last executing test programs: 5m50.43774113s ago: executing program 3 (id=88): mount$bind(&(0x7f0000000100)='.\x00', 0x0, 0x0, 0x1085408, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc}) 5m50.132432015s ago: executing program 3 (id=91): fremovexattr(0xffffffffffffffff, &(0x7f0000000000)=@random={'user.', '\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x2000001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket(0x10, 0x3, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(r1, 0xc020662a, &(0x7f0000000400)={0x596c, 0x101, 0x6, 0x8}) sendmsg$nl_route(r1, 0x0, 0x0) keyctl$session_to_parent(0x12) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2041, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_MATCH_NAME={0xd, 0x1, 'connmark\x00'}, @NFTA_MATCH_INFO={0x10, 0x3, "a62a1a4094b2c56d78942e97"}, @NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x9}}}, 0x94}}, 0x0) close(r3) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000080)={0x49de, 0xfff6, 0x3, 0xbfef, 0x2, "ec28a144f13d7607"}) write$binfmt_aout(r2, 0x0, 0xff2e) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x4, 0x0, 0x3, "0062ba7d820000a75e0000000000fcff00"}) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4e24, 0x23bc, @remote, 0x6}, 0x1c) syz_open_pts(r2, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x44) socket$nl_route(0x10, 0x3, 0x0) 5m48.354128429s ago: executing program 3 (id=95): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue0\x00', 0x200000}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) read$char_usb(r1, &(0x7f00000001c0)=""/4068, 0xfe4) 5m47.939709592s ago: executing program 3 (id=96): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000380)='./file0\x00', r0, 0x0, 0x40) 5m47.676392602s ago: executing program 3 (id=99): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) io_setup(0x8, &(0x7f0000004200)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 5m43.923136279s ago: executing program 3 (id=111): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, 0xffffffffffffffff, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) recvmsg(r5, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 5m43.6361149s ago: executing program 32 (id=111): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, 0xffffffffffffffff, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) recvmsg(r5, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 2m4.784366575s ago: executing program 5 (id=959): io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) writev(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000000)='4', 0x1}], 0x1) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2m4.2429355s ago: executing program 5 (id=964): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x28f, 0xfff, 0x1}) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000040)={0x3, r2, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f00000000c0)={0x2, r2, 0x10001, 0x7, 0x3, 0x7, 0x54, 0x9, 0x800}) 2m3.175564943s ago: executing program 5 (id=967): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={0xffffffffffffffff, 0x58, &(0x7f0000000280)}, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) 2m2.976940374s ago: executing program 5 (id=969): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000240)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x100) 2m2.743529328s ago: executing program 5 (id=971): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r7, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20) recvmsg(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0) sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 2m1.04371106s ago: executing program 5 (id=977): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x2, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)="68ddaa732d69a6f7eb258957fccb89134faf578e9ff0cc38595e4c9c1f2a32ceb6799c682d87e991cd718f04a1487a5d99bef5a95019bdd837d20274d2e98cfbde31b70e45fcc74efe1c42ba121fe280bf8af2c22489537e57dee1cc54c41bd8f9086f9498bc3bcc4f0501f1defec42e4faac1dd0b0b67b797182b6c4ce3ff3da7d4d4a1069cada5b152bbd64335f0254ecbfe43c5d7cd5b8403e53ae4f712b05945b98eb3420bb04c7ecf528693bb9693ada19e3a8f9522ab692a2d78aefa8af8f0e6b3b3af268e535bc4a610f7341e7da01249d929b75acf7c99bd21b2b5e3f210e2798f5636bed013dae7ff0d009ca52fffbd88a3964a60786f8f025e4b8fac68f910cdd4a991a6020fcd5a92bc7747acef6f62d087646d32fc37f6d1cabd609e6f392350ebcc02c341a3ce598522d3963374f5eb522919d029136288fd1c08cadfd7f43a3a6618d6dd5ae6baf5b2f321588e9dfc879e213badc550eb9982777b09d808ca8e5540695200193c820ad6ce1e924cdf342a1ff9feeab68af907798fbc0fa570ef885369090c35b0959baf6e29b86833a14cf3532cd537891f27caa37b10cda2cf6e75ddc11cb13c558cc210be334af3813630bb2c16145cf91ce50099452e0b10e4ce9beb32ab1a8692d2b3cff0e370f87e2219172b7bbcce5d8daca20ce4e047510920000e3a56747839920f72318843b6161fd643c2c56ca396b4c2283f9afef62412c04c934bc1ad4e54eac1acd4447ae3e2f9", 0x21b}], 0x1}}], 0x1, 0x4) shutdown(r0, 0x1) 2m0.680698672s ago: executing program 33 (id=977): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x2, 0x4) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000b00)="68ddaa732d69a6f7eb258957fccb89134faf578e9ff0cc38595e4c9c1f2a32ceb6799c682d87e991cd718f04a1487a5d99bef5a95019bdd837d20274d2e98cfbde31b70e45fcc74efe1c42ba121fe280bf8af2c22489537e57dee1cc54c41bd8f9086f9498bc3bcc4f0501f1defec42e4faac1dd0b0b67b797182b6c4ce3ff3da7d4d4a1069cada5b152bbd64335f0254ecbfe43c5d7cd5b8403e53ae4f712b05945b98eb3420bb04c7ecf528693bb9693ada19e3a8f9522ab692a2d78aefa8af8f0e6b3b3af268e535bc4a610f7341e7da01249d929b75acf7c99bd21b2b5e3f210e2798f5636bed013dae7ff0d009ca52fffbd88a3964a60786f8f025e4b8fac68f910cdd4a991a6020fcd5a92bc7747acef6f62d087646d32fc37f6d1cabd609e6f392350ebcc02c341a3ce598522d3963374f5eb522919d029136288fd1c08cadfd7f43a3a6618d6dd5ae6baf5b2f321588e9dfc879e213badc550eb9982777b09d808ca8e5540695200193c820ad6ce1e924cdf342a1ff9feeab68af907798fbc0fa570ef885369090c35b0959baf6e29b86833a14cf3532cd537891f27caa37b10cda2cf6e75ddc11cb13c558cc210be334af3813630bb2c16145cf91ce50099452e0b10e4ce9beb32ab1a8692d2b3cff0e370f87e2219172b7bbcce5d8daca20ce4e047510920000e3a56747839920f72318843b6161fd643c2c56ca396b4c2283f9afef62412c04c934bc1ad4e54eac1acd4447ae3e2f9", 0x21b}], 0x1}}], 0x1, 0x4) shutdown(r0, 0x1) 46.479600339s ago: executing program 2 (id=1268): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f0000000140)=0xfff) 45.263007795s ago: executing program 2 (id=1274): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0x78, 0x82, 0xb7, 0x40, 0x2c42, 0x1709, 0xcab7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbf, 0x60, 0xe7}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000440)={0x40, 0x15, 0x1, "8e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000200)={0x60, 0xa, 0x1, "10"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000640)={0x34, &(0x7f0000000340)={0x20, 0x8, 0x1, "d3"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000240)={0x40, 0x5, 0x5, "28d71683b8"}, 0x0, 0x0}) 43.895738808s ago: executing program 4 (id=1286): socket$nl_audit(0x10, 0x3, 0x9) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec29, 0x0, 0x1, 0x40000337}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 42.035483686s ago: executing program 4 (id=1294): syz_open_dev$video4linux(&(0x7f00000000c0), 0x5, 0x80882) syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="3400000011000500000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000014001a80100004800c00", @ANYRES16=r1], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x44048010) 41.688064991s ago: executing program 2 (id=1295): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0xa, 0x7, {0x7, 0xf, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) writev(r1, &(0x7f0000000600)=[{&(0x7f00000006c0)="2a6b925241be4ce53bb1ec7dcdcdb029ec9b26c27015de2f5c2e28fbff425bb1503f14054180745532455e62e9083923f58356c11239d999b3e36703cb203d0ad15cdf56cbb5a461e67532ba9f193e54548299c1f40b49476872a07a2404dee0c35ad56d31478855c5a5b0d948d893b4b2b5443d8cf26c1ad64e341d9691cdbbb9", 0x81}, {&(0x7f0000000880)="a8b248ca085fa700a033b380084b5baa5540a6763952575978a92227d4ae43bdd5cf4fac264a0b8a9447bd40b861752a42e557c2c94e6226395c33188059ae698ff838fffb3b937a7bf2ca026bd31e3a56e2981181c51cadbf64eb6be20293de49dd23cb0f44c2f4b8ab2ce7e40ce7722178afdf4280cd6bafc2940bbd0cfaead77dace0c242f6d19a8212c6a16e854e2d9f3575ce5e34b25bf19f2c78594242e78cddc68715d60f818dc7bca8d4093a9a0dde6733a561b33e056a45f8896692cb646cd72efdad6ededb550cec9cfcbc7691c8709f", 0xd5}], 0x2) 41.246529093s ago: executing program 4 (id=1297): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0x4, &(0x7f0000000040)=ANY=[]) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) readv(r2, &(0x7f0000000340)=[{&(0x7f0000002180)=""/4082, 0x1}], 0x1) 39.484841609s ago: executing program 6 (id=1302): r0 = socket(0x8000000010, 0x2, 0x0) write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) r1 = socket$inet_sctp(0x2, 0x1, 0x84) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000b80)=[{{&(0x7f0000000080)={0x2, 0x4e26, @loopback}, 0x10, &(0x7f00000008c0)=[{&(0x7f00000005c0)="c3", 0x1}], 0x1}}], 0x1, 0x20000800) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r2, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}}) 38.735050649s ago: executing program 0 (id=1305): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getrlimit(0xf, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000019080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r4) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r5, 0x1, 0x8, 0x0, 0x0) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) listen(0xffffffffffffffff, 0x0) 38.571524544s ago: executing program 1 (id=1306): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r2, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000240)={0x18, r1}) 38.505361379s ago: executing program 4 (id=1307): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r8, r7, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r8}, 0x0, &(0x7f0000000080)=r4}, 0x20) recvmsg(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000001c40)=""/4096, 0x8ec0}], 0x1}, 0x0) sendmsg$inet(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) 36.481947149s ago: executing program 0 (id=1308): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x10, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80}, 0x800) 36.477475748s ago: executing program 2 (id=1309): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x18, 0x300f8, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e837282efe0868327a31a705ec978547"}}}, 0x830600) 36.47100365s ago: executing program 6 (id=1310): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x1d, r1}, 0x10, &(0x7f00000001c0)={&(0x7f0000000140)={0x1, 0x300, 0x5, {0x77359400}, {}, {0x3, 0x1, 0x1}, 0x1, @can={{0x3, 0x1}, 0x0, 0x1, 0x0, 0x0, "2b784cc8f76d7d76"}}, 0x48}, 0x1, 0x0, 0x0, 0x20048090}, 0x8000) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000540)={'vxcan1\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000380)={0x1d, r2, 0x0, 0x4000}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x4044001) 36.428746413s ago: executing program 4 (id=1311): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getrlimit(0xf, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000019080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10) r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r3) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r4, 0x1, 0x8, 0x0, 0x0) bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)="0000000000aa303e97380e90231bdbdaf6a4bd866226b7cdb7c26858c4e4fd703be2f51ed6ddc4a47116ec2db75c7042a22491af0ffea4174a9de3350c0a498396b28c7d1784d04aa38922721cb7816094cb82950fd012efd26d", 0x5a}, {&(0x7f00000003c0)}], 0x2}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$RDS_CONG_MONITOR(r4, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$inet(0xa, 0x801, 0x84) listen(0xffffffffffffffff, 0x0) 36.345012044s ago: executing program 1 (id=1312): mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x800, 0x8b) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000580)={0xf8, 0x2, 0x5, 0x2}) 36.25155568s ago: executing program 6 (id=1313): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x20000000001005, &(0x7f0000000200)=0x0) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="a078b424ec37374779bc5b04bf2366c0d7", 0x11}], 0x1, 0x0, 0x0, 0x4040000}, 0x10) io_submit(r2, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r1, &(0x7f0000000080)='=', 0x1}]) 36.225180664s ago: executing program 2 (id=1314): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_open_dev$dri(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe3}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f00000001c0)={0x7}) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x4f27, 0x2, 0x10000, 0x4, 0x4, 0x0, 0x8, 0x7, 0xa, 0x0, 0x2, 0x1, 0x1, 0x800, 0x6, 0xb4c, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x1, 0x0, 0xfffffff8]}) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) socket$unix(0x1, 0x5, 0x0) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) sched_setaffinity(0x0, 0x2e, &(0x7f0000000240)=0x802) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000800)={r4, &(0x7f0000000780)}, 0x20) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 36.148103687s ago: executing program 1 (id=1315): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'veth1_virt_wifi\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'ip6tnl0\x00'}}, 0x1e) close(0x3) 35.733153219s ago: executing program 6 (id=1316): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000019080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r4) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0x6, 0x0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) 35.635551247s ago: executing program 1 (id=1317): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getrlimit(0xf, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000019080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r4) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r5, 0x1, 0x8, 0x0, 0x0) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) socket$inet(0xa, 0x801, 0x84) listen(0xffffffffffffffff, 0x0) 35.635268025s ago: executing program 0 (id=1318): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) getpgid(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="5800000002060102000034e40000000000000003050001000600000005000400000000000900020073797a3100000000050005000200000011000300686173683a69702c706f7274000000000c000780050015"], 0x58}, 0x1, 0x0, 0x0, 0xc5dff1b4c279acea}, 0x2) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x80) 33.580864633s ago: executing program 6 (id=1319): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() getrlimit(0xf, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000019080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) dup(r4) socket$inet6(0xa, 0x2, 0x0) socket$inet6(0xa, 0x800000000000002, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r5, 0x1, 0x8, 0x0, 0x0) bind$inet(r5, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0x6, &(0x7f0000000680)=0x1, 0x4) sendmsg$NL80211_CMD_JOIN_MESH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) listen(0xffffffffffffffff, 0x0) 33.4203164s ago: executing program 0 (id=1320): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000140)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={r1, 0x8001}, 0x4) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000080)="010000000980ffff", 0x8) 33.107516524s ago: executing program 1 (id=1321): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x7800, 0x8000, 0x80000001, 0x5, {{0x5, 0x4, 0x3, 0x0, 0x14, 0x64, 0x0, 0x4, 0x29, 0x0, @empty, @loopback}}}}) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b036800e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 33.013067316s ago: executing program 0 (id=1322): pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg$inet6(r1, &(0x7f000000b040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)="f7", 0x1}], 0x1}}], 0x1, 0xc8040) sendmmsg(r1, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}}], 0x1, 0x200008c1) splice(r1, 0x0, r0, 0x0, 0x401, 0x6) 31.776645557s ago: executing program 1 (id=1323): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f00000003c0)=0x5, 0x4) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x2207, 0x4) 31.775843518s ago: executing program 6 (id=1324): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x87c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x84c, 0x2, [@TCA_ROUTE4_POLICE={0x848, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x6, 0x3, 0xfffffffe, 0x8, {0x9, 0x3, 0x1, 0x2, 0x8, 0x6}, {0x4, 0x0, 0x6, 0x2, 0x7, 0x6}, 0xfff, 0x9, 0xa8}}, @TCA_POLICE_RATE={0x404, 0x2, [0x1c000000, 0x0, 0x3, 0x7, 0x2, 0x78bd, 0x9, 0x81, 0xe, 0xffff, 0x4, 0xff, 0xfffffff9, 0x3, 0x8, 0x9, 0x7, 0xa0d, 0x2, 0x0, 0xffff, 0x2, 0x3ff, 0x6d81, 0x4, 0x4, 0x2, 0xc, 0x1ca0, 0x6, 0x8001, 0x200, 0x0, 0x7, 0x0, 0x7ff, 0xff, 0x100000, 0x6, 0x2, 0x81, 0x6, 0x400, 0xbbc, 0x6, 0x6, 0x80, 0xb94, 0x8, 0x0, 0x3, 0xffffffff, 0x2, 0x1, 0xa91cf25, 0x24, 0x4, 0xffff8000, 0x0, 0xa346, 0x2, 0x4, 0x5, 0xffffffff, 0x2, 0x800, 0x8c3f, 0x8, 0x4, 0xfffffffb, 0xd3a7, 0xfffff001, 0x3, 0x1, 0xc52c, 0x2, 0x1, 0xfff, 0x1, 0x8, 0x2, 0xffffffff, 0x8, 0x10, 0x3e9, 0xff, 0x5, 0x3, 0x0, 0x4, 0x80, 0xffff, 0x9, 0x800, 0x6, 0x5, 0x7, 0x6, 0xfffffffe, 0xa3, 0xfffffffc, 0x8, 0x0, 0x8, 0xffffffe3, 0x10000, 0x9, 0x7ff, 0xac9, 0x7, 0x8, 0x9, 0x9, 0x1298, 0x2, 0x2, 0x8001, 0x0, 0x8, 0x5, 0x8, 0x75, 0xc, 0x10000, 0xfffffff4, 0x2, 0x10, 0x3, 0x4, 0x5, 0x2, 0xf18, 0x4, 0xfffffffb, 0x5, 0x4, 0xe97d, 0x1, 0x6d60, 0x5, 0x4, 0x2, 0x4, 0xfffffffe, 0x2, 0xd, 0x6, 0x5, 0xc, 0xffffffff, 0x4, 0x7, 0x6, 0x2, 0x532, 0xdf2, 0xebc4, 0xfffffffa, 0x10, 0x549, 0x6e39d18, 0x9, 0xffffffff, 0x4, 0x4, 0x579a, 0x6, 0x2, 0x7, 0x98, 0x7f, 0x4, 0x2, 0x10000000, 0xe0d, 0x9, 0x4, 0x1, 0x8, 0x5c9, 0x9, 0x1, 0x3, 0x5, 0x0, 0x10001, 0x1, 0x8, 0x9a2, 0x8, 0x5, 0x200, 0x0, 0x9, 0x9, 0x7f, 0x3, 0x3, 0x200, 0x14000000, 0x2, 0x2, 0x5e5c, 0x9, 0x401, 0x0, 0x6, 0x72d3eb6a, 0x9, 0x3, 0x7, 0xc, 0x7, 0xa2f, 0xd3, 0x0, 0x10001, 0x6, 0x3, 0xfffffff8, 0x2, 0x3, 0x9, 0x5, 0x8, 0x40, 0x8001, 0x5, 0x457b, 0x1, 0x28, 0x4, 0x6bc2, 0xfffff801, 0x9, 0x74e63179, 0x4, 0x672c30b6, 0x3, 0x0, 0x20b14f7c, 0xe826, 0x8, 0xffffb1e4, 0x2, 0x5, 0x9, 0x8, 0xfffffffd, 0xffffffff, 0x499, 0x55b, 0x83, 0x284, 0x1, 0xffffffff]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x2, 0x84, 0x1, 0x9, 0x40, 0x6, 0x2, 0x2, 0xa7, 0x5, 0x35b, 0x401, 0xaf9, 0x80, 0x8001, 0x2, 0xf, 0x74, 0x7, 0x8, 0x9, 0x4, 0xfffffede, 0x0, 0x3, 0x7, 0x25, 0x5, 0xb, 0x0, 0x38, 0x0, 0x9, 0x9, 0x0, 0x400, 0x2, 0xc, 0x0, 0x9, 0x4, 0x7, 0x6, 0x10001, 0x8a46, 0x200, 0x5, 0x9, 0x2, 0x6, 0x1, 0xae85, 0x5, 0x0, 0x81, 0xffffffff, 0xffb6, 0x1, 0x153, 0x100, 0x6f3b, 0x5, 0xd, 0x8001, 0x2, 0x9, 0x6, 0xfffeffff, 0x7, 0x5, 0x101, 0x6, 0x2, 0x4, 0x80000001, 0x4c, 0x7fff, 0x486b7097, 0xb8a, 0x3, 0xfffffffa, 0x9308, 0x0, 0x80000000, 0x4, 0x4, 0x8, 0x8, 0x2922003e, 0x0, 0xffffffff, 0x0, 0x8001, 0x80, 0x3, 0x5, 0x8, 0xffffffff, 0xf66e, 0x40, 0x4, 0x1, 0x8001, 0x0, 0x4, 0x5, 0xaa3, 0x0, 0x343d008d, 0x6, 0x101, 0x0, 0xc, 0x7, 0x24, 0x5, 0x9, 0x2, 0x2, 0x3, 0x1, 0xa4, 0x3ff, 0xffffffff, 0x3ff, 0x7, 0xb424, 0x7, 0x3, 0x4, 0x3, 0x3, 0x7, 0x9de2, 0xb, 0xd, 0x4, 0x5, 0x0, 0x6, 0xcf, 0x1, 0x4, 0x13, 0x2, 0x656, 0xfffffffa, 0x401, 0x8000, 0x8, 0x5, 0x9d29, 0x1, 0x0, 0x7, 0x28b341a2, 0x4, 0x4, 0x5, 0xfffffff5, 0x7, 0x7, 0x3, 0x3, 0x6, 0x10001, 0x7ff, 0x8000, 0x2, 0x788c, 0x200, 0x3ff, 0x8, 0x463, 0x80000001, 0x5, 0x4, 0x3ff, 0xa, 0x44, 0x30, 0x6, 0x0, 0x0, 0x2, 0xfffff368, 0x0, 0x5, 0x1, 0xeb90, 0x80000000, 0xfffffffc, 0x5, 0x1, 0x8001, 0x7, 0x9, 0x5, 0x3, 0x6, 0x8, 0x7, 0x80, 0xb, 0x4, 0x8, 0xfffffe01, 0x7ff, 0x5, 0x24000000, 0x3, 0x2, 0x4, 0xc0f8, 0x40, 0xfffffffe, 0x2, 0x40, 0x4, 0xffffffff, 0xe, 0x800, 0x3, 0x9, 0x5, 0x1, 0xa8c, 0x9, 0x1, 0x8, 0x2, 0x4, 0x9, 0x7, 0x9, 0x5, 0x7, 0xfffffffe, 0x80000001, 0x6, 0x6, 0xfffffffc, 0x4, 0x1, 0x6, 0x9, 0x7f, 0xd7f, 0x4, 0xf, 0x6, 0x6, 0x7, 0x7fffffff, 0xf]}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x1}, 0x800) 23.79469304s ago: executing program 0 (id=1325): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000600)={0x0, "126ebf7d9fdf9aec84c0fe4cb734f282d46938152a71b9399c8d590c79cfaf41", 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0) syz_emit_ethernet(0x56, &(0x7f00000005c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x48, 0xfffe, 0x0, 0xfd, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xd, 0x4, 0x2, 0x0, 0x932, {[@window={0x3, 0x3, 0x3}, @timestamp={0x8, 0xa, 0x200, 0xb}, @exp_smc={0xfe, 0x6}, @mptcp=@add_addr={0x1e, 0xa, 0x0, 0xa, 0x16, @broadcast, 0x1}, @sack={0x5, 