz.5.5149'. [ 532.480135][ C0] syz_tun: tun_net_xmit 70 [ 532.705728][T17318] ip6gretap1: entered allmulticast mode [ 533.774330][ T37] audit: type=1326 audit(1759086702.080:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17334 comm="syz.0.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7fc00000 [ 533.774657][ T37] audit: type=1326 audit(1759086702.080:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17334 comm="syz.0.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3e7948eec9 code=0x7fc00000 [ 533.776575][ T37] audit: type=1326 audit(1759086702.080:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17334 comm="syz.0.5183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7fc00000 [ 534.025558][T17344] sd 0:0:1:0: device reset [ 535.423910][T17391] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5210'. [ 535.449730][T17392] netlink: 'syz.5.5211': attribute type 1 has an invalid length. [ 535.449747][T17392] netlink: 208 bytes leftover after parsing attributes in process `syz.5.5211'. [ 535.449760][T17392] netlink: 'syz.5.5211': attribute type 1 has an invalid length. [ 535.464000][T17391] vlan3: entered promiscuous mode [ 535.464021][T17391] gretap0: entered promiscuous mode [ 535.466569][T17392] netlink: 'syz.5.5211': attribute type 2 has an invalid length. [ 535.592338][ T5947] Process accounting resumed [ 536.308152][T17419] netlink: 'syz.4.5224': attribute type 2 has an invalid length. [ 536.308174][T17419] netlink: 1184 bytes leftover after parsing attributes in process `syz.4.5224'. [ 536.503043][T17423] tipc: Resetting bearer [ 536.744965][T17433] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check. [ 536.787254][T17436] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5232'. [ 537.835503][T17464] sctp: [Deprecated]: syz.5.5246 (pid 17464) Use of int in max_burst socket option. [ 537.835503][T17464] Use struct sctp_assoc_value instead [ 538.914604][T17499] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5262'. [ 538.914632][T17499] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5262'. [ 539.001358][T17505] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5265'. [ 539.001743][T17499] macvlan3: entered promiscuous mode [ 539.744611][T17519] netlink: 28 bytes leftover after parsing attributes in process `syz.7.5271'. [ 539.744710][T17519] netlink: 7 bytes leftover after parsing attributes in process `syz.7.5271'. [ 540.469523][T17539] bridge_slave_1: entered promiscuous mode [ 540.489196][T17541] netlink: 44 bytes leftover after parsing attributes in process `syz.5.5282'. [ 540.489222][T17541] netlink: 43 bytes leftover after parsing attributes in process `syz.5.5282'. [ 540.489237][T17541] netlink: 'syz.5.5282': attribute type 5 has an invalid length. [ 540.489256][T17541] netlink: 43 bytes leftover after parsing attributes in process `syz.5.5282'. [ 540.621767][T17543] netdevsim netdevsim7: Direct firmware load for . [ 540.621767][T17543] failed with error -2 [ 540.621792][T17543] netdevsim netdevsim7: Falling back to sysfs fallback for: . [ 540.621792][T17543] [ 541.787444][T17564] netlink: 'syz.7.5292': attribute type 2 has an invalid length. [ 541.788368][T17564] netlink: 'syz.7.5292': attribute type 2 has an invalid length. [ 542.714135][T17599] netlink: 16 bytes leftover after parsing attributes in process `syz.6.5309'. [ 542.866115][T17605] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5311'. [ 542.866564][T17601] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5311'. [ 544.705713][T17662] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5338'. [ 545.122171][T17671] xt_l2tp: missing protocol rule (udp|l2tpip) [ 546.306281][T17705] netlink: 16186 bytes leftover after parsing attributes in process `syz.5.5359'. [ 546.649977][ T5926] usb 6-1: new full-speed USB device number 33 using dummy_hcd [ 546.815167][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 546.815200][ T5926] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 546.815238][ T5926] usb 6-1: New USB device found, idVendor=056e, idProduct=00fd, bcdDevice= 0.00 [ 546.815261][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 546.885275][ T5926] usb 6-1: config 0 descriptor?? [ 547.102560][T17717] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 547.102617][T17717] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 547.102667][T17717] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 547.102723][T17717] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 547.102770][T17717] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 547.102820][T17717] comedi comedi3: 8255: I/O port conflict (0x12,4) [ 547.102867][T17717] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 547.102914][T17717] comedi comedi3: 8255: I/O port conflict (0x81,4) [ 547.102962][T17717] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffc,4) [ 547.103012][T17717] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 547.103058][T17717] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4) [ 547.103111][T17717] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 547.103163][T17717] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 547.103208][T17717] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 547.103307][T17717] comedi comedi3: 8255: I/O port conflict (0x8,4) [ 547.103354][T17717] comedi comedi3: 8255: I/O port conflict (0x400009,4) [ 547.103402][T17717] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 547.103450][T17717] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 547.103582][T17717] comedi comedi3: 8255: I/O port conflict (0x80,4) [ 547.342332][ T5926] hid_parser_main: 1 callbacks suppressed [ 547.342355][ T5926] elecom 0003:056E:00FD.0042: unknown main item tag 0x0 [ 547.342390][ T5926] elecom 0003:056E:00FD.0042: unknown main item tag 0x0 [ 547.378479][ T5926] elecom 0003:056E:00FD.0042: hidraw0: USB HID v0.03 Device [HID 056e:00fd] on usb-dummy_hcd.5-1/input0 [ 547.438265][T17719] program syz.6.5366 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 547.501718][ T1232] usb 6-1: USB disconnect, device number 33 [ 547.832541][T17725] fido_id[17725]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 548.876452][T17756] xt_l2tp: missing protocol rule (udp|l2tpip) [ 548.931493][T17758] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 549.108479][T17764] netlink: 64 bytes leftover after parsing attributes in process `syz.5.5384'. [ 549.738365][T17780] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 550.928937][T17809] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5405'. [ 552.625598][ T37] audit: type=1326 audit(1759086720.930:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.5.5422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 552.625653][ T37] audit: type=1326 audit(1759086720.930:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.5.5422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 552.813573][ T37] audit: type=1326 audit(1759086721.120:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.5.5422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f819941af79 code=0x7ffc0000 [ 552.813622][ T37] audit: type=1326 audit(1759086721.120:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.5.5422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 552.813661][ T37] audit: type=1326 audit(1759086721.120:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17840 comm="syz.5.5422" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 552.816777][ T37] audit: type=1326 audit(1759086721.120:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17848 comm="syz.0.5425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 552.817421][ T37] audit: type=1326 audit(1759086721.120:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17848 comm="syz.0.5425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 552.817773][ T37] audit: type=1326 audit(1759086721.120:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17848 comm="syz.0.5425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 552.817904][ T37] audit: type=1326 audit(1759086721.120:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17848 comm="syz.0.5425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 552.818334][ T37] audit: type=1326 audit(1759086721.120:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17848 comm="syz.0.5425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=74 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 553.104054][T17854] netlink: 36 bytes leftover after parsing attributes in process `syz.5.5427'. [ 553.605925][T17869] netlink: 'syz.5.5434': attribute type 3 has an invalid length. [ 553.605947][T17869] netlink: 666 bytes leftover after parsing attributes in process `syz.5.5434'. [ 553.878688][T17873] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5437'. [ 553.878720][T17873] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 554.630430][ T5926] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 554.790068][ T5926] usb 6-1: Using ep0 maxpacket: 8 [ 554.797560][ T5926] usb 6-1: config 2 has an invalid interface number: 31 but max is 0 [ 554.797587][ T5926] usb 6-1: config 2 has no interface number 0 [ 554.797636][ T5926] usb 6-1: config 2 interface 31 has no altsetting 0 [ 554.805536][ T5926] usb 6-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 554.805564][ T5926] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.805584][ T5926] usb 6-1: Product: syz [ 554.805597][ T5926] usb 6-1: Manufacturer: syz [ 554.805609][ T5926] usb 6-1: SerialNumber: syz [ 555.513571][ T5926] ch9200 6-1:2.31: probe with driver ch9200 failed with error -22 [ 555.534463][ T5926] usb 6-1: USB disconnect, device number 34 [ 557.810797][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 557.810815][ T37] audit: type=1326 audit(1759086726.120:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17937 comm="syz.0.5466" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3e7948eec9 code=0x0 [ 557.888347][T17944] netlink: 48 bytes leftover after parsing attributes in process `syz.6.5469'. [ 558.709729][T17962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5477'. [ 558.709750][T17962] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5477'. [ 558.739080][T17962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5477'. [ 558.739101][T17962] netlink: 'syz.0.5477': attribute type 5 has an invalid length. [ 560.694669][ T37] audit: type=1326 audit(1759086728.990:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 560.694966][ T37] audit: type=1326 audit(1759086729.000:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 560.743468][ T37] audit: type=1326 audit(1759086729.000:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 560.744215][ T37] audit: type=1326 audit(1759086729.050:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 560.744677][ T37] audit: type=1326 audit(1759086729.050:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 560.744921][ T37] audit: type=1326 audit(1759086729.050:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18002 comm="syz.0.5498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e7948eec9 code=0x7ffc0000 [ 561.018131][T18009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5500'. [ 562.372706][ T5160] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 562.398212][ T5160] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 562.402907][ T5160] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 562.415308][ T5160] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 562.420200][ T5160] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 562.684225][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.196435][T18052] netlink: 196 bytes leftover after parsing attributes in process `syz.5.5520'. [ 563.210012][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.409441][T18059] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 564.052607][ T57] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.551382][ T57] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.561509][ T5160] Bluetooth: hci1: command tx timeout [ 565.124458][ T57] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.288605][T18092] mkiss: ax0: crc mode is auto. [ 565.658001][ T57] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 565.974610][T18132] delete_channel: no stack [ 566.108873][T18133] netlink: 'syz.4.5558': attribute type 1 has an invalid length. [ 566.213597][T18139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5563'. [ 566.447431][T18031] chnl_net:caif_netlink_parms(): no params data found [ 566.525545][T18151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5566'. [ 566.640252][ T5160] Bluetooth: hci1: command tx timeout [ 567.570214][ T57] bridge_slave_1: left allmulticast mode [ 567.570246][ T57] bridge_slave_1: left promiscuous mode [ 567.570518][ T57] bridge0: port 2(bridge_slave_1) entered disabled state [ 567.691553][ T57] bridge_slave_0: left allmulticast mode [ 567.691592][ T57] bridge_slave_0: left promiscuous mode [ 567.691897][ T57] bridge0: port 1(bridge_slave_0) entered disabled state [ 567.940059][T16477] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 568.092569][T16477] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 568.092602][T16477] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 568.092640][T16477] usb 6-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 568.092663][T16477] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.098808][T16477] usb 6-1: config 0 descriptor?? [ 568.253808][ C0] vkms_vblank_simulate: vblank timer overrun [ 568.534587][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534624][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534652][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534679][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534705][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534732][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.534856][T16477] cypress 0003:04B4:0001.0043: unknown main item tag 0x0 [ 568.606877][T16477] cypress 0003:04B4:0001.0043: hidraw0: USB HID v0.00 Device [HID 04b4:0001] on usb-dummy_hcd.5-1/input0 [ 568.720028][ T5160] Bluetooth: hci1: command tx timeout [ 568.752907][T16477] usb 6-1: USB disconnect, device number 35 [ 568.780475][T18206] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 568.786863][T18204] fido_id[18204]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory [ 570.520833][ T10] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 570.672078][ T10] usb 6-1: config 0 has an invalid interface number: 176 but max is 0 [ 570.672105][ T10] usb 6-1: config 0 has no interface number 0 [ 570.672152][ T10] usb 6-1: config 0 interface 176 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.672178][ T10] usb 6-1: config 0 interface 176 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.672214][ T10] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 570.672237][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.733490][ T10] usb 6-1: config 0 descriptor?? [ 570.810484][ T5160] Bluetooth: hci1: command tx timeout [ 570.881455][ T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 570.951144][ T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 570.999126][ T57] bond0 (unregistering): Released all slaves [ 571.209140][ T10] uclogic 0003:256C:006D.0044: interface is invalid, ignoring [ 571.259993][T18031] bridge0: port 1(bridge_slave_0) entered blocking state [ 571.260164][T18031] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.260395][T18031] bridge_slave_0: entered allmulticast mode [ 571.263136][T18031] bridge_slave_0: entered promiscuous mode [ 571.266121][T18031] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.266256][T18031] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.266441][T18031] bridge_slave_1: entered allmulticast mode [ 571.269141][T18031] bridge_slave_1: entered promiscuous mode [ 571.309793][T18242] netlink: 'syz.6.5608': attribute type 5 has an invalid length. [ 571.477132][ T5926] usb 6-1: USB disconnect, device number 36 [ 572.315982][T18031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 572.329603][T18031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 572.909295][T18031] team0: Port device team_slave_0 added [ 572.935088][T18031] team0: Port device team_slave_1 added [ 573.321718][ T57] hsr_slave_0: left promiscuous mode [ 573.367269][ T57] hsr_slave_1: left promiscuous mode [ 573.368183][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 573.368211][ T57] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 573.423863][ T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 573.423893][ T57] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 573.629075][ T57] veth1_macvtap: left promiscuous mode [ 573.629191][ T57] veth0_macvtap: left promiscuous mode [ 573.629498][ T57] veth1_vlan: left promiscuous mode [ 573.629712][ T57] veth0_vlan: left promiscuous mode [ 574.156666][T16477] kernel write not supported for file /sg0 (pid: 16477 comm: kworker/1:4) [ 574.775838][T18293] Falling back ldisc for ptm0. [ 574.875427][T18305] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5637'. [ 574.875448][T18305] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5637'. [ 575.148692][T18309] vivid-004: disconnect [ 575.152212][T18308] vivid-004: reconnect [ 577.072001][ T57] team0 (unregistering): Port device team_slave_1 removed [ 577.350800][ T57] team0 (unregistering): Port device team_slave_0 removed [ 579.830999][T18031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 579.831011][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 579.831025][T18031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 580.061611][T18330] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3) [ 580.061637][T18330] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 580.062052][T18330] vhci_hcd vhci_hcd.0: Device attached [ 580.123465][T18031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 580.123481][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 580.123507][T18031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 580.250545][ T10] vhci_hcd: vhci_device speed not set [ 580.310008][ T10] usb 43-1: new full-speed USB device number 3 using vhci_hcd [ 580.330024][ T1232] usb 6-1: new low-speed USB device number 37 using dummy_hcd [ 580.482555][ T1232] usb 6-1: config 0 has no interfaces? [ 580.482593][ T1232] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 580.482618][ T1232] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.514888][ T1232] usb 6-1: config 0 descriptor?? [ 580.723963][ T1232] usb 6-1: USB disconnect, device number 37 [ 580.730243][T18331] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 580.742829][ T1453] vhci_hcd: stop threads [ 580.742846][ T1453] vhci_hcd: release socket [ 580.742916][ T1453] vhci_hcd: disconnect device [ 580.836717][T18031] hsr_slave_0: entered promiscuous mode [ 580.848150][T18031] hsr_slave_1: entered promiscuous mode [ 581.165117][T18359] vlan3: entered allmulticast mode [ 581.165138][T18359] bridge_slave_0: entered allmulticast mode [ 582.698118][T18031] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 582.755552][T18031] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 582.980695][T18031] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 583.043726][ T989] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 583.045372][T18031] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 583.195602][ T989] usb 6-1: Using ep0 maxpacket: 16 [ 583.203041][ T989] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 583.203072][ T989] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 583.203094][ T989] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 583.203135][ T989] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 583.203157][ T989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.216958][ T989] usb 6-1: config 0 descriptor?? [ 583.634818][ T989] microsoft 0003:045E:07DA.0045: report is too long [ 583.634853][ T989] microsoft 0003:045E:07DA.0045: item 0 4 0 8 parsing failed [ 583.635704][ T989] microsoft 0003:045E:07DA.0045: parse failed [ 583.644410][ T989] microsoft 0003:045E:07DA.0045: probe with driver microsoft failed with error -22 [ 583.759448][T18031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 583.815741][T18031] 8021q: adding VLAN 0 to HW filter on device team0 [ 583.834386][T16477] usb 6-1: USB disconnect, device number 38 [ 583.865775][ T4776] bridge0: port 1(bridge_slave_0) entered blocking state [ 583.869476][ T4776] bridge0: port 1(bridge_slave_0) entered forwarding state [ 583.903516][T16783] bridge0: port 2(bridge_slave_1) entered blocking state [ 583.908787][T16783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 584.451825][T18424] netlink: 165 bytes leftover after parsing attributes in process `syz.6.5686'. [ 584.682313][T18031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 584.930247][T18440] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 585.430031][ T10] vhci_hcd: vhci_device speed not set [ 585.793499][T18460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5700'. [ 585.814362][T18460] ip6gretap0: entered promiscuous mode [ 585.830236][T18460] ip6gretap0: left promiscuous mode [ 586.314984][T18031] veth0_vlan: entered promiscuous mode [ 586.361883][T18031] veth1_vlan: entered promiscuous mode [ 586.428819][T18031] veth0_macvtap: entered promiscuous mode [ 586.443439][T18031] veth1_macvtap: entered promiscuous mode [ 586.498555][T18031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 586.546472][T18031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 586.610015][ T1423] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.616806][ T1423] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.617336][ T1423] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 586.618068][ T1423] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 587.150303][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.150324][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.224254][ T1453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 587.224273][ T1453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 587.490149][T18503] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5718'. [ 588.136973][T18522] 9pnet_rdma: rdma_create_trans (18522): problem binding to privport: 13 [ 589.106931][T18554] netlink: 32 bytes leftover after parsing attributes in process `syz.8.5741'. [ 590.502542][T18603] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5765'. [ 590.883333][ T5842] Bluetooth: hci0: command 0x0405 tx timeout [ 591.333606][T18625] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5775'. [ 592.709993][ T5919] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 592.865952][ T5919] usb 6-1: Using ep0 maxpacket: 16 [ 592.874202][ T5919] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 592.874257][ T5919] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 592.874282][ T5919] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 592.874304][ T5919] usb 6-1: config 0 interface 0 has no altsetting 0 [ 592.874335][ T5919] usb 6-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 592.874357][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 592.907882][ T5919] usb 6-1: config 0 descriptor?? [ 593.377765][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377804][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377832][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377859][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377886][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377912][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377939][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377966][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.377993][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.378020][ T5919] kye 0003:0458:0153.0046: unknown main item tag 0x0 [ 593.460560][ T5919] kye 0003:0458:0153.0046: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.5-1/input0 [ 593.560035][ T5919] usb 6-1: USB disconnect, device number 39 [ 594.986393][T18711] netlink: 'syz.8.5815': attribute type 10 has an invalid length. [ 595.035380][T18711] team0: Port device dummy0 added [ 595.054122][T18711] netlink: 'syz.8.5815': attribute type 10 has an invalid length. [ 595.145631][T18711] team0: Port device dummy0 removed [ 595.159322][T18711] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 595.851577][T18732] gretap0: entered promiscuous mode [ 595.851741][T18732] vlan4: entered promiscuous mode [ 596.383669][T18746] netlink: 'syz.6.5832': attribute type 322 has an invalid length. [ 596.498118][T18752] bridge0: port 3(syz_tun) entered blocking state [ 596.511346][T18752] bridge0: port 3(syz_tun) entered disabled state [ 596.512227][T18752] syz_tun: entered allmulticast mode [ 596.518979][T18752] syz_tun: entered promiscuous mode [ 596.548919][T18752] bridge0: port 3(syz_tun) entered blocking state [ 596.549106][T18752] bridge0: port 3(syz_tun) entered forwarding state [ 597.290255][ T5926] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 597.427060][T18783] futex_wake_op: syz.5.5850 tries to shift op by -1; fix this program [ 597.443112][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 597.443155][ T5926] usb 9-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 597.443177][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 597.459599][ T5926] usb 9-1: config 0 descriptor?? [ 597.927955][T18798] xt_socket: unknown flags 0x40 [ 598.100142][T18802] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5858'. [ 598.100179][T18802] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5858'. [ 598.131569][ T45] usb 9-1: USB disconnect, device number 2 [ 599.640374][ T5919] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 599.802629][ T5919] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 599.802660][ T5919] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 599.802684][ T5919] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121 [ 599.805679][ T5919] usb 9-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 599.805704][ T5919] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 599.805723][ T5919] usb 9-1: Product: syz [ 599.805737][ T5919] usb 9-1: Manufacturer: syz [ 599.805750][ T5919] usb 9-1: SerialNumber: syz [ 599.946584][ T5919] usb 9-1: config 0 descriptor?? [ 599.947356][T18837] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 599.947479][T18837] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 599.979892][ T5919] usb 9-1: ucan: probing device on interface #0 [ 600.606057][ T5919] ucan 9-1:0.0: probe with driver ucan failed with error -71 [ 600.658682][ T5919] usb 9-1: USB disconnect, device number 3 [ 601.352402][T18890] bad cache= option: no%e [ 601.352402][T18890] [ 601.352955][T18890] CIFS: VFS: bad cache= option: no%e [ 602.591830][T18889] syz.0.5900 (18889): drop_caches: 2 [ 602.639999][ T5842] Bluetooth: hci1: command 0x0405 tx timeout [ 603.053282][T18930] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5919'. [ 603.428736][T18936] use of bytesused == 0 is deprecated and will be removed in the future, [ 603.428752][T18936] use the actual size instead. [ 603.883880][T18945] netlink: 8 bytes leftover after parsing attributes in process `syz.8.5927'. [ 603.998534][T18948] overlayfs: missing 'workdir' [ 605.240082][ T5919] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 605.414173][ T5919] usb 9-1: Using ep0 maxpacket: 16 [ 605.416841][ T5919] usb 9-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 605.416873][ T5919] usb 9-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 605.416895][ T5919] usb 9-1: config 0 interface 0 has no altsetting 0 [ 605.416935][ T5919] usb 9-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00 [ 605.416957][ T5919] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.428753][ T5919] usb 9-1: config 0 descriptor?? [ 605.872304][ T5919] holtek_kbd 0003:04D9:A055.0048: hidraw0: USB HID v0.00 Device [HID 04d9:a055] on usb-dummy_hcd.8-1/input0 [ 606.048704][T16477] usb 9-1: USB disconnect, device number 4 [ 606.801104][T19035] gtp0: entered promiscuous mode [ 607.087618][T19042] binder: 19041:19042 ioctl c0306201 2000000003c0 returned -22 [ 607.335879][T19050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5976'. [ 607.335920][T19050] netlink: 'syz.4.5976': attribute type 8 has an invalid length. [ 607.549979][ T5926] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 607.699984][ T5926] usb 9-1: Using ep0 maxpacket: 32 [ 607.702931][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 607.702961][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 607.702998][ T5926] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00 [ 607.703021][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 607.757152][ T5926] usb 9-1: config 0 descriptor?? [ 608.094221][ T37] audit: type=1326 audit(1759086776.400:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19063 comm="syz.5.5983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 608.094280][ T37] audit: type=1326 audit(1759086776.400:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19063 comm="syz.5.5983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 608.096096][ T37] audit: type=1326 audit(1759086776.400:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19063 comm="syz.5.5983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=428 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 608.096253][ T37] audit: type=1326 audit(1759086776.400:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19063 comm="syz.5.5983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 608.096390][ T37] audit: type=1326 audit(1759086776.400:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19063 comm="syz.5.5983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f819947eec9 code=0x7ffc0000 [ 608.223166][ T5926] koneplus 0003:1E7D:2D51.0049: item fetching failed at offset 1/5 [ 608.223984][ T5926] koneplus 0003:1E7D:2D51.0049: parse failed [ 608.224053][ T5926] koneplus 0003:1E7D:2D51.0049: probe with driver koneplus failed with error -22 [ 608.419972][ T10] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 608.420268][ T5926] usb 9-1: USB disconnect, device number 5 [ 608.592359][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 608.592404][ T10] usb 6-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00 [ 608.592424][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.597742][ T10] usb 6-1: config 0 descriptor?? [ 608.598172][T19074] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 609.035671][ T10] kye 0003:0458:501B.004A: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 609.055172][ T10] kye 0003:0458:501B.004A: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.5-1/input0 [ 609.055204][ T10] kye 0003:0458:501B.004A: tablet-enabling feature report not found [ 609.055218][ T10] kye 0003:0458:501B.004A: tablet enabling failed [ 609.235496][ T5919] usb 6-1: USB disconnect, device number 40 [ 609.430159][ T10] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 609.588816][ T10] usb 9-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 609.588851][ T10] usb 9-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid wMaxPacketSize 0 [ 609.588874][ T10] usb 9-1: config 0 interface 0 has no altsetting 0 [ 609.633472][ T10] usb 9-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3 [ 609.633504][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.633525][ T10] usb 9-1: Product: syz [ 609.633539][ T10] usb 9-1: Manufacturer: syz [ 609.633553][ T10] usb 9-1: SerialNumber: syz [ 609.648755][ T10] usb 9-1: config 0 descriptor?? [ 609.697644][ T10] keyspan 9-1:0.0: Keyspan 2 port adapter converter detected [ 609.698716][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 7 [ 609.718651][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 81 [ 609.718745][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 1 [ 609.718828][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 2 [ 609.718912][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 85 [ 609.719022][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 5 [ 609.738897][ T10] usb 9-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 609.751836][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 83 [ 609.751933][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 3 [ 609.752013][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 4 [ 609.752090][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 86 [ 609.752168][ T10] keyspan 9-1:0.0: found no endpoint descriptor for endpoint 6 [ 609.773688][ T10] usb 9-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 609.936594][T19091] bridge0: port 2(bridge_slave_1) entered disabled state [ 609.943625][T19091] bridge0: port 1(bridge_slave_0) entered disabled state [ 609.944777][ T5919] usb 9-1: USB disconnect, device number 6 [ 609.983958][ T5919] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 610.010617][ T5919] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 610.011539][ T5919] keyspan 9-1:0.0: device disconnected [ 611.102264][ T37] audit: type=1326 audit(1759086779.400:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19117 comm="syz.8.6009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa2cbbeec9 code=0x7ffc0000 [ 611.106271][ T37] audit: type=1326 audit(1759086779.410:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19117 comm="syz.8.6009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faa2cbbd710 code=0x7ffc0000 [ 611.106321][ T37] audit: type=1326 audit(1759086779.410:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19117 comm="syz.8.6009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa2cbbeec9 code=0x7ffc0000 [ 611.106364][ T37] audit: type=1326 audit(1759086779.410:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19117 comm="syz.8.6009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa2cbbeec9 code=0x7ffc0000 [ 611.112421][ T37] audit: type=1326 audit(1759086779.420:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19117 comm="syz.8.6009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7faa2cbbeec9 code=0x7ffc0000 [ 612.119573][T19149] netlink: 12 bytes leftover after parsing attributes in process `syz.6.6023'. [ 612.132288][T19150] netlink: 'syz.8.6024': attribute type 2 has an invalid length. [ 612.789142][T19174] netlink: 19 bytes leftover after parsing attributes in process `syz.0.6034'. [ 612.849543][T19176] hsr0: entered promiscuous mode [ 612.851789][T19176] macsec1: entered promiscuous mode [ 613.221308][T19183] netlink: 'syz.6.6039': attribute type 27 has an invalid length. [ 613.783058][T19202] netlink: 36 bytes leftover after parsing attributes in process `syz.0.6047'. [ 614.986870][T19241] IPVS: Error connecting to the multicast addr [ 615.549720][T19265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6079'. [ 615.760972][T19269] [U]  [ 615.760987][T19269] [U] K{ [ 615.760996][T19269] [U] t 1ŠFfˊ`GJgo/mC [ 615.761021][T19269] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 615.761042][T19269] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 615.761074][T19269] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 615.761129][T19269] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 615.761154][T19269] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 615.761171][T19269] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 615.761196][T19269] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 615.761328][T19269] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 615.761344][T19269] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 615.761358][T19269] [U] 22Ʃx?0;3u [ 615.761379][T19269] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 