last executing test programs: 8m2.775962357s ago: executing program 4 (id=734): r0 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_CPUID2(r2, 0xc008ae91, 0x0) 8m2.099358378s ago: executing program 4 (id=742): r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000380)=@newlink={0x50, 0x10, 0x503, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, 0x0, 0x3a, 0x201a0}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x2}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_BROADCAST={0xa, 0x2, @remote}]}, 0x50}}, 0x800) 8m1.767805114s ago: executing program 4 (id=746): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newqdisc={0x5c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x2c, 0x2, {{}, [@TCA_NETEM_CORR={0x10, 0x1, {0x2, 0x51f, 0x4}}]}}}]}, 0x5c}}, 0x0) 8m1.257901806s ago: executing program 4 (id=751): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x19, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_PBURST={0x0, 0x7, 0xca9}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) 8m0.884733368s ago: executing program 4 (id=755): r0 = socket$unix(0x1, 0x2, 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000200)=0x10) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 8m0.658522043s ago: executing program 4 (id=759): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1a, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a654, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) 7m45.503944737s ago: executing program 32 (id=759): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1a, 0xf, &(0x7f0000000580)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a654, 0x0, 0x0, 0x0, 0x1}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x94) 2m51.111074394s ago: executing program 0 (id=3568): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x3, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 2m50.885293761s ago: executing program 0 (id=3571): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r0, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abfe0055acc8ef039a5be42200000000000000000100", 0x38}, 0x60) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000240)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a07760760beeab11e88509de7f1939e8abfe0055acc8ef039a5be42200000000000000000100", 0x38}, 0x60) 2m50.609803403s ago: executing program 0 (id=3573): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_encap(r0, 0x11, 0x68, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) 2m50.363647012s ago: executing program 0 (id=3575): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0xfe98, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_MAX_RATE={0xffffffffffffffe6, 0x2}, @TCA_FQ_FLOW_MAX_RATE={0xfffffffffffffd87, 0x7, 0x3}]}}]}, 0x48}}, 0x0) 2m50.035623329s ago: executing program 0 (id=3577): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10) fchown(r1, 0x0, 0x0) 2m49.837075181s ago: executing program 0 (id=3580): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x8, 0x8000, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r0, &(0x7f0000000a00), 0x0}, 0x20) 2m34.551324913s ago: executing program 33 (id=3580): bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x8, 0x8000, 0x1}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000bc0)={r0, &(0x7f0000000a00), 0x0}, 0x20) 1m41.543674561s ago: executing program 6 (id=4228): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x8}) 1m41.160902398s ago: executing program 6 (id=4229): syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000000904"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) pread64(r0, 0x0, 0x0, 0x0) ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x36de, 0x0, 0x2000, &(0x7f0000000440)="d1596137019028b4e6973edf1911fbfc4c57a136ff048efb6d1ff9da18c7b520508922e15ef5a43a2403935d48ed4c365d55448dc474f02bfc8c827504ccfccbaca50d6089edf0b48722fa0da7"}, {0x36de, 0x4801, 0x0, 0x0}], 0x2}) 1m39.496958322s ago: executing program 6 (id=4241): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x15, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x86}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {0x4}, {0x6, 0x0, 0xa}, {}, {}, {0x85, 0x0, 0x0, 0x33}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1m38.15385588s ago: executing program 6 (id=4253): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x0) 1m37.94365267s ago: executing program 6 (id=4255): openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280), 0x20c82, 0x0) r0 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0) 1m36.635543344s ago: executing program 6 (id=4272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x54, r1, 0x101, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT={0x4}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4044014}, 0x48000) 1m35.871455664s ago: executing program 34 (id=4272): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)={0x54, r1, 0x101, 0x70bd2a, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x24, 0x51, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9}, @NL80211_KEY_IDX={0x5, 0x2, 0x2}, @NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT={0x4}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4044014}, 0x48000) 1m34.171436107s ago: executing program 3 (id=4286): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x20040000) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffb, 0x6}}]}, 0x20}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) 1m33.976187394s ago: executing program 3 (id=4287): r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r1, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@deltfilter={0x34, 0x2d, 0x1, 0x800000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x10}, {0x0, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000840}, 0x80) 1m33.768751942s ago: executing program 3 (id=4288): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000401e04012800000000000109022400010000200009040000010300020009210000050122070009058103"], 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) 1m31.860280711s ago: executing program 3 (id=4299): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x48) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000580)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0xb5008, 0x0) umount2(&(0x7f00000001c0)='./file0/../file0\x00', 0x4) 1m31.571625015s ago: executing program 3 (id=4302): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x2}) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x11) ioctl$TUNSETPERSIST(r0, 0x400454cb, 0x0) 1m27.782717178s ago: executing program 3 (id=4312): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000200)={0x5, 0x80000000, 0x3}) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x5, 0x899, 0x4}) 1m27.36689996s ago: executing program 35 (id=4312): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5}) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000200)={0x5, 0x80000000, 0x3}) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x5, 0x899, 0x4}) 1m4.858355569s ago: executing program 5 (id=4423): r0 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x54b0, 0x80, 0x3, 0x12e}, &(0x7f0000000180)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x40, 0x0, 0x81, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x1}) io_uring_enter(r0, 0x40f9, 0x217, 0xa5, 0x0, 0x0) 1m4.436711327s ago: executing program 5 (id=4425): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x5}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r1}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 1m4.249188603s ago: executing program 5 (id=4426): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000001000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b70300000000ffff850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 1m4.001083128s ago: executing program 5 (id=4428): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB='-0'], 0x9) 1m3.842204752s ago: executing program 5 (id=4431): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000480)='./file0/file0\x00') pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 53.699531509s ago: executing program 5 (id=4446): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000580)=ANY=[@ANYBLOB="050000ff0000000001"]) 22.779254208s ago: executing program 2 (id=4553): r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x1733, 0x0, 0x0, 0x0, 0x0) 22.383797929s ago: executing program 2 (id=4554): ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x5453, 0x0) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x44e, 0x120c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0xfe, 0xfd, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x8, 0x1, {0x22, 0x8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x7, 0x2, 0x3}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00220c000000a3a0aaa8732a8f482853c41e5e37d9"], 0x0}, 0x0) 20.573854184s ago: executing program 2 (id=4560): socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0xffffffffffffffff, 0x4}, 0x38) close(0xffffffffffffffff) syz_usb_connect(0x3, 0x114, &(0x7f0000000f80)={{0x12, 0x1, 0x110, 0xb3, 0x16, 0xc9, 0x10, 0x1ace, 0xe9b2, 0x5c3d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x102, 0x2, 0x0, 0x2a, 0x10, 0x0, [{{0x9, 0x4, 0xec, 0x6, 0x4, 0xfe, 0x2, 0x0, 0x3, [], [{{0x9, 0x5, 0x2, 0x4, 0x40, 0xbf, 0xe, 0x7}}, {{0x9, 0x5, 0xf, 0x0, 0x3ff, 0x5, 0x9, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x7f, 0x5}]}}, {{0x9, 0x5, 0xd, 0x10, 0x0, 0xd, 0x81, 0xff}}, {{0x9, 0x5, 0x9, 0x4, 0x8, 0x9, 0x8, 0x10}}]}}, {{0x9, 0x4, 0x81, 0x4, 0x0, 0xe, 0x1, 0x0, 0xa8, [@uac_as={[@as_header={0x7, 0x24, 0x1, 0x26, 0x2, 0x4}]}, @generic={0xb5, 0xd, "eb90a94aef33e509c09a395d4f850474c3824fecfb7c2c8d30495d0ae163d6f1cae5091c6b69cea856fda0e3ce57ea845012ffb3806bdad245133ce43f0ebd94447100db2c42634ffca01050c55f18c94d7636bfbb107f6073c2e7cfcfbc8da5e0f6d35458068c849c873db135f3d0e3a4e15c38e8bb18507cf4be2346fae5811c1114f4917c4b835b0abfedee690d65a859e412d65580820a85fe210789168319faec26cf2f613af43c4dbebd36f9b1ac47bc"}]}}]}}]}}, 0x0) 20.290477772s ago: executing program 1 (id=4563): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r0, &(0x7f0000000a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000940)=""/3, 0x3, 0x3, 0x4, 0x0, 0x0, 0xc08}}, 0x120) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000080)=""/155, 0x9b}, {0x0, 0x4}], 0x2) write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4) 19.857610084s ago: executing program 1 (id=4564): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x2000) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x2, 0x41001, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x300, 0x0, 0x0, 0x0}) 19.65166074s ago: executing program 1 (id=4565): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x6, 0x18, &(0x7f00000003c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffff963}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 19.386483214s ago: executing program 1 (id=4566): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0x1d, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x100}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 19.184970968s ago: executing program 2 (id=4567): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x31}}, 0x10, 0x0}}], 0x1, 0x2000c000) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0xc, &(0x7f0000000480)=@ccm_128={{0x304}, "6fa66229a7a91abc", "7694f16d07de390be2bdc631fd1b7e76", "271a6330", "f6593472d1b0d4e4"}, 0x28) 19.079332909s ago: executing program 1 (id=4568): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080004800400038008000840000000000800084000000007"], 0xdc}, 0x1, 0x0, 0x0, 0x48810}, 0x4008000) 18.906460936s ago: executing program 1 (id=4569): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x19ee0}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 18.186062993s ago: executing program 2 (id=4570): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x4}, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005880)=@newtfilter={0x24, 0x2c, 0xd27, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xd}}}, 0x24}}, 0x0) 15.417931202s ago: executing program 2 (id=4571): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x60, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x800000}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 3.455383357s ago: executing program 36 (id=4569): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x19ee0}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5, 0x11, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 0s ago: executing program 37 (id=4571): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newtaction={0x60, 0x30, 0x10b, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3, 0x800000}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) kernel console output (not intermixed with test programs): idProduct=1512, bcdDevice=30.22 [ 510.702166][ T979] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.714051][ T979] usb 4-1: config 0 descriptor?? [ 510.884151][T15298] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.049746][ T979] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 511.179677][ T5845] usb 4-1: USB disconnect, device number 34 [ 512.520331][T15330] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3576'. [ 514.591218][T15366] program syz.2.3592 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 514.828710][T15370] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3594'. [ 515.285778][T15381] overlayfs: failed to clone lowerpath [ 515.445130][ T5845] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 515.595065][ T5845] usb 3-1: Using ep0 maxpacket: 32 [ 515.598106][ T5845] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 515.598135][ T5845] usb 3-1: config 0 has no interface number 0 [ 515.598188][ T5845] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 515.598216][ T5845] usb 3-1: config 0 interface 85 has no altsetting 0 [ 515.601769][ T5845] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 515.601798][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.601818][ T5845] usb 3-1: Product: syz [ 515.601832][ T5845] usb 3-1: Manufacturer: syz [ 515.601847][ T5845] usb 3-1: SerialNumber: syz [ 515.619682][ T5845] usb 3-1: config 0 descriptor?? [ 516.451557][ T5845] appletouch 3-1:0.85: Geyser mode initialized. [ 516.475731][ T5845] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input31 [ 516.485205][ C1] appletouch 3-1:0.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 516.689350][ T5913] usb 3-1: USB disconnect, device number 25 [ 516.837358][T15399] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 516.840554][ T5913] appletouch 3-1:0.85: input: appletouch disconnected [ 517.903713][ T5887] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 518.059376][ T5887] usb 3-1: Using ep0 maxpacket: 8 [ 518.062845][ T5887] usb 3-1: unable to get BOS descriptor or descriptor too short [ 518.080961][ T5887] usb 3-1: config 4 interface 0 has no altsetting 0 [ 518.095411][ T5887] usb 3-1: string descriptor 0 read error: -22 [ 518.100321][ T5887] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 518.100351][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.160796][ T5887] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 518.230643][ T5887] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 518.231075][ T5887] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 518.231135][ T5887] usb 3-1: media controller created [ 518.287666][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 519.342048][T15431] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3621'. [ 519.523637][ T5887] usb 3-1: USB disconnect, device number 26 [ 519.576964][ T1054] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 519.963928][T15443] netlink: 'syz.5.3627': attribute type 25 has an invalid length. [ 519.963952][T15443] netlink: 'syz.5.3627': attribute type 8 has an invalid length. [ 520.590541][T15461] program syz.3.3635 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 521.477851][T15483] overlayfs: conflicting lowerdir path [ 522.998095][T15516] ip6gretap1: entered promiscuous mode [ 522.998168][T15516] ip6gretap1: entered allmulticast mode [ 524.225033][T15533] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3670'. [ 524.225074][T15533] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3670'. [ 524.291818][ T1054] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 524.292506][ T1054] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 524.292551][ T1054] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 524.292588][ T1054] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 524.510412][ T5887] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 524.670528][ T5887] usb 6-1: Using ep0 maxpacket: 16 [ 524.693407][ T5887] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 524.693440][ T5887] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.693460][ T5887] usb 6-1: Product: syz [ 524.693474][ T5887] usb 6-1: Manufacturer: syz [ 524.693488][ T5887] usb 6-1: SerialNumber: syz [ 524.743412][ T5887] r8152-cfgselector 6-1: Unknown version 0x0000 [ 524.743440][ T5887] r8152-cfgselector 6-1: config 0 descriptor?? [ 524.748992][ T5887] hub 6-1:0.0: bad descriptor, ignoring hub [ 524.749046][ T5887] hub 6-1:0.0: probe with driver hub failed with error -5 [ 525.334140][T15550] netlink: 14 bytes leftover after parsing attributes in process `syz.1.3676'. [ 525.371260][ T5887] r8152-cfgselector 6-1: reset high-speed USB device number 15 using dummy_hcd [ 525.383463][T15550] hsr_slave_0: left promiscuous mode [ 525.420051][T15550] hsr_slave_1: left promiscuous mode [ 525.950260][ T5887] r8152-cfgselector 6-1: USB disconnect, device number 15 [ 526.869656][ T6058] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 527.059271][ T6058] usb 2-1: Using ep0 maxpacket: 16 [ 527.061968][ T6058] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 527.062030][ T6058] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 527.062054][ T6058] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 527.070737][ T6058] usb 2-1: config 0 descriptor?? [ 527.516190][ T6058] mcp2221 0003:04D8:00DD.0023: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 528.012325][ T6058] usb 2-1: USB disconnect, device number 39 [ 528.769950][T15587] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 528.770234][T15587] macvtap1: entered allmulticast mode [ 528.770255][T15587] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 528.881708][T15587] netdevsim netdevsim5 netdevsim0: left allmulticast mode [ 528.881792][T15587] netdevsim netdevsim5 netdevsim0: left promiscuous mode [ 529.221538][T15598] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 529.247562][T15598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 529.256326][T15598] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 529.294583][T15598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 529.300730][T15598] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 529.838662][ T37] kauditd_printk_skb: 4 callbacks suppressed [ 529.838683][ T37] audit: type=1326 audit(1758661312.621:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.838744][ T37] audit: type=1326 audit(1758661312.621:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.838802][ T37] audit: type=1326 audit(1758661312.631:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.838851][ T37] audit: type=1326 audit(1758661312.631:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.840854][ T37] audit: type=1326 audit(1758661312.631:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.840914][ T37] audit: type=1326 audit(1758661312.631:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 529.840958][ T37] audit: type=1326 audit(1758661312.631:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15609 comm="syz.1.3704" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 530.797650][T15597] chnl_net:caif_netlink_parms(): no params data found [ 531.375595][T15656] program syz.3.3720 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 531.407175][T15598] Bluetooth: hci3: command tx timeout [ 531.639462][T15597] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.644971][T15597] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.645271][T15597] bridge_slave_0: entered allmulticast mode [ 531.670520][T15597] bridge_slave_0: entered promiscuous mode [ 531.683915][T15597] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.685808][T15597] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.686219][T15597] bridge_slave_1: entered allmulticast mode [ 531.719994][T15597] bridge_slave_1: entered promiscuous mode [ 532.110990][T15597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.116118][T15597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.412153][T15686] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3734'. [ 532.412192][T15686] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3734'. [ 532.448081][ T37] audit: type=1326 audit(1758661315.242:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15680 comm="syz.2.3732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3e25f3af79 code=0x7ffc0000 [ 532.448143][ T37] audit: type=1326 audit(1758661315.242:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15680 