0x2}]}}}}}}}, 0x0) 21.763173376s ago: executing program 2 (id=1326): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x1480, 0x1, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) io_setup(0x6, &(0x7f0000000680)=0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='vcan0\x00', 0x10) io_submit(r1, 0x1, &(0x7f0000002c40)=[&(0x7f0000000000)={0x180a, 0x0, 0x3, 0x1, 0x0, r0, 0x0}]) 19.135183532s ago: executing program 4 (id=1327): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0xc491, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x4e20, 0xfbeb, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000001b40)) 13.547050715s ago: executing program 34 (id=1323): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18) connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) setsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f00000003c0)=0x5, 0x4) sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x2207, 0x4) 0s ago: executing program 35 (id=1324): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x87c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_route={{0xa}, {0x84c, 0x2, [@TCA_ROUTE4_POLICE={0x848, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x4, 0x6, 0x3, 0xfffffffe, 0x8, {0x9, 0x3, 0x1, 0x2, 0x8, 0x6}, {0x4, 0x0, 0x6, 0x2, 0x7, 0x6}, 0xfff, 0x9, 0xa8}}, @TCA_POLICE_RATE={0x404, 0x2, [0x1c000000, 0x0, 0x3, 0x7, 0x2, 0x78bd, 0x9, 0x81, 0xe, 0xffff, 0x4, 0xff, 0xfffffff9, 0x3, 0x8, 0x9, 0x7, 0xa0d, 0x2, 0x0, 0xffff, 0x2, 0x3ff, 0x6d81, 0x4, 0x4, 0x2, 0xc, 0x1ca0, 0x6, 0x8001, 0x200, 0x0, 0x7, 0x0, 0x7ff, 0xff, 0x100000, 0x6, 0x2, 0x81, 0x6, 0x400, 0xbbc, 0x6, 0x6, 0x80, 0xb94, 0x8, 0x0, 0x3, 0xffffffff, 0x2, 0x1, 0xa91cf25, 0x24, 0x4, 0xffff8000, 0x0, 0xa346, 0x2, 0x4, 0x5, 0xffffffff, 0x2, 0x800, 0x8c3f, 0x8, 0x4, 0xfffffffb, 0xd3a7, 0xfffff001, 0x3, 0x1, 0xc52c, 0x2, 0x1, 0xfff, 0x1, 0x8, 0x2, 0xffffffff, 0x8, 0x10, 0x3e9, 0xff, 0x5, 0x3, 0x0, 0x4, 0x80, 0xffff, 0x9, 0x800, 0x6, 0x5, 0x7, 0x6, 0xfffffffe, 0xa3, 0xfffffffc, 0x8, 0x0, 0x8, 0xffffffe3, 0x10000, 0x9, 0x7ff, 0xac9, 0x7, 0x8, 0x9, 0x9, 0x1298, 0x2, 0x2, 0x8001, 0x0, 0x8, 0x5, 0x8, 0x75, 0xc, 0x10000, 0xfffffff4, 0x2, 0x10, 0x3, 0x4, 0x5, 0x2, 0xf18, 0x4, 0xfffffffb, 0x5, 0x4, 0xe97d, 0x1, 0x6d60, 0x5, 0x4, 0x2, 0x4, 0xfffffffe, 0x2, 0xd, 0x6, 0x5, 0xc, 0xffffffff, 0x4, 0x7, 0x6, 0x2, 0x532, 0xdf2, 0xebc4, 0xfffffffa, 0x10, 0x549, 0x6e39d18, 0x9, 0xffffffff, 0x4, 0x4, 0x579a, 0x6, 0x2, 0x7, 0x98, 0x7f, 0x4, 0x2, 0x10000000, 0xe0d, 0x9, 0x4, 0x1, 0x8, 0x5c9, 0x9, 0x1, 0x3, 0x5, 0x0, 0x10001, 0x1, 0x8, 0x9a2, 0x8, 0x5, 0x200, 0x0, 0x9, 0x9, 0x7f, 0x3, 0x3, 0x200, 0x14000000, 0x2, 0x2, 0x5e5c, 0x9, 0x401, 0x0, 0x6, 0x72d3eb6a, 0x9, 0x3, 0x7, 0xc, 0x7, 0xa2f, 0xd3, 0x0, 0x10001, 0x6, 0x3, 0xfffffff8, 0x2, 0x3, 0x9, 0x5, 0x8, 0x40, 0x8001, 0x5, 0x457b, 0x1, 0x28, 0x4, 0x6bc2, 0xfffff801, 0x9, 0x74e63179, 0x4, 0x672c30b6, 0x3, 0x0, 0x20b14f7c, 0xe826, 0x8, 0xffffb1e4, 0x2, 0x5, 0x9, 0x8, 0xfffffffd, 0xffffffff, 0x499, 0x55b, 0x83, 0x284, 0x1, 0xffffffff]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x8, 0x2, 0x84, 0x1, 0x9, 0x40, 0x6, 0x2, 0x2, 0xa7, 0x5, 0x35b, 0x401, 0xaf9, 0x80, 0x8001, 0x2, 0xf, 0x74, 0x7, 0x8, 0x9, 0x4, 0xfffffede, 0x0, 0x3, 0x7, 0x25, 0x5, 0xb, 0x0, 0x38, 0x0, 0x9, 0x9, 0x0, 0x400, 0x2, 0xc, 0x0, 0x9, 0x4, 0x7, 0x6, 0x10001, 0x8a46, 0x200, 0x5, 0x9, 0x2, 0x6, 0x1, 0xae85, 0x5, 0x0, 0x81, 0xffffffff, 0xffb6, 0x1, 0x153, 0x100, 0x6f3b, 0x5, 0xd, 0x8001, 0x2, 0x9, 0x6, 0xfffeffff, 0x7, 0x5, 0x101, 0x6, 0x2, 0x4, 0x80000001, 0x4c, 0x7fff, 0x486b7097, 0xb8a, 0x3, 0xfffffffa, 0x9308, 0x0, 0x80000000, 0x4, 0x4, 0x8, 0x8, 0x2922003e, 0x0, 0xffffffff, 0x0, 0x8001, 0x80, 0x3, 0x5, 0x8, 0xffffffff, 0xf66e, 0x40, 0x4, 0x1, 0x8001, 0x0, 0x4, 0x5, 0xaa3, 0x0, 0x343d008d, 0x6, 0x101, 0x0, 0xc, 0x7, 0x24, 0x5, 0x9, 0x2, 0x2, 0x3, 0x1, 0xa4, 0x3ff, 0xffffffff, 0x3ff, 0x7, 0xb424, 0x7, 0x3, 0x4, 0x3, 0x3, 0x7, 0x9de2, 0xb, 0xd, 0x4, 0x5, 0x0, 0x6, 0xcf, 0x1, 0x4, 0x13, 0x2, 0x656, 0xfffffffa, 0x401, 0x8000, 0x8, 0x5, 0x9d29, 0x1, 0x0, 0x7, 0x28b341a2, 0x4, 0x4, 0x5, 0xfffffff5, 0x7, 0x7, 0x3, 0x3, 0x6, 0x10001, 0x7ff, 0x8000, 0x2, 0x788c, 0x200, 0x3ff, 0x8, 0x463, 0x80000001, 0x5, 0x4, 0x3ff, 0xa, 0x44, 0x30, 0x6, 0x0, 0x0, 0x2, 0xfffff368, 0x0, 0x5, 0x1, 0xeb90, 0x80000000, 0xfffffffc, 0x5, 0x1, 0x8001, 0x7, 0x9, 0x5, 0x3, 0x6, 0x8, 0x7, 0x80, 0xb, 0x4, 0x8, 0xfffffe01, 0x7ff, 0x5, 0x24000000, 0x3, 0x2, 0x4, 0xc0f8, 0x40, 0xfffffffe, 0x2, 0x40, 0x4, 0xffffffff, 0xe, 0x800, 0x3, 0x9, 0x5, 0x1, 0xa8c, 0x9, 0x1, 0x8, 0x2, 0x4, 0x9, 0x7, 0x9, 0x5, 0x7, 0xfffffffe, 0x80000001, 0x6, 0x6, 0xfffffffc, 0x4, 0x1, 0x6, 0x9, 0x7f, 0xd7f, 0x4, 0xf, 0x6, 0x6, 0x7, 0x7fffffff, 0xf]}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x1}, 0x800) kernel console output (not intermixed with test programs): 2 : does not exist [ 178.832151][ T5923] usb 2-1: USB disconnect, device number 9 [ 179.279369][ T5921] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 179.367007][ T5843] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 179.381189][ T5843] usb 3-1: 5:0: failed to get current value for ch 1 (-22) [ 179.429117][ T5843] usb 3-1: 5:0: cannot get min/max values for control 3 (id 5) [ 179.438775][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 179.458875][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 179.458912][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.546375][ T5843] usb 3-1: USB disconnect, device number 12 [ 179.597568][ T89] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 179.618353][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400 [ 179.618375][ T5921] pvrusb2: ********** [ 179.618382][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 179.618393][ T5921] pvrusb2: Important functionality might not be entirely working. [ 179.618401][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 179.618412][ T5921] pvrusb2: ********** [ 179.826676][ T2364] pvrusb2: Invalid write control endpoint [ 179.964587][ T6249] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 180.068441][ T6746] pvrusb2: Invalid write control endpoint [ 180.080287][ T5694] usb 1-1: USB disconnect, device number 10 [ 180.263431][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 180.289333][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 180.309306][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 180.351016][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 180.351841][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 180.464910][ T2364] pvrusb2: Invalid write control endpoint [ 180.464927][ T2364] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 180.464935][ T2364] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 180.464943][ T2364] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 180.464951][ T2364] pvrusb2: Device being rendered inoperable [ 180.477430][ T2364] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 180.486710][ T2364] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 180.504486][ T2364] pvrusb2: Attached sub-driver cx25840 [ 180.504515][ T2364] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 180.504524][ T2364] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 180.693987][ T89] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.492486][ T6778] program syz.0.269 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 181.657791][ T89] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.915879][ T6787] program syz.1.272 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 182.053445][ T89] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.413574][ T5837] Bluetooth: hci1: command tx timeout [ 183.697722][ T6249] veth0_vlan: entered promiscuous mode [ 183.819879][ T5923] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 184.037979][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 184.441674][ T5923] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 184.441704][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.488750][ T5837] Bluetooth: hci1: command tx timeout [ 184.490931][ T5923] usb 2-1: config 0 descriptor?? [ 184.848853][ T5694] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 184.934061][ T89] bridge_slave_1: left allmulticast mode [ 184.934149][ T89] bridge_slave_1: left promiscuous mode [ 184.941530][ T89] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.001588][ T5694] usb 3-1: Using ep0 maxpacket: 16 [ 185.006707][ T5694] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 185.006739][ T5694] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.006761][ T5694] usb 3-1: config 0 interface 0 has no altsetting 0 [ 185.006796][ T5694] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 185.006819][ T5694] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.077031][ T5694] usb 3-1: config 0 descriptor?? [ 185.120650][ T89] bridge_slave_0: left allmulticast mode [ 185.120681][ T89] bridge_slave_0: left promiscuous mode [ 185.122504][ T89] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.329414][ T5923] usb 2-1: Cannot set autoneg [ 185.329954][ T5923] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 185.358540][ T5923] usb 2-1: USB disconnect, device number 10 [ 185.621947][ T5694] apple 0003:05AC:0247.0005: fixing up Magic Keyboard JIS report descriptor [ 185.623343][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623379][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623404][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623428][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623451][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623472][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623497][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623519][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623543][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.623566][ T5694] apple 0003:05AC:0247.0005: unknown main item tag 0x0 [ 185.713218][ T5694] apple 0003:05AC:0247.0005: unexpected long global item [ 185.714073][ T5694] apple 0003:05AC:0247.0005: parse failed [ 185.714177][ T5694] apple 0003:05AC:0247.0005: probe with driver apple failed with error -22 [ 185.847677][ T5694] usb 3-1: USB disconnect, device number 13 [ 186.246211][ T5851] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 186.261155][ T5851] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 186.262582][ T5851] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 186.263734][ T5851] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 186.264499][ T5851] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 186.569107][ T5837] Bluetooth: hci1: command tx timeout [ 186.798842][ T5982] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 186.948813][ T5982] usb 2-1: Using ep0 maxpacket: 32 [ 186.957657][ T5982] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 186.957682][ T5982] usb 2-1: config 0 has no interface number 0 [ 186.957736][ T5982] usb 2-1: config 0 interface 12 has no altsetting 0 [ 186.988124][ T5982] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 186.988151][ T5982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.988168][ T5982] usb 2-1: Product: syz [ 186.988175][ T5982] usb 2-1: Manufacturer: syz [ 186.988182][ T5982] usb 2-1: SerialNumber: syz [ 187.025444][ T5982] usb 2-1: config 0 descriptor?? [ 187.876347][ T5982] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71 [ 187.876392][ T5982] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 187.876401][ T5982] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 187.876456][ T5982] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 187.895450][ T5982] usb 2-1: USB disconnect, device number 11 [ 188.229314][ T89] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.294664][ T89] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.313860][ T89] bond0 (unregistering): Released all slaves [ 188.328885][ T5837] Bluetooth: hci5: command tx timeout [ 188.353557][ T6249] veth1_vlan: entered promiscuous mode [ 188.449351][ T6754] chnl_net:caif_netlink_parms(): no params data found [ 188.578133][ T6845] binder: 6844:6845 ioctl c0306201 200000000100 returned -14 [ 188.648901][ T5837] Bluetooth: hci1: command tx timeout [ 188.747920][ C0] vkms_vblank_simulate: vblank timer overrun [ 188.895637][ C0] vkms_vblank_simulate: vblank timer overrun [ 189.156650][ C0] vkms_vblank_simulate: vblank timer overrun [ 189.474369][ C0] vkms_vblank_simulate: vblank timer overrun [ 189.957992][ T6857] syz.1.295 (6857) used greatest stack depth: 16696 bytes left [ 190.131421][ C0] vkms_vblank_simulate: vblank timer overrun [ 190.182986][ T6867] loop7: detected capacity change from 0 to 7 [ 190.242273][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.278740][ T5894] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 190.321715][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.321940][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 190.335955][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.335990][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 190.339629][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.339659][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 190.351437][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.351470][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 190.373960][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 190.373992][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 190.408883][ T5837] Bluetooth: hci5: command tx timeout [ 190.435333][ T5894] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 190.435369][ T5894] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 190.435410][ T5894] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 190.435432][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.459934][ T6860] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 190.481838][ T5894] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 190.560033][ T6874] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 190.852708][ T5894] usb 3-1: USB disconnect, device number 14 [ 192.232705][ T6754] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.232847][ T6754] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.233089][ T6754] bridge_slave_0: entered allmulticast mode [ 192.239747][ T6754] bridge_slave_0: entered promiscuous mode [ 192.276749][ T6754] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.276995][ T6754] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.277217][ T6754] bridge_slave_1: entered allmulticast mode [ 192.285323][ T6754] bridge_slave_1: entered promiscuous mode [ 192.439355][ T89] hsr_slave_0: left promiscuous mode [ 192.478787][ T89] hsr_slave_1: left promiscuous mode [ 192.482583][ T89] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 192.482615][ T89] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 192.499034][ T5837] Bluetooth: hci5: command tx timeout [ 192.514336][ T6888] syz.1.309 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 192.515131][ T89] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 192.515162][ T89] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.657894][ T89] veth1_macvtap: left promiscuous mode [ 192.658020][ T89] veth0_macvtap: left promiscuous mode [ 192.658317][ T89] veth1_vlan: left promiscuous mode [ 192.658542][ T89] veth0_vlan: left promiscuous mode [ 194.415063][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.415142][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.529184][ C0] vkms_vblank_simulate: vblank timer overrun [ 194.568907][ T5837] Bluetooth: hci5: command tx timeout [ 195.828872][ T5843] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 195.986713][ T5843] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 195.986743][ T5843] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.986763][ T5843] usb 2-1: Product: syz [ 195.986776][ T5843] usb 2-1: Manufacturer: syz [ 195.986790][ T5843] usb 2-1: SerialNumber: syz [ 196.022570][ T5843] usb 2-1: config 0 descriptor?? [ 196.099688][ T89] team0 (unregistering): Port device team_slave_1 removed [ 196.233511][ T5843] usb 2-1: ignoring: probably an ADSL modem [ 196.383799][ T89] team0 (unregistering): Port device team_slave_0 removed [ 196.655723][ T5843] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 196.866094][ T5694] usb 2-1: USB disconnect, device number 12 [ 197.718929][ T5982] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 197.880786][ T5982] usb 2-1: config 0 has no interfaces? [ 197.880824][ T5982] usb 2-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00 [ 197.880846][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.918808][ T5982] usb 2-1: config 0 descriptor?? [ 198.137862][ T6928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 198.138419][ T6928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 198.158477][ T5921] usb 2-1: USB disconnect, device number 13 [ 198.648689][ T5921] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 198.798730][ T5921] usb 2-1: Using ep0 maxpacket: 8 [ 198.803532][ T5921] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 198.803558][ T5921] usb 2-1: config 0 has no interface number 0 [ 198.803608][ T5921] usb 2-1: config 0 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 198.803629][ T5921] usb 2-1: config 0 interface 1 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 0 [ 198.803652][ T5921] usb 2-1: config 0 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 198.803672][ T5921] usb 2-1: config 0 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 198.803694][ T5921] usb 2-1: config 0 interface 1 has no altsetting 0 [ 198.803727][ T5921] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 198.803750][ T5921] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.816299][ T5921] usb 2-1: config 0 descriptor?? [ 199.043437][ T5921] usb 2-1: USB disconnect, device number 14 [ 199.147611][ T6754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.172637][ T6754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.480339][ T6754] team0: Port device team_slave_0 added [ 199.495291][ T6754] team0: Port device team_slave_1 added [ 200.172571][ T37] kauditd_printk_skb: 3 callbacks suppressed [ 200.172588][ T37] audit: type=1326 audit(1758549241.878:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6950 comm="syz.1.328" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fee4b49eec9 code=0x0 [ 200.235305][ T6754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.235319][ T6754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.235343][ T6754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.307445][ T6754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.307460][ T6754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.307484][ T6754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.022927][ T6754] hsr_slave_0: entered promiscuous mode [ 201.024242][ T6754] hsr_slave_1: entered promiscuous mode [ 201.026411][ T6754] debugfs: 'hsr0' already exists in 'hsr' [ 201.026435][ T6754] Cannot create hsr debugfs directory [ 201.095407][ T6833] chnl_net:caif_netlink_parms(): no params data found [ 202.118700][ T6985] netlink: 'syz.1.336': attribute type 1 has an invalid length. [ 202.118723][ T6985] netlink: 'syz.1.336': attribute type 1 has an invalid length. [ 202.118736][ T6985] netlink: 216 bytes leftover after parsing attributes in process `syz.1.336'. [ 202.292240][ T6989] loop6: detected capacity change from 0 to 524288000 [ 202.422536][ T6992] loop6: detected capacity change from 524288000 to 0 [ 202.467168][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 202.467206][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 202.467343][ T6989] loop6: unable to read partition table [ 202.467584][ T6989] loop6: partition table beyond EOD, truncated [ 202.467617][ T6989] loop_reread_partitions: partition scan of loop6 (‰u0Av°Ë ) failed (rc=-5) [ 202.918932][ T5982] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 203.078743][ T5982] usb 1-1: Using ep0 maxpacket: 32 [ 203.112304][ T5982] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 203.112334][ T5982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.112350][ T5982] usb 1-1: Product: syz [ 203.112362][ T5982] usb 1-1: Manufacturer: syz [ 203.112375][ T5982] usb 1-1: SerialNumber: syz [ 203.117859][ T5982] usb 1-1: config 0 descriptor?? [ 203.335774][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.562185][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.672838][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.860051][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.889768][ C0] vkms_vblank_simulate: vblank timer overrun [ 204.928756][ T5982] peak_usb 