615.761404][T19269] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 615.761418][T19269] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 615.761430][T19269] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 615.761445][T19269] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 615.761457][T19269] [U] ec [ 615.761469][T19269] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 615.762860][T19268] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 616.076897][T19277] overlayfs: missing 'lowerdir' [ 616.087918][T19278] [U] V3Fپ"S/4:XTZWTLW= [ 616.118326][T19278] [U] J"E:" [ 616.703100][T19296] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 617.041121][T19309] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 617.041138][T19309] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 617.041148][T19309] overlayfs: missing 'lowerdir' [ 617.663604][T19332] netlink: 'syz.6.6110': attribute type 10 has an invalid length. [ 617.709386][T19332] team0: Port device dummy0 added [ 617.744884][T19332] netlink: 'syz.6.6110': attribute type 10 has an invalid length. [ 617.803247][T19332] team0: Port device dummy0 removed [ 617.807663][T19332] dummy0: entered allmulticast mode [ 617.827061][T19332] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 619.098013][T19368] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 619.098878][T19368] team0: Device ipvlan2 is already an upper device of the team interface [ 619.737961][T19386] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 620.566958][T19418] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6153'. [ 620.646480][T19420] gtp0: entered promiscuous mode [ 620.883585][T19430] ALSA: mixer_oss: invalid OSS volume '' [ 621.048588][T19434] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 621.709943][ T10] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 621.776965][T19461] netlink: 'syz.0.6174': attribute type 58 has an invalid length. [ 621.776988][T19461] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6174'. [ 621.794930][ T5926] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 621.901982][ T10] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.902015][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 621.902047][ T10] usb 6-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00 [ 621.902070][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 621.946288][ T10] usb 6-1: config 0 descriptor?? [ 621.949961][ T5926] usb 9-1: Using ep0 maxpacket: 8 [ 621.957504][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 621.957549][ T5926] usb 9-1: New USB device found, idVendor=044f, idProduct=b654, bcdDevice= 0.00 [ 621.957571][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.014234][ T5926] usb 9-1: config 0 descriptor?? [ 622.439707][ T10] nti 0003:0757:0A00.004B: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.5-1/input0 [ 622.467336][ T5926] thrustmaster 0003:044F:B654.004C: item fetching failed at offset 0/2 [ 622.493421][ T5926] thrustmaster 0003:044F:B654.004C: parse failed [ 622.493496][ T5926] thrustmaster 0003:044F:B654.004C: probe with driver thrustmaster failed with error -22 [ 622.593575][ T5926] usb 6-1: USB disconnect, device number 41 [ 622.660564][ T10] usb 9-1: USB disconnect, device number 7 [ 622.738624][T19473] fido_id[19473]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 623.343071][T19486] sctp: [Deprecated]: syz.0.6185 (pid 19486) Use of int in max_burst socket option. [ 623.343071][T19486] Use struct sctp_assoc_value instead [ 623.445548][T19490] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6188'. [ 623.445578][T19490] netlink: 4 bytes leftover after parsing attributes in process `syz.8.6188'. [ 623.446064][T19490] dummy0: Device is already in use. [ 624.268144][T19526] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6205'. [ 624.654646][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.704903][T19545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6213'. [ 625.019989][ T45] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 625.169975][ T45] usb 6-1: Using ep0 maxpacket: 8 [ 625.175042][ T45] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 625.175091][ T45] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b09, bcdDevice= 0.00 [ 625.175114][ T45] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.229983][ T45] usb 6-1: config 0 descriptor?? [ 625.691294][ T45] corsair 0003:1B1C:1B09.004D: unbalanced collection at end of report description [ 625.692176][ T45] corsair 0003:1B1C:1B09.004D: parse failed [ 625.692276][ T45] corsair 0003:1B1C:1B09.004D: probe with driver corsair failed with error -22 [ 625.800840][T19583] xt_HMARK: spi-set and port-set can't be combined [ 625.874745][ T5926] usb 6-1: USB disconnect, device number 42 [ 626.126935][T19595] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 626.126935][T19595] The task syz.6.6236 (19595) triggered the difference, watch for misbehavior. [ 626.209980][ T989] usb 9-1: new full-speed USB device number 8 using dummy_hcd [ 626.363263][ T989] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 626.363290][ T989] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 626.363341][ T989] usb 9-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 626.363364][ T989] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 626.369073][ T989] usb 9-1: config 0 descriptor?? [ 626.384786][ T989] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 626.384841][ T989] dvb-usb: bulk message failed: -22 (3/0) [ 626.395300][ T989] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 626.397199][ T989] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 626.397258][ T989] usb 9-1: media controller created [ 626.408880][ T989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 626.430628][ T989] dvb-usb: bulk message failed: -22 (6/0) [ 626.430805][ T989] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 626.442451][ T989] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.8/usb9/9-1/input/input32 [ 626.448304][ T989] dvb-usb: schedule remote query interval to 150 msecs. [ 626.448323][ T989] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 626.540301][T19599] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (1024) [ 626.540326][T19599] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023 [ 626.600465][ T10] dvb-usb: bulk message failed: -22 (1/0) [ 626.600497][ T10] dvb-usb: error while querying for an remote control event. [ 626.649574][ T10] usb 9-1: USB disconnect, device number 8 [ 626.774364][ T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 627.310264][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 627.310282][ T37] audit: type=1326 audit(1759086795.620:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19611 comm="syz.5.6247" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f819947eec9 code=0x0 [ 628.969961][ T989] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 629.122732][ T989] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 629.122782][ T989] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 629.122806][ T989] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.129290][ T989] usb 9-1: config 0 descriptor?? [ 629.637794][ T989] lua 0003:1E7D:2C2E.004E: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.8-1/input0 [ 629.820589][ T5926] usb 9-1: USB disconnect, device number 9 [ 629.959524][T19674] fido_id[19674]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 630.074247][T19682] netlink: 140 bytes leftover after parsing attributes in process `syz.5.6278'. [ 630.074307][T19682] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6278'. [ 630.074322][T19682] netlink: 5 bytes leftover after parsing attributes in process `syz.5.6278'. [ 630.389097][ T45] kernel write not supported for file /uinput (pid: 45 comm: kworker/1:1) [ 631.651069][ T989] usb 9-1: new low-speed USB device number 10 using dummy_hcd [ 631.803380][ T989] usb 9-1: config index 0 descriptor too short (expected 6427, got 27) [ 631.803410][ T989] usb 9-1: config 0 has an invalid interface number: 21 but max is 0 [ 631.803429][ T989] usb 9-1: config 0 has no interface number 0 [ 631.803484][ T989] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 631.803507][ T989] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 631.803544][ T989] usb 9-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 631.803565][ T989] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.809153][ T989] usb 9-1: config 0 descriptor?? [ 632.447560][ T989] usb 9-1: USB disconnect, device number 10 [ 632.496077][T19752] netlink: 16 bytes leftover after parsing attributes in process `syz.6.6310'. [ 635.495096][T19837] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6351'. [ 637.076332][ T5842] Bluetooth: hci4: unexpected event for opcode 0x2042 [ 637.209901][ T45] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 637.360009][ T45] usb 9-1: Using ep0 maxpacket: 16 [ 637.363621][ T45] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 637.363647][ T45] usb 9-1: config 0 has no interface number 0 [ 637.363696][ T45] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 637.363721][ T45] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 637.363743][ T45] usb 9-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 637.363784][ T45] usb 9-1: New USB device found, idVendor=04d9, idProduct=a072, bcdDevice= 0.00 [ 637.363807][ T45] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 637.467641][ T45] usb 9-1: config 0 descriptor?? [ 637.800716][T19903] netlink: 209840 bytes leftover after parsing attributes in process `syz.5.6380'. [ 637.900556][ T45] holtek_mouse 0003:04D9:A072.004F: item fetching failed at offset 3/4 [ 637.901971][ T45] holtek_mouse 0003:04D9:A072.004F: hid parse failed: -22 [ 637.902046][ T45] holtek_mouse 0003:04D9:A072.004F: probe with driver holtek_mouse failed with error -22 [ 638.093599][ T45] usb 9-1: USB disconnect, device number 11 [ 638.231386][T19915] netlink: 5 bytes leftover after parsing attributes in process `syz.4.6385'. [ 638.231512][T19915] 0{X: renamed from gretap0 [ 638.262404][T19915] 0{X: entered allmulticast mode [ 638.265166][T19915] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 639.733750][T19953] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6403'. [ 639.993113][T19960] netlink: 36 bytes leftover after parsing attributes in process `syz.5.6409'. [ 640.905655][T19984] netlink: 'syz.4.6419': attribute type 1 has an invalid length. [ 641.124111][ T5160] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 641.124308][ T5160] Bluetooth: hci4: Injecting HCI hardware error event [ 641.129410][ T5160] Bluetooth: hci4: hardware error 0x00 [ 641.993621][T20019] netlink: 24 bytes leftover after parsing attributes in process `syz.6.6434'. [ 643.280042][ T5160] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 643.551341][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.948809][T20063] netlink: 'syz.5.6456': attribute type 83 has an invalid length. [ 644.399001][T20071] netlink: 8 bytes leftover after parsing attributes in process `syz.8.6460'. [ 644.929971][ T5926] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 645.090123][ T5926] usb 9-1: Using ep0 maxpacket: 16 [ 645.092452][ T5926] usb 9-1: config 0 interface 0 has no altsetting 0 [ 645.092491][ T5926] usb 9-1: New USB device found, idVendor=05ac, idProduct=0250, bcdDevice= 0.00 [ 645.092512][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.148507][ T5926] usb 9-1: config 0 descriptor?? [ 645.581340][ T5926] hid_parser_main: 1235 callbacks suppressed [ 645.581363][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581397][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581423][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581449][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581475][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581499][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581526][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581552][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581578][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.581604][ T5926] apple 0003:05AC:0250.0050: unknown main item tag 0x0 [ 645.582330][ T5926] apple 0003:05AC:0250.0050: reserved main item tag 0xe [ 645.582361][ T5926] apple 0003:05AC:0250.0050: ignoring exceeding usage max [ 645.583937][ T5926] apple 0003:05AC:0250.0050: unknown global tag 0xe [ 645.583954][ T5926] apple 0003:05AC:0250.0050: item 0 2 1 14 parsing failed [ 645.697041][ T5926] apple 0003:05AC:0250.0050: parse failed [ 645.697164][ T5926] apple 0003:05AC:0250.0050: probe with driver apple failed with error -22 [ 645.766754][T20099] vivid-001: disconnect [ 645.767391][T20098] vivid-001: reconnect [ 645.798523][ T5926] usb 9-1: USB disconnect, device number 12 [ 647.200631][T20147] netlink: 'syz.8.6497': attribute type 41 has an invalid length. [ 647.755437][T20173] program syz.6.6508 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 649.265020][ T5926] usb 9-1: new full-speed USB device number 13 using dummy_hcd [ 649.478832][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 649.478865][ T5926] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 649.478903][ T5926] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 649.478925][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.578314][ T5926] usb 9-1: config 0 descriptor?? [ 650.215212][ T5926] isku 0003:1E7D:319C.0051: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.8-1/input0 [ 650.239168][ T5926] isku 0003:1E7D:319C.0051: couldn't init struct isku_device [ 650.239224][ T5926] isku 0003:1E7D:319C.0051: couldn't install keyboard [ 650.244952][ T5926] isku 0003:1E7D:319C.0051: probe with driver isku failed with error -71 [ 650.328343][ T5926] usb 9-1: USB disconnect, device number 13 [ 650.895618][T20230] fido_id[20230]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 651.298901][T20239] netlink: 'syz.5.6542': attribute type 1 has an invalid length. [ 653.039807][ C0] sched: DL replenish lagged too much [ 653.373465][T20274] program syz.6.6559 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 665.619880][ C0] syz_tun: tun_net_xmit 70 [ 667.686557][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 667.707541][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 667.709005][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 667.730939][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 667.747152][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 669.840071][ T5160] Bluetooth: hci5: command tx timeout [ 670.154792][T20284] chnl_net:caif_netlink_parms(): no params data found [ 670.365958][ T5842] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 670.395171][ T5842] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 670.396677][ T5842] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 670.410105][ T5842] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 670.423363][ T5842] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 670.663206][ T5842] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 670.667594][ T5842] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 670.686044][ T5842] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 670.687368][ T5842] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 670.689636][ T5842] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 671.118541][ T5842] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 671.143477][ T5842] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 671.145017][ T5842] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 671.146195][ T5842] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 671.147268][ T5842] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 671.322580][ T5160] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 671.346168][ T5160] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 671.347666][ T5160] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 671.349287][ T5160] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 671.381807][ T5160] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 671.920042][ T5842] Bluetooth: hci5: command tx timeout [ 672.564387][ T5842] Bluetooth: hci6: command tx timeout [ 672.802302][ T5842] Bluetooth: hci7: command tx timeout [ 673.200060][ T5842] Bluetooth: hci8: command tx timeout [ 673.440022][ T5842] Bluetooth: hci9: command tx timeout [ 674.000069][ T5842] Bluetooth: hci5: command tx timeout [ 674.641359][ T5842] Bluetooth: hci6: command tx timeout [ 674.890026][ T5842] Bluetooth: hci7: command tx timeout [ 675.280403][ T5842] Bluetooth: hci8: command tx timeout [ 675.520021][ T5842] Bluetooth: hci9: command tx timeout [ 676.080060][ T5842] Bluetooth: hci5: command tx timeout [ 676.720779][ T5842] Bluetooth: hci6: command tx timeout [ 676.961232][ T5842] Bluetooth: hci7: command tx timeout [ 677.360169][ T5842] Bluetooth: hci8: command tx timeout [ 677.600316][ T5842] Bluetooth: hci9: command tx timeout [ 678.810563][ T5842] Bluetooth: hci6: command tx timeout [ 679.040666][ T5842] Bluetooth: hci7: command tx timeout [ 679.440080][ T5842] Bluetooth: hci8: command tx timeout [ 679.680969][ T5842] Bluetooth: hci9: command tx timeout [ 686.110967][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 688.170231][ T5842] Bluetooth: hci1: command 0x0405 tx timeout [ 728.798912][T20308] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 728.822088][T20308] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 728.823639][T20308] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 728.825206][T20308] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 728.826664][T20308] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 731.468178][T18032] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 731.495330][T18032] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 731.498818][T18032] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 731.519417][T18032] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 731.527726][T18032] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 731.878842][T20322] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 731.903766][T20322] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 731.908792][T20322] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 731.945587][T20322] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 731.970191][T20322] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 731.974868][T20321] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 731.975690][T20321] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 731.978696][T20316] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 732.011736][T20316] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 732.012645][T20316] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 732.377159][T20325] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 732.396331][T20325] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 732.410534][T20325] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 732.412133][T20325] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 732.412935][T20325] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 747.534611][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 790.034497][T20331] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 790.054117][T20331] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 790.058252][T20331] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 790.059486][T20331] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 790.083129][T20331] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 790.800587][T20331] Bluetooth: hci5: command 0x0406 tx timeout [ 792.315754][T20343] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 792.338152][T20343] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 792.339728][T20343] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 792.352697][T20343] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 792.353541][T20343] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 792.489324][T20343] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 792.531490][T20343] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 792.533316][T20343] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 792.535215][T20343] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 792.536029][T20343] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 792.783711][T20345] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1 [ 792.820208][T20345] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9 [ 792.823739][T20345] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9 [ 792.825727][T20345] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4 [ 792.826548][T20345] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2 [ 793.124385][T20350] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1 [ 793.147879][T20350] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9 [ 793.149462][T20350] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9 [ 793.166260][T20350] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4 [ 793.167496][T20350] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2 [ 795.705069][T20354] Bluetooth: hci6: command 0x0406 tx timeout [ 795.705108][T20354] Bluetooth: hci7: command 0x0406 tx timeout [ 795.705133][T20354] Bluetooth: hci8: command 0x0406 tx timeout [ 795.705268][T20354] Bluetooth: hci9: command 0x0406 tx timeout [ 808.971568][ T1325] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.851198][ T38] INFO: task kworker/u8:9:1312 blocked for more than 143 seconds. [ 819.851234][ T38] Not tainted syzkaller #0 [ 819.851245][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.851253][ T38] task:kworker/u8:9 state:D stack:20488 pid:1312 tgid:1312 ppid:2 task_flags:0x4208160 flags:0x00004000 [ 819.851298][ T38] Workqueue: events_unbound linkwatch_event [ 819.851328][ T38] Call Trace: [ 819.851334][ T38] [ 819.851348][ T38] __schedule+0x16f3/0x4c20 [ 819.851402][ T38] ? __pfx___schedule+0x10/0x10 [ 819.851452][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.851480][ T38] rt_mutex_schedule+0x77/0xf0 [ 819.851498][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 819.851763][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 819.851806][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 819.851830][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.851852][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.851885][ T38] ? linkwatch_event+0xe/0x60 [ 819.851910][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 819.851937][ T38] ? linkwatch_event+0xe/0x60 [ 819.851952][ T38] mutex_lock_nested+0x16a/0x1d0 [ 819.851972][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.851996][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 819.852019][ T38] linkwatch_event+0xe/0x60 [ 819.852036][ T38] process_scheduled_works+0xae1/0x17b0 [ 819.852089][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 819.852128][ T38] worker_thread+0x8a0/0xda0 [ 819.852153][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 819.852187][ T38] ? __kthread_parkme+0x7b/0x200 [ 819.852220][ T38] kthread+0x711/0x8a0 [ 819.852248][ T38] ? __pfx_worker_thread+0x10/0x10 [ 819.852269][ T38] ? __pfx_kthread+0x10/0x10 [ 819.852298][ T38] ? __pfx_kthread+0x10/0x10 [ 819.852324][ T38] ret_from_fork+0x436/0x7d0 [ 819.852350][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 819.852378][ T38] ? __switch_to_asm+0x39/0x70 [ 819.852395][ T38] ? __switch_to_asm+0x33/0x70 [ 819.852410][ T38] ? __pfx_kthread+0x10/0x10 [ 819.852436][ T38] ret_from_fork_asm+0x1a/0x30 [ 819.852470][ T38] [ 819.852560][ T38] INFO: task syz-executor:20284 blocked for more than 143 seconds. [ 819.852574][ T38] Not tainted syzkaller #0 [ 