comm="syz.2.3732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e25f9eec9 code=0x7ffc0000 [ 532.448189][ T37] audit: type=1326 audit(1758661315.242:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15680 comm="syz.2.3732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e25f9eec9 code=0x7ffc0000 [ 532.456689][ T5887] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 532.616548][ T5887] usb 2-1: Using ep0 maxpacket: 8 [ 532.632911][ T5887] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 532.632944][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.632964][ T5887] usb 2-1: Product: syz [ 532.632979][ T5887] usb 2-1: Manufacturer: syz [ 532.632994][ T5887] usb 2-1: SerialNumber: syz [ 532.683022][ T5887] usb 2-1: config 0 descriptor?? [ 532.708295][T15597] team0: Port device team_slave_0 added [ 532.709012][ T12] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 532.709344][ T12] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 532.709387][ T12] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 532.709426][ T12] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 532.751566][T15597] team0: Port device team_slave_1 added [ 532.945931][ T5887] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 533.118826][T15597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.118845][T15597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.118872][T15597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.197532][T15597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 533.197783][T15597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 533.197813][T15597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 533.496099][T15598] Bluetooth: hci3: command tx timeout [ 533.546177][ T5887] gspca_sunplus: reg_w_riv err -71 [ 533.546289][ T5887] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 533.549792][ T5887] usb 2-1: USB disconnect, device number 40 [ 533.665936][T15699] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3739'. [ 533.756069][T15597] hsr_slave_0: entered promiscuous mode [ 533.758009][T15597] hsr_slave_1: entered promiscuous mode [ 533.761679][T15597] debugfs: 'hsr0' already exists in 'hsr' [ 533.761709][T15597] Cannot create hsr debugfs directory [ 533.927201][T15705] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3743'. [ 533.936178][ T5845] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 534.089297][ T5845] usb 3-1: Using ep0 maxpacket: 16 [ 534.093318][ T5845] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 534.093345][ T5845] usb 3-1: config 0 has no interface number 0 [ 534.093399][ T5845] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 534.093427][ T5845] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 534.096080][ T5845] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 534.096106][ T5845] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 534.096124][ T5845] usb 3-1: Product: syz [ 534.096137][ T5845] usb 3-1: SerialNumber: syz [ 534.111928][ T5845] usb 3-1: config 0 descriptor?? [ 534.122658][ T5845] cm109 3-1:0.8: invalid payload size 0, expected 4 [ 534.139382][ T5845] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input32 [ 534.375050][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.379859][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.380131][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.380384][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.380630][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.380880][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.381126][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.381376][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.381628][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.381936][ C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 534.432395][ C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 534.432497][ T6058] usb 3-1: USB disconnect, device number 27 [ 534.523545][ T6058] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 534.888007][T15725] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 15725 comm: syz.5.3752) [ 534.890694][ T37] kauditd_printk_skb: 360 callbacks suppressed [ 534.890716][ T37] audit: type=1800 audit(1758661317.683:1821): pid=15725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3752" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=47070 res=0 errno=0 [ 535.140094][T15597] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 535.206182][T15597] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 535.243267][T15597] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 535.310273][T15597] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 535.311478][T15732] netdevsim netdevsim5: Direct firmware load for ./file0/file1 failed with error -2 [ 535.311505][T15732] netdevsim netdevsim5: Falling back to sysfs fallback for: ./file0/file1 [ 535.564900][ T5844] Bluetooth: hci3: command tx timeout [ 535.847135][T15597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 535.870452][ T37] audit: type=1326 audit(1758661318.664:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.872005][ T37] audit: type=1326 audit(1758661318.664:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.874122][ T37] audit: type=1326 audit(1758661318.664:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.875556][ T37] audit: type=1326 audit(1758661318.674:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efecc985d67 code=0x7ffc0000 [ 535.876823][ T37] audit: type=1326 audit(1758661318.674:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.877862][ T37] audit: type=1326 audit(1758661318.674:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.879193][ T37] audit: type=1326 audit(1758661318.674:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.880495][ T37] audit: type=1326 audit(1758661318.674:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 535.882170][ T37] audit: type=1326 audit(1758661318.674:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15744 comm="syz.1.3759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efecc92af79 code=0x7ffc0000 [ 536.047567][T15597] 8021q: adding VLAN 0 to HW filter on device team0 [ 536.123418][ T57] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.124711][ T57] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.222302][ T1230] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.222482][ T1230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.260939][T15753] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3762'. [ 537.140601][T15770] Bluetooth: MGMT ver 1.23 [ 537.643964][ T5844] Bluetooth: hci3: command 0x0419 tx timeout [ 537.714759][T15597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 538.064912][ T5887] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 538.215013][ T5887] usb 3-1: Using ep0 maxpacket: 8 [ 538.228788][ T5887] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 538.228898][ T5887] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 538.228927][ T5887] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 538.228967][ T5887] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 538.304123][ T5887] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 538.304156][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.304175][ T5887] usb 3-1: Product: syz [ 538.304190][ T5887] usb 3-1: Manufacturer: syz [ 538.304204][ T5887] usb 3-1: SerialNumber: syz [ 538.606845][ T5887] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 538.606879][ T5887] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 538.606897][ T5887] usb 3-1: 2:1 : sample bitwidth 16 in over sample bytes 1 [ 538.609840][ T5887] usb 3-1: 2:1 : invalid channels 0 [ 538.701113][ T5887] usb 3-1: USB disconnect, device number 28 [ 539.033522][T15597] veth0_vlan: entered promiscuous mode [ 539.075535][T15597] veth1_vlan: entered promiscuous mode [ 539.231876][T15802] tun0: tun_chr_ioctl cmd 1074812117 [ 539.393592][T15810] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 539.436468][T15597] veth0_macvtap: entered promiscuous mode [ 539.481393][T15597] veth1_macvtap: entered promiscuous mode [ 539.591371][T15597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 539.641891][T15597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 539.719393][ T57] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.720641][ T57] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.723280][ T5844] Bluetooth: hci3: command 0x0419 tx timeout [ 539.734842][ T57] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.738718][ T57] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 539.747493][T15816] loop8: detected capacity change from 0 to 1 [ 539.771363][T15816] Dev loop8: unable to read RDB block 1 [ 539.771417][T15816] loop8: unable to read partition table [ 539.771673][T15816] loop8: partition table beyond EOD, truncated [ 539.771698][T15816] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 540.042948][ T6058] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 540.232602][ T6058] usb 6-1: Using ep0 maxpacket: 32 [ 540.245880][ T6058] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 540.245908][ T6058] usb 6-1: config 0 has no interface number 0 [ 540.272881][ T6058] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 540.272915][ T6058] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.272935][ T6058] usb 6-1: Product: syz [ 540.272949][ T6058] usb 6-1: Manufacturer: syz [ 540.272963][ T6058] usb 6-1: SerialNumber: syz [ 540.345047][ T6058] usb 6-1: config 0 descriptor?? [ 540.355558][ T6058] smsc95xx v2.0.0 [ 540.483692][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.483717][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.726071][ T1230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 540.726095][ T1230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 540.839074][T15838] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 541.044271][T15843] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3689'. [ 541.218870][ T6058] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 541.218905][ T6058] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 541.222520][ T6058] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 541.222900][ T6058] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71 [ 541.256541][ T6058] usb 6-1: USB disconnect, device number 16 [ 541.429088][T15851] netlink: 120 bytes leftover after parsing attributes in process `syz.3.3802'. [ 541.483252][T15853] input: syz0 as /devices/virtual/input/input33 [ 541.607894][T15855] input: syz0 as /devices/virtual/input/input34 [ 541.802337][T15598] Bluetooth: hci3: command 0x0419 tx timeout [ 542.311663][ T6058] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 542.524720][ T6058] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 542.524757][ T6058] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 542.524799][ T6058] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 542.524822][ T6058] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 542.561982][ T6058] usb 6-1: config 0 descriptor?? [ 543.019617][ T6058] hid_parser_main: 382 callbacks suppressed [ 543.019645][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019679][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019703][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019726][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019751][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019776][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.019799][ T6058] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 543.069918][ T6058] cp2112 0003:10C4:EA90.0024: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0 [ 543.207445][ T6058] cp2112 0003:10C4:EA90.0024: error requesting version [ 543.234498][ T6058] cp2112 0003:10C4:EA90.0024: probe with driver cp2112 failed with error -71 [ 543.249236][ T6058] usb 6-1: USB disconnect, device number 17 [ 544.276314][ T10] kernel write not supported for file /sequencer (pid: 10 comm: kworker/0:1) [ 545.664730][ T37] kauditd_printk_skb: 1260 callbacks suppressed [ 545.664751][ T37] audit: type=1326 audit(1758661328.469:3091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.665165][ T37] audit: type=1326 audit(1758661328.469:3092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.729690][ T37] audit: type=1326 audit(1758661328.509:3093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.729763][ T37] audit: type=1326 audit(1758661328.519:3094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.729818][ T37] audit: type=1326 audit(1758661328.519:3095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.742539][ T37] audit: type=1326 audit(1758661328.549:3096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.744113][ T37] audit: type=1326 audit(1758661328.549:3097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.745311][ T37] audit: type=1326 audit(1758661328.549:3098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=271 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.805775][ T37] audit: type=1326 audit(1758661328.609:3099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 545.805840][ T37] audit: type=1326 audit(1758661328.609:3100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15936 comm="syz.1.3841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efecc98eec9 code=0x7ffc0000 [ 546.259309][T15949] loop7: detected capacity change from 0 to 7 [ 546.385808][ C0] blk_print_req_error: 6 callbacks suppressed [ 546.385828][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 547.121038][T15978] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3861'. [ 547.172438][T15980] netlink: 256 bytes leftover after parsing attributes in process `syz.2.3862'. [ 547.172465][T15980] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3862'. [ 547.788782][ T10] usb 7-1: new low-speed USB device number 2 using dummy_hcd [ 547.942716][ T10] usb 7-1: config 0 has an invalid interface number: 55 but max is 0 [ 547.942765][ T10] usb 7-1: config 0 has no interface number 0 [ 547.942827][ T10] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 547.942851][ T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 547.942877][ T10] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 547.942903][ T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 547.942929][ T10] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 547.942955][ T10] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 547.942999][ T10] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 547.943019][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.064938][ T10] usb 7-1: config 0 descriptor?? [ 548.065995][T15996] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 548.066135][T15996] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 548.111734][ T10] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 548.306154][ T5845] usb 7-1: USB disconnect, device number 2 [ 548.318778][ T5845] ldusb 7-1:0.55: LD USB Device #0 now disconnected [ 548.448561][ T49] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 548.608515][ T49] usb 3-1: Using ep0 maxpacket: 16 [ 548.611002][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 548.611035][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 548.611146][ T49] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 548.611170][ T49] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 548.617382][ T49] usb 3-1: config 0 descriptor?? [ 548.818530][ T5845] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 548.838633][T16012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 548.839244][T16012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 548.948877][ T1054] bridge0: port 2(bridge_slave_1) entered blocking state [ 548.949072][ T1054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 548.976617][ T5845] usb 6-1: Using ep0 maxpacket: 16 [ 548.988381][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 549.013189][ T5845] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 549.017024][ T5845] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 549.017120][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.017141][ T5845] usb 6-1: Product: syz [ 549.017156][ T5845] usb 6-1: Manufacturer: syz [ 549.017170][ T5845] usb 6-1: SerialNumber: syz [ 549.039384][T16032] misc userio: Invalid payload size [ 549.054567][ T49] hid (null): unknown global tag 0xc [ 549.054612][ T49] hid (null): invalid report_count 47589 [ 549.100485][ T5845] usb 6-1: config 0 descriptor?? [ 549.117689][ T5845] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 549.117725][ T5845] em28xx 6-1:0.0: DVB interface 0 found: bulk [ 549.261317][ T49] usb 3-1: string descriptor 0 read error: -71 [ 549.303676][ T49] usb 3-1: Max retries (5) exceeded reading string descriptor 200 [ 549.303849][ T49] letsketch 0003:6161:4D15.0025: probe with driver letsketch failed with error -32 [ 549.340420][ T49] usb 3-1: USB disconnect, device number 29 [ 549.378634][ C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 549.686682][T16045] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 549.730822][ T5845] em28xx 6-1:0.0: chip ID is em2765 [ 550.058126][ T5845] em28xx 6-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 550.058161][ T5845] em28xx 6-1:0.0: board has no eeprom [ 550.117726][ T5845] em28xx 6-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 550.117758][ T5845] em28xx 6-1:0.0: dvb set to bulk mode. [ 550.119899][ T49] em28xx 6-1:0.0: Binding DVB extension [ 550.174025][ T5845] usb 6-1: USB disconnect, device number 18 [ 550.176628][ T5845] em28xx 6-1:0.0: Disconnecting em28xx [ 550.241083][ T49] em28xx 6-1:0.0: Registering input extension [ 550.254538][ T5845] em28xx 6-1:0.0: Closing input extension [ 550.394196][ T5845] em28xx 6-1:0.0: Freeing device [ 551.450636][T16093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 551.561992][ T1005] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 552.455186][T16120] Attempt to restore checkpoint with obsolete wellknown handles [ 552.784226][T16130] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3931'. [ 552.784259][T16130] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3931'. [ 553.361320][T16156] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 553.378576][ T6058] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 553.528558][ T6058] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 553.528642][ T6058] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 553.528663][ T6058] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 553.528687][ T6058] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 553.528712][ T6058] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 243 [ 553.532089][ T6058] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 553.532118][ T6058] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.532138][ T6058] usb 3-1: Product: syz [ 553.532151][ T6058] usb 3-1: Manufacturer: syz [ 553.532165][ T6058] usb 3-1: SerialNumber: syz [ 553.632565][T16143] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 553.635206][ T6058] usb 3-1: ucan: probing device on interface #0 [ 553.635231][ T6058] usb 3-1: ucan: invalid out_ep MaxPacketSize [ 553.635246][ T6058] usb 3-1: ucan: probe failed; try to update the device firmware [ 553.866948][ T1217] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 553.869643][ T6058] usb 3-1: USB disconnect, device number 30 [ 553.913458][ T37] kauditd_printk_skb: 9 callbacks suppressed [ 553.913479][ T37] audit: type=1326 audit(1758661336.713:3110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16161 comm="syz.6.3945" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff6ab8feec9 code=0x0 [ 554.016251][ T1217] usb 2-1: Using ep0 maxpacket: 8 [ 554.019281][ T1217] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 554.019312][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.074892][ T1217] pvrusb2: Hardware description: Terratec Grabster AV400 [ 554.074915][ T1217] pvrusb2: ********** [ 554.074921][ T1217] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 554.074933][ T1217] pvrusb2: Important functionality might not be entirely working. [ 554.074942][ T1217] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 554.074953][ T1217] pvrusb2: ********** [ 554.305073][ T2366] pvrusb2: Invalid write control endpoint [ 554.488988][ T2366] pvrusb2: Invalid write control endpoint [ 554.489005][ T2366] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 554.489015][ T2366] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 554.489024][ T2366] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 554.489035][ T2366] pvrusb2: Device being rendered inoperable [ 554.521066][ T2366] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 554.521131][ T2366] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 554.522189][ T2366] pvrusb2: Attached sub-driver cx25840 [ 554.522200][ T2366] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 554.522209][ T2366] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 554.540799][ T1217] usb 2-1: USB disconnect, device number 41 [ 555.037322][T16186] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3953'. [ 