1-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels) [ 204.928802][ T5982] peak_usb 1-1:0.0 can0: sending command failure: -22 [ 204.928869][ T5982] peak_usb 1-1:0.0 can0: sending command failure: -22 [ 205.640638][ C0] vkms_vblank_simulate: vblank timer overrun [ 205.680404][ T6833] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.680560][ T6833] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.680761][ T6833] bridge_slave_0: entered allmulticast mode [ 205.683883][ T6833] bridge_slave_0: entered promiscuous mode [ 205.736931][ T5982] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22 [ 205.788942][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.533287][ C0] vkms_vblank_simulate: vblank timer overrun [ 206.569105][ T5982] usb 1-1: USB disconnect, device number 11 [ 206.886739][ T6833] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.886929][ T6833] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.887058][ T6833] bridge_slave_1: entered allmulticast mode [ 206.891716][ T6833] bridge_slave_1: entered promiscuous mode [ 206.910881][ T7047] tap0: tun_chr_ioctl cmd 1074025673 [ 207.127017][ T37] audit: type=1326 audit(1758549248.838:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190202eec9 code=0x7ffc0000 [ 207.127453][ T37] audit: type=1326 audit(1758549248.838:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.127953][ T37] audit: type=1326 audit(1758549248.838:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.128225][ T37] audit: type=1326 audit(1758549248.838:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190202eec9 code=0x7ffc0000 [ 207.130625][ T37] audit: type=1326 audit(1758549248.838:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f190202eec9 code=0x7ffc0000 [ 207.131073][ T37] audit: type=1326 audit(1758549248.848:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.131594][ T37] audit: type=1326 audit(1758549248.848:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.131980][ T37] audit: type=1326 audit(1758549248.848:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.132496][ T37] audit: type=1326 audit(1758549248.848:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.133815][ T37] audit: type=1326 audit(1758549248.848:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7052 comm="syz.0.357" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1901fcaf79 code=0x7ffc0000 [ 207.172627][ T7051] tap0: tun_chr_ioctl cmd 2147767506 [ 207.811711][ T5894] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 207.928460][ T6833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.978082][ T5894] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 207.978111][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.038470][ T5894] usb 1-1: config 0 descriptor?? [ 208.052725][ T5894] cp210x 1-1:0.0: cp210x converter detected [ 208.237795][ T7064] program syz.1.362 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 208.489433][ T5894] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 208.520042][ T5894] usb 1-1: cp210x converter now attached to ttyUSB0 [ 208.521510][ T6833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.721002][ T5982] usb 1-1: USB disconnect, device number 12 [ 208.737607][ T5982] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 208.829056][ T5694] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 208.849228][ T5982] cp210x 1-1:0.0: device disconnected [ 208.978888][ T5694] usb 2-1: Using ep0 maxpacket: 8 [ 209.001492][ T5694] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 209.001523][ T5694] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 209.001548][ T5694] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024 [ 209.001574][ T5694] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 209.001597][ T5694] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 209.001639][ T5694] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 209.001661][ T5694] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.013076][ T6833] team0: Port device team_slave_0 added [ 209.082643][ T6833] team0: Port device team_slave_1 added [ 209.287685][ T5694] usb 2-1: GET_CAPABILITIES returned 0 [ 209.287734][ T5694] usbtmc 2-1:16.0: can't read capabilities [ 210.070523][ T5982] usb 2-1: USB disconnect, device number 15 [ 210.372000][ T6833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.372016][ T6833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.372039][ T6833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.517488][ T6833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.517503][ T6833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.517527][ T6833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 212.008970][ T5844] Bluetooth: hci3: command 0x0406 tx timeout [ 212.088908][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 212.339030][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 212.542171][ T5894] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 212.913272][ T5894] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 212.913297][ T5894] usb 3-1: config 0 has no interface number 0 [ 212.915728][ T5894] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 212.915754][ T5894] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.915773][ T5894] usb 3-1: Product: syz [ 212.915787][ T5894] usb 3-1: Manufacturer: syz [ 212.915800][ T5894] usb 3-1: SerialNumber: syz [ 212.997559][ T5894] usb 3-1: config 0 descriptor?? [ 213.084357][ T7118] block nbd0: NBD_DISCONNECT [ 213.213291][ T5894] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 213.218505][ T5894] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 213.248172][ T5894] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 213.248229][ T5894] usb 3-1: media controller created [ 213.285820][ T5894] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 213.340891][ T89] bridge_slave_1: left allmulticast mode [ 213.340920][ T89] bridge_slave_1: left promiscuous mode [ 213.341130][ T89] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.425826][ T89] bridge_slave_0: left allmulticast mode [ 213.425859][ T89] bridge_slave_0: left promiscuous mode [ 213.426161][ T89] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.592799][ T5894] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 215.709266][ T5894] usb 3-1: USB disconnect, device number 15 [ 215.983475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 216.618739][ T5908] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 216.783087][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.783129][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.783168][ T5908] usb 1-1: New USB device found, idVendor=046d, idProduct=c262, bcdDevice= 0.00 [ 216.783190][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.846727][ T5908] usb 1-1: config 0 descriptor?? [ 217.291948][ T5908] logitech-hidpp-device 0003:046D:C262.0006: item fetching failed at offset 0/3 [ 217.292790][ T5908] logitech-hidpp-device 0003:046D:C262.0006: hidpp_probe:parse failed [ 217.292895][ T5908] logitech-hidpp-device 0003:046D:C262.0006: probe with driver logitech-hidpp-device failed with error -22 [ 217.454382][ T89] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 217.490724][ T5894] usb 1-1: USB disconnect, device number 13 [ 217.559957][ T89] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 217.584275][ T89] bond0 (unregistering): Released all slaves [ 217.647399][ T6833] hsr_slave_0: entered promiscuous mode [ 217.648240][ T6833] hsr_slave_1: entered promiscuous mode [ 217.651876][ T6833] debugfs: 'hsr0' already exists in 'hsr' [ 217.651901][ T6833] Cannot create hsr debugfs directory [ 218.160157][ T5153] Bluetooth: hci3: unexpected subevent 0x01 length: 37 > 18 [ 218.160735][ T5153] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 218.160784][ T5153] CPU: 0 UID: 0 PID: 5153 Comm: kworker/u9:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 218.160808][ T5153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 218.160821][ T5153] Workqueue: hci3 hci_rx_work [ 218.160863][ T5153] Call Trace: [ 218.160871][ T5153] [ 218.160880][ T5153] dump_stack_lvl+0x189/0x250 [ 218.160915][ T5153] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.160945][ T5153] ? __pfx__printk+0x10/0x10 [ 218.160972][ T5153] ? kernfs_path_from_node+0x2c/0x280 [ 218.160993][ T5153] ? kernfs_path_from_node+0x243/0x280 [ 218.161011][ T5153] ? kernfs_path_from_node+0x2c/0x280 [ 218.161034][ T5153] sysfs_create_dir_ns+0x259/0x280 [ 218.161053][ T5153] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 218.161080][ T5153] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 218.161100][ T5153] ? rt_spin_unlock+0x65/0x80 [ 218.161130][ T5153] kobject_add_internal+0x5a5/0xb50 [ 218.161160][ T5153] kobject_add+0x155/0x220 [ 218.161187][ T5153] ? __pfx_kobject_add+0x10/0x10 [ 218.161216][ T5153] ? get_device_parent+0x370/0x3a0 [ 218.161241][ T5153] device_add+0x408/0xb50 [ 218.161269][ T5153] hci_conn_add_sysfs+0xd5/0x1e0 [ 218.161295][ T5153] le_conn_complete_evt+0xc3a/0x1220 [ 218.161337][ T5153] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 218.161365][ T5153] ? __pfx_bt_warn+0x10/0x10 [ 218.161386][ T5153] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 218.161415][ T5153] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.161448][ T5153] ? skb_pull_data+0xfb/0x200 [ 218.161477][ T5153] hci_le_conn_complete_evt+0x187/0x450 [ 218.161513][ T5153] hci_event_packet+0x78f/0x1200 [ 218.161540][ T5153] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 218.161570][ T5153] ? __pfx_hci_event_packet+0x10/0x10 [ 218.161593][ T5153] ? __pfx_migrate_enable+0x10/0x10 [ 218.161627][ T5153] ? hci_send_to_monitor+0xe2/0x570 [ 218.161660][ T5153] hci_rx_work+0x46a/0xe80 [ 218.161694][ T5153] ? process_scheduled_works+0x9ef/0x17b0 [ 218.161720][ T5153] process_scheduled_works+0xade/0x17b0 [ 218.161777][ T5153] ? __pfx_process_scheduled_works+0x10/0x10 [ 218.161820][ T5153] worker_thread+0x8a0/0xda0 [ 218.161853][ T5153] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 218.161892][ T5153] ? __kthread_parkme+0x7b/0x200 [ 218.161929][ T5153] kthread+0x70e/0x8a0 [ 218.161962][ T5153] ? __pfx_worker_thread+0x10/0x10 [ 218.161986][ T5153] ? __pfx_kthread+0x10/0x10 [ 218.162022][ T5153] ? __pfx_kthread+0x10/0x10 [ 218.162051][ T5153] ret_from_fork+0x436/0x7d0 [ 218.162079][ T5153] ? __pfx_ret_from_fork+0x10/0x10 [ 218.162111][ T5153] ? __switch_to_asm+0x39/0x70 [ 218.162128][ T5153] ? __switch_to_asm+0x33/0x70 [ 218.162146][ T5153] ? __pfx_kthread+0x10/0x10 [ 218.162176][ T5153] ret_from_fork_asm+0x1a/0x30 [ 218.162212][ T5153] [ 218.164867][ T5153] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 218.164915][ T5153] Bluetooth: hci3: failed to register connection device [ 219.574677][ T89] hsr_slave_0: left promiscuous mode [ 219.612286][ T89] hsr_slave_1: left promiscuous mode [ 219.613302][ T89] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 219.618793][ T5894] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 219.675507][ T89] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 219.768748][ T5894] usb 1-1: Using ep0 maxpacket: 32 [ 219.771259][ T5894] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 219.771287][ T5894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.805328][ T5894] usb 1-1: config 0 descriptor?? [ 219.814247][ T89] veth1_vlan: left promiscuous mode [ 219.815268][ T89] veth0_vlan: left promiscuous mode [ 220.041990][ T5894] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 220.058138][ T5894] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 220.076464][ T5894] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 220.076523][ T5894] usb 1-1: media controller created [ 220.136138][ T5894] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 220.243926][ T5894] az6027: usb out operation failed. (-71) [ 220.244339][ T5894] az6027: usb out operation failed. (-71) [ 220.244352][ T5894] stb0899_attach: Driver disabled by Kconfig [ 220.244361][ T5894] az6027: no front-end attached [ 220.244361][ T5894] [ 220.245289][ T5894] az6027: usb out operation failed. (-71) [ 220.245306][ T5894] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 220.313941][ T5894] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input17 [ 220.319271][ T5894] dvb-usb: schedule remote query interval to 400 msecs. [ 220.319292][ T5894] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 220.329228][ T5894] usb 1-1: USB disconnect, device number 14 [ 220.549944][ T5894] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 222.039757][ T89] team0 (unregistering): Port device team_slave_1 removed [ 222.239550][ T89] team0 (unregistering): Port device team_slave_0 removed [ 224.512115][ T7189] netlink: 136 bytes leftover after parsing attributes in process `syz.1.410'. [ 224.512139][ T7189] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 225.118687][ T5894] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 225.211972][ T7208] pimreg: tun_chr_ioctl cmd 1074025677 [ 225.212125][ T7208] pimreg: linktype set to 6 [ 225.271523][ T5894] usb 3-1: Using ep0 maxpacket: 16 [ 225.273684][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.273714][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 225.273755][ T5894] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 225.273777][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.286068][ T5894] usb 3-1: config 0 descriptor?? [ 225.466462][ T6754] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 225.532498][ T5894] usbhid 3-1:0.0: can't add hid device: -71 [ 225.532636][ T5894] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 225.616405][ T5894] usb 3-1: USB disconnect, device number 16 [ 225.630537][ T6754] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 225.781434][ T6754] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 225.957865][ T6754] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 226.229671][ T5921] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 226.380016][ T5921] usb 1-1: Using ep0 maxpacket: 32 [ 226.383415][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.383445][ T5921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.383480][ T5921] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 226.383501][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.409045][ T5921] usb 1-1: config 0 descriptor?? [ 226.833651][ T5921] hid_parser_main: 825 callbacks suppressed [ 226.833675][ T5921] ft260 0003:0403:6030.0007: unknown main item tag 0x7 [ 226.889055][ T5982] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 227.020098][ T5921] ft260 0003:0403:6030.0007: chip code: 6424 8183 [ 227.038818][ T5982] usb 2-1: Using ep0 maxpacket: 8 [ 227.041187][ T5982] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 227.041242][ T5982] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 227.041263][ T5982] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 227.041286][ T5982] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 227.041306][ T5982] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.041344][ T5982] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 227.041362][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.222889][ T5921] ft260 0003:0403:6030.0007: failed to retrieve system status [ 227.223267][ T5921] ft260 0003:0403:6030.0007: probe with driver ft260 failed with error -71 [ 227.259160][ T5921] usb 1-1: USB disconnect, device number 15 [ 227.340667][ T5982] usb 2-1: GET_CAPABILITIES returned 0 [ 227.340714][ T5982] usbtmc 2-1:16.0: can't read capabilities [ 227.602857][ T6754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.624972][ T7244] usbtmc 2-1:16.0: usb_control_msg returned -71 [ 227.626006][ T49] usb 2-1: USB disconnect, device number 16 [ 227.745935][ T6754] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.800157][ T4485] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.800306][ T4485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.835743][ T4485] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.840805][ T4485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.298174][ T6754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 228.381686][ T6833] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 228.496431][ T7265] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 228.519359][ T6833] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 228.650773][ T6833] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 228.771408][ T6833] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 228.964014][ T7279] /dev/nullb0: Can't open blockdev [ 229.542581][ T6754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.635623][ T6833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.760916][ T6833] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.790945][ T4485] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.791128][ T4485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.851277][ T4485] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.851529][ T4485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.079712][ T7304] Illegal XDP return value 4294967274 on prog (id 31) dev syz_tun, expect packet loss! [ 230.605542][ T7312] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input18 [ 230.778287][ T5982] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 230.931411][ T5982] usb 2-1: config 0 has no interfaces? [ 230.980523][ T5982] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 230.980552][ T5982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.980570][ T5982] usb 2-1: Product: syz [ 230.980583][ T5982] usb 2-1: Manufacturer: syz [ 230.980597][ T5982] usb 2-1: SerialNumber: syz [ 231.021609][ T5982] usb 2-1: config 0 descriptor?? [ 232.223127][ T5921] usb 2-1: USB disconnect, device number 17 [ 232.241277][ T7334] netlink: 4 bytes leftover after parsing attributes in process `syz.2.439'. [ 232.416523][ T7334] gretap0: entered promiscuous mode [ 232.416640][ T7334] macsec1: entered promiscuous mode [ 232.416831][ T7334] macsec1: entered allmulticast mode [ 232.416845][ T7334] gretap0: entered allmulticast mode [ 232.490353][ T7334] gretap0: left allmulticast mode [ 232.490778][ T7334] gretap0: left promiscuous mode [ 232.901056][ T6754] veth0_vlan: entered promiscuous mode [ 232.920775][ T6833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.979652][ T6754] veth1_vlan: entered promiscuous mode [ 233.193158][ T6754] veth0_macvtap: entered promiscuous mode [ 233.198366][ T6754] veth1_macvtap: entered promiscuous mode [ 233.677020][ T6754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.783736][ T6754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.966553][ T1150] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.966636][ T1150] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.966688][ T1150] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.966722][ T1150] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.043968][ T6285] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.043987][ T6285] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.233111][ T6833] veth0_vlan: entered promiscuous mode [ 236.275012][ T7398] netlink: 64 bytes leftover after parsing attributes in process `syz.2.452'. [ 236.320652][ T89] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 236.320679][ T89] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 236.340030][ T6833] veth1_vlan: entered promiscuous mode [ 236.605795][ T6833] veth0_macvtap: entered promiscuous mode [ 236.642097][ T6833] veth1_macvtap: entered promiscuous mode [ 236.821818][ T6833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 236.893497][ T6833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 236.965161][ T43] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.965398][ T43] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.965618][ T43] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 236.965655][ T43] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.162252][ T7408] netlink: 'syz.2.455': attribute type 29 has an invalid length. [ 237.162272][ T7408] netlink: 24 bytes leftover after parsing attributes in process `syz.2.455'. [ 238.201601][ T83] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.201621][ T83] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.529667][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.529686][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 239.824962][ T7457] Zero length message leads to an empty skb [ 239.981713][ T7464] hub 1-0:1.0: USB hub found [ 239.982216][ T7464] hub 1-0:1.0: 1 port detected [ 240.467772][ T7485] syz.2.475 uses obsolete (PF_INET,SOCK_PACKET) [ 