819.852583][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.852592][ T38] task:syz-executor state:D stack:18760 pid:20284 tgid:20284 ppid:1 task_flags:0x400140 flags:0x00004004 [ 819.852634][ T38] Call Trace: [ 819.852641][ T38] [ 819.852653][ T38] __schedule+0x16f3/0x4c20 [ 819.852707][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.852731][ T38] ? __pfx___schedule+0x10/0x10 [ 819.852772][ T38] ? schedule+0x91/0x360 [ 819.852798][ T38] schedule+0x165/0x360 [ 819.852824][ T38] schedule_timeout+0x9a/0x270 [ 819.852846][ T38] ? __pfx_schedule_timeout+0x10/0x10 [ 819.852881][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.852905][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.852927][ T38] ? wait_for_completion+0x267/0x5d0 [ 819.852952][ T38] wait_for_completion+0x2bf/0x5d0 [ 819.852990][ T38] ? __pfx_wait_for_completion+0x10/0x10 [ 819.853012][ T38] ? start_poll_synchronize_rcu_common+0x14[ 819.853012][ T38] ? start_poll_synchronize_rcu_common+0x149/0x290 [ 819.853040][ T38] ? __init_swait_queue_head+0xa9/0x150 [ 819.853066][ T38] synchronize_rcu_normal+0x17d/0x260 [ 819.853085][ T38] ? __pfx_synchronize_rcu_normal+0x10/0x10 [ 819.853124][ T38] ? __x64_sys_sendto+0xde/0x100 [ 819.853146][ T38] ? do_syscall_64+0xfa/0x3b0 [ 819.853169][ T38] ? __pfx___might_resched+0x10/0x10 [ 819.853208][ T38] synchronize_rcu_expedited+0x161/0x730 [ 819.853230][ T38] ? __pfx_synchronize_rcu_expedited+0x10/0x10 [ 819.853270][ T38] ? __pfx___might_resched+0x10/0x10 [ 819.853287][ T38] ? net_shaper_set_real_num_tx_queues+0x10e/0x450 [ 819.853324][ T38] ? lockdep_rtnl_is_held+0x26/0x40 [ 819.853348][ T38] netif_set_real_num_tx_queues+0x617/0xaa0 [ 819.853380][ T38] veth_newlink+0x67b/0xa50 [ 819.853407][ T38] ? __pfx_veth_newlink+0x10/0x10 [ 819.853425][ T38] ? alloc_netdev_mqs+0xc94/0x11c0 [ 819.853444][ T38] ? rtnl_newlink_create+0x25c/0xb00 [ 819.853467][ T38] ? rtnl_newlink+0x16d6/0x1c70 [ 819.853487][ T38] ? rtnetlink_rcv_msg+0x7cf/0xb70 [ 819.853508][ T38] ? netlink_unicast+0x843/0xa10 [ 819.853527][ T38] ? netlink_sendmsg+0x805/0xb30 [ 819.853547][ T38] ? __sock_sendmsg+0x21c/0x270 [ 819.853567][ T38] ? do_syscall_64+0xfa/0x3b0 [ 819.853589][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.853669][ T38] ? validate_linkmsg+0x765/0x950 [ 819.853705][ T38] ? __pfx_veth_newlink+0x10/0x10 [ 819.853729][ T38] rtnl_newlink_create+0x310/0xb00 [ 819.853752][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.853775][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.853803][ T38] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 819.853838][ T38] ? bpf_lsm_capable+0x9/0x20 [ 819.853858][ T38] ? security_capable+0x7e/0x2e0 [ 819.853887][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 819.853912][ T38] rtnl_newlink+0x16d6/0x1c70 [ 819.853951][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 819.853983][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.854075][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.854123][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 819.854145][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 819.854167][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.854190][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 819.854212][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 819.854253][ T38] netlink_rcv_skb+0x205/0x470 [ 819.854274][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.854296][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 819.854321][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 819.854356][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 819.854387][ T38] netlink_unicast+0x843/0xa10 [ 819.854418][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 819.854442][ T38] ? netlink_sendmsg+0x642/0xb30 [ 819.854462][ T38] ? skb_put+0x11b/0x210 [ 819.854489][ T38] netlink_sendmsg+0x805/0xb30 [ 819.854521][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 819.854554][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 819.854572][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 819.854596][ T38] __sock_sendmsg+0x21c/0x270 [ 819.854622][ T38] __sys_sendto+0x3c7/0x520 [ 819.854648][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 819.854687][ T38] ? blkcg_maybe_throttle_current+0x1a8/0xbc0 [ 819.854732][ T38] ? rcu_is_watching+0x15/0xb0 [ 819.854762][ T38] __x64_sys_sendto+0xde/0x100 [ 819.854790][ T38] do_syscall_64+0xfa/0x3b0 [ 819.854808][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.854831][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.854848][ T38] ? clear_bhb_loop+0x60/0xb0 [ 819.854870][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.854896][ T38] RIP: 0033:0x7f1ad6370d5c [ 819.854916][ T38] RSP: 002b:00007ffedb8a48d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 819.854935][ T38] RAX: ffffffffffffffda RBX: 00007f1ad70f4620 RCX: 00007f1ad6370d5c [ 819.854948][ T38] RDX: 000000000000002c RSI: 00007f1ad70f4670 RDI: 0000000000000003 [ 819.854961][ T38] RBP: 0000000000000000 R08: 00007ffedb8a4924 R09: 000000000000000c [ 819.854973][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 819.854984][ T38] R13: 0000000000000000 R14: 00007f1ad70f4670 R15: 0000000000000000 [ 819.855015][ T38] [ 819.855023][ T38] INFO: task syz-executor:20297 blocked for more than 143 seconds. [ 819.855036][ T38] Not tainted syzkaller #0 [ 819.855045][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.855054][ T38] task:syz-executor state:D stack:25576 pid:20297 tgid:20297 ppid:1 task_flags:0x400140 flags:0x00004004 [ 819.855097][ T38] Call Trace: [ 819.855102][ T38] [ 819.855114][ T38] __schedule+0x16f3/0x4c20 [ 819.855151][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 819.855173][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 819.855197][ T38] ? kernel_text_address+0xa5/0xe0 [ 819.855220][ T38] ? __pfx___schedule+0x10/0x10 [ 819.855262][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.855290][ T38] rt_mutex_schedule+0x77/0xf0 [ 819.855308][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 819.855329][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 819.855369][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 819.855393][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.855415][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.855448][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 819.855487][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.855509][ T38] mutex_lock_nested+0x16a/0x1d0 [ 819.855529][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.855557][ T38] register_netdevice_notifier_net+0x1a/0xa0 [ 819.855583][ T38] ops_init+0x35c/0x5c0 [ 819.855616][ T38] setup_net+0x10c/0x320 [ 819.855637][ T38] ? copy_net_ns+0x304/0x4d0 [ 819.855660][ T38] ? __pfx_setup_net+0x10/0x10 [ 819.855686][ T38] ? __mutex_rt_init+0x3b/0x50 [ 819.855717][ T38] copy_net_ns+0x31b/0x4d0 [ 819.855744][ T38] create_new_namespaces+0x3f3/0x720 [ 819.855770][ T38] ? security_capable+0x7e/0x2e0 [ 819.855801][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 819.855826][ T38] ksys_unshare+0x4c8/0x8c0 [ 819.855857][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 819.855881][ T38] ? rt_spin_unlock+0x65/0x80 [ 819.855913][ T38] __x64_sys_unshare+0x38/0x50 [ 819.855935][ T38] do_syscall_64+0xfa/0x3b0 [ 819.855951][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.855975][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.855992][ T38] ? clear_bhb_loop+0x60/0xb0 [ 819.856014][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.856031][ T38] RIP: 0033:0x7f77d07806c7 [ 819.856046][ T38] RSP: 002b:00007ffea77faf48 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 819.856064][ T38] RAX: ffffffffffffffda RBX: 00007f77d09d5f40 RCX: 00007f77d07806c7 [ 819.856078][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 819.856089][ T38] RBP: 00007f77d09d67b8 R08: 0000000000000000 R09: 0000000000000000 [ 819.856101][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 819.856112][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 819.856142][ T38] [ 819.856149][ T38] INFO: task syz-executor:20299 blocked for more than 143 seconds. [ 819.856161][ T38] Not tainted syzkaller #0 [ 819.856171][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.856179][ T38] task:syz-executor state:D stack:25576 pid:20299 tgid:20299 ppid:1 task_flags:0x400140 flags:0x00004004 [ 819.856222][ T38] Call Trace: [ 819.856227][ T38] [ 819.856239][ T38] __schedule+0x16f3/0x4c20 [ 819.856276][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 819.856297][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 819.856323][ T38] ? kernel_text_address+0xa5/0xe0 [ 819.856346][ T38] ? __pfx___schedule+0x10/0x10 [ 819.856389][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.856416][ T38] rt_mutex_schedule+0x77/0xf0 [ 819.856433][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 819.856455][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 819.856495][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 819.856519][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.856541][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.856573][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 819.856612][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.856634][ T38] mutex_lock_nested+0x16a/0x1d0 [ 819.856654][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.856682][ T38] register_netdevice_notifier_net+0x1a/0xa0 [ 819.856714][ T38] ops_init+0x35c/0x5c0 [ 819.856748][ T38] setup_net+0x10c/0x320 [ 819.856768][ T38] ? copy_net_ns+0x304/0x4d0 [ 819.856791][ T38] ? __pfx_setup_net+0x10/0x10 [ 819.856816][ T38] ? __mutex_rt_init+0x3b/0x50 [ 819.856841][ T38] copy_net_ns+0x31b/0x4d0 [ 819.856868][ T38] create_new_namespaces+0x3f3/0x720 [ 819.856894][ T38] ? security_capable+0x7e/0x2e0 [ 819.856924][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 819.856949][ T38] ksys_unshare+0x4c8/0x8c0 [ 819.856979][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 819.857003][ T38] ? rt_spin_unlock+0x65/0x80 [ 819.857035][ T38] __x64_sys_unshare+0x38/0x50 [ 819.857058][ T38] do_syscall_64+0xfa/0x3b0 [ 819.857074][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.857098][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.857116][ T38] ? clear_bhb_loop+0x60/0xb0 [ 819.857137][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.857154][ T38] RIP: 0033:0x7f97bad606c7 [ 819.857169][ T38] RSP: 002b:00007fff729471c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000110 [ 819.857187][ T38] RAX: ffffffffffffffda RBX: 00007f97bafb5f40 RCX: 00007f97bad606c7 [ 819.857201][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 819.857213][ T38] RBP: 00007f97bafb67b8 R08: 0000000000000000 R09: 0000000000000000 [ 819.857224][ T38] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 819.857235][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 819.857264][ T38] [ 819.857271][ T38] INFO: task syz-executor:20301 blocked for more than 143 seconds. [ 819.857284][ T38] Not tainted syzkaller #0 [ 819.857293][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.857301][ T38] task:syz-executor state:D stack:25576 pid:20301 tgid:20301 ppid:1 task_flags:0x400140 flags:0x00004004 [ 819.857343][ T38] Call Trace: [ 819.857349][ T38] [ 819.857361][ T38] __schedule+0x16f3/0x4c20 [ 819.857397][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 819.857419][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 819.857445][ T38] ? kernel_text_address+0xa5/0xe0 [ 819.857467][ T38] ? __pfx___schedule+0x10/0x10 [ 819.857510][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.857537][ T38] rt_mutex_schedule+0x77/0xf0 [ 819.857554][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 819.857576][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 819.857616][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 