555.037901][T16181] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3953'. [ 555.039214][T16181] netlink: 60 bytes leftover after parsing attributes in process `syz.6.3953'. [ 555.285109][ T5845] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 555.443664][ T5845] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 27750, setting to 64 [ 555.460832][ T5845] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 555.460864][ T5845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.460886][ T5845] usb 4-1: Product: syz [ 555.460900][ T5845] usb 4-1: Manufacturer: syz [ 555.460914][ T5845] usb 4-1: SerialNumber: syz [ 555.511033][ T5845] usb 4-1: config 0 descriptor?? [ 555.534967][ T10] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 555.631274][T16200] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3961'. [ 555.689859][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 555.693334][ T10] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 555.693364][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.709187][ T10] usb 2-1: config 0 descriptor?? [ 555.940729][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 555.979515][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 555.983919][ T10] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 555.983988][ T10] usb 2-1: media controller created [ 556.010139][ T6058] usb 4-1: USB disconnect, device number 35 [ 556.059063][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 556.085797][ T5845] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 556.163546][ T10] az6027: usb out operation failed. (-71) [ 556.164067][ T10] az6027: usb out operation failed. (-71) [ 556.164081][ T10] stb0899_attach: Driver disabled by Kconfig [ 556.164090][ T10] az6027: no front-end attached [ 556.164090][ T10] [ 556.164700][ T10] az6027: usb out operation failed. (-71) [ 556.164715][ T10] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 556.244741][ T5845] usb 3-1: Using ep0 maxpacket: 16 [ 556.247616][ T5845] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 556.247648][ T5845] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 556.248172][ T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input36 [ 556.251855][ T5845] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 556.251885][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.251906][ T5845] usb 3-1: Product: syz [ 556.251921][ T5845] usb 3-1: Manufacturer: syz [ 556.251935][ T5845] usb 3-1: SerialNumber: syz [ 556.329222][ T10] dvb-usb: schedule remote query interval to 400 msecs. [ 556.329252][ T10] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 556.375015][ T10] usb 2-1: USB disconnect, device number 42 [ 556.375787][ T5845] usb 3-1: config 0 descriptor?? [ 556.407540][ T5845] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 556.407576][ T5845] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 556.710223][ T10] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 556.846715][T16211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3966'. [ 557.048070][ T5845] em28xx 3-1:0.0: chip ID is em2874 [ 557.259503][ T5914] usb 3-1: USB disconnect, device number 31 [ 557.262166][ T5914] em28xx 3-1:0.0: Disconnecting em28xx [ 557.286535][T16216] program syz.3.3968 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 557.304364][ T5914] em28xx 3-1:0.0: Freeing device [ 559.627938][T16283] netlink: 1 bytes leftover after parsing attributes in process `syz.1.3997'. [ 560.145325][ T37] audit: type=1326 audit(1758661342.946:3111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16294 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e25f9eec9 code=0x7ffc0000 [ 560.185487][ T37] audit: type=1326 audit(1758661342.956:3112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16294 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3e25f9eec9 code=0x7ffc0000 [ 560.185890][ T37] audit: type=1326 audit(1758661342.996:3113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16294 comm="syz.2.4004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f3e25f9eec9 code=0x7ffc0000 [ 560.187088][ T37] audit: type=1326 audit(1758661342.996:3114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16294 comm="syz.2.4004" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3e25f9eec9 code=0x0 [ 560.359532][T16303] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4009'. [ 560.962103][T16325] overlayfs: failed to create directory ./bus/work (errno: 22); mounting read-only [ 561.062844][ T1217] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 561.253041][ T1217] usb 4-1: Using ep0 maxpacket: 16 [ 561.255921][ T1217] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 561.255954][ T1217] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 561.290060][ T1217] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 561.290090][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.290109][ T1217] usb 4-1: Product: syz [ 561.290121][ T1217] usb 4-1: Manufacturer: syz [ 561.290134][ T1217] usb 4-1: SerialNumber: syz [ 561.304959][ T1217] usb 4-1: config 0 descriptor?? [ 561.311000][ T1217] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 561.311031][ T1217] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 561.927371][ T1217] em28xx 4-1:0.0: chip ID is em28174 [ 562.137389][ T6058] usb 4-1: USB disconnect, device number 36 [ 562.140480][ T6058] em28xx 4-1:0.0: Disconnecting em28xx [ 562.186492][ T6058] em28xx 4-1:0.0: Freeing device [ 563.091929][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.092022][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.485615][T16379] netlink: 'syz.2.4041': attribute type 2 has an invalid length. [ 563.485641][T16379] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4041'. [ 564.090925][ T49] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 564.240862][ T49] usb 2-1: Using ep0 maxpacket: 16 [ 564.243767][ T49] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 564.243799][ T49] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 564.243823][ T49] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 564.243868][ T49] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 564.243892][ T49] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 564.250104][ T49] usb 2-1: config 0 descriptor?? [ 564.721409][T16417] netlink: 'syz.3.4058': attribute type 2 has an invalid length. [ 564.764270][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764308][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764333][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764358][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764383][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764408][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764433][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764458][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764484][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.764509][ T49] microsoft 0003:045E:07DA.0026: unknown main item tag 0x0 [ 564.845277][ T49] microsoft 0003:045E:07DA.0026: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 564.845313][ T49] microsoft 0003:045E:07DA.0026: no inputs found [ 564.845328][ T49] microsoft 0003:045E:07DA.0026: could not initialize ff, continuing anyway [ 564.900275][ T5845] usb 6-1: new low-speed USB device number 19 using dummy_hcd [ 564.977644][ T5914] usb 2-1: USB disconnect, device number 43 [ 565.058934][ T5845] usb 6-1: config index 0 descriptor too short (expected 6427, got 27) [ 565.058969][ T5845] usb 6-1: config 0 has an invalid interface number: 21 but max is 0 [ 565.058989][ T5845] usb 6-1: config 0 has no interface number 0 [ 565.059045][ T5845] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 565.059068][ T5845] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 565.059110][ T5845] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 565.059134][ T5845] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.131498][ T5845] usb 6-1: config 0 descriptor?? [ 565.251087][T16425] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4061'. [ 565.782683][ T5845] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input38 [ 565.852124][ T5845] input: failed to attach handler kbd to device input38, error: -5 [ 565.909816][ T5914] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 565.995495][ T1217] usb 6-1: USB disconnect, device number 19 [ 566.099073][ T5914] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 566.099107][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.099129][ T5914] usb 2-1: Product: syz [ 566.099143][ T5914] usb 2-1: Manufacturer: syz [ 566.099159][ T5914] usb 2-1: SerialNumber: syz [ 566.389650][ T49] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 566.546245][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.546291][ T49] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 566.546332][ T49] usb 3-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 566.546354][ T49] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.601167][ T49] usb 3-1: config 0 descriptor?? [ 566.953985][ T5914] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 566.954055][ T5914] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 566.958173][ T5914] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 567.006681][ T5914] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 567.032264][T16462] binder: 16461:16462 ioctl c0306201 200000000100 returned -14 [ 567.061236][ T49] sony 0003:054C:024B.0027: unexpected long global item [ 567.062241][ T49] sony 0003:054C:024B.0027: parse failed [ 567.062366][ T49] sony 0003:054C:024B.0027: probe with driver sony failed with error -22 [ 567.080688][ T5914] usb 2-1: USB disconnect, device number 44 [ 567.277523][ T49] usb 3-1: USB disconnect, device number 32 [ 567.682120][ T37] audit: type=1800 audit(1758661350.490:3115): pid=16477 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.4088" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=51678 res=0 errno=0 [ 567.900286][T16484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4089'. [ 567.908037][T16484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4089'. [ 568.078604][ T1217] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 568.225211][T16493] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 568.240815][ T1217] usb 4-1: config 0 has no interfaces? [ 568.253844][ T1217] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=fa.df [ 568.253877][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.253898][ T1217] usb 4-1: Product: syz [ 568.253910][ T1217] usb 4-1: Manufacturer: syz [ 568.253924][ T1217] usb 4-1: SerialNumber: syz [ 568.281993][ T1217] usb 4-1: config 0 descriptor?? [ 568.509538][ T49] usb 4-1: USB disconnect, device number 37 [ 568.806958][T16513] openvswitch: netlink: IP tunnel dst address not specified [ 568.881666][T16516] netlink: 'syz.2.4106': attribute type 1 has an invalid length. [ 569.381340][ T1217] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 569.432304][ T37] audit: type=1326 audit(1758661352.211:3116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.432369][ T37] audit: type=1326 audit(1758661352.211:3117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.470480][ T37] audit: type=1326 audit(1758661352.281:3118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.470535][ T37] audit: type=1326 audit(1758661352.281:3119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.481656][ T37] audit: type=1326 audit(1758661352.291:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.481715][ T37] audit: type=1326 audit(1758661352.291:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.482197][ T37] audit: type=1326 audit(1758661352.291:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.482250][ T37] audit: type=1326 audit(1758661352.291:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6ab8feec9 code=0x7ffc0000 [ 569.484179][ T37] audit: type=1326 audit(1758661352.291:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16534 comm="syz.6.4116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff6ab89af79 code=0x7ffc0000 [ 569.669073][T16540] (unnamed net_device) (uninitialized): ARP target 9.0.0.0 is already present [ 569.669122][T16540] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (9) [ 569.703614][ T1217] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c [ 569.703648][ T1217] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 569.703669][ T1217] usb 2-1: Product: syz [ 569.703683][ T1217] usb 2-1: Manufacturer: syz [ 569.703696][ T1217] usb 2-1: SerialNumber: syz [ 569.751372][ T1217] usb 2-1: config 0 descriptor?? [ 570.591890][ T1217] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 570.591923][ T1217] asix 2-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 570.592256][ T1217] asix 2-1:0.0: probe with driver asix failed with error -71 [ 570.658383][ T1217] usb 2-1: USB disconnect, device number 45 [ 571.468774][ T49] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 571.627095][ T49] usb 2-1: Using ep0 maxpacket: 32 [ 571.635017][ T49] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 571.635049][ T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.635070][ T49] usb 2-1: Product: syz [ 571.635084][ T49] usb 2-1: Manufacturer: syz [ 571.635099][ T49] usb 2-1: SerialNumber: syz [ 571.651785][ T49] usb 2-1: config 0 descriptor?? [ 571.670617][ T49] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 572.481453][ T49] gspca_stk1135: reg_w 0x5 err -71 [ 572.482499][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482513][ T49] gspca_stk1135: Sensor write failed [ 572.482543][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482554][ T49] gspca_stk1135: Sensor write failed [ 572.482582][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482592][ T49] gspca_stk1135: Sensor read failed [ 572.482620][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482630][ T49] gspca_stk1135: Sensor read failed [ 572.482637][ T49] gspca_stk1135: Detected sensor type unknown (0x0) [ 572.482672][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482681][ T49] gspca_stk1135: Sensor read failed [ 572.482711][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482720][ T49] gspca_stk1135: Sensor read failed [ 572.482749][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482757][ T49] gspca_stk1135: Sensor write failed [ 572.482787][ T49] gspca_stk1135: serial bus timeout: status=0x00 [ 572.482796][ T49] gspca_stk1135: Sensor write failed [ 572.482894][ T49] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71 [ 572.494964][ T49] usb 2-1: USB disconnect, device number 46 [ 573.276337][ T5887] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 573.413021][ T37] kauditd_printk_skb: 233 callbacks suppressed [ 573.413043][ T37] audit: type=1326 audit(1758661356.223:3358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda7812af79 code=0x7ffc0000 [ 573.413095][ T37] audit: type=1326 audit(1758661356.223:3359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.413696][ T37] audit: type=1326 audit(1758661356.223:3360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda7812af79 code=0x7ffc0000 [ 573.413745][ T37] audit: type=1326 audit(1758661356.223:3361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.414530][ T37] audit: type=1326 audit(1758661356.223:3362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda7812af79 code=0x7ffc0000 [ 573.414581][ T37] audit: type=1326 audit(1758661356.223:3363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.414626][ T37] audit: type=1326 audit(1758661356.223:3364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.414673][ T37] audit: type=1326 audit(1758661356.223:3365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.414954][ T37] audit: type=1326 audit(1758661356.223:3366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7818eec9 code=0x7ffc0000 [ 573.415485][ T37] audit: type=1326 audit(1758661356.223:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16611 comm="syz.3.4153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fda7812af79 code=0x7ffc0000 [ 573.426101][ T5887] usb 7-1: Using ep0 maxpacket: 32 [ 573.429024][ T5887] usb 7-1: config 0 has an invalid interface number: 51 but max is 0 [ 573.429052][ T5887] usb 7-1: config 0 has no interface number 0 [ 573.538643][ T5887] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 573.538676][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.538707][ T5887] usb 7-1: Product: syz [ 573.538721][ T5887] usb 7-1: Manufacturer: syz [ 573.538735][ T5887] usb 7-1: SerialNumber: syz [ 573.565880][ T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 573.729587][ T5887] usb 7-1: config 0 descriptor?? [ 573.744363][ T5887] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 573.809343][ T10] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 573.809445][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.848262][ T10] usb 3-1: config 0 descriptor?? [ 573.864660][ T10] cp210x 3-1:0.0: cp210x converter detected [ 574.010850][ T5887] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 574.047324][ T5887] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 574.296135][ T10] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 574.330785][ T10] usb 3-1: cp210x converter now attached to ttyUSB2 [ 574.413230][ C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 574.420167][ T6058] usb 7-1: USB disconnect, device number 3 [ 574.493320][ T6058] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 574.541046][ T49] usb 3-1: USB disconnect, device number 33 [ 574.616692][ T6058] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 574.626717][ T6058] quatech2 7-1:0.51: device disconnected [ 574.628178][ T49] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2 [ 574.799055][ T49] cp210x 3-1:0.0: device disconnected [ 574.824609][T16632] syz_tun: entered allmulticast mode [ 574.830333][T16631] syz_tun: left allmulticast mode [ 575.217959][T16639] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4164'. [ 575.312595][T16644] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4166'. [ 575.312706][T16644] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4166'. [ 576.179248][T16664] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 576.535257][T16670] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 576.569997][T16670] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 576.774336][ C1] vkms_vblank_simulate: vblank timer overrun [ 577.134215][ T10] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 577.286807][ T10] usb 7-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 577.286839][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.303790][ T10] usb 7-1: config 0 descriptor?? [ 577.343671][ T10] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 577.544409][ T10] gspca_sn9c2028: read1 error -32 [ 577.547875][ T10] gspca_sn9c2028: read1 error -32 [ 577.783450][ T10] usb 7-1: USB disconnect, device number 4 [ 578.444595][T16704] netlink: 'syz.3.4193': attribute type 1 has an invalid length. [ 579.473445][T16737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4209'. [ 580.133866][T16757] netlink: 'syz.2.4218': attribute type 83 has an invalid length. [ 581.761370][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.875384][ C1] vkms_vblank_simulate: vblank timer overrun [ 581.941787][ T49] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 582.091941][ T49] usb 7-1: Using ep0 maxpacket: 8 [ 582.094602][ T49] usb 7-1: config index 0 descriptor too short (expected 30, got 18) [ 582.099338][ T49] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 582.099368][ T49] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.099387][ T49] usb 7-1: Product: syz [ 582.099401][ T49] usb 7-1: Manufacturer: syz [ 582.099415][ T49] usb 7-1: SerialNumber: syz [ 582.154418][ T49] usb 7-1: config 0 descriptor?? [ 582.171608][ T49] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 582.171675][ T49] usb 7-1: setting power ON [ 582.172373][ T49] dvb-usb: bulk message failed: -22 (2/0) [ 582.201619][ T49] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 582.202716][ T49] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 582.202780][ T49] usb 7-1: media controller created [ 582.262048][ T49] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 582.297147][ T49] usb 7-1: selecting invalid altsetting 6 [ 582.297172][ T49] usb 7-1: digital interface selection failed (-22) [ 582.297190][ T49] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 582.326620][ T49] usb 7-1: setting power OFF [ 582.327019][ T49] dvb-usb: bulk message failed: -22 (2/0) [ 582.327040][ T49] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 582.327053][ T49] (NULL device *): no alternate interface [ 582.380728][T16782] dvb-usb: bulk message failed: -22 (3/0) [ 582.380762][T16782] dvb-usb: bulk message failed: -22 (4/0) [ 582.380779][T16782] cxusb: i2c read failed [ 582.384854][T16782] cxusb: i2c wr: len=8192 is too big! [ 582.384854][T16782] [ 582.496440][ T49] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 582.592107][ T49] usb 7-1: USB disconnect, device number 5 [ 583.549565][ T1230] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 583.650101][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4247'. [ 585.206682][T16850] loop6: detected capacity change from 0 to 2560 [ 585.296779][T16850] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.296818][T16850] buffer_io_error: 6 callbacks suppressed [ 585.296831][T16850] Buffer I/O error on dev loop6, logical block 1, async page read [ 585.297089][T16850] Dev loop6: unable to read RDB block 8 [ 585.297252][T16850] I/O error, dev loop6, sector 24 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 585.297279][T16850] Buffer I/O error on dev loop6, logical block 3, async page read [ 585.297409][T16850] loop6: unable to read partition table [ 585.297702][T16850] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 585.829851][ T5887] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 585.985756][ T5887] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 585.985787][ T5887] usb 4-1: config 0 has no interface number 0 [ 585.992407][ T5887] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 585.992437][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.992456][ T5887] usb 4-1: Product: syz [ 585.992469][ T5887] usb 4-1: Manufacturer: syz [ 585.992482][ T5887] usb 4-1: SerialNumber: syz [ 586.008081][ T5887] usb 4-1: config 0 descriptor?? [ 586.229264][ T5887] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 586.242469][ T5887] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 586.242878][ T5887] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 586.242938][ T5887] usb 4-1: media controller created [ 586.433822][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 586.627362][ T5887] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 586.899316][ T5887] usb 4-1: USB disconnect, device number 38 [ 587.136463][ T1485] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 587.880572][T15598] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 587.912945][T15598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 587.917251][T15598] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 587.936839][T15598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 587.946972][T15598] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 588.070363][ T1485] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.434002][T16904] netlink: del zone limit has 4 unknown bytes [ 588.473168][ C1] vkms_vblank_simulate: vblank timer overrun [ 588.552550][ T1485] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 588.648725][ T1217] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 588.657130][T16901] netlink: set zone limit has 4 unknown bytes [ 588.803712][ T1217] usb 2-1: config 7 has an invalid interface number: 101 but max is 0 [ 588.803742][ T1217] usb 2-1: config 7 has no interface number 0 [ 588.807209][ T1217] usb 2-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 588.807237][ T1217] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 588.807259][ T1217] usb 2-1: Product: syz [ 588.807273][ T1217] usb 2-1: Manufacturer: syz [ 588.807287][ T1217] usb 2-1: SerialNumber: syz [ 589.103427][ T1485] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 589.208229][ T5845] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 589.361049][ T5845] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 589.361094][ T5845] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 589.361134][ T5845] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 589.361158][ T5845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 589.416227][ T5845] usb 4-1: config 0 descriptor?? [ 589.674579][ T1217] as10x_usb: device has been detected [ 589.676146][ T1217] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 589.707017][ T1217] usb 2-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 589.883488][ T5845] prodikeys 0003:041E:2801.0028: unknown main item tag 0x0 [ 589.883533][ T5845] prodikeys 0003:041E:2801.0028: unknown main item tag 0x0 [ 589.883560][ T5845] prodikeys 0003:041E:2801.0028: item fetching failed at offset 2/7 [ 589.884520][ T5845] prodikeys 0003:041E:2801.0028: hid parse failed [ 589.884624][ T5845] prodikeys 0003:041E:2801.0028: probe with driver prodikeys failed with error -22 [ 590.021115][T15598] Bluetooth: hci3: command tx timeout [ 590.030125][ T1217] as10x_usb: error during firmware upload part1 [ 590.030888][ T1217] Registered device Elgato EyeTV DTT Deluxe [ 590.054117][ T1217] usb 2-1: USB disconnect, device number 47 [ 590.101818][ T5887] usb 4-1: USB disconnect, device number 39 [ 590.172335][ T1217] Unregistered device Elgato EyeTV DTT Deluxe [ 590.205187][ T1217] as10x_usb: device has been disconnected [ 590.466081][T16927] netlink: 'syz.2.4295': attribute type 9 has an invalid length. [ 590.466108][T16927] netlink: 155628 bytes leftover after parsing attributes in process `syz.2.4295'. [ 590.886836][T16890] chnl_net:caif_netlink_parms(): no params data found [ 590.965365][ T1485] bridge_slave_1: left allmulticast mode [ 590.965402][ T1485] bridge_slave_1: left promiscuous mode [ 590.965703][ T1485] bridge0: port 2(bridge_slave_1) entered disabled state [ 591.049342][ T1485] bridge_slave_0: left allmulticast mode [ 591.049380][ T1485] bridge_slave_0: left promiscuous mode [ 591.049702][ T1485] bridge0: port 1(bridge_slave_0) entered disabled state [ 591.486003][ C1] vkms_vblank_simulate: vblank timer overrun [ 591.494185][ T49] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 591.636872][ T49] usb 3-1: Using ep0 maxpacket: 16 [ 591.646788][ T49] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 591.646823][ T49] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 591.646842][ T49] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 591.673537][ T49] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 591.673566][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.673583][ T49] usb 3-1: Product: syz [ 591.673596][ T49] usb 3-1: Manufacturer: syz [ 591.673608][ T49] usb 3-1: SerialNumber: syz [ 592.096933][T15598] Bluetooth: hci3: command tx timeout [ 592.170995][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.195470][ T49] usb 3-1: 0:2 : does not exist [ 592.274106][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.562711][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.608960][ T49] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1) [ 592.662585][ T49] usb 3-1: USB disconnect, device number 34 [ 592.697894][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.785041][ C1] vkms_vblank_simulate: vblank timer overrun [ 592.887660][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.239154][T16955] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4308'. [ 593.566165][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.912620][ C1] vkms_vblank_simulate: vblank timer overrun [ 593.955593][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.175790][T15598] Bluetooth: hci3: command tx timeout [ 594.208834][ T1485] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.262740][ T1485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.279709][ T1485] bond0 (unregistering): Released all slaves [ 594.333370][ T1054] batman_adv: batadv1: IGMP Querier appeared [ 594.333389][ T1054] batman_adv: batadv1: MLD Querier appeared [ 594.395568][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.485100][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.704051][ C1] vkms_vblank_simulate: vblank timer overrun [ 594.871275][ T3622] batman_adv: batadv1: IGMP Querier disappeared - multicast optimizations disabled [ 594.871296][ T3622] batman_adv: batadv1: MLD Querier disappeared - multicast optimizations disabled [ 595.956398][ C1] vkms_vblank_simulate: vblank timer overrun [ 596.254858][T15598] Bluetooth: hci3: command tx timeout [ 596.479772][ C1] vkms_vblank_simulate: vblank timer overrun [ 596.856718][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 596.882849][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 596.894603][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 596.897193][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 596.898395][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 597.077648][T17216] netlink: 'syz.5.4322': attribute type 14 has an invalid length. [ 598.016827][T17237] input: syz0 as /devices/virtual/input/input39 [ 598.244398][T16890] bridge0: port 1(bridge_slave_0) entered blocking state [ 598.244559][T16890] bridge0: port 1(bridge_slave_0) entered disabled state [ 598.244802][T16890] bridge_slave_0: entered allmulticast mode [ 598.253548][T16890] bridge_slave_0: entered promiscuous mode [ 598.333574][T15598] Bluetooth: hci3: command tx timeout [ 598.463548][ T1485] hsr_slave_0: left promiscuous mode [ 598.515595][ T1485] hsr_slave_1: left promiscuous mode [ 598.516792][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 598.516824][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 598.588470][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 598.588508][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 598.654291][ T5845] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 598.766325][ T1485] veth1_macvtap: left promiscuous mode [ 598.766468][ T1485] veth0_macvtap: left promiscuous mode [ 598.766812][ T1485] veth1_vlan: left promiscuous mode [ 598.767075][ T1485] veth0_vlan: left promiscuous mode [ 598.823196][ T5845] usb 6-1: Using ep0 maxpacket: 32 [ 598.826322][ T5845] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 598.826350][ T5845] usb 6-1: config 0 has no interface number 0 [ 598.829786][ T5845] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 598.829814][ T5845] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.829834][ T5845] usb 6-1: Product: syz [ 598.829848][ T5845] usb 6-1: Manufacturer: syz [ 598.829862][ T5845] usb 6-1: SerialNumber: syz [ 598.836348][ T5845] usb 6-1: config 0 descriptor?? [ 598.853882][ T5845] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 598.962181][T17260] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4343'. [ 598.973299][T15598] Bluetooth: hci2: command tx timeout [ 599.109650][ T5845] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 599.148919][ T5845] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 599.403586][ C1] vkms_vblank_simulate: vblank timer overrun [ 599.510780][ C1] vkms_vblank_simulate: vblank timer overrun [ 599.537028][ C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 599.538152][ T1217] usb 6-1: USB disconnect, device number 20 [ 599.567933][ T1217] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 599.586656][ T1217] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 599.588327][ T1217] quatech2 6-1:0.51: device disconnected [ 599.778005][ C1] vkms_vblank_simulate: vblank timer overrun [ 599.997191][ C1] vkms_vblank_simulate: vblank timer overrun [ 600.391347][ C1] vkms_vblank_simulate: vblank timer overrun [ 600.780729][ C1] vkms_vblank_simulate: vblank timer overrun [ 600.782360][ T1217] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 600.853033][ C1] vkms_vblank_simulate: vblank timer overrun [ 600.932255][ T1217] usb 6-1: Using ep0 maxpacket: 32 [ 600.936449][ T1217] usb 6-1: config 0 has an invalid interface number: 51 but max is 0 [ 600.936477][ T1217] usb 6-1: config 0 has no interface number 0 [ 600.939979][ T1217] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 600.940005][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.940025][ T1217] usb 6-1: Product: syz [ 600.940039][ T1217] usb 6-1: Manufacturer: syz [ 600.940053][ T1217] usb 6-1: SerialNumber: syz [ 600.955059][ T1217] usb 6-1: config 0 descriptor?? [ 600.959614][ T1217] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 601.075711][T15598] Bluetooth: hci2: command tx timeout [ 601.160173][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.183648][ T1217] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 601.225186][ T1217] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 601.249843][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.364198][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.510483][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.590590][ C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 601.592324][ T1217] usb 6-1: USB disconnect, device number 21 [ 601.600447][ T1217] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 601.606012][ T1217] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 601.607052][ T1217] quatech2 6-1:0.51: device disconnected [ 601.730093][ C1] vkms_vblank_simulate: vblank timer overrun [ 601.875133][ C1] vkms_vblank_simulate: vblank timer overrun [ 602.494073][ T1485] team0 (unregistering): Port device team_slave_1 removed [ 602.643546][ C1] vkms_vblank_simulate: vblank timer overrun [ 602.757435][ T1485] team0 (unregistering): Port device team_slave_0 removed [ 602.901568][ C1] vkms_vblank_simulate: vblank timer overrun [ 602.966908][ C1] vkms_vblank_simulate: vblank timer overrun [ 603.131050][T15598] Bluetooth: hci2: command tx timeout [ 603.186039][ C1] vkms_vblank_simulate: vblank timer overrun [ 603.493853][ C1] vkms_vblank_simulate: vblank timer overrun [ 603.561024][ C1] vkms_vblank_simulate: vblank timer overrun [ 603.627684][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.112443][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.308218][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.532537][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.615465][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.674315][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.704512][T16996] batman_adv: batadv1: IGMP Querier appeared [ 604.704526][T16996] batman_adv: batadv1: MLD Querier appeared [ 604.778252][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.930726][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.010331][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.058562][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.098107][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.147637][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.210315][T15598] Bluetooth: hci2: command tx timeout [ 605.379255][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.578734][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.656804][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.777028][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.841456][ C1] vkms_vblank_simulate: vblank timer overrun [ 605.981291][T16890] bridge0: port 2(bridge_slave_1) entered blocking state [ 605.981564][T16890] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.981857][T16890] bridge_slave_1: entered allmulticast mode [ 605.985179][T16890] bridge_slave_1: entered promiscuous mode [ 606.430380][T16890] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 606.461553][ C1] vkms_vblank_simulate: vblank timer overrun [ 606.534870][T16890] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 606.615555][ C1] vkms_vblank_simulate: vblank timer overrun [ 606.712111][ C1] vkms_vblank_simulate: vblank timer overrun [ 607.139720][ C1] vkms_vblank_simulate: vblank timer overrun [ 607.178559][T16890] team0: Port device team_slave_0 added [ 607.225264][ C1] vkms_vblank_simulate: vblank timer overrun [ 607.283199][T17290] bridge0: entered promiscuous mode [ 607.283447][T17290] macvtap1: entered allmulticast mode [ 607.283462][T17290] bridge0: entered allmulticast mode [ 607.285962][T17290] bridge0: port 4(macvtap1) entered blocking state [ 607.286235][T17290] bridge0: port 4(macvtap1) entered disabled state [ 607.438532][ C1] vkms_vblank_simulate: vblank timer overrun [ 607.439832][T17290] bridge0: left allmulticast mode [ 607.439896][T17290] bridge0: left promiscuous mode [ 607.537253][ C1] vkms_vblank_simulate: vblank timer overrun [ 607.765496][T17302] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4362'. [ 607.824849][T16890] team0: Port device team_slave_1 added [ 608.300264][T16890] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 608.300282][T16890] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 608.300310][T16890] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 608.318507][ T5887] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 608.329720][T16890] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 608.329737][T16890] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 608.329761][T16890] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 608.481183][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 608.481218][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 608.487731][ T5887] usb 3-1: config 0 descriptor?? [ 608.519344][ T5887] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 608.695468][T16890] hsr_slave_0: entered promiscuous mode [ 608.697041][T16890] hsr_slave_1: entered promiscuous mode [ 608.722613][T16890] debugfs: 'hsr0' already exists in 'hsr' [ 608.722647][T16890] Cannot create hsr debugfs directory [ 608.933472][T17322] sctp: [Deprecated]: syz.5.4369 (pid 17322) Use of struct sctp_assoc_value in delayed_ack socket option. [ 608.933472][T17322] Use struct sctp_sack_info instead [ 609.133222][ T5887] gspca_stv06xx: vv6410 sensor detected [ 609.395747][ T5887] STV06xx 3-1:0.0: probe with driver STV06xx failed with error -71 [ 609.408618][ T5887] usb 3-1: USB disconnect, device number 35 [ 609.772759][ T1485] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 609.877896][T17334] netlink: 'syz.5.4375': attribute type 5 has an invalid length. [ 610.354315][ T1485] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.905731][ T1485] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 610.978108][T17213] chnl_net:caif_netlink_parms(): no params data found [ 611.616491][ T1485] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 612.653884][T17213] bridge0: port 1(bridge_slave_0) entered blocking state [ 612.654060][T17213] bridge0: port 1(bridge_slave_0) entered disabled state [ 612.654342][T17213] bridge_slave_0: entered allmulticast mode [ 612.680148][T17213] bridge_slave_0: entered promiscuous mode [ 612.695217][T17213] bridge0: port 2(bridge_slave_1) entered blocking state [ 612.695346][T17213] bridge0: port 2(bridge_slave_1) entered disabled state [ 612.695721][T17213] bridge_slave_1: entered allmulticast mode [ 612.723112][T17213] bridge_slave_1: entered promiscuous mode [ 613.305467][T17213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.328335][ T1217] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 613.377767][T17213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.496271][ T1217] usb 2-1: Using ep0 maxpacket: 16 [ 613.499387][ T1217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 613.499439][ T1217] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 613.499464][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.507081][ T1217] usb 2-1: config 0 descriptor?? [ 613.673473][ T1485] bridge_slave_1: left allmulticast mode [ 613.673786][ T1485] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.734132][ T1485] bridge_slave_0: left promiscuous mode [ 613.735527][ T1485] bridge0: port 1(bridge_slave_0) entered disabled state [ 613.971529][ T1217] mcp2221 0003:04D8:00DD.0029: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 614.358123][ T1217] usb 2-1: USB disconnect, device number 48 [ 615.086856][ C1] vkms_vblank_simulate: vblank timer overrun [ 615.265164][ T979] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 615.333601][ C1] vkms_vblank_simulate: vblank timer overrun [ 615.439893][ T979] usb 2-1: config index 0 descriptor too short (expected 69, got 36) [ 615.439926][ T979] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 615.443858][ T979] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 615.443888][ T979] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.443908][ T979] usb 2-1: Product: syz [ 615.443923][ T979] usb 2-1: Manufacturer: syz [ 615.443937][ T979] usb 2-1: SerialNumber: syz [ 615.500513][ T979] usb 2-1: config 0 descriptor?? [ 615.504504][ T979] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 615.566899][T17148] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 615.979297][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.271884][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.330910][ T979] gspca_pac7302: reg_w() failed i: 78 v: 40 error -71 [ 616.331035][ T979] gspca_pac7302 2-1:0.0: probe with driver gspca_pac7302 failed with error -71 [ 616.352993][ T979] usb 2-1: USB disconnect, device number 49 [ 616.638237][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.826052][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.874120][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.935183][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.033505][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.106719][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.172930][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.244723][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.325015][ T1485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 617.369742][ T1485] bond0 (unregistering): Released all slaves [ 617.418501][T17213] team0: Port device team_slave_0 added [ 