242.573048][ T5844] Bluetooth: hci4: command 0x0406 tx timeout [ 242.980189][ T7510] syzkaller1: entered promiscuous mode [ 242.980248][ T7510] syzkaller1: entered allmulticast mode [ 245.554748][ T7570] netlink: 36 bytes leftover after parsing attributes in process `syz.2.502'. [ 249.884877][ T5843] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 250.349026][ T5843] usb 6-1: Using ep0 maxpacket: 8 [ 250.463920][ T5843] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 250.463954][ T5843] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 250.463979][ T5843] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 250.464002][ T5843] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.464045][ T5843] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 250.464067][ T5843] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.803432][ T5843] usb 6-1: GET_CAPABILITIES returned 0 [ 250.803481][ T5843] usbtmc 6-1:16.0: can't read capabilities [ 251.058678][ T5843] usb 6-1: USB disconnect, device number 2 [ 251.389062][ T7648] capability: warning: `syz.1.521' uses 32-bit capabilities (legacy support in use) [ 252.525501][ T7659] netlink: 8 bytes leftover after parsing attributes in process `syz.1.527'. [ 255.018712][ T5923] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 255.175266][ T5923] usb 1-1: Using ep0 maxpacket: 32 [ 255.187096][ T5923] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 255.187126][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.216739][ T5923] usb 1-1: config 0 descriptor?? [ 255.223357][ T5923] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 255.308743][ T5894] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 255.951492][ T5923] gspca_nw80x: reg_r err -110 [ 255.951649][ T5923] nw80x 1-1:0.0: probe with driver nw80x failed with error -110 [ 255.971838][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.971907][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.995380][ T5894] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.995411][ T5894] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.995448][ T5894] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 255.995467][ T5894] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.049105][ T5894] usb 6-1: config 0 descriptor?? [ 256.284415][ T5894] usbhid 6-1:0.0: can't add hid device: -71 [ 256.284540][ T5894] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 256.310815][ T5894] usb 6-1: USB disconnect, device number 3 [ 258.067527][ T5923] usb 1-1: USB disconnect, device number 16 [ 258.188696][ T5894] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 259.567155][ T5843] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 259.677687][ T37] kauditd_printk_skb: 144 callbacks suppressed [ 259.677703][ T37] audit: type=1326 audit(1758549301.388:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee4b495d67 code=0x7ffc0000 [ 259.677747][ T37] audit: type=1326 audit(1758549301.388:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee4b43af79 code=0x7ffc0000 [ 259.721327][ T5843] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 259.721386][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.730414][ T37] audit: type=1326 audit(1758549301.438:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee4b495d67 code=0x7ffc0000 [ 259.730470][ T37] audit: type=1326 audit(1758549301.438:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee4b43af79 code=0x7ffc0000 [ 259.731109][ T5843] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 259.731135][ T5843] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 259.731152][ T5843] usb 3-1: Manufacturer: syz [ 259.751941][ T37] audit: type=1326 audit(1758549301.448:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee4b495d67 code=0x7ffc0000 [ 259.752003][ T37] audit: type=1326 audit(1758549301.458:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee4b43af79 code=0x7ffc0000 [ 259.752046][ T37] audit: type=1326 audit(1758549301.458:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee4b495d67 code=0x7ffc0000 [ 259.752084][ T37] audit: type=1326 audit(1758549301.458:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee4b43af79 code=0x7ffc0000 [ 259.752123][ T37] audit: type=1326 audit(1758549301.458:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fee4b495d67 code=0x7ffc0000 [ 259.752167][ T37] audit: type=1326 audit(1758549301.458:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7731 comm="syz.1.555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fee4b43af79 code=0x7ffc0000 [ 259.887800][ T5843] usb 3-1: config 0 descriptor?? [ 260.021771][ T5843] rc_core: IR keymap rc-hauppauge not found [ 260.021806][ T5843] Registered IR keymap rc-empty [ 260.043219][ T5843] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 260.109572][ T5843] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input19 [ 260.144942][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 260.259372][ T5908] usb 3-1: USB disconnect, device number 17 [ 263.915786][ T7793] syzkaller1: entered promiscuous mode [ 263.915821][ T7793] syzkaller1: entered allmulticast mode [ 264.178671][ T31] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 264.438672][ T31] usb 3-1: Using ep0 maxpacket: 8 [ 264.443134][ T31] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 114 [ 264.448174][ T31] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 264.448202][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.448223][ T31] usb 3-1: Product: syz [ 264.448237][ T31] usb 3-1: Manufacturer: syz [ 264.448252][ T31] usb 3-1: SerialNumber: syz [ 264.505636][ T7795] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 265.201826][ T31] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 265.501361][ T5894] usb 3-1: USB disconnect, device number 18 [ 265.544792][ T5894] usblp0: removed [ 266.613903][ T7851] netlink: 452 bytes leftover after parsing attributes in process `syz.4.591'. [ 267.095138][ T7864] netlink: 12 bytes leftover after parsing attributes in process `syz.5.598'. [ 267.609526][ T5908] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 267.781526][ T5908] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 267.781557][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.811702][ T5908] usb 6-1: config 0 descriptor?? [ 267.853331][ T5908] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 268.846311][ T5908] cpia1 6-1:0.0: unexpected state after lo power cmd: 00 [ 269.257077][ T5908] gspca_cpia1: usb_control_msg 02, error -32 [ 269.272013][ T5908] gspca_cpia1: usb_control_msg 02, error -71 [ 269.272034][ T5908] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0) [ 269.309033][ T5908] usb 6-1: USB disconnect, device number 5 [ 271.958839][ T5908] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 272.141670][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.141704][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.141725][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 272.141765][ T5908] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 272.141785][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.209524][ T5908] usb 3-1: config 0 descriptor?? [ 272.367971][ T7932] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 272.697362][ T5908] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 272.805427][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x1 [ 272.805462][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805486][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805512][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805536][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805594][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805619][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805643][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x2 [ 272.805668][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.805692][ T5908] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0 [ 272.904790][ T5908] hid-generic 0000:0000:0000.0009: hidraw1: HID v8.00 Device [syz0] on syz0 [ 273.903956][ T7942] IPVS: ovf: UDP 224.0.0.2:20004 - no destination available [ 273.988967][ T5908] IPVS: starting estimator thread 0... [ 274.079022][ T7956] IPVS: using max 7 ests per chain, 16800 per kthread [ 274.319226][ T49] usb 3-1: reset high-speed USB device number 19 using dummy_hcd [ 274.457617][ T7952] fido_id[7952]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 274.639317][ T5908] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 274.859566][ T5894] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 275.218763][ T5908] usb 1-1: Using ep0 maxpacket: 8 [ 275.221487][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 275.221536][ T5908] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 275.221560][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.285933][ T5908] usb 1-1: config 0 descriptor?? [ 275.451033][ T5894] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 275.451062][ T5894] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 275.451081][ T5894] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 275.451127][ T5894] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 275.451152][ T5894] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 275.453444][ T5894] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 275.453471][ T5894] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 275.453490][ T5894] usb 5-1: Product: syz [ 275.453501][ T5894] usb 5-1: Manufacturer: syz [ 275.477332][ T5843] usb 3-1: USB disconnect, device number 19 [ 275.511618][ T5894] cdc_wdm 5-1:1.0: skipping garbage [ 275.511637][ T5894] cdc_wdm 5-1:1.0: skipping garbage [ 275.534064][ T5894] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 275.534100][ T5894] cdc_wdm 5-1:1.0: Unknown control protocol [ 275.630043][ T5908] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1 [ 276.428401][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.428670][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.428943][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.428963][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.429198][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.429213][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.429447][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.429466][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.429705][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.429736][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.429971][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.429989][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.430216][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.430232][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.430464][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.430483][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.430592][ T5843] usb 5-1: USB disconnect, device number 9 [ 276.430709][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 276.430727][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 276.430743][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 276.558793][ T5694] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 276.718836][ T5694] usb 3-1: Using ep0 maxpacket: 16 [ 276.735528][ T5694] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 276.735562][ T5694] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.735602][ T5694] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 276.735624][ T5694] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.803884][ T5694] usb 3-1: config 0 descriptor?? [ 277.463683][ T5894] usb 1-1: USB disconnect, device number 17 [ 277.854134][ T5694] hid_parser_main: 27 callbacks suppressed [ 277.854158][ T5694] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 277.854189][ T5694] mcp2221 0003:04D8:00DD.000A: unknown main item tag 0x0 [ 277.854214][ T5694] mcp2221 0003:04D8:00DD.000A: item fetching failed at offset 2/5 [ 277.855073][ T5694] mcp2221 0003:04D8:00DD.000A: can't parse reports [ 277.855168][ T5694] mcp2221 0003:04D8:00DD.000A: probe with driver mcp2221 failed with error -22 [ 277.934429][ T5694] usb 3-1: USB disconnect, device number 20 [ 278.792559][ T5837] Bluetooth: hci4: unexpected cc 0x040d length: 63 > 7 [ 278.794752][ T5837] Bluetooth: hci4: unexpected event for opcode 0x040d [ 279.962328][ T8021] dummy0: entered promiscuous mode [ 279.968115][ T8021] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 280.010714][ T8021] hsr1: entered allmulticast mode [ 280.010737][ T8021] dummy0: entered allmulticast mode [ 280.010767][ T8021] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 280.249662][ T8032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 280.512615][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.4.665'. [ 281.085705][ T8042] netlink: 'syz.4.665': attribute type 1 has an invalid length. [ 281.085727][ T8042] netlink: 'syz.4.665': attribute type 2 has an invalid length. [ 281.176366][ T37] kauditd_printk_skb: 535 callbacks suppressed [ 281.176383][ T37] audit: type=1326 audit(1758549322.888:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8048 comm="syz.1.668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fee4b49eec9 code=0x0 [ 281.941990][ T8070] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.943997][ T8070] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.018405][ T8070] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.018745][ T8070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.021758][ T8070] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.021947][ T8070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.076430][ T8070] team0: Port device bridge0 added [ 282.234842][ T5982] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 282.642902][ T5982] usb 1-1: Using ep0 maxpacket: 16 [ 282.823956][ T5837] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 282.842522][ T5837] Bluetooth: hci4: Injecting HCI hardware error event [ 282.857980][ T5844] Bluetooth: hci4: hardware error 0x00 [ 282.870580][ T5982] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.870629][ T5982] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 282.870653][ T5982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.897355][ T5982] usb 1-1: config 0 descriptor?? [ 283.160533][ T5694] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 283.309182][ T5694] usb 3-1: Using ep0 maxpacket: 8 [ 283.314493][ T5694] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 283.314521][ T5694] usb 3-1: config 0 has no interface number 0 [ 283.315118][ T5694] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 283.315143][ T5694] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 283.315173][ T5694] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 283.315287][ T5694] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 283.315331][ T5694] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 283.315354][ T5694] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 283.552247][ T5694] usb 3-1: config 0 descriptor?? [ 283.569418][ T5982] mcp2221 0003:04D8:00DD.000B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 283.634680][ T5694] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 283.766851][ T5843] IPVS: starting estimator thread 0... [ 283.822979][ T5694] usb 3-1: USB disconnect, device number 21 [ 283.878780][ T8101] IPVS: using max 9 ests per chain, 21600 per kthread [ 283.906203][ T5694] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 284.075398][ T5982] usb 1-1: USB disconnect, device number 18 [ 284.421349][ T8109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.421744][ T8109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.478734][ T5694] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 284.831337][ T8121] input: syz1 as /devices/virtual/input/input20 [ 285.158667][ T5844] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 286.456104][ T8144] netlink: 'syz.2.707': attribute type 1 has an invalid length. [ 286.456126][ T8144] netlink: 'syz.2.707': attribute type 2 has an invalid length. [ 286.456139][ T8144] netlink: 'syz.2.707': attribute type 3 has an invalid length. [ 286.456151][ T8144] netlink: 208 bytes leftover after parsing attributes in process `syz.2.707'. [ 287.516898][ T8155] input: syz1 as /devices/virtual/input/input21 [ 287.537744][ T8153] process 'syz.4.712' launched './file1' with NULL argv: empty string added [ 287.638726][ T5694] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 287.739408][ T5982] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 287.918694][ T5694] usb 2-1: Using ep0 maxpacket: 16 [ 287.924723][ T5694] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 287.924755][ T5694] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.924775][ T5694] usb 2-1: Product: syz [ 287.924789][ T5694] usb 2-1: Manufacturer: syz [ 287.924803][ T5694] usb 2-1: SerialNumber: syz [ 287.938434][ T5694] usb 2-1: config 0 descriptor?? [ 287.943016][ T5694] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 287.944862][ T5694] usb 2-1: Detected FT232H [ 287.978662][ T5982] usb 6-1: Using ep0 maxpacket: 16 [ 288.014644][ T5982] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 288.014734][ T5982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.014754][ T5982] usb 6-1: Product: syz [ 288.014768][ T5982] usb 6-1: Manufacturer: syz [ 288.014783][ T5982] usb 6-1: SerialNumber: syz [ 288.111503][ T5982] usb 6-1: config 0 descriptor?? [ 288.593015][ T5694] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 288.970929][ T1231] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 289.019331][ T5694] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 289.118673][ T1231] usb 1-1: Using ep0 maxpacket: 16 [ 289.124246][ T1231] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 289.124306][ T1231] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 289.124403][ T1231] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 289.124426][ T1231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.185532][ T1231] usb 1-1: config 0 descriptor?? [ 289.186054][ T5982] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state. [ 289.209005][ T1231] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 289.212378][ T5982] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 289.213374][ T5982] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T) [ 289.213425][ T5982] usb 6-1: media controller created [ 289.230879][ T5843] usb 2-1: USB disconnect, device number 18 [ 289.285556][ T5982] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 289.545599][ T5844] Bluetooth: hci0: unknown advertising packet type: 0x64 [ 289.545638][ T5844] Bluetooth: hci0: Dropping invalid advertising data [ 289.545654][ T5844] Bluetooth: hci0: unknown advertising packet type: 0x41 [ 289.545668][ T5844] Bluetooth: hci0: Malformed LE Event: 0x02 [ 289.554160][ T5923] usb 1-1: USB disconnect, device number 19 [ 290.127011][ T5982] zl10353_read_register: readreg error (reg=127, ret==0) [ 290.127070][ T5982] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T' [ 290.127082][ T5982] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected. [ 290.187491][ T5982] usb 6-1: USB disconnect, device number 6 [ 290.258979][ T5843] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 290.259482][ T5843] ftdi_sio 2-1:0.0: device disconnected [ 290.293462][ T5982] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected. [ 291.734804][ T8206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.732'. [ 291.734840][ T8206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.732'. [ 291.747922][ T8206] bridge0: port 3(vlan2) entered blocking state [ 291.749936][ T8206] bridge0: port 3(vlan2) entered disabled state [ 291.750187][ T8206] vlan2: entered allmulticast mode [ 291.750202][ T8206] bridge0: entered allmulticast mode [ 291.778831][ T5694] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 291.836093][ T8206] vlan2: left allmulticast mode [ 291.836115][ T8206] bridge0: left allmulticast mode [ 291.918119][ T8211] loop8: detected capacity change from 0 to 8 [ 291.934848][ T8211] Dev loop8: unable to read RDB block 8 [ 291.934902][ T8211] loop8: unable to read partition table [ 291.935142][ T8211] loop8: partition table beyond EOD, truncated [ 291.935160][ T8211] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– ) failed (rc=-5) [ 291.940347][ T5694] usb 1-1: Using ep0 maxpacket: 16 [ 291.944632][ T5694] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.944664][ T5694] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 291.944685][ T5694] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 