819.857639][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.857661][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.857694][ T38] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 819.857739][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.857761][ T38] mutex_lock_nested+0x16a/0x1d0 [ 819.857781][ T38] ? register_netdevice_notifier_net+0x1a/0xa0 [ 819.857807][ T38] register_netdevice_notifier_net+0x1a/0xa0 [ 819.857833][ T38] ops_init+0x35c/0x5c0 [ 819.857866][ T38] setup_net+0x10c/0x320 [ 819.857887][ T38] ? copy_net_ns+0x304/0x4d0 [ 819.857910][ T38] ? __pfx_setup_net+0x10/0x10 [ 819.857935][ T38] ? __mutex_rt_init+0x3b/0x50 [ 819.857959][ T38] copy_net_ns+0x31b/0x4d0 [ 819.857985][ T38] create_new_namespaces+0x3f3/0x720 [ 819.858011][ T38] ? security_capable+0x7e/0x2e0 [ 819.858041][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 819.858066][ T38] ksys_unshare+0x4c8/0x8c0 [ 819.858096][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 819.858119][ T38] ? rt_spin_unlock+0x65/0x80 [ 819.858151][ T38] __x64_sys_unshare+0x38/0x50 [ 819.858174][ T38] do_syscall_64+0xfa/0x3b0 [ 819.858191][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.858214][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.858231][ T38] ? clear_bhb_loop+0x60/0xb0 [ 819.858254][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.858271][ T38] RIP: 0033:0x7fc4edf006c7 [ 819.858285][ T38] RSP: 002b:00007ffc628b2258 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 819.858303][ T38] RAX: ffffffffffffffda RBX: 00007fc4ee155f40 RCX: 00007fc4edf006c7 [ 819.858317][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 819.858328][ T38] RBP: 00007fc4ee1567b8 R08: 0000000000000000 R09: 0000000000000000 [ 819.858340][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 819.858351][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 819.858381][ T38] [ 819.858388][ T38] INFO: task syz-executor:20303 blocked for more than 143 seconds. [ 819.858400][ T38] Not tainted syzkaller #0 [ 819.858409][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 819.858418][ T38] task:syz-executor state:D stack:25576 pid:20303 tgid:20303 ppid:1 task_flags:0x400140 flags:0x00004004 [ 819.858461][ T38] Call Trace: [ 819.858468][ T38] [ 819.858479][ T38] __schedule+0x16f3/0x4c20 [ 819.858523][ T38] ? __kernel_text_address+0xd/0x40 [ 819.858546][ T38] ? __pfx___schedule+0x10/0x10 [ 819.858588][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 819.858615][ T38] rt_mutex_schedule+0x77/0xf0 [ 819.858633][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 819.858654][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 819.858699][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 819.858723][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 819.858746][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 819.858777][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 819.858805][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 819.858831][ T38] ? bpf_lsm_capable+0x9/0x20 [ 819.858850][ T38] ? security_capable+0x7e/0x2e0 [ 819.858877][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 819.858898][ T38] mutex_lock_nested+0x16a/0x1d0 [ 819.858917][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 819.858944][ T38] rtnl_newlink+0x8db/0x1c70 [ 819.858975][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.858998][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 819.859030][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859058][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859093][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859136][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 819.859164][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 819.859186][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 819.859223][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859271][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 819.859293][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 819.859314][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859338][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 819.859359][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 819.859400][ T38] netlink_rcv_skb+0x205/0x470 [ 819.859421][ T38] ? __lock_acquire+0xab9/0xd20 [ 819.859443][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 819.859467][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 819.859502][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 819.859533][ T38] netlink_unicast+0x843/0xa10 [ 819.859565][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 819.859589][ T38] ? netlink_sendmsg+0x642/0xb30 [ 819.859609][ T38] ? skb_put+0x11b/0x210 [ 819.859637][ T38] netlink_sendmsg+0x805/0xb30 [ 819.859670][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 819.859708][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 819.859725][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 819.859749][ T38] __sock_sendmsg+0x21c/0x270 [ 820.200750][ T38] __sys_sendto+0x3c7/0x520 [ 820.200790][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 820.200828][ T38] ? fput_close_sync+0x119/0x200 [ 820.200862][ T38] ? __pfx_fput_close_sync+0x10/0x10 [ 820.200880][ T38] ? rt_spin_unlock+0x65/0x80 [ 820.200914][ T38] __x64_sys_sendto+0xde/0x100 [ 820.200941][ T38] do_syscall_64+0xfa/0x3b0 [ 820.200958][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 820.200982][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.201000][ T38] ? clear_bhb_loop+0x60/0xb0 [ 820.201021][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.201038][ T38] RIP: 0033:0x7faaf92a0d5c [ 820.201054][ T38] RSP: 002b:00007fff39a529f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 820.201075][ T38] RAX: ffffffffffffffda RBX: 00007faafa024620 RCX: 00007faaf92a0d5c [ 820.201089][ T38] RDX: 000000000000002c RSI: 00007faafa024670 RDI: 0000000000000003 [ 820.201101][ T38] RBP: 0000000000000000 R08: 00007fff39a52a44 R09: 000000000000000c [ 820.201112][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 820.201122][ T38] R13: 0000000000000000 R14: 00007faafa024670 R15: 0000000000000000 [ 820.201151][ T38] [ 820.201189][ T38] [ 820.201189][ T38] Showing all locks held in the system: [ 820.201198][ T38] 4 locks held by kworker/u8:1/13: [ 820.201209][ T38] 4 locks held by pr/legacy/17: [ 820.201221][ T38] 1 lock held by rcu_tasks_trace/36: [ 820.201231][ T38] #0: ffffffff8d9a9ac0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{4:4}, at: rcu_tasks_one_gp+0xaf9/0xdf0 [ 820.201278][ T38] 1 lock held by khungtaskd/38: [ 820.201288][ T38] #0: ffffffff8d9a8dc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 820.201330][ T38] 3 locks held by kworker/1:1/45: [ 820.201343][ T38] 3 locks held by kworker/u8:4/68: [ 820.201353][ T38] #0: ffff88814da11938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.201400][ T38] #1: ffffc9000153fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.201444][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 820.201498][ T38] 2 locks held by kworker/0:3/1232: [ 820.201510][ T38] 3 locks held by kworker/u8:9/1312: [ 820.201520][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.201563][ T38] #1: ffffc90005207bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.201606][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 820.201647][ T38] 5 locks held by kworker/u8:13/1505: [ 820.201672][ T38] 6 locks held by kworker/u9:1/5160: [ 820.201682][ T38] #0: ffff88805ce8e138 ((wq_completion)hci1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.201725][ T38] #1: ffffc90010587bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.201769][ T38] #2: ffff888047550e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.201811][ T38] #3: ffff8880475500a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.201856][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.201902][ T38] #5: ffff88803a9cdb58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 820.201953][ T38] 1 lock held by syslogd/5193: [ 820.201962][ T38] #0: ffff88802fe98758 (&ei->socket.wq.wait){+.+.}-{3:3}, at: finish_wait+0xbf/0x1f0 [ 820.202004][ T38] 3 locks held by klogd/5200: [ 820.202015][ T38] 2 locks held by getty/5603: [ 820.202024][ T38] #0: ffff88823bf4c8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 820.202064][ T38] #1: ffffc90003e762e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 820.202106][ T38] 2 locks held by syz-executor/5829: [ 820.202117][ T38] 4 locks held by kworker/u9:2/5842: [ 820.202127][ T38] #0: ffff888059ae4938 ((wq_completion)hci10#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.202174][ T38] #1: ffffc90004c87bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.202218][ T38] #2: ffff88807c5840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.202262][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.202307][ T38] 3 locks held by kworker/1:5/5926: [ 820.202317][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.202361][ T38] #1: ffffc90005247bc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.202404][ T38] #2: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 820.202450][ T38] 4 locks held by kworker/u9:0/18032: [ 820.202461][ T38] #0: ffff888058cf5138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.202508][ T38] #1: ffffc900087ffbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.202552][ T38] #2: ffff88807d70c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.202593][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.202639][ T38] 3 locks held by syz.4.6551/20260: [ 820.202649][ T38] #0: ffff88805a85a438 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 820.202694][ T38] #1: ffffffff8ed37c60 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x54/0x90 [ 820.202740][ T38] #2: ffff88814d5164c8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nft_rcv_nl_event+0x116/0x640 [ 820.202780][ T38] 3 locks held by syz.5.6554/20264: [ 820.202789][ T38] #0: ffff88805a85da38 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240 [ 820.202834][ T38] #1: ffffffff8ed37c60 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x54/0x90 [ 820.202878][ T38] #2: ffff88805a0b50c8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nft_rcv_nl_event+0x116/0x640 [ 820.202923][ T38] 2 locks held by syz.6.6561/20280: [ 820.202932][ T38] #0: ffff88802544b478 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_trace_remove+0x20/0x40 [ 820.202975][ T38] #1: ffffffff8da0b4d8 (blk_probe_mutex){+.+.