617.419324][T16890] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 617.557034][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.600862][T17213] team0: Port device team_slave_1 added [ 617.625573][T16890] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 617.755060][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.852877][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.896893][T16890] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 617.899267][ T1485] IPVS: stopping backup sync thread 7990 ... [ 618.044546][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.168620][T16890] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 618.237459][T17213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 618.237478][T17213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.237508][T17213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 618.506888][ C1] vkms_vblank_simulate: vblank timer overrun [ 618.771497][T17213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 618.771516][T17213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 618.771545][T17213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 618.798402][ T9357] cgroup: fork rejected by pids controller in /syz5 [ 619.002114][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.337421][ C1] vkms_vblank_simulate: vblank timer overrun [ 620.351611][T17213] hsr_slave_0: entered promiscuous mode [ 620.363673][T17213] hsr_slave_1: entered promiscuous mode [ 620.364782][T17213] debugfs: 'hsr0' already exists in 'hsr' [ 620.364809][T17213] Cannot create hsr debugfs directory [ 620.374007][T17480] netlink: 10 bytes leftover after parsing attributes in process `syz.1.4437'. [ 620.662467][ T1485] hsr_slave_0: left promiscuous mode [ 620.742640][ T1485] hsr_slave_1: left promiscuous mode [ 620.743863][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 620.743895][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 620.776098][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 620.776133][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 621.079153][ T1485] veth1_macvtap: left promiscuous mode [ 621.079298][ T1485] veth0_macvtap: left promiscuous mode [ 621.119957][ C1] vkms_vblank_simulate: vblank timer overrun [ 621.120281][ T1485] veth1_vlan: left promiscuous mode [ 621.120523][ T1485] veth0_vlan: left promiscuous mode [ 622.322697][T17495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4444'. [ 622.385759][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.469011][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.913741][ C1] vkms_vblank_simulate: vblank timer overrun [ 622.979024][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.263365][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.462884][ C1] vkms_vblank_simulate: vblank timer overrun [ 623.529536][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.330222][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.379133][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.435526][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.489614][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.489712][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.578813][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.802233][ C1] vkms_vblank_simulate: vblank timer overrun [ 624.861334][ T1485] team0 (unregistering): Port device team_slave_1 removed [ 624.966504][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.087908][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.142949][ T1485] team0 (unregistering): Port device team_slave_0 removed [ 625.568851][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.628730][ C1] vkms_vblank_simulate: vblank timer overrun [ 625.679431][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.030331][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.360837][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.443467][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.516327][ C1] vkms_vblank_simulate: vblank timer overrun [ 626.595456][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.103983][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.299708][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.367464][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.778956][ C1] vkms_vblank_simulate: vblank timer overrun [ 627.859329][ C1] vkms_vblank_simulate: vblank timer overrun [ 628.319108][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.128753][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.209364][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.525070][ C1] vkms_vblank_simulate: vblank timer overrun [ 629.876314][ C1] vkms_vblank_simulate: vblank timer overrun [ 630.218201][T16890] 8021q: adding VLAN 0 to HW filter on device bond0 [ 630.254556][T17509] loop6: detected capacity change from 0 to 2560 [ 630.382616][ T1485] IPVS: stop unused estimator thread 0... [ 630.429950][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 630.445754][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 630.448912][ T5844] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 630.450114][ T5844] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 630.450868][ T5844] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 630.487425][T17213] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 630.557894][T17213] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 630.609815][T16890] 8021q: adding VLAN 0 to HW filter on device team0 [ 630.616192][T17515] IPVS: Error joining to the multicast group [ 630.636919][T17213] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 630.688369][T17213] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 630.833234][T17522] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4455'. [ 631.147875][T16977] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.148048][T16977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 631.516008][ T1485] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 631.516047][ T1485] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.748209][T16978] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.748386][T16978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.773142][T17547] netlink: 'syz.1.4463': attribute type 4 has an invalid length. [ 632.024760][ T1485] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 632.024801][ T1485] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.113553][T17549] macvlan0: left allmulticast mode [ 632.113834][T17549] netlink: 'syz.1.4465': attribute type 1 has an invalid length. [ 632.113851][T17549] netlink: 'syz.1.4465': attribute type 2 has an invalid length. [ 632.428047][ C1] vkms_vblank_simulate: vblank timer overrun [ 632.473682][ T1485] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 632.473723][ T1485] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 632.556503][ T5844] Bluetooth: hci1: command tx timeout [ 632.578952][T17559] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 632.856411][ C1] vkms_vblank_simulate: vblank timer overrun [ 632.893129][ T1485] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 632.893169][ T1485] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.330899][T17579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4476'. [ 633.363598][T17579] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4476'. [ 633.738795][T17511] chnl_net:caif_netlink_parms(): no params data found [ 634.040244][ T1485] bridge_slave_1: left allmulticast mode [ 634.040341][ T1485] bridge_slave_1: left promiscuous mode [ 634.046162][ T1485] bridge0: port 2(bridge_slave_1) entered disabled state [ 634.161028][ T1485] bridge_slave_0: left allmulticast mode [ 634.161067][ T1485] bridge_slave_0: left promiscuous mode [ 634.161402][ T1485] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.635347][ T5844] Bluetooth: hci1: command tx timeout [ 635.294570][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.517948][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.716567][ C1] vkms_vblank_simulate: vblank timer overrun [ 635.899207][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.047053][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.158947][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.274775][ T10] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 636.357709][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.415541][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.434581][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 636.440929][ T10] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 636.440962][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.440983][ T10] usb 3-1: Product: syz [ 636.440997][ T10] usb 3-1: Manufacturer: syz [ 636.441011][ T10] usb 3-1: SerialNumber: syz [ 636.482595][ T10] usb 3-1: config 0 descriptor?? [ 636.493391][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 636.540277][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.645528][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.745568][ C1] vkms_vblank_simulate: vblank timer overrun [ 636.754158][ T5844] Bluetooth: hci1: command tx timeout [ 637.110331][ T10] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input40 [ 637.318642][T15832] usb 3-1: USB disconnect, device number 36 [ 637.430613][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.611875][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.670695][ C1] vkms_vblank_simulate: vblank timer overrun [ 637.822668][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.141332][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.205302][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.272345][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.474489][ T1485] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 638.534554][ T1485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 638.565820][ T1485] bond0 (unregistering): Released all slaves [ 638.706827][ C1] vkms_vblank_simulate: vblank timer overrun [ 638.793263][ T5844] Bluetooth: hci1: command tx timeout [ 638.850474][ T1485] tipc: Left network mode [ 638.924413][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.006760][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.229744][T17640] cgroup: fork rejected by pids controller in /syz2 [ 639.390568][ C1] vkms_vblank_simulate: vblank timer overrun [ 639.657364][T17511] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.657532][T17511] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.657854][T17511] bridge_slave_0: entered allmulticast mode [ 639.661172][T17511] bridge_slave_0: entered promiscuous mode [ 639.675725][T18216] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4502'. [ 639.706993][T17213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 639.744402][T17511] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.747037][T17511] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.747346][T17511] bridge_slave_1: entered allmulticast mode [ 639.771982][T17511] bridge_slave_1: entered promiscuous mode [ 640.609971][ T1485] mac80211_hwsim hwsim14 wlan0 (unregistering): left allmulticast mode [ 641.205872][ C1] vkms_vblank_simulate: vblank timer overrun [ 641.248224][T17511] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 641.278822][T16890] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 641.302893][T17511] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 641.644732][ T1485] hsr_slave_0: left promiscuous mode [ 641.682003][ T1485] hsr_slave_1: left promiscuous mode [ 641.683030][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 641.683059][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 641.736027][ T1485] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 641.736068][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 641.894119][ T1485] veth1_macvtap: left promiscuous mode [ 641.894271][ T1485] veth0_macvtap: left promiscuous mode [ 641.894617][ T1485] veth1_vlan: left promiscuous mode [ 641.894928][ T1485] veth0_vlan: left promiscuous mode [ 642.382253][ T1485] pimreg (unregistering): left allmulticast mode [ 642.691939][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.753456][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.926643][ C1] vkms_vblank_simulate: vblank timer overrun [ 642.993865][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.093720][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.345861][ C1] vkms_vblank_simulate: vblank timer overrun [ 643.872439][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.021467][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.134560][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.299712][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.525515][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.650339][ C1] vkms_vblank_simulate: vblank timer overrun [ 644.904568][ C1] vkms_vblank_simulate: vblank timer overrun [ 645.035786][ T1485] team0 (unregistering): Port device team_slave_1 removed [ 645.079422][ C1] vkms_vblank_simulate: vblank timer overrun [ 645.331599][ T1485] team0 (unregistering): Port device team_slave_0 removed [ 645.907064][ C1] vkms_vblank_simulate: vblank timer overrun [ 645.959232][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.170911][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.310984][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.460952][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.620337][ C1] vkms_vblank_simulate: vblank timer overrun [ 646.710436][ C1] vkms_vblank_simulate: vblank timer overrun [ 647.210468][ C1] vkms_vblank_simulate: vblank timer overrun [ 647.388521][T15598] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 647.447077][T15598] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 647.453549][T15598] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 647.455319][T15598] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 647.456111][T15598] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 647.535148][ C1] vkms_vblank_simulate: vblank timer overrun [ 647.600253][ C1] vkms_vblank_simulate: vblank timer overrun [ 647.866607][ C1] vkms_vblank_simulate: vblank timer overrun [ 648.354691][ C1] vkms_vblank_simulate: vblank timer overrun [ 648.415911][ C1] vkms_vblank_simulate: vblank timer overrun [ 648.802458][T17511] team0: Port device team_slave_0 added [ 648.826945][T17213] 8021q: adding VLAN 0 to HW filter on device team0 [ 648.830015][T17511] team0: Port device team_slave_1 added [ 649.180291][ C1] vkms_vblank_simulate: vblank timer overrun [ 649.452712][T17511] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 649.452730][T17511] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 649.452758][T17511] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 649.458633][T16977] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.458922][T16977] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.490864][T17511] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 649.490881][T17511] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 649.490904][T17511] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 649.507995][T15598] Bluetooth: hci5: command tx timeout [ 649.597349][T16977] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.597551][T16977] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.627961][ T5887] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 649.777874][ T5887] usb 2-1: Using ep0 maxpacket: 8 [ 649.798487][ C1] vkms_vblank_simulate: vblank timer overrun [ 649.815738][ T5887] usb 2-1: config index 0 descriptor too short (expected 30, got 18) [ 649.830069][ T5887] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 649.830101][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.830121][ T5887] usb 2-1: Product: syz [ 649.830135][ T5887] usb 2-1: Manufacturer: syz [ 649.830150][ T5887] usb 2-1: SerialNumber: syz [ 649.871251][ T5887] usb 2-1: config 0 descriptor?? [ 649.884101][ T5887] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 649.884182][ T5887] usb 2-1: setting power ON [ 649.884202][ T5887] dvb-usb: bulk message failed: -22 (2/0) [ 649.904068][ C1] vkms_vblank_simulate: vblank timer overrun [ 649.913193][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 649.918298][ T5887] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 649.918375][ T5887] usb 2-1: media controller created [ 650.033418][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.051538][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 650.102061][ T5887] usb 2-1: selecting invalid altsetting 6 [ 650.102086][ T5887] usb 2-1: digital interface selection failed (-22) [ 650.102103][ T5887] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 650.104920][ T5887] usb 2-1: setting power OFF [ 650.104946][ T5887] dvb-usb: bulk message failed: -22 (2/0) [ 650.104965][ T5887] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 650.104979][ T5887] (NULL device *): no alternate interface [ 650.204088][ T5887] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 650.224346][ T5887] usb 2-1: USB disconnect, device number 50 [ 650.381133][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.433777][T17511] hsr_slave_0: entered promiscuous mode [ 650.435378][T17511] hsr_slave_1: entered promiscuous mode [ 650.436651][T17511] debugfs: 'hsr0' already exists in 'hsr' [ 650.436678][T17511] Cannot create hsr debugfs directory [ 650.497230][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.583989][ C1] vkms_vblank_simulate: vblank timer overrun [ 650.885327][T18437] IPVS: persistence engine module ip_vs_pe_ not found [ 651.187067][ T1217] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 651.352979][ T1217] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 651.353014][ T1217] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 651.353061][ T1217] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 651.353085][ T1217] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.415262][ T1217] usb 2-1: config 0 descriptor?? [ 651.586971][T15598] Bluetooth: hci5: command tx timeout [ 651.835634][ T1217] kovaplus 0003:1E7D:2D50.002A: unknown main item tag 0x0 [ 651.835671][ T1217] kovaplus 0003:1E7D:2D50.002A: unknown main item tag 0x0 [ 651.835697][ T1217] kovaplus 0003:1E7D:2D50.002A: unknown main item tag 0x0 [ 651.835723][ T1217] kovaplus 0003:1E7D:2D50.002A: unknown main item tag 0x0 [ 651.835748][ T1217] kovaplus 0003:1E7D:2D50.002A: unknown main item tag 0x0 [ 651.920579][ T1217] kovaplus 0003:1E7D:2D50.002A: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 652.197673][ C1] vkms_vblank_simulate: vblank timer overrun [ 652.231964][ T1217] kovaplus 0003:1E7D:2D50.002A: couldn't init struct kovaplus_device [ 652.232032][ T1217] kovaplus 0003:1E7D:2D50.002A: couldn't install mouse [ 652.253790][ T1217] kovaplus 0003:1E7D:2D50.002A: probe with driver kovaplus failed with error -71 [ 652.282133][ T1217] usb 2-1: USB disconnect, device number 51 [ 652.530905][T18413] chnl_net:caif_netlink_parms(): no params data found [ 652.757740][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.465563][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.667502][T15598] Bluetooth: hci5: command tx timeout [ 653.841730][T18473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4534'. [ 653.842963][T18473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4534'. [ 655.075700][T18413] bridge0: port 1(bridge_slave_0) entered blocking state [ 655.075869][T18413] bridge0: port 1(bridge_slave_0) entered disabled state [ 655.076154][T18413] bridge_slave_0: entered allmulticast mode [ 655.079686][T18413] bridge_slave_0: entered promiscuous mode [ 655.231132][T18413] bridge0: port 2(bridge_slave_1) entered blocking state [ 655.231391][T18413] bridge0: port 2(bridge_slave_1) entered disabled state [ 655.231679][T18413] bridge_slave_1: entered allmulticast mode [ 655.243751][T18413] bridge_slave_1: entered promiscuous mode [ 655.753935][T18413] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 655.754978][T15598] Bluetooth: hci5: command tx timeout [ 655.800163][T18413] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.035632][ C1] vkms_vblank_simulate: vblank timer overrun [ 656.448350][T18413] team0: Port device team_slave_0 added [ 656.628350][ C1] vkms_vblank_simulate: vblank timer overrun [ 656.700173][T18413] team0: Port device team_slave_1 added [ 656.702457][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 656.731432][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 656.768140][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 656.791144][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 656.792103][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 657.394990][T18413] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.395008][T18413] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.395033][T18413] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.494358][T18413] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.494376][T18413] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.494403][T18413] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 657.495244][ T1485] bridge_slave_1: left allmulticast mode [ 657.495275][ T1485] bridge_slave_1: left promiscuous mode [ 