291.944726][ T5694] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 291.944747][ T5694] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.972825][ T5694] usb 1-1: config 0 descriptor?? [ 292.650800][ T5694] HID 045e:07da: Invalid code 65791 type 1 [ 292.660512][ T5694] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.000C/input/input22 [ 293.154767][ T5694] microsoft 0003:045E:07DA.000C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 293.990908][ T49] usb 1-1: USB disconnect, device number 20 [ 294.545937][ T8236] binder: 8235:8236 ioctl c0306201 2000000003c0 returned -14 [ 295.011416][ T5694] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 295.158671][ T5694] usb 5-1: Using ep0 maxpacket: 32 [ 295.163966][ T5694] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.163998][ T5694] usb 5-1: config 0 interface 0 has no altsetting 0 [ 295.167504][ T5694] usb 5-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 295.167534][ T5694] usb 5-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 295.167555][ T5694] usb 5-1: Product: syz [ 295.194747][ T5694] usb 5-1: config 0 descriptor?? [ 295.673705][ T5694] waterforce 0003:1044:7A4D.000D: unknown main item tag 0x0 [ 295.673742][ T5694] waterforce 0003:1044:7A4D.000D: unknown main item tag 0x0 [ 295.673769][ T5694] waterforce 0003:1044:7A4D.000D: unknown main item tag 0x0 [ 295.673794][ T5694] waterforce 0003:1044:7A4D.000D: unknown main item tag 0x0 [ 295.673816][ T5694] waterforce 0003:1044:7A4D.000D: unknown main item tag 0x0 [ 295.711624][ T5694] waterforce 0003:1044:7A4D.000D: hidraw0: USB HID v0.05 Device [syz] on usb-dummy_hcd.4-1/input0 [ 295.782181][ T5694] waterforce 0003:1044:7A4D.000D: fw version request failed with -38 [ 295.899509][ T5694] usb 5-1: USB disconnect, device number 11 [ 296.294752][ T49] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 296.509303][ T49] usb 3-1: Using ep0 maxpacket: 16 [ 296.581268][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.581354][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 296.581401][ T49] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 296.581738][ T49] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 296.581786][ T49] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.908200][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.112238][ C0] vkms_vblank_simulate: vblank timer overrun [ 297.148438][ T49] usb 3-1: config 0 descriptor?? [ 297.539003][ T5923] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 297.608261][ T8284] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 297.640506][ T49] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 297.640547][ T49] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 297.640574][ T49] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 297.640601][ T49] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 297.640628][ T49] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 297.691766][ T49] input: HID 0955:7214 Haptics as /devices/virtual/input/input23 [ 297.698774][ T5923] usb 1-1: Using ep0 maxpacket: 16 [ 297.700976][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.701005][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 297.701048][ T5923] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 297.701069][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.758060][ T5923] usb 1-1: config 0 descriptor?? [ 297.789184][ T5843] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 297.934737][ T49] shield 0003:0955:7214.000E: Registered Thunderstrike controller [ 297.935475][ T49] shield 0003:0955:7214.000E: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0 [ 297.959073][ T5843] usb 2-1: config 0 has no interfaces? [ 297.959111][ T5843] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 297.959135][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.972815][ T5843] usb 2-1: config 0 descriptor?? [ 298.005015][ T5894] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 298.017967][ T5894] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 298.037141][ T5894] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 298.039237][ T5894] shield 0003:0955:7214.000E: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 298.081141][ T49] usb 3-1: USB disconnect, device number 22 [ 298.196896][ T5923] HID 045e:07da: Invalid code 65791 type 1 [ 298.244866][ T8292] Bluetooth: hci0: invalid length 0, exp 2 for type 9 [ 298.304594][ T5923] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.000F/input/input24 [ 298.402139][ T5923] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 298.499904][ T31] usb 2-1: USB disconnect, device number 19 [ 298.628768][ T5923] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 298.779190][ T5923] usb 5-1: Using ep0 maxpacket: 32 [ 298.785347][ T5923] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 298.785366][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.785377][ T5923] usb 5-1: Product: syz [ 298.785443][ T5923] usb 5-1: Manufacturer: syz [ 298.785456][ T5923] usb 5-1: SerialNumber: syz [ 298.794427][ T5923] usb 5-1: config 0 descriptor?? [ 298.820005][ T5923] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 298.938817][ T1231] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 299.051192][ T5982] usb 1-1: USB disconnect, device number 21 [ 299.071280][ T49] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 299.098752][ T1231] usb 6-1: Using ep0 maxpacket: 16 [ 299.106563][ T1231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 299.106665][ T1231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 299.106704][ T1231] usb 6-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 299.106734][ T1231] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.120748][ T1231] usb 6-1: config 0 descriptor?? [ 299.238879][ T49] usb 3-1: Using ep0 maxpacket: 8 [ 299.248243][ T49] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 299.248487][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.254741][ T49] usb 3-1: Product: syz [ 299.254761][ T49] usb 3-1: Manufacturer: syz [ 299.254776][ T49] usb 3-1: SerialNumber: syz [ 299.296092][ T49] usb 3-1: config 0 descriptor?? [ 299.309898][ T49] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 300.011604][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.014275][ T1231] letsketch 0003:6161:4D15.0010: Device info: à° [ 300.034683][ T5923] gspca_topro: reg_w err -71 [ 300.058819][ T5923] gspca_topro: Sensor soi763a [ 300.354411][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.685113][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.731983][ T1231] letsketch 0003:6161:4D15.0010: Device info: 擃 [ 300.977757][ T1231] usb 6-1: Max retries (5) exceeded reading string descriptor 202 [ 300.984828][ T1231] letsketch 0003:6161:4D15.0010: probe with driver letsketch failed with error -71 [ 301.008080][ T1231] usb 6-1: USB disconnect, device number 7 [ 301.051569][ T5923] usb 5-1: USB disconnect, device number 12 [ 301.113817][ T49] gspca_sonixj: reg_w1 err -71 [ 301.159019][ T49] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 301.178863][ T49] usb 3-1: USB disconnect, device number 23 [ 301.202932][ T8320] binder: 8319:8320 ioctl c0306201 200000000080 returned -14 [ 301.472072][ T8323] netlink: 68 bytes leftover after parsing attributes in process `syz.0.777'. [ 302.088855][ T5837] Bluetooth: hci5: command 0x0405 tx timeout [ 302.545911][ T8343] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 302.989205][ T5923] usb 6-1: new low-speed USB device number 8 using dummy_hcd [ 303.143705][ T5923] usb 6-1: config 65 has an invalid interface number: 95 but max is 0 [ 303.143734][ T5923] usb 6-1: config 65 has no interface number 0 [ 303.163405][ T5923] usb 6-1: string descriptor 0 read error: -22 [ 303.163578][ T5923] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=6f.b6 [ 303.163602][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.202635][ T5923] usbtest 6-1:65.95: Linux gadget zero [ 303.202656][ T5923] usbtest 6-1:65.95: low-speed {control in/out} tests (+alt) [ 303.501191][ T5982] usb 6-1: USB disconnect, device number 8 [ 303.629001][ T1231] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 304.552449][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 304.583769][ T1231] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 304.583805][ T1231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 304.583830][ T1231] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 304.583857][ T1231] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 304.583900][ T1231] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 304.583921][ T1231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.682514][ T1231] usb 2-1: config 0 descriptor?? [ 304.683694][ T8376] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 305.113151][ T1231] plantronics 0003:047F:FFFF.0011: reserved main item tag 0xd [ 305.130043][ T1231] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 306.225466][ T49] usb 2-1: USB disconnect, device number 20 [ 306.451780][ T8403] netlink: 55 bytes leftover after parsing attributes in process `syz.0.808'. [ 306.947381][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.564602][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.677372][ T49] usb 6-1: new full-speed USB device number 9 using dummy_hcd [ 307.854338][ C0] vkms_vblank_simulate: vblank timer overrun [ 307.912469][ T5923] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 308.007084][ T8431] input: syz0 as /devices/virtual/input/input26 [ 308.012250][ T49] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 308.012285][ T49] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 308.012329][ T49] usb 6-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00 [ 308.012360][ T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.017512][ T49] usb 6-1: config 0 descriptor?? [ 308.018967][ T8413] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 308.074386][ T5923] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 308.074446][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 308.074526][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 308.074551][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 308.074573][ T5923] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 308.074615][ T5923] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 308.074687][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.137947][ T5923] usb 3-1: config 0 descriptor?? [ 308.563891][ T49] logitech 0003:046D:C298.0012: unknown main item tag 0x4 [ 308.563928][ T49] logitech 0003:046D:C298.0012: unknown main item tag 0x0 [ 308.564048][ T49] logitech 0003:046D:C298.0012: unknown main item tag 0x0 [ 308.564075][ T49] logitech 0003:046D:C298.0012: unbalanced collection at end of report description [ 308.567152][ T49] logitech 0003:046D:C298.0012: parse failed [ 308.567323][ T49] logitech 0003:046D:C298.0012: probe with driver logitech failed with error -22 [ 308.623329][ T5923] plantronics 0003:047F:FFFF.0013: reserved main item tag 0xd [ 308.729472][ T5923] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 308.763951][ T5923] usb 6-1: USB disconnect, device number 9 [ 309.009684][ T5894] usb 3-1: USB disconnect, device number 24 [ 311.052263][ T5153] Bluetooth: hci0: command 0x0406 tx timeout [ 311.067055][ T5694] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 311.076991][ T5694] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 311.730259][ T5908] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 311.953168][ C0] vkms_vblank_simulate: vblank timer overrun [ 312.184032][ C0] vkms_vblank_simulate: vblank timer overrun [ 312.284643][ T5908] usb 5-1: config 0 has an invalid interface number: 29 but max is 0 [ 312.284671][ T5908] usb 5-1: config 0 has no interface number 0 [ 312.284704][ T5908] usb 5-1: config 0 interface 29 has no altsetting 0 [ 312.293968][ T5908] usb 5-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 312.293997][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.294016][ T5908] usb 5-1: Product: syz [ 312.294030][ T5908] usb 5-1: Manufacturer: syz [ 312.294042][ T5908] usb 5-1: SerialNumber: syz [ 312.349444][ T5908] usb 5-1: config 0 descriptor?? [ 312.697768][ C0] vkms_vblank_simulate: vblank timer overrun [ 313.609074][ T5153] Bluetooth: hci3: command 0x0406 tx timeout [ 313.615165][ T5694] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 313.615192][ T5694] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 314.133412][ T5908] peak_usb 5-1:0.29 can0: unable to request usb[type=0 value=1] err=-71 [ 314.133445][ T5908] peak_usb 5-1:0.29: unable to read PCAN-USB X6 firmware info (err -71) [ 314.471182][ T5908] peak_usb 5-1:0.29: probe with driver peak_usb failed with error -71 [ 314.489628][ T5908] usb 5-1: USB disconnect, device number 13 [ 315.622142][ T8563] block nbd5: shutting down sockets [ 317.117808][ T8576] netlink: 256 bytes leftover after parsing attributes in process `syz.2.858'. [ 317.118180][ T8576] unsupported nlmsg_type 40 [ 317.295087][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.822454][ T8589] /dev/nullb0: Can't open blockdev [ 320.142533][ T8608] loop4: detected capacity change from 0 to 7 [ 320.170386][ T8608] Dev loop4: unable to read RDB block 7 [ 320.170453][ T8608] loop4: unable to read partition table [ 320.170687][ T8608] loop4: partition table beyond EOD, truncated [ 320.170705][ T8608] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 320.361784][ T8616] netlink: 16 bytes leftover after parsing attributes in process `syz.1.866'. [ 321.798361][ C0] vkms_vblank_simulate: vblank timer overrun [ 321.940749][ C0] vkms_vblank_simulate: vblank timer overrun [ 322.037069][ T5153] Bluetooth: hci1: command 0x0406 tx timeout [ 322.318951][ T5694] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 322.318973][ T5694] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 322.808887][ T5908] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 322.968663][ T5908] usb 2-1: Using ep0 maxpacket: 16 [ 322.973382][ T5908] usb 2-1: config 0 has an invalid interface number: 224 but max is 0 [ 322.973409][ T5908] usb 2-1: config 0 has no interface number 0 [ 322.973461][ T5908] usb 2-1: config 0 interface 224 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.973488][ T5908] usb 2-1: config 0 interface 224 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 322.973514][ T5908] usb 2-1: config 0 interface 224 has no altsetting 0 [ 322.973549][ T5908] usb 2-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 322.973571][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.064793][ T5908] usb 2-1: config 0 descriptor?? [ 323.768782][ T49] usb 2-1: USB disconnect, device number 21 [ 325.036075][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.036402][ T5153] Bluetooth: hci5: command 0x0405 tx timeout [ 325.036466][ T5694] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 325.036481][ T5694] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 325.216074][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.740684][ C0] vkms_vblank_simulate: vblank timer overrun [ 326.312328][ T8691] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 327.203527][ T5908] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 327.378642][ T5908] usb 1-1: Using ep0 maxpacket: 32 [ 327.384319][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.384353][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 327.384479][ T5908] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 327.384504][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.485474][ T5908] usb 1-1: config 0 descriptor?? [ 327.514003][ T5908] hub 1-1:0.0: USB hub found [ 327.715512][ T5908] hub 1-1:0.0: 1 port detected [ 328.376978][ T5907] hub 1-1:0.0: activate --> -90 [ 328.576078][ T5908] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 328.610234][ T5908] usb 1-1: Failed to suspend device, error -71 [ 328.662543][ T5894] usb 1-1: USB disconnect, device number 22 [ 330.057902][ T8749] Trying to write to read-only block-device nullb0 [ 330.302739][ T8758] loop2: detected capacity change from 0 to 7 [ 330.313315][ T8758] Dev loop2: unable to read RDB block 7 [ 330.313370][ T8758] loop2: unable to read partition table [ 330.313588][ T8758] loop2: partition table beyond EOD, truncated [ 330.313604][ T8758] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 332.560397][ T5694] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 332.692180][ T8784] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 332.718621][ T5694] usb 3-1: Using ep0 maxpacket: 32 [ 332.721652][ T5694] usb 3-1: config 0 has no interfaces? [ 332.721686][ T5694] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 332.721705][ T5694] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.728259][ T5694] usb 3-1: config 0 descriptor?? [ 333.111701][ T5908] usb 3-1: USB disconnect, device number 25 [ 336.531857][ T8809] KVM: debugfs: duplicate directory 8809-4 [ 336.956289][ T8823] syzkaller1: entered promiscuous mode [ 336.956318][ T8823] syzkaller1: entered allmulticast mode [ 337.035613][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.956355][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.956525][ C1] vxcan1: j1939_tp_rxtimer: 0xffff88805b496000: rx timeout, send abort [ 337.964049][ C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff88805b496000: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 338.182395][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.364274][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.513820][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.564620][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.689655][ C1] vkms_vblank_simulate: vblank timer overrun [ 338.960591][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.087677][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.418677][ T5694] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 339.592341][ T5694] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 339.592405][ T5694] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 339.592430][ T5694] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 339.592456][ T5694] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 339.592478][ T5694] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 339.592520][ T5694] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 339.592543][ T5694] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.603475][ T5694] usb 1-1: config 0 descriptor?? [ 340.110886][ T5694] plantronics 0003:047F:FFFF.0015: reserved main item tag 0xd [ 340.165597][ T5694] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 340.572439][ T5922] usb 1-1: USB disconnect, device number 23 [ 342.308666][ T5922] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 342.614866][ T5922] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 342.614896][ T5922] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 342.614940][ T5922] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 342.614962][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.865153][ T5922] usb 5-1: usb_control_msg returned -32 [ 342.865200][ T5922] usbtmc 5-1:16.0: can't read capabilities [ 342.915347][ T5922] usb 5-1: USB disconnect, device number 14 [ 343.116226][ T8886] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 343.227976][ T8888] sctp: [Deprecated]: syz.5.954 (pid 8888) Use of struct sctp_assoc_value in delayed_ack socket option. [ 343.227976][ T8888] Use struct sctp_sack_info instead [ 343.330283][ T8890] Bluetooth: hci0: invalid length 2, exp 1 for type 31 [ 343.723984][ T8894] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 344.193365][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.460302][ C1] vkms_vblank_simulate: vblank timer overrun [ 344.919625][ C1] vkms_vblank_simulate: vblank timer overrun [ 345.150814][ C1] vkms_vblank_simulate: vblank timer overrun [ 345.562026][ T5922] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 345.708641][ T5922] usb 3-1: Using ep0 maxpacket: 32 [ 345.711265][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.711305][ T5922] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.711343][ T5922] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 345.711366][ T5922] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.716810][ T5922] usb 3-1: config 0 descriptor?? [ 345.779554][ T5922] hub 3-1:0.0: USB hub found [ 346.099343][ C1] vkms_vblank_simulate: vblank timer overrun [ 346.107516][ T5922] hub 3-1:0.0: 1 port detected [ 346.924462][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.405022][ T5922] hub 3-1:0.0: activate --> -90 [ 347.823092][ T5694] usb 3-1: USB disconnect, device number 26 [ 348.029314][ T5922] usb 3-1-port1: config error [ 348.237712][ T3176] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 348.343890][ T5837] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 348.393002][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 348.396436][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 348.397670][ T5837] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 348.399619][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 348.409824][ T5153] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 348.410350][ T5153] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 348.410844][ T5153] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 348.412084][ T5153] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 348.412847][ T5153] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 349.106413][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.556137][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.694979][ T3176] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 349.774386][ T8968] netlink: 'syz.1.984': attribute type 12 has an invalid length. [ 349.774411][ T8968] netlink: 'syz.1.984': attribute type 29 has an invalid length. [ 349.774425][ T8968] netlink: 148 bytes leftover after parsing attributes in process `syz.1.984'. [ 349.774464][ T8968] netlink: 'syz.1.984': attribute type 1 has an invalid length. [ 349.774477][ T8968] netlink: 'syz.1.984': attribute type 2 has an invalid length. [ 350.000926][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.038090][ T3176] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.096461][ T8984] Bluetooth: hci0: invalid length 0, exp 2 for type 6 [ 350.286822][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.489670][ T5153] Bluetooth: hci2: command tx timeout [ 350.506001][ T8997] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 350.603910][ T8999] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 350.718370][ T9003] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input30 [ 350.789398][ T9007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.997'. [ 350.952986][ C1] vkms_vblank_simulate: vblank timer overrun [ 350.984538][ T3176] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.163119][ T9014] genirq: Flags mismatch irq 10. 