}-{4:4}, at: put_probe_ref+0x14/0x190 [ 820.203019][ T38] 2 locks held by syz-executor/20284: [ 820.203028][ T38] #0: ffffffff8e43b960 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 820.203078][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 820.203122][ T38] 5 locks held by kworker/u8:2/20296: [ 820.203132][ T38] 2 locks held by syz-executor/20297: [ 820.203142][ T38] #0: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 820.203186][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 820.203232][ T38] 2 locks held by syz-executor/20299: [ 820.203242][ T38] #0: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 820.203285][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 820.203330][ T38] 2 locks held by syz-executor/20301: [ 820.203340][ T38] #0: ffffffff8ecc69a0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 820.203382][ T38] #1: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: register_netdevice_notifier_net+0x1a/0xa0 [ 820.203427][ T38] 1 lock held by syz-executor/20303: [ 820.203436][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 820.203478][ T38] 1 lock held by syz-executor/20306: [ 820.203486][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.203527][ T38] 4 locks held by kworker/u9:3/20308: [ 820.203537][ T38] #0: ffff88805e83d938 ((wq_completion)hci11#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.203584][ T38] #1: ffffc90004a47bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.203626][ T38] #2: ffff8880860c40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.203668][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.203711][ T38] 1 lock held by syz-executor/20314: [ 820.203720][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.203762][ T38] 4 locks held by kworker/u9:4/20316: [ 820.203772][ T38] #0: ffff88805737a138 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.203819][ T38] #1: ffffc90004ad7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.203862][ T38] #2: ffff88807d73c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.203904][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.203954][ T38] 1 lock held by syz-executor/20318: [ 820.203963][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.204004][ T38] 1 lock held by syz-executor/20319: [ 820.204014][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.204056][ T38] 4 locks held by kworker/u9:5/20321: [ 820.204066][ T38] #0: ffff888039fc6138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.204113][ T38] #1: ffffc90004b97bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.204157][ T38] #2: ffff88807db540a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.204199][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.204242][ T38] 4 locks held by kworker/u9:6/20322: [ 820.204253][ T38] #0: ffff88803698f938 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.204300][ T38] #1: ffffc90004bb7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.204343][ T38] #2: ffff88808c0f80a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.204385][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.204429][ T38] 1 lock held by syz-executor/20324: [ 820.204439][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.204480][ T38] 5 locks held by kworker/u9:7/20325: [ 820.204489][ T38] #0: ffff88805da66138 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.204533][ T38] #1: ffffc90004b17bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.204576][ T38] #2: ffff888021aa0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.204617][ T38] #3: ffff888021aa00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.204662][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.204708][ T38] 4 locks held by kworker/u9:8/20329: [ 820.204718][ T38] #0: ffff888036f24138 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.204766][ T38] #1: ffffc90004a07bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.204809][ T38] #2: ffff8880933080a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.204851][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.204894][ T38] 1 lock held by syz-executor/20330: [ 820.204904][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.204949][ T38] 4 locks held by kworker/u9:9/20331: [ 820.204959][ T38] #0: ffff888036f25938 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.205006][ T38] #1: ffffc90004c67bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.205049][ T38] #2: ffff88809330c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.205092][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.205136][ T38] 1 lock held by syz-executor/20339: [ 820.205146][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.205186][ T38] 1 lock held by syz-executor/20340: [ 820.205196][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.205237][ T38] 4 locks held by kworker/u9:10/20343: [ 820.205247][ T38] #0: ffff8880360b6138 ((wq_completion)hci18#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.205294][ T38] #1: ffffc90004d07bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.205338][ T38] #2: ffff88805b9300a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.205380][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.205423][ T38] 5 locks held by kworker/u9:11/20344: [ 820.205433][ T38] #0: ffff88803e14d938 ((wq_completion)hci8){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.205476][ T38] #1: ffffc90004ef7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.205520][ T38] #2: ffff88806ef7ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.205561][ T38] #3: ffff88806ef7c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.205606][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.205651][ T38] 4 locks held by kworker/u9:12/20345: [ 820.205661][ T38] #0: ffff88801d281938 ((wq_completion)hci19#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.205708][ T38] #1: ffffc90004f57bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.205752][ T38] #2: ffff8880933300a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0 [ 820.205794][ T38] #3: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0 [ 820.205838][ T38] 1 lock held by syz-executor/20346: [ 820.205847][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.205888][ T38] 1 lock held by syz-executor/20348: [ 820.205898][ T38] #0: ffffffff8ecd38b8 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 820.205944][ T38] 5 locks held by kworker/u9:13/20350: [ 820.205954][ T38] #0: ffff88802b68f138 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.205998][ T38] #1: ffffc90004f67bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.206042][ T38] #2: ffff88806f9a4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.206083][ T38] #3: ffff88806f9a40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.206129][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.206174][ T38] 5 locks held by kworker/u9:14/20351: [ 820.206184][ T38] #0: ffff88805cd85938 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.206228][ T38] #1: ffffc90004cd7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.206272][ T38] #2: ffff88804d814e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.206313][ T38] #3: ffff88804d8140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.206357][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.206403][ T38] 5 locks held by kworker/u9:15/20352: [ 820.206412][ T38] #0: ffff888048246138 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 820.206455][ T38] #1: ffffc90004ff7bc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 820.206500][ T38] #2: ffff88805eba4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 820.206541][ T38] #3: ffff88805eba40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 820.206587][ T38] #4: ffffffff8ee3b358 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310 [ 820.206633][ T38] [ 820.206638][ T38] ============================================= [ 820.206638][ T38] [ 820.206653][ T38] NMI backtrace for cpu 0 [ 820.206672][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 820.206692][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 820.206703][ T38] Call Trace: [ 820.206711][ T38] [ 820.206718][ T38] dump_stack_lvl+0x189/0x250 [ 820.206745][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 820.206767][ T38] ? __pfx__printk+0x10/0x10 [ 820.206797][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 820.206821][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 820.206845][ T38] ? __pfx__printk+0x10/0x10 [ 820.206867][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 820.206890][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 820.206919][ T38] watchdog+0xf93/0xfe0 [ 820.206945][ T38] ? watchdog+0x1de/0xfe0 [ 820.206971][ T38] kthread+0x711/0x8a0 [ 820.206997][ T38] ? __pfx_watchdog+0x10/0x10 [ 820.207016][ T38] ? __pfx_kthread+0x10/0x10 [ 820.207043][ T38] ? __pfx_kthread+0x10/0x10 [ 820.207066][ T38] ret_from_fork+0x436/0x7d0 [ 820.207090][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 820.207116][ T38] ? __switch_to_asm+0x39/0x70 [ 820.207131][ T38] ? __switch_to_asm+0x33/0x70 [ 820.207146][ T38] ? __pfx_kthread+0x10/0x10 [ 820.207169][ T38] ret_from_fork_asm+0x1a/0x30 [ 820.207201][ T38] [ 820.207207][ T38] Sending NMI from CPU 0 to CPUs 1: [ 820.207231][ C1] NMI backtrace for cpu 1 [ 820.207245][ C1] CPU: 1 UID: 0 PID: 17 Comm: pr/legacy Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 820.207262][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 820.207271][ C1] RIP: 0010:io_serial_in+0x77/0xc0 [ 820.207290][ C1] Code: e8 0e 33 7f fc 44 89 f9 d3 e3 49 83 ee 80 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 4f 79 de fc 41 03 1e 89 da ec <0f> b6 c0 5b 41 5c 41 5e 41 5f c3 cc cc cc cc cc 44 89 f9 80 e1 07 [ 820.207302][ C1] RSP: 0018:ffffc90000167890 EFLAGS: 00000202 [ 820.207316][ C1] RAX: 1ffffffff3275c00 RBX: 00000000000003fd RCX: 0000000000000000 [ 820.207327][ C1] RDX: 00000000000003fd RSI: 0000000000000000 RDI: 0000000000000000 [ 820.207337][ C1] RBP: ffffffff993ae890 R08: 0000000000000000 R09: 0000000000000000 [ 820.207347][ C1] R10: dffffc0000000000 R11: ffffffff853f3860 R12: dffffc0000000000 [ 820.207359][ C1] R13: 0000000000000000 R14: ffffffff993ae600 R15: 0000000000000000 [ 820.207369][ C1] FS: 0000000000000000(0000) GS:ffff8881269bc000(0000) knlGS:0000000000000000 [ 820.207381][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 820.207392][ C1] CR2: 00007ffd0830ae98 CR3: 000000003e19a000 CR4: 00000000003526f0 [ 820.207407][ C1] Call Trace: [ 820.207413][ C1] [ 820.207420][ C1] wait_for_lsr+0x1aa/0x2f0 [ 820.207442][ C1] serial8250_console_write+0x11bd/0x1b40 [ 820.207466][ C1] ? __pfx_serial8250_console_write+0x10/0x10 [ 820.207482][ C1] ? console_flush_all+0x13a/0xcd0 [ 820.207501][ C1] ? console_flush_all+0x476/0xcd0 [ 820.207519][ C1] console_flush_all+0x698/0xcd0 [ 820.207536][ C1] ? console_flush_all+0x13a/0xcd0 [ 820.207554][ C1] ? __pfx_console_flush_all+0x10/0x10 [ 820.207570][ C1] ? __lock_acquire+0xab9/0xd20 [ 820.207593][ C1] __console_flush_and_unlock+0xa4/0x240 [ 820.207610][ C1] ? __pfx___console_flush_and_unlock+0x10/0x10 [ 820.207631][ C1] legacy_kthread_func+0x13b/0x1a0 [ 820.207649][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 820.207671][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 820.207689][ C1] ? __kthread_parkme+0x7b/0x200 [ 820.207707][ C1] ? __kthread_parkme+0x1a1/0x200 [ 820.207727][ C1] kthread+0x711/0x8a0 [ 820.207747][ C1] ? __pfx_legacy_kthread_func+0x10/0x10 [ 820.207763][ C1] ? __pfx_kthread+0x10/0x10 [ 820.207784][ C1] ? __pfx_kthread+0x10/0x10 [ 820.207803][ C1] ret_from_fork+0x436/0x7d0 [ 820.207821][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 820.207840][ C1] ? __switch_to_asm+0x39/0x70 [ 820.207854][ C1] ? __switch_to_asm+0x33/0x70 [ 820.207866][ C1] ? __pfx_kthread+0x10/0x10 [ 820.207885][ C1] ret_from_fork_asm+0x1a/0x30 [ 820.207907][ C1] [ 820.208231][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 820.208244][ T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 820.208263][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 820.208273][ T38] Call Trace: [ 820.208279][ T38] [ 820.208287][ T38] dump_stack_lvl+0x99/0x250 [ 820.208310][ T38] ? __asan_memcpy+0x40/0x70 [ 820.208329][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 820.208352][ T38] ? __pfx__printk+0x10/0x10 [ 820.208382][ T38] vpanic+0x281/0x750 [ 820.208407][ T38] ? __pfx_vpanic+0x10/0x10 [ 820.208428][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 820.208446][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 820.208479][ T38] panic+0xb9/0xc0 [ 820.208501][ T38] ? __pfx_panic+0x10/0x10 [ 820.208527][ T38] ? irq_work_queue+0xc3/0x140 [ 820.208551][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 820.208575][ T38] watchdog+0xfd2/0xfe0 [ 820.208600][ T38] ? watchdog+0x1de/0xfe0 [ 820.208626][ T38] kthread+0x711/0x8a0 [ 820.208651][ T38] ? __pfx_watchdog+0x10/0x10 [ 820.208671][ T38] ? __pfx_kthread+0x10/0x10 [ 820.208699][ T38] ? __pfx_kthread+0x10/0x10 [ 820.208723][ T38] ret_from_fork+0x436/0x7d0 [ 820.208746][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 820.208773][ T38] ? __switch_to_asm+0x39/0x70 [ 820.208788][ T38] ? __switch_to_asm+0x33/0x70 [ 820.208803][ T38] ? __pfx_kthread+0x10/0x10 [ 820.208831][ T38] ret_from_fork_asm+0x1a/0x30 [ 820.208862][ T38] [ 820.209116][ T38] Kernel Offset: disabled