657.495584][ T1485] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.602109][ T1485] bridge_slave_0: left allmulticast mode [ 657.602146][ T1485] bridge_slave_0: left promiscuous mode [ 657.602517][ T1485] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.953544][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.114775][T15832] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 658.243061][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.283564][T15832] usb 3-1: Using ep0 maxpacket: 16 [ 658.286333][T15832] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 658.286367][T15832] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 658.286390][T15832] usb 3-1: config 0 interface 0 has no altsetting 0 [ 658.286426][T15832] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 658.286450][T15832] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.296375][T15832] usb 3-1: config 0 descriptor?? [ 658.466758][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.594716][ C1] vkms_vblank_simulate: vblank timer overrun [ 658.764188][T15832] apple 0003:05AC:0247.002B: fixing up Magic Keyboard JIS report descriptor [ 658.765502][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765532][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765557][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765582][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765607][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765632][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765657][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765681][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765706][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.765731][T15832] apple 0003:05AC:0247.002B: unknown main item tag 0x0 [ 658.805375][T15832] apple 0003:05AC:0247.002B: unexpected long global item [ 658.806282][T15832] apple 0003:05AC:0247.002B: parse failed [ 658.806386][T15832] apple 0003:05AC:0247.002B: probe with driver apple failed with error -22 [ 658.863567][ T5844] Bluetooth: hci2: command tx timeout [ 658.978637][T15832] usb 3-1: USB disconnect, device number 37 [ 659.399454][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.598740][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.679797][ C1] vkms_vblank_simulate: vblank timer overrun [ 659.940935][ C1] vkms_vblank_simulate: vblank timer overrun [ 660.441586][ T1485] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.464768][ T10] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 660.558207][ T1485] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.635426][ T10] usb 3-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30 [ 660.635482][ T10] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.635505][ T10] usb 3-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 660.635533][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 660.635569][ T10] usb 3-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00 [ 660.635592][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 660.644881][ T10] usb 3-1: config 0 descriptor?? [ 660.657169][ T1485] bond0 (unregistering): Released all slaves [ 660.942481][ T5844] Bluetooth: hci2: command tx timeout [ 661.123287][T18509] Falling back ldisc for ttyS3. [ 661.167752][ C1] vkms_vblank_simulate: vblank timer overrun [ 661.189960][ T10] hid-alps 0003:044E:120C.002C: ignoring exceeding usage max [ 661.191450][ T10] hid-alps 0003:044E:120C.002C: unbalanced collection at end of report description [ 661.202611][ T10] hid-alps 0003:044E:120C.002C: parse failed [ 661.202737][ T10] hid-alps 0003:044E:120C.002C: probe with driver hid-alps failed with error -22 [ 661.385507][ T10] usb 3-1: USB disconnect, device number 38 [ 661.484437][T17511] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 661.692290][ T1485] hsr_slave_0: left promiscuous mode [ 661.731906][ T1485] hsr_slave_1: left promiscuous mode [ 661.733012][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 661.788314][ T1485] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 661.806433][T18535] kvm: kvm [18534]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x40000015) = 0x0 [ 662.321627][ T1217] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 662.349970][ T979] hid-generic 0003:0004:0000.002D: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 662.491479][ T1217] usb 3-1: Using ep0 maxpacket: 16 [ 662.496757][ T1217] usb 3-1: config 0 has an invalid interface number: 236 but max is 1 [ 662.496788][ T1217] usb 3-1: config 0 has an invalid interface number: 129 but max is 1 [ 662.496808][ T1217] usb 3-1: config 0 has no interface number 0 [ 662.496825][ T1217] usb 3-1: config 0 has no interface number 1 [ 662.496895][ T1217] usb 3-1: config 0 interface 236 altsetting 6 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 662.496922][ T1217] usb 3-1: config 0 interface 236 altsetting 6 endpoint 0xD has invalid wMaxPacketSize 0 [ 662.496946][ T1217] usb 3-1: config 0 interface 236 has no altsetting 0 [ 662.496964][ T1217] usb 3-1: config 0 interface 129 has no altsetting 0 [ 662.502242][ T1217] usb 3-1: New USB device found, idVendor=1ace, idProduct=e9b2, bcdDevice=5c.3d [ 662.502270][ T1217] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.502288][ T1217] usb 3-1: Product: syz [ 662.502301][ T1217] usb 3-1: Manufacturer: syz [ 662.502313][ T1217] usb 3-1: SerialNumber: syz [ 662.507996][ T1217] usb 3-1: config 0 descriptor?? [ 662.694438][ C1] vkms_vblank_simulate: vblank timer overrun [ 662.737574][ T1217] ir_usb 3-1:0.236: required endpoints missing [ 662.767428][ C1] vkms_vblank_simulate: vblank timer overrun [ 662.788055][ T1217] usb 3-1: selecting invalid altsetting 0 [ 662.819085][ T1217] usb 3-1: selecting invalid altsetting 0 [ 662.819769][ T1217] usb 3-1: Found UVC 2.26 device syz (1ace:e9b2) [ 662.819795][ T1217] usb 3-1: No valid video chain found. [ 662.833357][ T1217] usb 3-1: USB disconnect, device number 39 [ 662.912339][ C1] vkms_vblank_simulate: vblank timer overrun [ 663.021256][ T5844] Bluetooth: hci2: command tx timeout [ 663.309023][ C1] vkms_vblank_simulate: vblank timer overrun [ 663.568686][T18556] netlink: 140 bytes leftover after parsing attributes in process `syz.1.4568'. [ 665.100223][ T5844] Bluetooth: hci2: command tx timeout [ 669.163437][ C1] vkms_vblank_simulate: vblank timer overrun [ 680.236307][T15598] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 680.272954][T15598] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 680.279134][T15598] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 680.280761][T15598] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 680.281771][T15598] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 680.321504][ T1485] team0 (unregistering): Port device team_slave_1 removed [ 680.420023][ C1] vkms_vblank_simulate: vblank timer overrun [ 682.371752][ T5844] Bluetooth: hci3: command tx timeout [ 683.679220][T15598] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 683.706809][T15598] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 683.708725][T15598] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 683.710287][T15598] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 683.735588][T15598] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 684.451574][T15598] Bluetooth: hci3: command tx timeout [ 685.810054][T15598] Bluetooth: hci6: command tx timeout [ 685.898771][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.898872][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.529575][T15598] Bluetooth: hci3: command tx timeout [ 687.888767][T15598] Bluetooth: hci6: command tx timeout [ 688.608585][T15598] Bluetooth: hci3: command tx timeout [ 689.968341][T15598] Bluetooth: hci6: command tx timeout [ 690.551790][ T5844] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 690.580513][ T5844] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 690.582501][ T5844] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 690.584075][ T5844] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 690.586101][ T5844] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 692.047711][ T5844] Bluetooth: hci6: command tx timeout [ 692.686945][ T5844] Bluetooth: hci7: command tx timeout [ 694.765685][ T5844] Bluetooth: hci7: command tx timeout [ 696.846182][ T5844] Bluetooth: hci7: command tx timeout [ 698.923444][ T5844] Bluetooth: hci7: command tx timeout [ 708.183618][T15598] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 708.214065][T15598] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 708.216007][T15598] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 708.217756][T15598] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 708.241260][T15598] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 710.357792][T18577] Bluetooth: hci8: command tx timeout [ 712.436673][T18577] Bluetooth: hci8: command tx timeout [ 714.515585][T18577] Bluetooth: hci8: command tx timeout [ 715.919057][ C1] vkms_vblank_simulate: vblank timer overrun [ 716.597939][T18577] Bluetooth: hci8: command tx timeout [ 716.695712][T18577] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 716.722226][T18577] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 716.734680][T18577] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 716.736328][T18577] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 716.737606][T18577] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 718.833431][T18577] Bluetooth: hci9: command tx timeout [ 720.922196][T18577] Bluetooth: hci9: command tx timeout [ 722.991278][T18577] Bluetooth: hci9: command tx timeout [ 725.070578][T18577] Bluetooth: hci9: command tx timeout [ 736.376626][ T1485] team0 (unregistering): Port device team_slave_0 removed [ 736.550944][ C1] vkms_vblank_simulate: vblank timer overrun [ 740.894295][ T5840] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 740.931202][ T5840] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 740.940387][ T5840] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 740.943062][ T5840] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 740.944033][ T5840] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 741.336843][ C1] vkms_vblank_simulate: vblank timer overrun [ 743.061557][T18577] Bluetooth: hci10: command tx timeout [ 744.293071][ T5840] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 744.300999][ T5840] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 744.343553][ T5840] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 744.345223][ T5840] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 744.351136][ T5840] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 745.140237][T18577] Bluetooth: hci10: command tx timeout [ 746.420305][T18577] Bluetooth: hci11: command tx timeout [ 747.220006][T18577] Bluetooth: hci10: command tx timeout [ 747.310473][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.310565][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.500354][T18577] Bluetooth: hci11: command tx timeout [ 749.298202][T18577] Bluetooth: hci10: command tx timeout [ 750.579220][T18577] Bluetooth: hci11: command tx timeout [ 751.274908][ T5840] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 751.306366][ T5840] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 751.322804][ T5840] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 751.324389][ T5840] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 751.325426][ T5840] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 752.656476][T18577] Bluetooth: hci11: command tx timeout [ 752.823026][ C1] vkms_vblank_simulate: vblank timer overrun [ 753.387208][T18577] Bluetooth: hci12: command tx timeout [ 754.504277][T18577] Bluetooth: hci1: command 0x0406 tx timeout [ 755.455362][T18577] Bluetooth: hci12: command tx timeout [ 757.534906][T18577] Bluetooth: hci12: command tx timeout [ 759.612895][T18577] Bluetooth: hci12: command tx timeout [ 768.923474][ T5844] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 769.389110][ T5844] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 769.406531][ T5844] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 769.420945][ T5844] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 769.421849][ T5844] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 769.854978][ T5844] Bluetooth: hci5: command 0x0406 tx timeout [ 771.347349][ C1] vkms_vblank_simulate: vblank timer overrun [ 777.148144][T15598] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 777.180755][T15598] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 777.183404][T15598] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 777.201664][T15598] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 777.202755][T15598] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 778.963587][T15598] Bluetooth: hci13: command tx timeout [ 779.283251][T15598] Bluetooth: hci14: command tx timeout [ 780.082756][T15598] Bluetooth: hci2: command 0x0406 tx timeout [ 781.042511][T15598] Bluetooth: hci13: command tx timeout [ 781.374446][T15598] Bluetooth: hci14: command tx timeout [ 783.122176][T15598] Bluetooth: hci13: command tx timeout [ 783.441621][T15598] Bluetooth: hci14: command tx timeout [ 785.202523][T15598] Bluetooth: hci13: command tx timeout [ 785.520081][T15598] Bluetooth: hci14: command tx timeout [ 786.588953][ C1] vkms_vblank_simulate: vblank timer overrun [ 797.255680][ C1] vkms_vblank_simulate: vblank timer overrun [ 803.494826][T18577] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 803.526977][T18577] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 803.529663][T18577] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 803.547538][T18577] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 803.548761][T18577] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 805.593675][ T5840] Bluetooth: hci15: command tx timeout [ 805.687907][ T5840] Bluetooth: hci3: command 0x0406 tx timeout [ 807.353647][T18577] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 807.383135][T18577] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 807.386346][T18577] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 807.412382][T18577] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 807.413419][T18577] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 807.669660][ T5840] Bluetooth: hci15: command tx timeout [ 808.757802][ T1324] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.757891][ T1324] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.748117][ T5840] Bluetooth: hci15: command tx timeout [ 810.789436][ T5840] Bluetooth: hci6: command 0x0406 tx timeout [ 811.826953][ T5840] Bluetooth: hci15: command tx timeout [ 812.627689][T18607] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 812.651780][T18607] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 812.654249][T18607] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 812.655977][T18607] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 812.671539][T18607] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 813.104533][ C1] vkms_vblank_simulate: vblank timer overrun [ 815.916778][T18608] Bluetooth: hci7: command 0x0406 tx timeout [ 820.382557][T15598] Bluetooth: hci16: command tx timeout [ 822.461409][T15598] Bluetooth: hci16: command tx timeout [ 824.540413][T15598] Bluetooth: hci16: command tx timeout [ 824.701569][ T38] INFO: task kworker/1:7:6058 blocked for more than 143 seconds. [ 824.701596][ T38] Not tainted syzkaller #0 [ 824.701620][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.701630][ T38] task:kworker/1:7 state:D stack:20808 pid:6058 tgid:6058 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 824.701693][ T38] Workqueue: events switchdev_deferred_process_work [ 824.701722][ T38] Call Trace: [ 824.701730][ T38] [ 824.701744][ T38] __schedule+0x16f3/0x4c20 [ 824.701808][ T38] ? __pfx___schedule+0x10/0x10 [ 824.701862][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.701905][ T38] rt_mutex_schedule+0x77/0xf0 [ 824.701927][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 824.701953][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 824.702000][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 824.702030][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 824.702063][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 824.702127][ T38] ? switchdev_deferred_process_work+0xe/0x20 [ 824.702158][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.702190][ T38] ? switchdev_deferred_process_work+0xe/0x20 [ 824.702218][ T38] mutex_lock_nested+0x16a/0x1d0 [ 824.702242][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.702270][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.702305][ T38] switchdev_deferred_process_work+0xe/0x20 [ 824.702327][ T38] process_scheduled_works+0xade/0x17b0 [ 824.702396][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 824.702446][ T38] worker_thread+0x8a0/0xda0 [ 824.702476][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 824.702527][ T38] ? __kthread_parkme+0x7b/0x200 [ 824.702569][ T38] kthread+0x70e/0x8a0 [ 824.702618][ T38] ? __pfx_worker_thread+0x10/0x10 [ 824.702642][ T38] ? __pfx_kthread+0x10/0x10 [ 824.702679][ T38] ? __pfx_kthread+0x10/0x10 [ 824.702721][ T38] ret_from_fork+0x436/0x7d0 [ 824.702753][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 824.702788][ T38] ? __switch_to_asm+0x39/0x70 [ 824.702808][ T38] ? __switch_to_asm+0x33/0x70 [ 824.702826][ T38] ? __pfx_kthread+0x10/0x10 [ 824.702858][ T38] ret_from_fork_asm+0x1a/0x30 [ 824.702906][ T38] [ 824.702923][ T38] INFO: task kworker/u8:15:16978 blocked for more than 143 seconds. [ 824.702938][ T38] Not tainted syzkaller #0 [ 824.702948][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.702958][ T38] task:kworker/u8:15 state:D stack:19944 pid:16978 tgid:16978 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 824.703023][ T38] Workqueue: ipv6_addrconf addrconf_dad_work SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 824.703045][ T38] Call Trace: [ 824.703052][ T38] [ 824.703066][ T38] __schedule+0x16f3/0x4c20 [ 824.703133][ T38] ? __pfx___schedule+0x10/0x10 [ 824.703187][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.703221][ T38] rt_mutex_schedule+0x77/0xf0 [ 824.703241][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 824.703265][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 824.703312][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 824.703341][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 824.703368][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 824.703406][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 824.703440][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 824.703483][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 824.703502][ T38] mutex_lock_nested+0x16a/0x1d0 [ 824.703534][ T38] ? addrconf_dad_work+0x119/0x15a0 [ 824.703562][ T38] addrconf_dad_work+0x119/0x15a0 [ 824.703587][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.703632][ T38] ? __pfx_addrconf_dad_work+0x10/0x10 [ 824.703655][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.703688][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.703717][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.703742][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.703770][ T38] process_scheduled_works+0xade/0x17b0 [ 824.703832][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 824.703880][ T38] worker_thread+0x8a0/0xda0 [ 824.703941][ T38] kthread+0x70e/0x8a0 [ 824.703985][ T38] ? __pfx_worker_thread+0x10/0x10 [ 824.704011][ T38] ? __pfx_kthread+0x10/0x10 [ 824.704048][ T38] ? __pfx_kthread+0x10/0x10 [ 824.704080][ T38] ret_from_fork+0x436/0x7d0 [ 824.704117][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 824.704153][ T38] ? __switch_to_asm+0x39/0x70 [ 824.704172][ T38] ? __switch_to_asm+0x33/0x70 [ 824.704189][ T38] ? __pfx_kthread+0x10/0x10 [ 824.704221][ T38] ret_from_fork_asm+0x1a/0x30 [ 824.704261][ T38] [ 824.704276][ T38] INFO: task kworker/u8:31:16996 blocked for more than 143 seconds. [ 824.704290][ T38] Not tainted syzkaller #0 [ 824.704299][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.704308][ T38] task:kworker/u8:31 state:D stack:21048 pid:16996 tgid:16996 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 824.704365][ T38] Workqueue: events_unbound linkwatch_event [ 824.704395][ T38] Call Trace: [ 824.704402][ T38] [ 824.704415][ T38] __schedule+0x16f3/0x4c20 [ 824.704459][ T38] ? unwind_next_frame+0xa5/0x2390 [ 824.704489][ T38] ? ret_from_fork_asm+0x1a/0x30 [ 824.704528][ T38] ? __pfx___schedule+0x10/0x10 [ 824.704581][ T38][ 824.704581][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.704623][ T38] rt_mutex_schedule+0x77/0xf0 [ 824.704643][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 824.704676][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 824.704724][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 824.704753][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 824.704779][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 824.704819][ T38] ? linkwatch_event+0xe/0x60 [ 824.704849][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.704881][ T38] ? linkwatch_event+0xe/0x60 [ 824.704899][ T38] mutex_lock_nested+0x16a/0x1d0 [ 824.704923][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.704953][ T38] ? process_scheduled_works+0x9ef/0x17b0 [ 824.704982][ T38] linkwatch_event+0xe/0x60 [ 824.705002][ T38] process_scheduled_works+0xade/0x17b0 [ 824.705065][ T38] ? __pfx_process_scheduled_works+0x10/0x10 [ 824.705114][ T38] worker_thread+0x8a0/0xda0 [ 824.705173][ T38] kthread+0x70e/0x8a0 [ 824.705209][ T38] ? __pfx_worker_thread+0x10/0x10 [ 824.705235][ T38] ? __pfx_kthread+0x10/0x10 [ 824.705271][ T38] ? __pfx_kthread+0x10/0x10 [ 824.705304][ T38] ret_from_fork+0x436/0x7d0 [ 824.705334][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 824.705369][ T38] ? __switch_to_asm+0x39/0x70 [ 824.705388][ T38] ? __switch_to_asm+0x33/0x70 [ 824.705406][ T38] ? __pfx_kthread+0x10/0x10 [ 824.705438][ T38] ret_from_fork_asm+0x1a/0x30 [ 824.705479][ T38] [ 824.705503][ T38] INFO: task syz-executor:17511 blocked for more than 143 seconds. [ 824.705539][ T38] Not tainted syzkaller #0 [ 824.705548][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.705557][ T38] task:syz-executor state:D stack:22056 pid:17511 tgid:17511 ppid:1 task_flags:0x400140 flags:0x00004004 [ 824.705620][ T38] Call Trace: [ 824.705626][ T38] [ 824.705640][ T38] __schedule+0x16f3/0x4c20 [ 824.705700][ T38] ? __kernel_text_address+0xd/0x40 [ 824.705728][ T38] ? __pfx___schedule+0x10/0x10 [ 824.705787][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.705821][ T38] rt_mutex_schedule+0x77/0xf0 [ 824.705842][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 824.705867][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 824.705915][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 824.705944][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 824.705972][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 824.705995][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706035][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 824.706065][ T38] ? safesetid_security_capable+0xa9/0x1a0 [ 824.706094][ T38] ? bpf_lsm_capable+0x9/0x20 [ 824.706119][ T38] ? security_capable+0x7e/0x2e0 [ 824.706154][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 824.706179][ T38] mutex_lock_nested+0x16a/0x1d0 [ 824.706211][ T38] rtnl_newlink+0x8db/0x1c70 [ 824.706250][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706277][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 824.706317][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706353][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706396][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706448][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 824.706484][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 824.706520][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 824.706560][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706619][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 824.706647][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 824.706675][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706705][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 824.706732][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 824.706796][ T38] netlink_rcv_skb+0x205/0x470 [ 824.706824][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.706852][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 824.706883][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 824.706934][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 824.706974][ T38] netlink_unicast+0x843/0xa10 [ 824.707012][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 824.707041][ T38] ? netlink_sendmsg+0x642/0xb30 [ 824.707068][ T38] ? skb_put+0x11b/0x210 [ 824.707112][ T38] netlink_sendmsg+0x805/0xb30 [ 824.707153][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.707193][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 824.707215][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.707245][ T38] __sock_sendmsg+0x21c/0x270 [ 824.707275][ T38] __sys_sendto+0x3c7/0x520 [ 824.707310][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 824.707357][ T38] ? fput_close_sync+0x119/0x200 [ 824.707395][ T38] ? __pfx_fput_close_sync+0x10/0x10 [ 824.707418][ T38] ? rt_spin_unlock+0x65/0x80 [ 824.707452][ T38] __x64_sys_sendto+0xde/0x100 [ 824.707488][ T38] do_syscall_64+0xfa/0x3b0 [ 824.707518][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 824.707548][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.707569][ T38] ? clear_bhb_loop+0x60/0xb0 [ 824.707596][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.707617][ T38] RIP: 0033:0x7f74b9620d5c [ 824.707636][ T38] RSP: 002b:00007ffd4f11b320 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 824.707657][ T38] RAX: ffffffffffffffda RBX: 00007f74ba3a35c0 RCX: 00007f74b9620d5c [ 824.707673][ T38] RDX: 0000000000000030 RSI: 00007f74ba3a3610 RDI: 0000000000000006 [ 824.707687][ T38] RBP: 0000000000000000 R08: 00007ffd4f11b374 R09: 000000000000000c [ 824.707700][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006 [ 824.707713][ T38] R13: 0000000000000000 R14: 00007f74ba3a3610 R15: 0000000000000000 [ 824.707748][ T38] [ 824.707761][ T38] INFO: task syz-executor:18413 blocked for more than 143 seconds. [ 824.707775][ T38] Not tainted syzkaller #0 [ 824.707785][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.707795][ T38] task:syz-executor state:D stack:21800 pid:18413 tgid:18413 ppid:1 task_flags:0x400140 flags:0x00004004 [ 824.707851][ T38] Call Trace: [ 824.707857][ T38] [ 824.707870][ T38] __schedule+0x16f3/0x4c20 [ 824.707925][ T38] ? __kernel_text_address+0xd/0x40 [ 824.707952][ T38] ? __pfx___schedule+0x10/0x10 [ 824.708004][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 824.708039][ T38] rt_mutex_schedule+0x77/0xf0 [ 824.708059][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 824.708086][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 824.708133][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 824.708162][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 824.708189][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 824.708228][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 824.708262][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 824.708295][ T38] ? bpf_lsm_capable+0x9/0x20 [ 824.708319][ T38] ? security_capable+0x7e/0x2e0 [ 824.708354][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 824.708380][ T38] mutex_lock_nested+0x16a/0x1d0 [ 824.708403][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 824.708433][ T38] rtnl_newlink+0x8db/0x1c70 [ 824.708471][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.708516][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 824.708554][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.708665][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.708724][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 824.708751][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 824.708778][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.708813][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 824.708840][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 824.708890][ T38] netlink_rcv_skb+0x205/0x470 [ 824.708932][ T38] ? __lock_acquire+0xab9/0xd20 [ 824.708980][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 824.709011][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 824.709062][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 824.709102][ T38] netlink_unicast+0x843/0xa10 [ 824.709140][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 824.709171][ T38] ? netlink_sendmsg+0x642/0xb30 [ 824.709197][ T38] ? skb_put+0x11b/0x210 [ 824.709238][ T38] netlink_sendmsg+0x805/0xb30 [ 824.709278][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.709318][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 824.709339][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 824.709385][ T38] __sock_sendmsg+0x21c/0x270 [ 824.709415][ T38] __sys_sendto+0x3c7/0x520 [ 824.709450][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 824.709498][ T38] ? blkcg_maybe_throttle_current+0x1a8/0xbc0 [ 824.709552][ T38] ? rcu_is_watching+0x15/0xb0 [ 824.709590][ T38] __x64_sys_sendto+0xde/0x100 [ 824.709626][ T38] do_syscall_64+0xfa/0x3b0 [ 824.709644][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 824.709674][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.709695][ T38] ? clear_bhb_loop+0x60/0xb0 [ 824.709721][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 824.709741][ T38] RIP: 0033:0x7faccb690d5c [ 824.709758][ T38] RSP: 002b:00007ffe7daca2a0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 824.709777][ T38] RAX: ffffffffffffffda RBX: 00007faccc414620 RCX: 00007faccb690d5c [ 824.709792][ T38] RDX: 0000000000000064 RSI: 00007faccc414670 RDI: 0000000000000003 [ 824.709805][ T38] RBP: 0000000000000000 R08: 00007ffe7daca2f4 R09: 000000000000000c [ 824.709826][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 824.709838][ T38] R13: 0000000000000000 R14: 00007faccc414670 R15: 0000000000000000 [ 824.709873][ T38] [ 824.709885][ T38] INFO: task syz-executor:18501 blocked for more than 143 seconds. [ 824.709898][ T38] Not tainted syzkaller #0 [ 824.709908][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 824.709918][ T38] task:syz-executor state:D stack:25576 pid:18501 tgid:18501 ppid:1 task_flags:0x400140 flags:0x00004006 [ 824.709977][ T38] Call Trace: [ 824.709984][ T38] [ 824.709998][ T38] __schedule+0x16f3/0x4c20 [ 825.060272][T18607] Bluetooth: hci17: command tx timeout [ 825.341608][ C1] vkms_vblank_simulate: vblank timer overrun [ 825.379922][ T38] ? __pfx___schedule+0x10/0x10 [ 825.379991][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 825.380027][ T38] rt_mutex_schedule+0x77/0xf0 [ 825.380050][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 825.380076][ T38] ? task_blocks_on_rt_mutex+0x78c/0x1380 [ 825.380124][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 825.380154][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 825.380182][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 825.380220][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.380265][ T38] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 825.380308][ T38] ? ip_tunnel_init_net+0x2ab/0x800 [ 825.380333][ T38] mutex_lock_nested+0x16a/0x1d0 [ 825.380358][ T38] ? ip_tunnel_init_net+0x2ab/0x800 [ 825.380388][ T38] ip_tunnel_init_net+0x2ab/0x800 [ 825.380422][ T38] ? __pfx_ip_tunnel_init_net+0x10/0x10 [ 825.380470][ T38] ops_init+0x35c/0x5c0 [ 825.380511][ T38] setup_net+0x10c/0x320 [ 825.380539][ T38] ? copy_net_ns+0x304/0x4d0 [ 825.380567][ T38] ? __pfx_setup_net+0x10/0x10 [ 825.380600][ T38] ? __mutex_rt_init+0x3b/0x50 [ 825.380630][ T38] copy_net_ns+0x31b/0x4d0 [ 825.380664][ T38] create_new_namespaces+0x3f3/0x720 [ 825.380695][ T38] ? security_capable+0x7e/0x2e0 [ 825.380735][ T38] unshare_nsproxy_namespaces+0x11c/0x170 [ 825.380765][ T38] ksys_unshare+0x4c8/0x8c0 [ 825.380912][ T38] ? __pfx_ksys_unshare+0x10/0x10 [ 825.380946][ T38] ? rt_spin_unlock+0x65/0x80 [ 825.380985][ T38] __x64_sys_unshare+0x38/0x50 [ 825.381015][ T38] do_syscall_64+0xfa/0x3b0 [ 825.381034][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.381065][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.381086][ T38] ? clear_bhb_loop+0x60/0xb0 [ 825.381112][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.381133][ T38] RIP: 0033:0x7fa87a4306c7 [ 825.381151][ T38] RSP: 002b:00007ffd386633e8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110 [ 825.381176][ T38] RAX: ffffffffffffffda RBX: 00007fa87a685f40 RCX: 00007fa87a4306c7 [ 825.381192][ T38] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000 [ 825.381206][ T38] RBP: 00007fa87a6867b8 R08: 0000000000000000 R09: 0000000000000000 [ 825.381219][ T38] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000008 [ 825.381240][ T38] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 825.381275][ T38] [ 825.381290][ T38] INFO: task syz.1.4569:18559 blocked for more than 144 seconds. [ 825.381306][ T38] Not tainted syzkaller #0 [ 825.381317][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 825.381327][ T38] task:syz.1.4569 state:D stack:26504 pid:18559 tgid:18558 ppid:5834 task_flags:0x400140 flags:0x00004004 [ 825.381392][ T38] Call Trace: [ 825.381399][ T38] [ 825.381413][ T38] __schedule+0x16f3/0x4c20 [ 825.381468][ T38] ? __kernel_text_address+0xd/0x40 [ 825.381493][ T38] ? __pfx___schedule+0x10/0x10 [ 825.381546][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 825.381582][ T38] rt_mutex_schedule+0x77/0xf0 [ 825.381603][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 825.381629][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 825.381678][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 825.381708][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 825.381735][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 825.381765][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.381806][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 825.381836][ T38] ? safesetid_security_capable+0xa9/0x1a0 [ 825.381865][ T38] ? bpf_lsm_capable+0x9/0x20 [ 825.381890][ T38] ? security_capable+0x7e/0x2e0 [ 825.381924][ T38] ? rtnl_newlink+0x8db/0x1c70 [ 825.381949][ T38] mutex_lock_nested+0x16a/0x1d0 [ 825.381981][ T38] rtnl_newlink+0x8db/0x1c70 [ 825.382026][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 825.382095][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.382139][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.382192][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 825.382228][ T38] ? is_bpf_text_address+0x292/0x2b0 [ 825.382263][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 825.382302][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.382361][ T38] ? __pfx_rtnl_newlink+0x10/0x10 [ 825.382390][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 825.382417][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.382446][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 825.382474][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.382524][ T38] netlink_rcv_skb+0x205/0x470 [ 825.382551][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.382578][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.382609][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 825.382654][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 825.382693][ T38] netlink_unicast+0x843/0xa10 [ 825.382731][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 825.382760][ T38] ? netlink_sendmsg+0x642/0xb30 [ 825.382787][ T38] ? skb_put+0x11b/0x210 [ 825.382824][ T38] netlink_sendmsg+0x805/0xb30 [ 825.382866][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.382906][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 825.382928][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.382959][ T38] __sock_sendmsg+0x21c/0x270 [ 825.382990][ T38] ____sys_sendmsg+0x508/0x820 [ 825.383020][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 825.383054][ T38] ? import_iovec+0x74/0xa0 [ 825.383085][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 825.383111][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.383179][ T38] ? __fget_files+0x2a/0x420 [ 825.383207][ T38] ? __fget_files+0x3a6/0x420 [ 825.383258][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 825.383284][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 825.383319][ T38] ? rcu_is_watching+0x15/0xb0 [ 825.383357][ T38] ? do_syscall_64+0xbe/0x3b0 [ 825.383383][ T38] do_syscall_64+0xfa/0x3b0 [ 825.383401][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.383431][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.383451][ T38] ? clear_bhb_loop+0x60/0xb0 [ 825.383477][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.383504][ T38] RIP: 0033:0x7efecc98eec9 [ 825.383521][ T38] RSP: 002b:00007efecabf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.383542][ T38] RAX: ffffffffffffffda RBX: 00007efeccbe5fa0 RCX: 00007efecc98eec9 [ 825.383558][ T38] RDX: 0000000000000000 RSI: 0000200000000340 RDI: 0000000000000003 [ 825.383571][ T38] RBP: 00007efecca11f91 R08: 0000000000000000 R09: 0000000000000000 [ 825.383585][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.383598][ T38] R13: 00007efeccbe6038 R14: 00007efeccbe5fa0 R15: 00007ffd7501dd38 [ 825.383635][ T38] [ 825.383644][ T38] INFO: task syz.2.4571:18563 blocked for more than 144 seconds. [ 825.383658][ T38] Not tainted syzkaller #0 [ 825.383668][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 825.383678][ T38] task:syz.2.4571 state:D stack:27688 pid:18563 tgid:18562 ppid:5847 task_flags:0x400140 flags:0x00004004 [ 825.383742][ T38] Call Trace: [ 825.383750][ T38] [ 825.383763][ T38] __schedule+0x16f3/0x4c20 [ 825.383805][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.383849][ T38] ? __pfx___schedule+0x10/0x10 [ 825.383902][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 825.383937][ T38] rt_mutex_schedule+0x77/0xf0 [ 825.383957][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 825.383983][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 825.384032][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 825.384060][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 825.384088][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 825.384111][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.384151][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 825.384196][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 825.384221][ T38] mutex_lock_nested+0x16a/0x1d0 [ 825.384346][ T38] rtnetlink_rcv_msg+0x71c/0xb70 [ 825.384379][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 825.384406][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.384431][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 825.384462][ T38] ? __asan_memcpy+0x40/0x70 [ 825.384484][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 825.384511][ T38] ? __skb_clone+0x63/0x7a0 [ 825.384544][ T38] netlink_rcv_skb+0x205/0x470 [ 825.384573][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.384605][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 825.384648][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 825.384685][ T38] netlink_unicast+0x843/0xa10 [ 825.384722][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 825.384751][ T38] ? netlink_sendmsg+0x642/0xb30 [ 825.384777][ T38] ? skb_put+0x11b/0x210 [ 825.384813][ T38] netlink_sendmsg+0x805/0xb30 [ 825.384854][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.384894][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 825.384915][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.384945][ T38] __sock_sendmsg+0x21c/0x270 [ 825.384976][ T38] ____sys_sendmsg+0x508/0x820 [ 825.385005][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 825.385038][ T38] ? import_iovec+0x74/0xa0 [ 825.385069][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 825.385094][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.385162][ T38] ? __fget_files+0x2a/0x420 [ 825.385191][ T38] ? __fget_files+0x3a6/0x420 [ 825.385241][ T38] __x64_sys_sendmsg+0x1a1/0x260 [ 825.385268][ T38] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 825.385303][ T38] ? rcu_is_watching+0x15/0xb0 [ 825.385341][ T38] ? do_syscall_64+0xbe/0x3b0 [ 825.385367][ T38] do_syscall_64+0xfa/0x3b0 [ 825.385385][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.385415][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.385436][ T38] ? clear_bhb_loop+0x60/0xb0 [ 825.385462][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.385482][ T38] RIP: 0033:0x7f3e25f9eec9 [ 825.385496][ T38] RSP: 002b:00007f3e24206038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 825.385515][ T38] RAX: ffffffffffffffda RBX: 00007f3e261f5fa0 RCX: 00007f3e25f9eec9 [ 825.385530][ T38] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 825.385542][ T38] RBP: 00007f3e26021f91 R08: 0000000000000000 R09: 0000000000000000 [ 825.385555][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.385568][ T38] R13: 00007f3e261f6038 R14: 00007f3e261f5fa0 R15: 00007ffc5bcee048 [ 825.385604][ T38] [ 825.385613][ T38] INFO: task syz.2.4571:18564 blocked for more than 144 seconds. [ 825.385627][ T38] Not tainted syzkaller #0 [ 825.385637][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 825.385646][ T38] task:syz.2.4571 state:D stack:27432 pid:18564 tgid:18562 ppid:5847 task_flags:0x400140 flags:0x00004004 [ 825.385709][ T38] Call Trace: [ 825.385716][ T38] [ 825.385729][ T38] __schedule+0x16f3/0x4c20 [ 825.385771][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.385815][ T38] ? __pfx___schedule+0x10/0x10 [ 825.385867][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 825.385901][ T38] rt_mutex_schedule+0x77/0xf0 [ 825.385922][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 825.385948][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 825.385995][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 825.386025][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 825.386052][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 825.386074][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.386115][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 