00202000 (aio_iiro_16) vs. 00202080 (virtio2) [ 351.663573][ C1] vkms_vblank_simulate: vblank timer overrun [ 351.804874][ C1] vkms_vblank_simulate: vblank timer overrun [ 352.062459][ T5694] kernel write not supported for file /285/gid_map (pid: 5694 comm: kworker/0:3) [ 352.204582][ T9032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 352.568897][ T5153] Bluetooth: hci2: command tx timeout [ 352.928928][ T3176] bridge_slave_1: left allmulticast mode [ 352.928963][ T3176] bridge_slave_1: left promiscuous mode [ 352.929253][ T3176] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.110041][ T3176] bridge_slave_0: left allmulticast mode [ 353.110074][ T3176] bridge_slave_0: left promiscuous mode [ 353.110349][ T3176] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.914824][ C1] vkms_vblank_simulate: vblank timer overrun [ 354.660255][ T5153] Bluetooth: hci2: command tx timeout [ 354.747241][ C1] vkms_vblank_simulate: vblank timer overrun [ 355.507501][ C1] vkms_vblank_simulate: vblank timer overrun [ 355.991812][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.314168][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.430972][ C1] vkms_vblank_simulate: vblank timer overrun [ 356.734307][ T5153] Bluetooth: hci2: command tx timeout [ 356.882364][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.168693][ T5923] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 357.357187][ T5923] usb 1-1: config 0 has an invalid interface number: 112 but max is 0 [ 357.357217][ T5923] usb 1-1: config 0 has no interface number 0 [ 357.357256][ T5923] usb 1-1: config 0 interface 112 altsetting 0 endpoint 0xF has invalid maxpacket 1007, setting to 64 [ 357.357279][ T5923] usb 1-1: New USB device found, idVendor=3154, idProduct=721e, bcdDevice= 9.c6 [ 357.357291][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.426583][ T5923] usb 1-1: config 0 descriptor?? [ 357.430513][ T5923] usb-storage 1-1:0.112: USB Mass Storage device detected [ 357.480541][ T3176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 357.569602][ T3176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 357.621979][ T3176] bond0 (unregistering): Released all slaves [ 357.655294][ T5923] usb 1-1: USB disconnect, device number 24 [ 357.751490][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.902711][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.915336][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915372][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915399][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915423][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915448][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915472][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915497][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915522][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915546][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.915571][ T5894] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 357.930274][ T5894] hid-generic 0000:0000:0000.0016: hidraw0: HID v8.00 Device [syz0] on syz1 [ 357.984419][ C1] vkms_vblank_simulate: vblank timer overrun [ 358.143988][ T8959] chnl_net:caif_netlink_parms(): no params data found [ 358.259829][ T9107] /dev/nullb0: Can't open blockdev [ 358.288559][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.263298][ T9119] input: syz1 as /devices/virtual/input/input31 [ 359.338372][ T9122] sctp: [Deprecated]: syz.0.1038 (pid 9122) Use of int in max_burst socket option deprecated. [ 359.338372][ T9122] Use struct sctp_assoc_value instead [ 360.668668][ T5982] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 360.818644][ T5982] usb 2-1: Using ep0 maxpacket: 16 [ 360.821328][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 360.824550][ T5982] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 360.824580][ T5982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.824600][ T5982] usb 2-1: Product: syz [ 360.824614][ T5982] usb 2-1: Manufacturer: syz [ 360.824629][ T5982] usb 2-1: SerialNumber: syz [ 360.907981][ T5982] usb 2-1: config 0 descriptor?? [ 360.926682][ T5982] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 360.926719][ T5982] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 361.542485][ T5982] em28xx 2-1:0.0: chip ID is em2710/2820 [ 361.598366][ T9150] /dev/nullb0: Can't open blockdev [ 362.402367][ T9157] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input32 [ 362.439235][ T5982] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 362.439267][ T5982] em28xx 2-1:0.0: board has no eeprom [ 362.688649][ T5982] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 362.688697][ T5982] em28xx 2-1:0.0: dvb set to bulk mode. [ 362.691906][ T5908] em28xx 2-1:0.0: Binding DVB extension [ 362.720381][ T5982] usb 2-1: USB disconnect, device number 22 [ 362.727205][ T5982] em28xx 2-1:0.0: Disconnecting em28xx [ 362.833621][ T5908] em28xx 2-1:0.0: Registering input extension [ 362.834489][ T5982] em28xx 2-1:0.0: Closing input extension [ 363.008308][ T5982] em28xx 2-1:0.0: Freeing device [ 363.134172][ T5837] Bluetooth: hci2: command 0x0405 tx timeout [ 363.192138][ T9174] ptrace attach of "./syz-executor exec"[9175] was attempted by "./syz-executor exec"[9174] [ 364.047642][ T3176] hsr_slave_0: left promiscuous mode [ 364.348831][ T3176] hsr_slave_1: left promiscuous mode [ 364.349765][ T3176] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 364.349793][ T3176] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 364.869886][ T9196] /dev/nullb0: Can't open blockdev [ 364.962837][ T3176] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 364.962872][ T3176] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.372754][ T9196] orangefs_mount: mount request failed with -4 [ 365.603625][ T3176] veth1_macvtap: left promiscuous mode [ 365.603742][ T3176] veth0_macvtap: left promiscuous mode [ 365.604010][ T3176] veth1_vlan: left promiscuous mode [ 365.604211][ T3176] veth0_vlan: left promiscuous mode [ 366.356667][ T9213] loop2: detected capacity change from 0 to 7 [ 366.376785][ T9213] Dev loop2: unable to read RDB block 7 [ 366.376834][ T9213] loop2: AHDI p1 p2 p3 [ 366.376866][ T9213] loop2: partition table partially beyond EOD, truncated [ 366.376981][ T9213] loop2: p1 start 1601398130 is beyond EOD, truncated [ 366.376998][ T9213] loop2: p2 start 1702059890 is beyond EOD, truncated [ 368.306600][ T9231] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 371.154424][ T9267] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 375.805806][ C0] vkms_vblank_simulate: vblank timer overrun [ 376.070612][ C0] vkms_vblank_simulate: vblank timer overrun [ 376.738788][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.050012][ T9323] IPVS: sed: UDP 224.0.0.2:0 - no destination available [ 377.203523][ T5982] IPVS: starting estimator thread 0... [ 377.290676][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.341621][ T9325] IPVS: using max 6 ests per chain, 14400 per kthread [ 377.996662][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.333304][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.497010][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.519807][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.842060][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.227959][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.520681][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.625120][ C0] vkms_vblank_simulate: vblank timer overrun [ 379.743299][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.000514][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.070444][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.157645][ T9352] netlink: 'syz.4.1115': attribute type 1 has an invalid length. [ 381.358252][ T9356] syz.1.1114 (9356): drop_caches: 2 [ 381.400337][ T3176] team0 (unregistering): Port device team_slave_1 removed [ 381.782964][ T3176] team0 (unregistering): Port device team_slave_0 removed [ 384.533102][ T8959] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.533187][ T8959] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.533349][ T8959] bridge_slave_0: entered allmulticast mode [ 384.534852][ T8959] bridge_slave_0: entered promiscuous mode [ 384.566393][ T9352] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 384.664159][ T9371] input: syz1 as /devices/virtual/input/input34 [ 384.692336][ T9368] netlink: 'syz.1.1118': attribute type 12 has an invalid length. [ 384.692358][ T9368] netlink: 'syz.1.1118': attribute type 29 has an invalid length. [ 384.692371][ T9368] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1118'. [ 384.692513][ T9368] netlink: 'syz.1.1118': attribute type 2 has an invalid length. [ 384.692527][ T9368] netlink: 'syz.1.1118': attribute type 3 has an invalid length. [ 384.692539][ T9368] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1118'. [ 384.693121][ T8959] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.693260][ T8959] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.693505][ T8959] bridge_slave_1: entered allmulticast mode [ 384.696326][ T8959] bridge_slave_1: entered promiscuous mode [ 385.533087][ T5982] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 385.602832][ T8959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 385.620372][ T8959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 385.710000][ T5982] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 385.710051][ T5982] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 385.710073][ T5982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.760595][ T5982] usb 1-1: config 0 descriptor?? [ 386.156162][ T5982] usbhid 1-1:0.0: can't add hid device: -71 [ 386.156291][ T5982] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 386.156540][ T9401] Bluetooth: hci0: invalid length 0, exp 2 for type 10 [ 386.190126][ T5982] usb 1-1: USB disconnect, device number 25 [ 386.248022][ T8959] team0: Port device team_slave_0 added [ 386.286389][ T8959] team0: Port device team_slave_1 added [ 386.564813][ T8959] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 386.564831][ T8959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.564857][ T8959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 386.567322][ T8959] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 386.567338][ T8959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 386.567362][ T8959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 387.935495][ T43] Bluetooth: hci5: Frame reassembly failed (-84) [ 388.190726][ T8959] hsr_slave_0: entered promiscuous mode [ 388.192040][ T8959] hsr_slave_1: entered promiscuous mode [ 388.192935][ T8959] debugfs: 'hsr0' already exists in 'hsr' [ 388.192959][ T8959] Cannot create hsr debugfs directory [ 388.560727][ T9426] netlink: 'syz.1.1142': attribute type 12 has an invalid length. [ 388.560750][ T9426] netlink: 'syz.1.1142': attribute type 29 has an invalid length. [ 388.560764][ T9426] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1142'. [ 388.560792][ T9426] netlink: 51 bytes leftover after parsing attributes in process `syz.1.1142'. [ 388.698742][ T5922] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 388.848674][ T5922] usb 3-1: Using ep0 maxpacket: 8 [ 388.855153][ T5922] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 388.855183][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.855203][ T5922] usb 3-1: Product: syz [ 388.855217][ T5922] usb 3-1: Manufacturer: syz [ 388.855231][ T5922] usb 3-1: SerialNumber: syz [ 388.872753][ T5922] usb 3-1: config 0 descriptor?? [ 389.122409][ T5922] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 389.358209][ C0] vkms_vblank_simulate: vblank timer overrun [ 389.504260][ C0] vkms_vblank_simulate: vblank timer overrun [ 389.928675][ T5153] Bluetooth: hci5: command 0x1003 tx timeout [ 389.931385][ T5837] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 390.004295][ C0] vkms_vblank_simulate: vblank timer overrun [ 390.342941][ C0] vkms_vblank_simulate: vblank timer overrun [ 390.429775][ T5922] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 390.492584][ T5922] usb 3-1: USB disconnect, device number 27 [ 390.593730][ T9452] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1152'. [ 390.596064][ T9452] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1152'. [ 390.876960][ T8959] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 390.915783][ T8959] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 390.990298][ T8959] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 391.068613][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 391.082353][ T8959] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 391.454951][ T8959] 8021q: adding VLAN 0 to HW filter on device bond0 [ 391.495706][ T8959] 8021q: adding VLAN 0 to HW filter on device team0 [ 391.516151][ T4485] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.516878][ T4485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 391.582308][ T4485] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.582465][ T4485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 391.969066][ T5694] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 392.148124][ T5694] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 392.148152][ T5694] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 392.148203][ T5694] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 392.255180][ C0] vkms_vblank_simulate: vblank timer overrun [ 392.711563][ T5694] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 392.711594][ T5694] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.711614][ T5694] usb 1-1: Product: syz [ 392.711628][ T5694] usb 1-1: Manufacturer: syz [ 392.711643][ T5694] usb 1-1: SerialNumber: syz [ 392.791378][ T5694] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 392.791432][ T5694] cdc_ncm 1-1:1.0: bind() failure [ 393.075387][ T5694] usb 1-1: USB disconnect, device number 26 [ 393.103382][ T8959] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.298713][ T5894] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 393.380163][ T5923] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 393.451594][ T5894] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 393.451640][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 393.451665][ T5894] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 393.451687][ T5894] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 393.453258][ T5894] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 393.453287][ T5894] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 393.453308][ T5894] usb 3-1: Manufacturer: syz [ 393.460565][ T5894] usb 3-1: config 0 descriptor?? [ 393.547480][ T5923] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 393.547896][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.607091][ T5923] usb 5-1: config 0 descriptor?? [ 393.947889][ T5894] hid_parser_main: 33 callbacks suppressed [ 393.947915][ T5894] appleir 0003:05AC:8243.0017: unknown main item tag 0x0 [ 393.975256][ T8959] veth0_vlan: entered promiscuous mode [ 394.035603][ T8959] veth1_vlan: entered promiscuous mode [ 394.125094][ T8959] veth0_macvtap: entered promiscuous mode [ 394.136968][ T8959] veth1_macvtap: entered promiscuous mode [ 394.168735][ T5894] appleir 0003:05AC:8243.0017: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 394.942269][ T8959] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 395.139960][ T8959] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.165527][ T7809] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.166060][ T7809] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.166099][ T7809] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.166133][ T7809] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.280878][ T5982] usb 3-1: reset high-speed USB device number 28 using dummy_hcd [ 395.408691][ T5982] usb 3-1: device descriptor read/64, error -32 [ 395.452968][ T5923] usb 5-1: Cannot set autoneg [ 395.454633][ T5923] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 395.507659][ T5923] usb 5-1: USB disconnect, device number 15 [ 395.734963][ T3176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.734985][ T3176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.786147][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.786168][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 396.364170][ C0] vkms_vblank_simulate: vblank timer overrun [ 396.744653][ T5694] usb 3-1: USB disconnect, device number 28 [ 397.094904][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.741516][ C0] vkms_vblank_simulate: vblank timer overrun [ 397.951246][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.342930][ C0] vkms_vblank_simulate: vblank timer overrun [ 398.398951][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.020814][ C0] vkms_vblank_simulate: vblank timer overrun [ 399.944602][ C0] vkms_vblank_simulate: vblank timer overrun [ 400.526250][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.022280][ C0] vkms_vblank_simulate: vblank timer overrun [ 401.459926][ T1231] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 401.631030][ T1231] usb 2-1: Using ep0 maxpacket: 16 [ 401.635575][ T1231] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 401.635601][ T1231] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 401.635621][ T1231] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 401.668792][ T1231] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 401.668830][ T1231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.668849][ T1231] usb 2-1: Product: syz [ 401.668862][ T1231] usb 2-1: Manufacturer: syz [ 401.668874][ T1231] usb 2-1: SerialNumber: syz [ 402.128848][ T5921] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 402.149452][ T1231] usb 2-1: 0:2 : does not exist [ 402.281906][ T5921] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 402.281967][ T5921] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.286887][ T5921] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 402.286918][ T5921] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 402.286937][ T5921] usb 7-1: Manufacturer: syz [ 402.311151][ T5921] usb 7-1: config 0 descriptor?? [ 402.535577][ T5921] rc_core: IR keymap rc-hauppauge not found [ 