825.386160][ T38] ? rtnetlink_rcv_msg+0x71c/0xb70 [ 825.386184][ T38] mutex_lock_nested+0x16a/0x1d0 [ 825.386217][ T38] rtnetlink_rcv_msg+0x71c/0xb70 [ 825.386257][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 825.386285][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.386310][ T38] ? ref_tracker_free+0x61e/0x7c0 [ 825.386341][ T38] ? __asan_memcpy+0x40/0x70 [ 825.386363][ T38] ? __pfx_ref_tracker_free+0x10/0x10 [ 825.386390][ T38] ? __skb_clone+0x63/0x7a0 [ 825.386423][ T38] netlink_rcv_skb+0x205/0x470 [ 825.386454][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.386484][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 825.386526][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 825.386565][ T38] netlink_unicast+0x843/0xa10 [ 825.386603][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 825.386632][ T38] ? netlink_sendmsg+0x642/0xb30 [ 825.386658][ T38] ? skb_put+0x11b/0x210 [ 825.386694][ T38] netlink_sendmsg+0x805/0xb30 [ 825.386735][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.386775][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 825.386795][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.386826][ T38] __sock_sendmsg+0x21c/0x270 [ 825.386857][ T38] ____sys_sendmsg+0x534/0x820 [ 825.386886][ T38] ? __pfx_____sys_sendmsg+0x10/0x10 [ 825.386920][ T38] ? import_iovec+0x74/0xa0 [ 825.386950][ T38] ___sys_sendmsg+0x21f/0x2a0 [ 825.386975][ T38] ? __pfx____sys_sendmsg+0x10/0x10 [ 825.386993][ T38] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 825.387071][ T38] ? __fget_files+0x2a/0x420 [ 825.387099][ T38] ? __fget_files+0x3a6/0x420 [ 825.387142][ T38] __sys_sendmmsg+0x22d/0x430 [ 825.387171][ T38] ? __pfx___sys_sendmmsg+0x10/0x10 [ 825.387228][ T38] ? exc_page_fault+0x76/0xf0 [ 825.387282][ T38] __x64_sys_sendmmsg+0xa0/0xc0 [ 825.387306][ T38] do_syscall_64+0xfa/0x3b0 [ 825.387325][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.387355][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.387375][ T38] ? clear_bhb_loop+0x60/0xb0 [ 825.387401][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.387421][ T38] RIP: 0033:0x7f3e25f9eec9 [ 825.387437][ T38] RSP: 002b:00007f3e241e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 825.387457][ T38] RAX: ffffffffffffffda RBX: 00007f3e261f6090 RCX: 00007f3e25f9eec9 [ 825.387473][ T38] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003 [ 825.387485][ T38] RBP: 00007f3e26021f91 R08: 0000000000000000 R09: 0000000000000000 [ 825.387498][ T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 825.387510][ T38] R13: 00007f3e261f6128 R14: 00007f3e261f6090 R15: 00007ffc5bcee048 [ 825.387546][ T38] [ 825.387555][ T38] INFO: task syz-executor:18566 blocked for more than 144 seconds. [ 825.387569][ T38] Not tainted syzkaller #0 [ 825.387579][ T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 825.387588][ T38] task:syz-executor state:D stack:26952 pid:18566 tgid:18566 ppid:1 task_flags:0x400140 flags:0x00004004 [ 825.387649][ T38] Call Trace: [ 825.387656][ T38] [ 825.387670][ T38] __schedule+0x16f3/0x4c20 [ 825.387732][ T38] ? __pfx___schedule+0x10/0x10 [ 825.387785][ T38] ? _raw_spin_unlock_irq+0x23/0x50 [ 825.387819][ T38] rt_mutex_schedule+0x77/0xf0 [ 825.387840][ T38] rt_mutex_slowlock_block+0x5ba/0x6d0 [ 825.387866][ T38] ? task_blocks_on_rt_mutex+0xf12/0x1380 [ 825.387913][ T38] rt_mutex_slowlock+0x2b1/0x6e0 [ 825.387943][ T38] ? rt_mutex_slowlock+0x1c9/0x6e0 [ 825.387970][ T38] ? __pfx_rt_mutex_slowlock+0x10/0x10 [ 825.387993][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.388034][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 825.388067][ T38] ? is_bpf_text_address+0x26/0x2b0 [ 825.388101][ T38] ? inet_rtm_newaddr+0x3b0/0x18b0 [ 825.388121][ T38] mutex_lock_nested+0x16a/0x1d0 [ 825.388153][ T38] inet_rtm_newaddr+0x3b0/0x18b0 [ 825.388189][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 825.388245][ T38] ? __pfx_inet_rtm_newaddr+0x10/0x10 [ 825.388268][ T38] rtnetlink_rcv_msg+0x7cf/0xb70 [ 825.388295][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.388325][ T38] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 825.388353][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.388402][ T38] netlink_rcv_skb+0x205/0x470 [ 825.388429][ T38] ? __lock_acquire+0xab9/0xd20 [ 825.388457][ T38] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 825.388486][ T38] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 825.388530][ T38] ? netlink_deliver_tap+0x2e/0x1b0 [ 825.388569][ T38] netlink_unicast+0x843/0xa10 [ 825.388607][ T38] ? __pfx_netlink_unicast+0x10/0x10 [ 825.388636][ T38] ? netlink_sendmsg+0x642/0xb30 [ 825.388663][ T38] ? skb_put+0x11b/0x210 [ 825.388698][ T38] netlink_sendmsg+0x805/0xb30 [ 825.388738][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.388778][ T38] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 825.388799][ T38] ? __pfx_netlink_sendmsg+0x10/0x10 [ 825.388829][ T38] __sock_sendmsg+0x21c/0x270 [ 825.388860][ T38] __sys_sendto+0x3c7/0x520 [ 825.388894][ T38] ? __pfx___sys_sendto+0x10/0x10 [ 825.388959][ T38] ? exc_page_fault+0x76/0xf0 [ 825.388994][ T38] ? do_user_addr_fault+0xc8a/0x1390 [ 825.389026][ T38] __x64_sys_sendto+0xde/0x100 [ 825.389062][ T38] do_syscall_64+0xfa/0x3b0 [ 825.389081][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.389111][ T38] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.389131][ T38] ? clear_bhb_loop+0x60/0xb0 [ 825.389157][ T38] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.389177][ T38] RIP: 0033:0x7f5322020d5c [ 825.389194][ T38] RSP: 002b:00007ffcb9ee22f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 825.389214][ T38] RAX: ffffffffffffffda RBX: 00007f5322da4620 RCX: 00007f5322020d5c [ 825.389229][ T38] RDX: 0000000000000028 RSI: 00007f5322da4670 RDI: 0000000000000003 [ 825.389252][ T38] RBP: 0000000000000000 R08: 00007ffcb9ee2344 R09: 000000000000000c [ 825.389264][ T38] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 825.389277][ T38] R13: 0000000000000000 R14: 00007f5322da4670 R15: 0000000000000000 [ 825.389312][ T38] [ 825.389319][ T38] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 825.389342][ T38] [ 825.389342][ T38] Showing all locks held in the system: [ 825.389353][ T38] 2 locks held by ksoftirqd/0/15: [ 825.389365][ T38] 8 locks held by ktimers/0/16: [ 825.389376][ T38] 4 locks held by pr/legacy/17: [ 825.389390][ T38] 1 lock held by khungtaskd/38: [ 825.389401][ T38] #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 825.389468][ T38] 4 locks held by kworker/0:2/1217: [ 825.389479][ T38] #0: ffff88802bafb538 ((wq_completion)wg-crypt-wg0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 825.389537][ T38] #1: ffffc9000517fbc0 ((work_completion)(&peer->transmit_packet_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 825.389625][ T38] #2: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400 [ 825.447528][ T38] #3: ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400 [ 825.447604][ T38] 4 locks held by kworker/u8:9/1485: [ 825.447642][ T38] 2 locks held by getty/5595: [ 825.447653][ T38] #0: ffff88823bf620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 825.447713][ T38] #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410 [ 825.447766][ T38] 2 locks held by syz-executor/5823: [ 825.447778][ T38] 4 locks held by kworker/u9:3/5840: [ 825.447790][ T38] #0: ffff8880233fa138 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 825.447843][ T38] #1: ffffc90004bffbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 825.447895][ T38] #2: ffff8880640e4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0 [ 825.447945][ T38] #3: ffff8880640e40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30 [ 825.448007][ T38] 3 locks held by kworker/0:5/5914: [ 825.448018][ T38] 3 locks held by kworker/1:7/6058: [ 825.448029][ T38] #0: ffff888019898538 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 825.448082][ T38] #1: ffffc9000523fbc0 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 825.448134][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: switchdev_deferred_process_work+0xe/0x20 [ 825.448185][ T38] 3 locks held by kworker/1:3/15832: [ 825.448198][ T38] 2 locks held by kworker/u8:14/16977: [ 825.448210][ T38] 3 locks held by kworker/u8:15/16978: [ 825.448221][ T38] #0: ffff88802fb85938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 825.448284][ T38] #1: ffffc9000cd2fbc0 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 825.448336][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x119/0x15a0 [ 825.448388][ T38] 3 locks held by kworker/u8:31/16996: [ 825.448399][ T38] #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 825.448451][ T38] #1: ffffc9000ca1fbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 825.448498][ T38] #2: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 825.448553][ T38] 1 lock held by syz-executor/17511: [ 825.448565][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 825.448620][ T38] 2 locks held by syz-executor/18413: [ 825.448632][ T38] #0: ffffffff8e43b9e0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 825.448694][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 825.448748][ T38] 2 locks held by syz-executor/18501: [ 825.448760][ T38] #0: ffffffff8ecc6a20 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0 [ 825.448813][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x2ab/0x800 [ 825.448864][ T38] 2 locks held by syz.1.4569/18559: [ 825.448875][ T38] #0: ffffffff8f1d7918 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x23/0x250 [ 825.448935][ T38] #1: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70 [ 825.448989][ T38] 1 lock held by syz.2.4571/18563: [ 825.449000][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 825.449054][ T38] 1 lock held by syz.2.4571/18564: [ 825.449065][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x71c/0xb70 [ 825.449119][ T38] 1 lock held by syz-executor/18566: [ 825.449131][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449179][ T38] 1 lock held by syz-executor/18569: [ 825.449191][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449247][ T38] 1 lock held by syz-executor/18572: [ 825.449259][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449307][ T38] 1 lock held by syz-executor/18575: [ 825.449318][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449367][ T38] 1 lock held by syz-executor/18579: [ 825.449378][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449427][ T38] 1 lock held by syz-executor/18583: [ 825.449438][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449484][ T38] 1 lock held by syz-executor/18586: [ 825.449495][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449542][ T38] 1 lock held by syz-executor/18589: [ 825.449553][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.449602][ T38] 1 lock held by syz-executor/18592: [ 825.449614][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.464227][ T38] 1 lock held by syz-executor/18596: [ 825.464249][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.464299][ T38] 1 lock held by syz-executor/18599: [ 825.464311][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.464360][ T38] 1 lock held by syz-executor/18602: [ 825.464372][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.464422][ T38] 1 lock held by syz-executor/18605: [ 825.464433][ T38] #0: ffffffff8ecd3938 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0 [ 825.464483][ T38] [ 825.464488][ T38] ============================================= [ 825.464488][ T38] [ 825.464498][ T38] NMI backtrace for cpu 1 [ 825.464513][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 825.464536][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 825.464548][ T38] Call Trace: [ 825.464556][ T38] [ 825.464565][ T38] dump_stack_lvl+0x189/0x250 [ 825.464601][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 825.464630][ T38] ? __pfx__printk+0x10/0x10 [ 825.464668][ T38] nmi_cpu_backtrace+0x39e/0x3d0 [ 825.464699][ T38] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 825.464728][ T38] ? __pfx__printk+0x10/0x10 [ 825.464756][ T38] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 825.464785][ T38] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 825.464814][ T38] watchdog+0xf93/0xfe0 [ 825.464846][ T38] ? watchdog+0x1de/0xfe0 [ 825.464879][ T38] kthread+0x70e/0x8a0 [ 825.464914][ T38] ? __pfx_watchdog+0x10/0x10 [ 825.464938][ T38] ? __pfx_kthread+0x10/0x10 [ 825.464973][ T38] ? __pfx_kthread+0x10/0x10 [ 825.465005][ T38] ret_from_fork+0x436/0x7d0 [ 825.465034][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 825.465067][ T38] ? __switch_to_asm+0x39/0x70 [ 825.465086][ T38] ? __switch_to_asm+0x33/0x70 [ 825.465103][ T38] ? __pfx_kthread+0x10/0x10 [ 825.465135][ T38] ret_from_fork_asm+0x1a/0x30 [ 825.465173][ T38] [ 825.465181][ T38] Sending NMI from CPU 1 to CPUs 0: [ 825.465211][ C0] NMI backtrace for cpu 0 [ 825.465227][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 825.465247][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 825.465257][ C0] RIP: 0010:kernel_text_address+0x37/0xe0 [ 825.465278][ C0] Code: 00 81 0f 93 c0 48 81 ff 3c a6 fb 8a 0f 92 c1 bd 01 00 00 00 84 c8 75 0c 48 89 fb e8 33 f8 a6 ff 85 c0 74 0c 89 e8 5b 41 5e 5d cc cc cc cc cc 48 c7 c0 80 21 1d 8f 48 c1 e8 03 48 b9 00 00 00 [ 825.465291][ C0] RSP: 0018:ffffc900001567d0 EFLAGS: 00000202 [ 825.465306][ C0] RAX: 0000000000000001 RBX: ffffffff818e923f RCX: 33dda919736ba801 [ 825.465318][ C0] RDX: 0000000000000007 RSI: ffffffff8d21af85 RDI: ffffffff818e923f [ 825.465329][ C0] RBP: ffffc90000156890 R08: ffffc90000157cf0 R09: 0000000000000000 [ 825.465340][ C0] R10: ffffc90000156858 R11: fffff5200002ad0d R12: ffff88801c2a5940 [ 825.465351][ C0] R13: ffff88809c1151f8 R14: dffffc0000000000 R15: 1ffff9200002ad0a [ 825.465363][ C0] FS: 0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000 [ 825.465377][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 825.465388][ C0] CR2: 00007f15e0805f40 CR3: 000000000d7a6000 CR4: 00000000003526f0 [ 825.465404][ C0] Call Trace: [ 825.465411][ C0] [ 825.465416][ C0] __kernel_text_address+0xd/0x40 [ 825.465434][ C0] unwind_get_return_address+0x4d/0x90 [ 825.465455][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 825.465473][ C0] arch_stack_walk+0xfc/0x150 [ 825.465504][ C0] ? smpboot_thread_fn+0x53f/0xa60 [ 825.465525][ C0] stack_trace_save+0x9c/0xe0 [ 825.465541][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 825.465556][ C0] ? do_raw_spin_lock+0x121/0x290 [ 825.465580][ C0] kasan_save_track+0x3e/0x80 [ 825.465598][ C0] ? kasan_save_track+0x3e/0x80 [ 825.465615][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 825.465632][ C0] ? kmem_cache_alloc_noprof+0x143/0x310 [ 825.465652][ C0] ? fill_pool+0x100/0x570 [ 825.465672][ C0] ? debug_objects_fill_pool+0x107/0x120 [ 825.465691][ C0] ? debug_object_activate+0x6c/0x3a0 [ 825.465710][ C0] ? call_rcu+0xaa/0x9c0 [ 825.465723][ C0] ? skb_release_head_state+0x71/0x250 [ 825.465746][ C0] ? consume_skb+0x60/0xf0 [ 825.465765][ C0] ? nft_synproxy_eval_v4+0x376/0x560 [ 825.465781][ C0] ? nft_synproxy_do_eval+0x345/0x570 [ 825.465796][ C0] ? nft_do_chain+0x40c/0x1920 [ 825.465811][ C0] ? nft_do_chain_inet+0x25d/0x340 [ 825.465826][ C0] ? nf_hook_slow+0xc2/0x220 [ 825.465846][ C0] ? NF_HOOK+0x206/0x3a0 [ 825.465865][ C0] ? NF_HOOK+0x30c/0x3a0 [ 825.465883][ C0] ? __netif_receive_skb+0x143/0x380 [ 825.465901][ C0] ? process_backlog+0x31e/0x900 [ 825.465920][ C0] ? __napi_poll+0xb3/0x540 [ 825.465937][ C0] ? net_rx_action+0x707/0xe00 [ 825.465955][ C0] ? handle_softirqs+0x22f/0x710 [ 825.465973][ C0] ? run_ktimerd+0xcf/0x190 [ 825.466007][ C0] ? fill_pool+0x100/0x570 [ 825.466028][ C0] __kasan_slab_alloc+0x6c/0x80 [ 825.466046][ C0] ? fill_pool+0x100/0x570 [ 825.466065][ C0] kmem_cache_alloc_noprof+0x143/0x310 [ 825.466088][ C0] fill_pool+0x100/0x570 [ 825.466108][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 825.466129][ C0] ? __pfx_fill_pool+0x10/0x10 [ 825.466151][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 825.466170][ C0] ? debug_objects_fill_pool+0xdf/0x120 [ 825.466191][ C0] debug_objects_fill_pool+0x107/0x120 [ 825.466211][ C0] ? __pfx_debug_objects_fill_pool+0x10/0x10 [ 825.466237][ C0] debug_object_activate+0x6c/0x3a0 [ 825.466261][ C0] ? __pfx_dst_destroy_rcu+0x10/0x10 [ 825.466277][ C0] call_rcu+0xaa/0x9c0 [ 825.466296][ C0] ? rcuref_put+0x1b7/0x210 [ 825.466312][ C0] ? __pfx_call_rcu+0x10/0x10 [ 825.466327][ C0] ? percpu_counter_add_batch+0xea/0x1e0 [ 825.466350][ C0] ? dst_release+0x126/0x1b0 [ 825.466368][ C0] skb_release_head_state+0x71/0x250 [ 825.466392][ C0] consume_skb+0x60/0xf0 [ 825.466413][ C0] nft_synproxy_eval_v4+0x376/0x560 [ 825.466433][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 825.466451][ C0] ? nf_ip_checksum+0x13c/0x510 [ 825.466469][ C0] nft_synproxy_do_eval+0x345/0x570 [ 825.466496][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 825.466514][ C0] ? __pfx___ip_vs_conn_in_get+0x10/0x10 [ 825.466538][ C0] nft_do_chain+0x40c/0x1920 [ 825.466561][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 825.466579][ C0] ? __pfx_ip_vs_conn_out_get_proto+0x10/0x10 [ 825.466607][ C0] ? ip_vs_out_hook+0x9b5/0xef0 [ 825.466626][ C0] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 825.466648][ C0] nft_do_chain_inet+0x25d/0x340 [ 825.466663][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 825.466685][ C0] ? NF_HOOK+0x9a/0x3a0 [ 825.466705][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 825.466722][ C0] nf_hook_slow+0xc2/0x220 [ 825.466745][ C0] NF_HOOK+0x206/0x3a0 [ 825.466766][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 825.466786][ C0] ? NF_HOOK+0x9a/0x3a0 [ 825.466805][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 825.466823][ C0] ? ip_rcv_finish_core+0xda3/0x1c00 [ 825.466846][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 825.466867][ C0] ? skb_dst+0x4f/0xd0 [ 825.466887][ C0] ? ip_local_deliver+0x12a/0x1b0 [ 825.466909][ C0] NF_HOOK+0x30c/0x3a0 [ 825.466930][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 825.466950][ C0] ? NF_HOOK+0x9a/0x3a0 [ 825.466968][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 825.466989][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 825.467014][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 825.467032][ C0] __netif_receive_skb+0x143/0x380 [ 825.467050][ C0] ? rt_spin_unlock+0x65/0x80 [ 825.467071][ C0] ? process_backlog+0x27b/0x900 [ 825.467090][ C0] process_backlog+0x31e/0x900 [ 825.467115][ C0] __napi_poll+0xb3/0x540 [ 825.467137][ C0] net_rx_action+0x707/0xe00 [ 825.467165][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 825.467201][ C0] handle_softirqs+0x22f/0x710 [ 825.467225][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 825.467248][ C0] run_ktimerd+0xcf/0x190 [ 825.467269][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 825.467290][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 825.467309][ C0] ? smpboot_thread_fn+0x5f4/0xa60 [ 825.467327][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 825.467345][ C0] smpboot_thread_fn+0x53f/0xa60 [ 825.467364][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 825.467387][ C0] kthread+0x70e/0x8a0 [ 825.467410][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 825.467428][ C0] ? __pfx_kthread+0x10/0x10 [ 825.467452][ C0] ? __pfx_kthread+0x10/0x10 [ 825.467474][ C0] ret_from_fork+0x436/0x7d0 [ 825.467501][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 825.467523][ C0] ? __switch_to_asm+0x39/0x70 [ 825.467537][ C0] ? __switch_to_asm+0x33/0x70 [ 825.467550][ C0] ? __pfx_kthread+0x10/0x10 [ 825.467572][ C0] ret_from_fork_asm+0x1a/0x30 [ 825.467595][ C0] [ 825.468207][ T38] Kernel panic - not syncing: hung_task: blocked tasks [ 825.468223][ T38] CPU: 1 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 825.468256][ T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 825.468268][ T38] Call Trace: [ 825.468275][ T38] [ 825.468284][ T38] dump_stack_lvl+0x99/0x250 [ 825.468315][ T38] ? __asan_memcpy+0x40/0x70 [ 825.468338][ T38] ? __pfx_dump_stack_lvl+0x10/0x10 [ 825.468368][ T38] ? __pfx__printk+0x10/0x10 [ 825.468405][ T38] vpanic+0x281/0x750 [ 825.468439][ T38] ? __pfx_vpanic+0x10/0x10 [ 825.468465][ T38] ? __x2apic_send_IPI_mask+0x1e4/0x260 [ 825.468486][ T38] ? lockdep_hardirqs_on+0x9c/0x150 [ 825.468527][ T38] panic+0xb9/0xc0 [ 825.468556][ T38] ? __pfx_panic+0x10/0x10 [ 825.468588][ T38] ? irq_work_queue+0xc3/0x140 [ 825.468618][ T38] ? nmi_trigger_cpumask_backtrace+0x234/0x300 [ 825.468648][ T38] watchdog+0xfd2/0xfe0 [ 825.468679][ T38] ? watchdog+0x1de/0xfe0 [ 825.468711][ T38] kthread+0x70e/0x8a0 [ 825.468746][ T38] ? __pfx_watchdog+0x10/0x10 [ 825.468771][ T38] ? __pfx_kthread+0x10/0x10 [ 825.468806][ T38] ? __pfx_kthread+0x10/0x10 [ 825.468838][ T38] ret_from_fork+0x436/0x7d0 [ 825.468867][ T38] ? __pfx_ret_from_fork+0x10/0x10 [ 825.468901][ T38] ? __switch_to_asm+0x39/0x70 [ 825.468919][ T38] ? __switch_to_asm+0x33/0x70 [ 825.468937][ T38] ? __pfx_kthread+0x10/0x10 [ 825.468969][ T38] ret_from_fork_asm+0x1a/0x30 [ 825.469006][ T38] [ 825.469160][ T38] Kernel Offset: disabled