402.535599][ T5921] Registered IR keymap rc-empty [ 402.537292][ T5921] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0 [ 402.546413][ T5921] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input35 [ 402.561720][ C1] igorplugusb 7-1:0.0: Error: urb status = -32 [ 402.907168][ T5921] usb 7-1: USB disconnect, device number 2 [ 403.775692][ T9609] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1190'. [ 403.776175][ T1231] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 403.875623][ T1231] usb 2-1: USB disconnect, device number 23 [ 403.876432][ T9612] all: renamed from bridge_slave_0 (while UP) [ 405.710268][ T9636] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 406.115906][ T9647] netlink: 'syz.1.1210': attribute type 1 has an invalid length. [ 406.258925][ T9647] 8021q: adding VLAN 0 to HW filter on device bond1 [ 406.722913][ T9649] 8021q: adding VLAN 0 to HW filter on device bond1 [ 406.795307][ T9649] bond1: (slave vcan1): The slave device specified does not support setting the MAC address [ 407.062457][ T9649] bond1: (slave vcan1): Error -95 calling set_mac_address [ 410.990981][ T9681] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1218'. [ 411.547354][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a6b2000: rx timeout, send abort [ 412.048633][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805a6b2000: abort rx timeout. Force session deactivation [ 413.617413][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617436][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617451][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617466][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617480][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x2 [ 413.617500][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617514][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617529][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617543][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.617557][ T5907] hid-generic 00A0:0006:0003.0018: unknown main item tag 0x0 [ 413.778923][ T5907] hid-generic 00A0:0006:0003.0018: hidraw0: HID v0.05 Device [syz1] on syz0 [ 413.859915][ T9669] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 414.115903][ T9669] usb 1-1: Using ep0 maxpacket: 16 [ 414.120324][ T9669] usb 1-1: config 0 has no interfaces? [ 414.124527][ T9669] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 414.124562][ T9669] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.124581][ T9669] usb 1-1: Product: syz [ 414.124594][ T9669] usb 1-1: Manufacturer: syz [ 414.124609][ T9669] usb 1-1: SerialNumber: syz [ 414.291039][ T9669] usb 1-1: config 0 descriptor?? [ 414.426187][ T9715] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1230'. [ 415.128744][ T5694] usb 1-1: USB disconnect, device number 27 [ 415.234323][ T9719] netlink: 'syz.4.1231': attribute type 4 has an invalid length. [ 417.059394][ T9749] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1239'. [ 417.137733][ T9751] netlink: 'syz.6.1241': attribute type 3 has an invalid length. [ 417.242527][ T9751] netlink: 'syz.6.1241': attribute type 3 has an invalid length. [ 418.160882][ T9772] input: syz0 as /devices/virtual/input/input36 [ 418.906963][ T9785] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1253'. [ 419.380248][ T5843] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 420.296942][ T9804] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1259'. [ 420.297941][ T9804] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1259'. [ 420.298607][ T5921] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 420.351094][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.351129][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.360251][ T5843] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 420.360282][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.360301][ T5843] usb 3-1: Product: syz [ 420.360314][ T5843] usb 3-1: Manufacturer: syz [ 420.360327][ T5843] usb 3-1: SerialNumber: syz [ 420.376894][ T5843] usb 3-1: config 0 descriptor?? [ 420.420781][ T5843] usb 3-1: Found UVC 0.00 device syz (18ec:3288) [ 420.420822][ T5843] usb 3-1: No valid video chain found. [ 420.449629][ T5921] usb 5-1: Using ep0 maxpacket: 16 [ 420.453283][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.453315][ T5921] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 420.453336][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 420.453378][ T5921] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 420.453401][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.460478][ T5921] usb 5-1: config 0 descriptor?? [ 420.595596][ T9669] usb 3-1: USB disconnect, device number 29 [ 421.064234][ T5921] hid_parser_main: 3 callbacks suppressed [ 421.064259][ T5921] shield 0003:0955:7214.0019: unknown main item tag 0x0 [ 421.064293][ T5921] shield 0003:0955:7214.0019: unknown main item tag 0x0 [ 421.064319][ T5921] shield 0003:0955:7214.0019: unknown main item tag 0x0 [ 421.064345][ T5921] shield 0003:0955:7214.0019: unknown main item tag 0x0 [ 421.064370][ T5921] shield 0003:0955:7214.0019: unknown main item tag 0x0 [ 421.073267][ T5921] input: HID 0955:7214 Haptics as /devices/virtual/input/input37 [ 421.099221][ T5921] shield 0003:0955:7214.0019: Registered Thunderstrike controller [ 421.099560][ T5921] shield 0003:0955:7214.0019: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 421.248342][ T9819] input: syz0 as /devices/virtual/input/input38 [ 421.715132][ T9822] random: crng reseeded on system resumption [ 422.183564][ T5843] shield 0003:0955:7214.0019: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 422.183908][ T5843] shield 0003:0955:7214.0019: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 422.184232][ T5843] shield 0003:0955:7214.0019: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 422.184661][ T5907] usb 5-1: USB disconnect, device number 16 [ 423.592808][ T9854] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 423.718733][ T5843] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 423.875276][ T5843] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 423.875307][ T5843] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.875325][ T5843] usb 3-1: Product: syz [ 423.875339][ T5843] usb 3-1: Manufacturer: syz [ 423.875353][ T5843] usb 3-1: SerialNumber: syz [ 423.882488][ T5843] usb 3-1: config 0 descriptor?? [ 424.084511][ T9867] af_packet: tpacket_rcv: packet too big, clamped from 3698 to 4294967272. macoff=96 [ 426.180540][ T5843] usb 3-1: f81604_read: reg: 200f failed: -EPROTO [ 426.193404][ T5843] usb 3-1: USB disconnect, device number 30 [ 426.296674][ T5843] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 426.698783][ T8833] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 426.870122][ T8833] usb 7-1: Using ep0 maxpacket: 16 [ 426.872985][ T8833] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 426.873010][ T8833] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 426.873029][ T8833] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 426.880507][ T8833] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 426.880537][ T8833] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.880555][ T8833] usb 7-1: Product: syz [ 426.880569][ T8833] usb 7-1: Manufacturer: syz [ 426.880582][ T8833] usb 7-1: SerialNumber: syz [ 427.424927][ T5843] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 427.430685][ T8833] usb 7-1: 0:2 : does not exist [ 427.580461][ T5694] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 427.738595][ T5694] usb 5-1: Using ep0 maxpacket: 32 [ 427.741072][ T5694] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 427.741101][ T5694] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 427.741121][ T5694] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 427.741173][ T5694] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 427.741195][ T5694] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 427.741218][ T5694] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 427.741262][ T5694] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 427.741284][ T5694] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.830376][ T5694] usb 5-1: config 0 descriptor?? [ 428.050406][ T5843] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 428.088157][ T5694] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 17 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 428.118852][ T5694] usb 5-1: USB disconnect, device number 17 [ 428.151552][ T5694] usblp0: removed [ 428.204674][ T5843] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 428.205150][ T5843] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 428.205175][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.235568][ T5843] usb 3-1: config 0 descriptor?? [ 428.258247][ T9912] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 428.351610][ T8833] usb 7-1: 1:0: failed to get current value for ch 0 (-22) [ 428.550735][ T8833] usb 7-1: USB disconnect, device number 3 [ 428.628841][ T5694] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 428.725391][ T5843] elan 0003:04F3:0755.001A: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0 [ 428.778666][ T5694] usb 5-1: Using ep0 maxpacket: 32 [ 428.781363][ T5694] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 428.781390][ T5694] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 428.781410][ T5694] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 428.781486][ T5694] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 428.781508][ T5694] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 428.781532][ T5694] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 428.781574][ T5694] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 428.781596][ T5694] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.878727][ T5694] usb 5-1: config 0 descriptor?? [ 428.937350][ T9912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.937782][ T9912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 429.104866][ T5694] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 18 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 429.187713][ T9934] netlink: 'syz.6.1302': attribute type 12 has an invalid length. [ 429.294154][ T5694] usb 5-1: USB disconnect, device number 18 [ 429.316751][ T5694] usblp0: removed [ 429.362835][ T9937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'. [ 429.419870][ T9937] vlan2: entered promiscuous mode [ 429.420005][ T9937] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 431.867434][ T8833] usb 3-1: USB disconnect, device number 31 [ 444.892112][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 499.073965][ T5844] Bluetooth: hci2: command 0x0405 tx timeout [ 511.992321][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.206787][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 595.726930][ T38] INFO: task kworker/u8:7:1150 blocked for more than 143 seconds. [ 595.726955][ T38] Not tainted syzkaller #0 [ 595.726965][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 595.726974][ T38] task:kworker/u8:7 state:D stack:20264 pid:1150 tgid:1150 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 595.727020][ T38] Workqueue: events_unbound linkwatch_event [ 595.727053][ T38] Call Trace: [ 595.727061][ T38] [ 595.727080][ T38] __schedule+0x16f3/0x4c20 [ 595.727115][ T38] ? sched_clock+0x3f/0x60 [ 595.727138][ T38] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 595.727157][ T38] ? do_raw_spin_lock+0x121/0x290 [ 595.727187][ T38] ? __pfx___schedule+0x10/0x10 [ 595.727235][ T38] rt_mutex_schedule+0x77/0xf0 [ 595.727254][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 595.727290][ T38] ? rt_mutex_slowlock_block+0x351/0x6d0 [ 595.727316][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 595.727340][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 595.727363][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 595.727396][ T38] ? linkwatch_event+0xe/0x60 [ 595.727421][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 595.727449][ T38] ? linkwatch_event+0xe/0x60 [ 595.727465][ T38] mutex_lock_nested+0x16a/0x1d0 [ 595.727485][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 595.727508][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 595.727532][ T38] linkwatch_event+0xe/0x60 [ 595.727549][ T38] process_scheduled_works+0xade/0x17b0 [ 595.727602][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 595.727642][ T38] worker_thread+0x8a0/0xda0 [ 595.727667][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 595.727701][ T38] ? __kthread_parkme+0x7b/0x200 [ 595.727734][ T38] kthread+0x70e/0x8a0 [ 595.727762][ T38] ? __pfx_worker_thread+0x10/0x10 [ 595.727782][ T38] ? __pfx_kthread+0x10/0x10 [ 595.727812][ T38] ? __pfx_kthread+0x10/0x10 [ 595.727841][ T38] ret_from_fork+0x436/0x7d0 [ 595.727866][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 595.727895][ T38] ? __switch_to_asm+0x39/0x70 [ 595.727912][ T38] ? __switch_to_asm+0x33/0x70 [ 595.727928][ T38] ? __pfx_kthread+0x10/0x10 [ 595.727953][ T38] ret_from_fork_asm+0x1a/0x30 [ 595.727987][ T38] [ 595.728108][ T38] [ 595.728108][ T38] Showing all locks held in the system: [ 595.728116][ T38] 2 locks held by kthreadd/2: [ 595.728127][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.728173][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __put_partials+0x5f/0x1a0 [ 595.728216][ T38] 4 locks held by kworker/u8:0/12: [ 595.728227][ T38] #0: ffff88814d677938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.728274][ T38] #1: ffffc90000117bc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.728321][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.728410][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.728457][ T38] 6 locks held by kworker/u8:1/13: [ 595.728467][ T38] #0: ffff888032532138 ((wq_completion)wg-kex-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.728516][ T38] #1: ffffc90000127bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.728562][ T38] #2: ffff8880364115f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 595.728609][ T38] #3: ffff88805a68f880 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 595.728654][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.728697][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.728741][ T38] 2 locks held by ksoftirqd/0/15: [ 595.728752][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.728796][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.728841][ T38] 11 locks held by rcuc/0/20: [ 595.728852][ T38] 6 locks held by ktimers/1/29: [ 595.728862][ T38] 2 locks held by ksoftirqd/1/30: [ 595.728873][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.728917][ T38] #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.728961][ T38] 5 locks held by kworker/1:0/31: [ 595.728971][ T38] #0: ffff88803626d538 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.729021][ T38] #1: ffffc90000a5fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.729087][ T38] #2: ffff88805a68ce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 595.729132][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.729175][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.729218][ T38] 1 lock held by khungtaskd/38: [ 595.729228][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 595.729271][ T38] 7 locks held by kworker/u8:2/43: [ 595.729281][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.729325][ T38] #1: ffffc90000b47bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.729372][ T38] #2: ffff88803418f300 (&devlink->lock_key#9){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 595.729426][ T38] #3: ffff888029913920 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 595.729474][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 595.729517][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.729561][ T38] #6: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.729606][ T38] 5 locks held by kworker/1:1/49: [ 595.729617][ T38] 4 locks held by kworker/u8:3/57: [ 595.729628][ T38] #0: ffff8880326dc138 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.729677][ T38] #1: ffffc9000123fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.729723][ T38] #2: ffff88802f48d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 595.729767][ T38] #3: ffff88805a68d8b8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 595.729813][ T38] 4 locks held by kworker/u8:4/67: [ 595.729823][ T38] #0: ffff888032532138 ((wq_completion)wg-kex-wg1#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.729872][ T38] #1: ffffc9000152fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.729924][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.729968][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.730013][ T38] 5 locks held by kworker/u8:5/83: [ 595.730024][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.730075][ T38] #1: ffffc900015dfbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.730120][ T38] #2: ffff888060c40898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 595.730167][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.730211][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.730256][ T38] 7 locks held by kworker/u8:6/89: [ 595.730266][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.730311][ T38] #1: ffffc900015bfbc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.730357][ T38] #2: ffff88805a77f300 (&devlink->lock_key#5){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 595.730409][ T38] #3: ffff88805a838520 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 595.730457][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 595.730500][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.730544][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.730596][ T38] 3 locks held by kworker/u8:7/1150: [ 595.730607][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.730652][ T38] #1: ffffc90004f6fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.730697][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 595.730739][ T38] 6 locks held by kworker/u8:8/1169: [ 595.730749][ T38] #0: ffff888027df9938 ((wq_completion)wg-kex-wg2#9){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.730799][ T38] #1: ffffc90004fcfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.730845][ T38] #2: ffff88805951d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 595.730890][ T38] #3: ffff888023cc03f8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 595.730933][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.730977][ T38] #5: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.731024][ T38] 2 locks held by aoe_tx0/1323: [ 595.731034][ T38] #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.731084][ T38] #1: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.731146][ T38] 5 locks held by kworker/u8:9/3176: [ 595.731156][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.731201][ T38] #1: ffffc9000d4afbc0 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.731246][ T38] #2: ffff88805ce70898 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: cfg80211_wiphy_work+0xc4/0x470 [ 595.731292][ T38] #3: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.731337][ T38] #4: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.731382][ T38] 5 locks held by kworker/R-krdsd/3438: [ 595.731393][ T38] #0: ffff88814d670138 ((wq_completion)krdsd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.731437][ T38] #1: ffffc9000d71fba0 ((work_completion)(&(&cp->cp_conn_w)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.731483][ T38] #2: ffff88804f7f3538 (&tc->t_conn_path_lock){+.+.}-{4:4}, at: rds_tcp_conn_path_connect+0x15e/0x680 [ 595.731528][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.731570][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.731614][ T38] 4 locks held by kworker/u8:10/3568: [ 595.731624][ T38] #0: ffff888035949938 ((wq_completion)wg-kex-wg1){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.731669][ T38] #1: ffffc9000dbbfbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.731713][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.731758][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.731803][ T38] 4 locks held by kworker/u8:11/4485: [ 595.731813][ T38] #0: ffff88805f5f5138 ((wq_completion)wg-kex-wg0#11){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.731862][ T38] #1: ffffc9000f38fbc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.731907][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.731952][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.732001][ T38] 2 locks held by dhcpcd/5498: [ 595.732011][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.732054][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.732101][ T38] 5 locks held by dhcpcd/5499: [ 595.732111][ T38] #0: ffffffff8da61a50 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x131/0x4b0 [ 595.732156][ T38] #1: ffff888032782f50 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x12e/0x1a90 [ 595.732196][ T38] #2: ffff888035082410 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x217/0x1a90 [ 595.732240][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.732282][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.732324][ T38] 2 locks held by crond/5577: [ 595.732334][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.732377][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __put_partials+0x5f/0x1a0 [ 595.732418][ T38] 2 locks held by getty/5597: [ 595.732428][ T38] #0: ffff88823bf440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 595.732476][ T38] #1: ffffc90003e7e2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 595.732522][ T38] 4 locks held by kworker/0:3/5694: [ 595.732533][ T38] #0: ffff88805a7d0d38 ((wq_completion)wg-kex-wg2#13){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.732582][ T38] #1: ffffc90004807bc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.732642][ T38] #2: ffff88805c9215f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x115/0x970 [ 595.732687][ T38] #3: ffff888060d54e20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_response+0x126/0x970 [ 595.732732][ T38] 2 locks held by syz-executor/5824: [ 595.732742][ T38] #0: ffff88803cf6e790 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x32/0x300 [ 595.732785][ T38] #1: ffff88814e172600 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f7/0x1190 [ 595.732832][ T38] 5 locks held by syz-executor/5834: [ 595.732843][ T38] #0: ffffffff8da61a50 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x131/0x4b0 [ 595.732887][ T38] #1: ffff88803d1bc5d0 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x12e/0x1a90 [ 595.732926][ T38] #2: ffff8880350818d0 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x217/0x1a90 [ 595.732969][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.733011][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.733053][ T38] 6 locks held by kworker/u9:2/5837: [ 595.733063][ T38] #0: ffff888035222138 ((wq_completion)hci2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.733113][ T38] #1: ffffc90004a7fbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.733158][ T38] #2: ffff88805c9d4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 595.733202][ T38] #3: ffff88805c9d40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 595.733249][ T38] #4: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.733291][ T38] #5: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.733333][ T38] 5 locks held by kworker/1:2/5843: [ 595.733344][ T38] #0: ffff88803a0ae938 ((wq_completion)wg-kex-wg0#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.733393][ T38] #1: ffffc90004adfbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.733452][ T38] #2: ffff888060d523c0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 595.733497][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.733539][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.733581][ T38] 4 locks held by kworker/u9:3/5844: [ 595.733591][ T38] #0: ffff888144fff938 ((wq_completion)krxrpcd){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.733635][ T38] #1: ffffc90004aefbc0 ((work_completion)(&rxnet->peer_keepalive_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.733680][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.733724][ T38] #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.733769][ T38] 5 locks held by syz-executor/5846: [ 595.733779][ T38] #0: ffffffff8da61a50 (dup_mmap_sem){++++}-{0:0}, at: copy_mm+0x131/0x4b0 [ 595.733823][ T38] #1: ffff88803d1be790 (&mm->mmap_lock){++++}-{4:4}, at: dup_mmap+0x12e/0x1a90 [ 595.733862][ T38] #2: ffff888033282410 (&mm->mmap_lock/1){+.+.}-{4:4}, at: dup_mmap+0x217/0x1a90 [ 595.733906][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.733948][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.733993][ T38] 3 locks held by kworker/1:3/5894: [ 595.734004][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.734049][ T38] #1: ffffc90004e4fbc0 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.734099][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: reg_check_chans_work+0x95/0xf30 [ 595.734147][ T38] 4 locks held by kworker/0:4/5907: [ 595.734157][ T38] #0: ffff88803626d538 ((wq_completion)wg-kex-wg1#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.734206][ T38] #1: ffffc90004f2fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.734265][ T38] #2: ffff8880362fd5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x150/0x900 [ 595.734310][ T38] #3: ffff88805a68ce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_consume_initiation+0x4de/0x900 [ 595.734356][ T38] 4 locks held by kworker/0:5/5908: [ 595.734366][ T38] #0: ffff88803a0ae938 ((wq_completion)wg-kex-wg0#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.734415][ T38] #1: ffffc90004f3fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.734474][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.734518][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.734563][ T38] 5 locks held by kworker/1:5/5922: [ 595.734573][ T38] #0: ffff888058e52138 ((wq_completion)wg-kex-wg1#14){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.734623][ T38] #1: ffffc9000506fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.734681][ T38] #2: ffff888060d538f0 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 595.734725][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.734767][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.734809][ T38] 5 locks held by kworker/0:8/5981: [ 595.734820][ T38] #0: ffff888058e5f938 ((wq_completion)wg-kex-wg2#6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.734869][ T38] #1: ffffc9000533fbc0 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker)))); (typeof((__typeof_unqual__(*((worker))) *)(( unsigned long)((worker))))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.734927][ T38] #2: ffff88805a68d8b8 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_begin_session+0x38/0xbe0 [ 595.734972][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.735014][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.735056][ T38] 2 locks held by kworker/0:9/5982: [ 595.735067][ T38] 4 locks held by kworker/u8:12/6285: [ 595.735083][ T38] #0: ffff888059255938 ((wq_completion)wg-kex-wg0#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.735133][ T38] #1: ffffc90006447bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.735179][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.735223][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.735274][ T38] 2 locks held by syz-executor/6754: [ 595.735283][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.735315][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.735359][ T38] 5 locks held by kworker/u8:13/7808: [ 595.735369][ T38] 4 locks held by kworker/u8:14/7809: [ 595.735378][ T38] #0: ffff88803baa1938 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.735420][ T38] #1: ffffc90006097bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.735458][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.735495][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.735534][ T38] 3 locks held by kworker/1:7/8729: [ 595.735542][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.735596][ T38] #1: ffffc90012d0fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.735634][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 595.735675][ T38] 4 locks held by kworker/0:0/9669: [ 595.735683][ T38] #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.735722][ T38] #1: ffffc900052afbc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.735761][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.735796][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.735839][ T38] 3 locks held by syz.1.1323/10001: [ 595.735849][ T38] #0: ffff888050916350 (sk_lock-AF_CAN){+.+.}-{0:0}, at: j1939_sk_sendmsg+0xbe/0x1330 [ 595.735891][ T38] #1: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.735933][ T38] #2: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.735976][ T38] 3 locks held by syz.6.1324/9999: [ 595.735986][ T38] #0: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0 [ 595.736033][ T38] #1: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.736082][ T38] #2: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.736127][ T38] 4 locks held by kworker/u8:15/10004: [ 595.736138][ T38] #0: ffff88803baa1938 ((wq_completion)wg-kex-wg1#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.736183][ T38] #1: ffffc90005f47bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.736226][ T38] #2: ffff8880362fd5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 595.736271][ T38] #3: ffff88805a68ce20 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 595.736316][ T38] 7 locks held by kworker/u8:16/10006: [ 595.736326][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.736372][ T38] #1: ffffc90005f67bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.736418][ T38] #2: ffff88802308b300 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 595.736472][ T38] #3: ffff88805a6a0120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 595.736519][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 595.736563][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.736606][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.736651][ T38] 7 locks held by kworker/u8:17/10007: [ 595.736661][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.736706][ T38] #1: ffffc90005f77bc0 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.736753][ T38] #2: ffff888059994300 (&devlink->lock_key){+.+.}-{4:4}, at: nsim_dev_trap_report_work+0x57/0xbc0 [ 595.736800][ T38] #3: ffff888059908120 (&nsim_trap_data->trap_lock){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x1ad/0xbc0 [ 595.736846][ T38] #4: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: rt_spin_lock+0x1bb/0x2c0 [ 595.736890][ T38] #5: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.736933][ T38] #6: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.736978][ T38] 7 locks held by kworker/u8:18/10008: [ 595.736989][ T38] 6 locks held by kworker/u8:19/10009: [ 595.737000][ T38] #0: ffff8880326dc138 ((wq_completion)wg-kex-wg2#5){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.737049][ T38] #1: ffffc90005f97bc0 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.737100][ T38] #2: ffff88802f48d5f8 (&wg->static_identity.lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x10a/0x7e0 [ 595.737145][ T38] #3: ffff8880379d9928 (&handshake->lock){++++}-{4:4}, at: wg_noise_handshake_create_initiation+0x11b/0x7e0 [ 595.737189][ T38] #4: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 595.737233][ T38] #5: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 595.737279][ T38] 2 locks held by dhcpcd/10011: [ 595.737289][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.737332][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.737374][ T38] 3 locks held by kworker/u8:20/10012: [ 595.737384][ T38] #0: ffff8880304fe938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 595.737429][ T38] #1: ffffc900049c7bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 595.737475][ T38] #2: ffffffff8ecd3878 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30 [ 595.737520][ T38] 2 locks held by dhcpcd/10013: [ 595.737530][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.737572][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.737614][ T38] 4 locks held by kworker/u8:21/10014: [ 595.737626][ T38] 2 locks held by dhcpcd/10015: [ 595.737636][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.737678][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.737720][ T38] 5 locks held by syz-executor/10016: [ 595.737730][ T38] #0: ffff88814e172488 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 595.737776][ T38] #1: ffff88803d999c60 (&type->i_mutex_dir_key#3/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0 [ 595.737828][ T38] #2: ffff88814e178bb0 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0 [ 595.737877][ T38] #3: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.737920][ T38] #4: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.737961][ T38] 4 locks held by syz-executor/10017: [ 595.737972][ T38] #0: ffff888033e29988 (&data->open_mutex){+.+.}-{4:4}, at: vhci_create_device+0x34/0x660 [ 595.738018][ T38] #1: ffff888022011d98 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: simple_start_creating+0x98/0x1e0 [ 595.738076][ T38] #2: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.738143][ T38] #3: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.738186][ T38] 2 locks held by kworker/0:6/10019: [ 595.738196][ T38] #0: ffffffff8dac5728 (remove_cache_srcu){.+.+}-{0:0}, at: srcu_read_lock+0x27/0x60 [ 595.738239][ T38] #1: ffff88801d289858 (&n->list_lock){+.+.}-{3:3}, at: __slab_free+0x19e/0x390 [ 595.738290][ T38] [ 595.738295][ T38] ============================================= [ 595.738295][ T38] [ 595.738316][ T38] NMI backtrace for cpu 1 [ 595.738339][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 595.738363][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 595.738372][ T38] Call Trace: [ 595.738378][ T38] [ 595.738386][ T38] dump_stack_lvl+0x189/0x250 [ 595.738411][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 595.738431][ T38] ? __pfx__printk+0x10/0x10 [ 595.738462][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 595.738496][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 595.738520][ T38] ? __pfx__printk+0x10/0x10 [ 595.738544][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 595.738568][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 595.738592][ T38] watchdog+0xf93/0xfe0 [ 595.738619][ T38] ? watchdog+0x1de/0xfe0 [ 595.738645][ T38] kthread+0x70e/0x8a0 [ 595.738672][ T38] ? __pfx_watchdog+0x10/0x10 [ 595.738692][ T38] ? __pfx_kthread+0x10/0x10 [ 595.738720][ T38] ? __pfx_kthread+0x10/0x10 [ 595.738749][ T38] ret_from_fork+0x436/0x7d0 [ 595.738773][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 595.738800][ T38] ? __switch_to_asm+0x39/0x70 [ 595.738817][ T38] ? __switch_to_asm+0x33/0x70 [ 595.738831][ T38] ? __pfx_kthread+0x10/0x10 [ 595.738855][ T38] ret_from_fork_asm+0x1a/0x30 [ 595.738887][ T38] [ 595.738932][ T38] Sending NMI from CPU 1 to CPUs 0: [ 595.738958][ C0] NMI backtrace for cpu 0 [ 595.738972][ C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 595.738990][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 595.739005][ C0] RIP: 0010:rcu_is_watching+0x67/0xb0 [ 595.739027][ C0] Code: 89 f7 e8 dc 9c 78 00 48 c7 c3 18 74 f7 91 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 34 8b 03 65 ff 0d 19 28 51 10 <74> 11 83 e0 04 c1 e8 02 5b 41 5e 41 5f c3 cc cc cc cc cc e8 21 5f [ 595.739040][ C0] RSP: 0018:ffffc90000196dd0 EFLAGS: 00000286 [ 595.739054][ C0] RAX: 00000000000d7d74 RBX: ffff8880b8833418 RCX: 8164da800238ec00 [ 595.739066][ C0] RDX: 0000000000000100 RSI: ffffffff8b621660 RDI: ffffffff8b621620 [ 595.739077][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000100 [ 595.739087][ C0] R10: dffffc0000000000 R11: ffffed100bf7fc98 R12: fffa80009f205000 [ 595.739099][ C0] R13: ffffea00027c8100 R14: ffffffff8d252d10 R15: dffffc0000000000 [ 595.739111][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 595.739124][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 595.739135][ C0] CR2: 00007fffeb535bb4 CR3: 000000004e696000 CR4: 00000000003526f0 [ 595.739150][ C0] Call Trace: [ 595.739156][ C0] [ 595.739162][ C0] ? __page_table_check_zero+0xba/0x530 [ 595.739180][ C0] __page_table_check_zero+0xf4/0x530 [ 595.739201][ C0] post_alloc_hook+0x253/0x2a0 [ 595.739222][ C0] get_page_from_freelist+0x2119/0x21b0 [ 595.739248][ C0] ? do_raw_spin_lock+0x121/0x290 [ 595.739274][ C0] __alloc_frozen_pages_noprof+0x181/0x370 [ 595.739290][ C0] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 595.739309][ C0] ? policy_nodemask+0x28b/0x720 [ 595.739330][ C0] alloc_pages_mpol+0xd1/0x380 [ 595.739350][ C0] allocate_slab+0x8a/0x370 [ 595.739366][ C0] ___slab_alloc+0x8d1/0xdc0 [ 595.739381][ C0] ? skb_clone+0x212/0x3a0 [ 595.739398][ C0] ? skb_clone+0x212/0x3a0 [ 595.739412][ C0] kmem_cache_alloc_noprof+0xe6/0x310 [ 595.739432][ C0] skb_clone+0x212/0x3a0 [ 595.739446][ C0] ? j1939_can_recv+0xed/0xa70 [ 595.739466][ C0] j1939_can_recv+0x103/0xa70 [ 595.739484][ C0] ? skb_clone+0x246/0x3a0 [ 595.739497][ C0] ? can_can_gw_rcv+0x448/0xf20 [ 595.739514][ C0] ? __pfx_j1939_can_recv+0x10/0x10 [ 595.739537][ C0] ? __pfx_j1939_can_recv+0x10/0x10 [ 595.739555][ C0] can_rcv_filter+0x357/0x7d0 [ 595.739574][ C0] ? can_receive+0x1a9/0x450 [ 595.739593][ C0] can_receive+0x312/0x450 [ 595.739613][ C0] can_rcv+0x145/0x270 [ 595.739632][ C0] ? __pfx_can_rcv+0x10/0x10 [ 595.739649][ C0] __netif_receive_skb+0x161/0x380 [ 595.739666][ C0] ? rt_spin_unlock+0x65/0x80 [ 595.739684][ C0] ? process_backlog+0x27b/0x900 [ 595.739701][ C0] process_backlog+0x31e/0x900 [ 595.739724][ C0] __napi_poll+0xb6/0x540 [ 595.739743][ C0] net_rx_action+0x707/0xe00 [ 595.739759][ C0] ? unwind_next_frame+0xa5/0x2390 [ 595.739786][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 595.739802][ C0] ? do_raw_spin_lock+0x121/0x290 [ 595.739825][ C0] ? kvm_sched_clock_read+0x11/0x20 [ 595.739848][ C0] ? __pfx_sched_clock_cpu+0x10/0x10 [ 595.739861][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 595.739888][ C0] handle_softirqs+0x22f/0x710 [ 595.739909][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 595.739929][ C0] __local_bh_enable_ip+0x179/0x270 [ 595.739946][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 595.739967][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 595.739987][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 595.740005][ C0] rcu_cpu_kthread+0xc3d/0x1b50 [ 595.740026][ C0] ? rcu_cpu_kthread+0x23e/0x1b50 [ 595.740050][ C0] ? __pfx_rcu_cpu_kthread+0x10/0x10 [ 595.740070][ C0] ? __lock_acquire+0xab9/0xd20 [ 595.740088][ C0] ? __pfx___schedule+0x10/0x10 [ 595.740114][ C0] ? schedule+0x91/0x360 [ 595.740135][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 595.740151][ C0] smpboot_thread_fn+0x53f/0xa60 [ 595.740168][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 595.740189][ C0] kthread+0x70e/0x8a0 [ 595.740209][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 595.740225][ C0] ? __pfx_kthread+0x10/0x10 [ 595.740246][ C0] ? __pfx_kthread+0x10/0x10 [ 595.740264][ C0] ret_from_fork+0x436/0x7d0 [ 595.740282][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 595.740302][ C0] ? __switch_to_asm+0x39/0x70 [ 595.740315][ C0] ? __switch_to_asm+0x33/0x70 [ 595.740328][ C0] ? __pfx_kthread+0x10/0x10 [ 595.740346][ C0] ret_from_fork_asm+0x1a/0x30 [ 595.740368][ C0] [ 595.748424][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 595.748445][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 595.748467][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 595.748478][ T38] Call Trace: [ 595.748486][ T38] [ 595.748494][ T38] dump_stack_lvl+0x99/0x250 [ 595.748523][ T38] ? __asan_memcpy+0x40/0x70 [ 595.748543][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 595.748566][ T38] ? __pfx__printk+0x10/0x10 [ 595.748598][ T38] vpanic+0x281/0x750 [ 595.748624][ T38] ? __pfx_vpanic+0x10/0x10 [ 595.748645][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 595.748664][ T38] ? preempt_schedule+0xae/0xc0 [ 595.748689][ T38] ? preempt_schedule_common+0x83/0xd0 [ 595.748719][ T38] panic+0xb9/0xc0 [ 595.748741][ T38] ? __pfx_panic+0x10/0x10 [ 595.748765][ T38] ? preempt_schedule_thunk+0x16/0x30 [ 595.748791][ T38] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 595.748815][ T38] watchdog+0xfd2/0xfe0 [ 595.748842][ T38] ? watchdog+0x1de/0xfe0 [ 595.748869][ T38] kthread+0x70e/0x8a0 [ 595.748896][ T38] ? __pfx_watchdog+0x10/0x10 [ 595.748916][ T38] ? __pfx_kthread+0x10/0x10 [ 595.748944][ T38] ? __pfx_kthread+0x10/0x10 [ 595.748968][ T38] ret_from_fork+0x436/0x7d0 [ 595.748992][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 595.749020][ T38] ? __switch_to_asm+0x39/0x70 [ 595.749035][ T38] ? __switch_to_asm+0x33/0x70 [ 595.749051][ T38] ? __pfx_kthread+0x10/0x10 [ 595.749083][ T38] ret_from_fork_asm+0x1a/0x30 [ 595.749115][ T38] [ 595.749398][ T38] Kernel Offset: disabled